Возникла ошибка код события eventid 0x00002720 - Решение и исправление самых разных ошибок на TopOshibok.ru

Может кому поможет еще….

Сервер на Windows Server 2008R2 standard. Вписан в домен и на сервере развернуты роли AD и DNS. Сервер является не первым контроллером
в домене. Другие контроллеры исправно работают. После установки роли AD и перезагрузки сервера, сервер не считает себя контроллером домена и выдает ошибку при запуске dcdiag:

Сервер проверки: Default-First-Site-NameDC02-SERVER
Запуск проверки: Advertising
Внимание: DsGetDcName вернул сведения для \TS-server.mydomain.local
при попытке получения доступа к DC02-SERVER.
СЕРВЕР НЕ ОТВЕЧАЕТ или НЕ СЧИТАЕТСЯ ПРИЕМЛЕМЫМ.
……………………. DC02-SERVER — не пройдена проверка

При этом на сервере не созданы папки sysvol после первой репликации

DNS настроены верно и работают, репликация запущенная в ручную через repadmin /syncall работает

Для исправления нужно изменить параметр реестра. Открываем rededit и идем в ветку:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters
Изменяем значение параметра SysvolReady на «1»
Перезагружаемся

Взято от сюда:

http://forum.oszone.net/post-2230921.html

5 минут полет нормальный

Я очень надеюсь, что никто не последует вашему примеру. Потому что вы не исправили ошибку, а просто «замели её под ковёр». Вы принудительно указали службе Netlogon, что содержимое SYSVOL правильное, тогда, когда оно
у вас отсутвует — не среплицировалось со старого КД. Отсюда и ошибка при попытке редактировать политику, и сообщение об ошибке в тесте NetLogons dcdiag об отсутсвующей общей папке NETLOGON — потому что под этим именем расшаривается
папка Scripts в SYSVOL, а она у вас отсутствует.

А ещё при следующем запуске Службы репликации файлов (NtFrs), если вы её не отключили, этот параметр в реестре будет сброшен — и у вас всё вернётся назад.

Поэтому потрудитесь исправить ошибку.

Для начала обязательно сделайте резервную копию содержимого SYSVOL (С:WINDOWSSYSVOLDOMAIN, там должны быть папки Policies и Scripts) на старом КД. Далее, посмотрите на нём в журнале событий Службы репликации файлов наличие
ошибок или предупреждений. Если их не увидите — перезапустите эту службу и через 15-30 минут посмотрите снова: некоторые ошибки проявляются не сразу и записываются в журнал только однократно после запуска службы.

Что делать далее — зависит от того, что обнаружится в журнале. Если там обнаружится наиболее частая ошибка — JRNL_WRAP_ERROR — то можно попробовать произвести автоматическое восстановление, как описано в самом событии. Обычно
помогает, но есть шанс потерять данные SYSVOL (потому я написал про резервную копию). Более надёжным в таких случаях является полномочное восстановление SYSVOL — запуск службы NtFrs с установленным в значение D4(шестнадцатеричное)
параметром реестра

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNtFrsParametersBackup/RestoreProcess at StartupBurFlags. Именно это можно будет проделать и в случае пропадания данных из SYSVOL — только предварительно нужно будет остановить службу
NtFrs и скопировать обратно данные из резервной копии.

При других ошибках действия должны быть другие, потому, встретив их, не стоит выполнять вышеописанные советы «на всякий случай».

Слава России!

Помечено в качестве ответа
IlyaBratskiy
20 июля 2016 г. 12:52

Здравствуйте.
Где то с пару недель как появилась странность в работе Active Directory (2 контроллера с Windows Server 2016)
При подключении к оснастке управление компьютером к машинам на Windows XP находящихся в домене через контроллер домена, выходит ошибка:

На машинах с Windows 7 и выше таких проблем не было замечено. Примечательно, еще в пару месяцев назад к Windows XP подключался без проблем.
Если подключаться к Windows XP оснастке по IP адресу, управление запускается спокойно, ни на что не ругаясь. Что навивает на мысль что проблем с DNS (роль которого есть у двух контроллеров домена).
В случае удачного подключения, в журнале событий выходит ошибка в журнале «Система»:

Говоря о том что на машине как я понял не запущен RPC сервер что было проверено, службы работают.
dcdiag с первого контроллера

Кликните здесь для просмотра всего текста

Код

      Запуск проверки: Services
            Недопустимый тип службы: w32time на SRV-DC-ASUTP01, текущее
            значение - WIN32_OWN_PROCESS, ожидаемое значение -
            WIN32_SHARE_PROCESS
         ......................... SRV-DC-ASUTP01 - не пройдена проверка
         Services
      Запуск проверки: SystemLog
         Возникла ошибка. Код события (EventID): 0x00002720 (таких ошибок много)
            Время создания: 02/15/2023   09:32:13
            Строка события:
            Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID 
         Возникла ошибка. Код события (EventID): 0x0000272C
            Время создания: 02/15/2023   10:30:23
            Строка события:
            Не удалось установить связь DCOM с компьютером fec0:0:0:ffff::1 через какой-либо из настроенных протоколов; запрос от PID     2380 (C:Windowssystem32dcdiag.exe).
         Возникла ошибка. Код события (EventID): 0x0000272C
            Время создания: 02/15/2023   10:30:35
            Строка события:
            Не удалось установить связь DCOM с компьютером fec0:0:0:ffff::2 через какой-либо из настроенных протоколов; запрос от PID     2380 (C:Windowssystem32dcdiag.exe).
         Возникла ошибка. Код события (EventID): 0x0000272C
            Время создания: 02/15/2023   10:30:47
            Строка события:
            Не удалось установить связь DCOM с компьютером fec0:0:0:ffff::3 через какой-либо из настроенных протоколов; запрос от PID     2380 (C:Windowssystem32dcdiag.exe).
         ......................... SRV-DC-ASUTP01 - не пройдена проверка

dcdiag с второго контроллера

Кликните здесь для просмотра всего текста

Код

      Запуск проверки: SystemLog
         Возникла ошибка. Код события (EventID): 0x0000272C
            Время создания: 02/15/2023   10:19:32
            Строка события:
            Не удалось установить связь DCOM с компьютером fec0:0:0:