DNS forwarding and root hints error.

Recommended Posts

StrikedOut    125

Hi All.

 

My data center provider had to physically move their infrastructure from their existing location to their new buildings. Extensive planning was done and I was involved and on paper, everything should have been fine. However, on first start up on the new location, sysprep ran on several of my servers including our DC's. We recovered from backups to the state just before the move but they were in USN rollback so I involved Microsoft and we were able to recover the domains and ensure replication was working.

 

I have since been tidying up DNS as we had a site that was unable to access outside sites and have managed to clear all the issues apart from this one from DCDiag /test:DNS

 

C:\Windows\system32>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = ELROND
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Tonbridge\ELROND
      Starting test: Connectivity
         ......................... ELROND passed test Connectivity
Doing primary tests
   Testing server: Tonbridge\ELROND
      Starting test: DNS
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ELROND passed test DNS
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : tonbridge
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running enterprise tests on : DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:
            DC: ELROND.tonbridge.DOMAIN.local
            Domain: tonbridge.DOMAIN.local

               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.
         Summary of test results for DNS servers used by the above domain
         controllers:

***SNIPPED AS ALL ROOT HINTS ARE SHOWING THE SAME ERROR, LAST 2 ARE FORWARDERS***

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 202.12.27.33
            DNS server: 4.2.2.1 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 4.2.2.1
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 8.8.8.8
         Summary of DNS test results:
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: tonbridge.DOMAIN.local
               ELROND                       PASS PASS FAIL PASS PASS PASS n/a
         ......................... DOMAIN.local failed test DNS

I am currently using public DNS for forwarders on this DNS server, this is temporary while we migrate to a new line over the next few weeks.

 

I have also tested removing the forwarders and running the tests again but I get the same results, strangely though from the server, browsing is now fine and would suggest forwarding is working? Under the forwarding tab, I have updated and can resolve all the servers so I now have the latest IP addresses and the forwarders also resolve and validate.

 

Although this appears to be working (I also have a clean DNS event log) I am concerned that further down the line I will have issues that could be resolved now.

Share this post


Link to post
Share on other sites
StrikedOut    125

Results from ipconfig /all

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ELROND
   Primary Dns Suffix  . . . . . . . : tonbridge.DOMAIN.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : tonbridge.DOMAIN.local
                                       DOMAIN.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-0B-56-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.12.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.12.250
   DNS Servers . . . . . . . . . . . : 192.168.12.1
                                       192.168.250.5
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{54BEF98A-13EF-402F-8AD6-C895F4FAA6C4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Share this post


Link to post
Share on other sites
+BudMan    2,907

what are the root hints..?  They should be the default ones..

 

Here are the root hint servers

http://www.internic.net/domain/named.root

 

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:     August 29, 2017
;       related version of root zone:     2017082901
;
; FORMERLY NS.INTERNIC.NET
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of file

Share this post


Link to post
Share on other sites
StrikedOut    125

Those are the ones I have, image shows most but the rest are the same as those in your post.

 

 

RootHints.JPG

Share this post


Link to post
Share on other sites
sc302    1,392

See if you can ping or tracert to those dns servers.

Share this post


Link to post
Share on other sites
StrikedOut    125

All clear.

 

C:\Users\Administrator>ping a.root-servers.net

Pinging a.root-servers.net [198.41.0.4] with 32 bytes of data:
Reply from 198.41.0.4: bytes=32 time=6ms TTL=57
Reply from 198.41.0.4: bytes=32 time=6ms TTL=57
Reply from 198.41.0.4: bytes=32 time=2ms TTL=57
Reply from 198.41.0.4: bytes=32 time=2ms TTL=57

Ping statistics for 198.41.0.4:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 6ms, Average = 4ms

Share this post


Link to post
Share on other sites
sc302    1,392

what in your configuration is making DNS query this?

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f

 

 

It should not query domain.local externally....this is where your fail is.  I don't know your setup fully, so I can only assume that you don't have AD dns setup properly or you have other issues there.  External DNS will never resolve internal names.

 

 

Share this post


Link to post
Share on other sites
StrikedOut    125

I did notice this and cant find any trace of this in DNS or ADSIEdit, can you point me in the right direction where it may be?

Share this post


Link to post
Share on other sites
sc302    1,392

you aren't going to find it in adsiedit or dns....at least what you are looking for.    your system is trying to find your local domain on a external dns...

 

entries are missing on your dns, dns not setup correctly, replication is not happening.  You have to look to see if your dns is replicating properly, eventviewer logs will help here.

Share this post


Link to post
Share on other sites
StrikedOut    125

I'm not seeing any replication issues, ran the following on all DC's and the results are all successful, all had the same results.

 

repadmin /showreps 
repadmin /replsum
Repadmin/kcc

 

Also ran dcdiag /v, no issues her that I can see - Apologies for the lenght).

 


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine ELROND, is a Directory Server. 
   Home Server = ELROND

   * Connecting to directory service on server ELROND.

