question about nltest result

By roguecoolman
in Microsoft (Windows)

 Share

Recommended Posts

Enthusiast

roguecoolman

Posted
Posted

O:\>nltest /sc_query:acro.ca

Flags: 30 HAS_IP HAS_TIMESERV

Trusted DC Name \\acrodhcp.acro.ca

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

O:\>nltest /server:acrofiles2 /sc_query:acro.ca

I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

O:\>nltest /server:acrodhcp /sc_query:acro.ca

Flags: 30 HAS_IP HAS_TIMESERV

Trusted DC Name \\acrofiles2.acro.ca

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

acrofiles2 is a dc which is also the operations master.

acrodhcp is a dc as well.

this is a mixed mode win2k domain.

my question is, which ever dc authenticates me is the one i establish a secure channel with correct? then that is why acrofiles2 failed, because acrodhcp authenticated me?

then how come :

O:\>nltest /server:acrodhcp /sc_query:acro.ca

Flags: 30 HAS_IP HAS_TIMESERV

Trusted DC Name \\acrofiles2.acro.ca

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

this command produced a trusted dc name of \\acrofiles2.acro.ca and not acrodhcp.acro.ca?

sorry i havent been using nltest before, but i'm just curious at the results.

Link to comment
https://www.neowin.net/forum/topic/209198-question-about-nltest-result/
Share on other sites
Enthusiast

roguecoolman

Posted
  • Author
Posted

thanks for the reply,

i just have one more peculiar question.

out of curiosity i ran this command on my print server (no active directory installed on it)

O:\>nltest /server:acroprint /sc_query:acro.ca

Flags: 30 HAS_IP HAS_TIMESERV

Trusted DC Name \\ACRODHCP

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

does anyone know why when i run the same command on acrofiles2 (my operations master dc) i get this:

O:\>nltest /server:acrofiles2 /sc_query:acro.ca

I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

?

i'm just curious as to why every server has produced some sort of positive result and this one gives an error? and its towards my first dc i put up in my domain.

Rising Star

Marsden

Posted
Posted

If you receive the following error, ERROR_NO_SUCH_DOMAIN while using the Nltest tool to query the secure channel, this is usually indicative of the inability to find a domain controller for that domain. Run nltest /dsgetdc: <DomainName>: to verify whether you can locate a domain controller. If you are unable to find a domain controller examine DNS registrations and network connectivity.

The Netdiag tool helps to isolate networking and connectivity problems by performing a series of tests. If you are unable to resolve a name, you might be experiencing DNS registration or consistency problems. To confirm this, answer the following questions:

When you run Netdiag, do you receive any DNS error messages?

To verify the DNS registration for your domain, the best tool to use is netdiag /debug, which must be run on all domain controllers.

To refresh all DHCP leases and re-register DNS names for computers, use the ipconfig /registerdns command. To refresh and re-register DNS names for domain controllers, stop and start the Net Logon service. By default, the Net Logon service automatically re-registers DNS names every hour.

Using DNSCMD to Check Consistency

Dnscmd.exe is a command-line tool that you can use to view the properties of DNS servers, zones, and resource records. To be able to check your DNS server configuration, use the Dnscmd tool or the DNS Manager console to obtain information about the DNS server and obtain statistics about its performance.

Dnscmd is also used to manually modify DNS server properties, to create and delete zones and resource records, and to force replication events between DNS server physical memory and DNS databases and data files.

Enthusiast

roguecoolman

Posted
  • Author
Posted

O:\>nltest /dsgetdc:acro.ca

DC: \\acrofiles2.acro.ca

Address: \\192.168.4.44

Dom Guid: c547bfe5-8d2c-4991-8a

Dom Name: acro.ca

Forest Name: acro.ca

Dc Site Name: Default-First-Site-Na

Our Site Name: Default-First-Site-Na

Flags: PDC GC DS LDAP KDC TI

CLOSE_SITE

The command completed successfully

no problem on the nltest get dc from my comp.

i ran netdiag on both my dc's and nothing out of the ordinary.

- Opening \Device\NwlnkIpx failed (found on both dc's to have the same output)

- Trust relationship test. . . . . . : Skipped (this output frm acrofiles2 my first dc)

- Trust relationship test. . . . . . : Passed (this output from acrodhcp my 2nd dc)

Test to ensure DomainSid of domain 'ACRO' is correct.

Secure channel for domain 'ACRO' is to '\\acrofiles2.acro.ca'.

Secure channel for domain 'ACRO' was successfully set to PDC emulator '\\acrofiles2.acro.ca'.

i have the following services disabled on my operations master dc (acrofiles2)

logical disk manager (disabled by default)

routing and remote access

terminal services

telnet

wireless configuration

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.