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=BOROMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=FARAMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=LEGOLAS,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=GIMLI,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ARAGORN,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CRUSADER,CN=Servers,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=PHANTOM,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=HERA,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=PROMETHIUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 12 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Tonbridge\ELROND

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         * Active Directory RPC Services Check
         ......................... ELROND passed test Connectivity

Doing primary tests

   
   Testing server: Tonbridge\ELROND

      Starting test: Advertising

         The DC ELROND is advertising itself as a DC and having a DS.
         The DC ELROND is advertising as an LDAP server
         The DC ELROND is advertising as having a writeable directory
         The DC ELROND is advertising as a Key Distribution Center
         The DC ELROND is advertising as a time server
         The DS ELROND is advertising as a GC.
         ......................... ELROND passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         ......................... ELROND passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         Skip the test because the server is running FRS.

         ......................... ELROND passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... ELROND passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... ELROND passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         ......................... ELROND passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC ELROND on DC ELROND.
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local
         * SPN found :LDAP/ELROND
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
         * SPN found :LDAP/d2a64bd3-876f-40b9-bc67-862d63d06e6e._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d2a64bd3-876f-40b9-bc67-862d63d06e6e/tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
         * SPN found :GC/ELROND.tonbridge.DOMAIN.local/DOMAIN.local
         ......................... ELROND passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC ELROND.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=tonbridge,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=DOMAIN,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=newhaven,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=TechGate,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=Southampton1,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=braintree,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=DOMAIN,DC=local
            (Domain,Version 3)
         ......................... ELROND passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\ELROND\netlogon
         Verified share \\ELROND\sysvol
         ......................... ELROND passed test NetLogons

      Starting test: ObjectsReplicated

         ELROND is in domain DC=tonbridge,DC=DOMAIN,DC=local
         Checking for CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local in domain DC=tonbridge,DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... ELROND passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=DOMAIN,DC=local
               Latency information for 6 entries in the vector were ignored.
                  6 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  6 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=Southampton1,DC=DOMAIN,DC=local
               Latency information for 16 entries in the vector were ignored.
                  7 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=tonbridge,DC=DOMAIN,DC=local
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=braintree,DC=DOMAIN,DC=local
               Latency information for 16 entries in the vector were ignored.
                  7 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=newhaven,DC=DOMAIN,DC=local
               Latency information for 10 entries in the vector were ignored.
                  1 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=TechGate,DC=DOMAIN,DC=local
               Latency information for 14 entries in the vector were ignored.
                  5 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... ELROND passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 4600 to 1073741823
         * ELROND.tonbridge.DOMAIN.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2600 to 3099
         * rIDPreviousAllocationPool is 2600 to 3099
         * rIDNextRID: 2703
         ......................... ELROND passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... ELROND passed test Services

      Starting test: SystemLog

         * The System Event log test
         An error event occurred.  EventID: 0x0000272C

            Time Generated: 09/21/2017   17:41:32

            Event String:

            DCOM was unable to communicate with the computer 4.2.2.1 using any of the configured protocols; requested by PID     12fc (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 09/21/2017   17:41:53

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID     12fc (C:\Windows\system32\dcdiag.exe).

         ......................... ELROND failed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         are correct. 
         The system object reference (serverReferenceBL)

         CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         are correct. 
         The system object reference (frsComputerReferenceBL)

         CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local

         are correct. 
         ......................... ELROND passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : tonbridge

      Starting test: CheckSDRefDom

         ......................... tonbridge passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... tonbridge passed test CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running enterprise tests on : DOMAIN.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\ELROND.tonbridge.DOMAIN.local

         Locator Flags: 0xe000f1fd
         PDC Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         Time Server Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         Preferred Time Server Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         KDC Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         ......................... DOMAIN.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site Southampton1, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site Tonbridge, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site TechGate, this site is outside the scope provided by the

         command line arguments provided. 
         Skipping site Braintree, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site Newhaven, this site is outside the scope provided by the

         command line arguments provided. 
         Skipping site Reading, this site is outside the scope provided by the

         command line arguments provided. 
         ......................... DOMAIN.local passed test Intersite

Share this post


Link to post
Share on other sites
sc302    1,392

it looks like things are passing....try the dns test again.

 

if it fails again, something is wrong with your dns config...msdcs would be a place to look and make sure it is there on your local dns server.  If it isn't you are going to have to get it to replicate, do not manually put the entry in.

Share this post


Link to post
Share on other sites
StrikedOut    125

Interestingly on the parent domain DC, dcdiag /test:dns is clear, no issues at all.

 

On the 5 child domains, all have the same error as above but I did also notice this on one of them too;

 

               TEST: Records registration (RReg)
                  Network Adapter [00000010] Microsoft Hyper-V Network Adapter:
                     Error:
                     Missing SRV record at DNS server 192.168.250.5:
                     _ldap._tcp.50547d4b-9b33-4422-9419-5e1f49075f4e.domains._ms
dcs.DOMAIN.local

               Warning: Record Registrations not found in some network adapters

 

I will have to look at this later, got parental duties now.

Edited by StrikedOut

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.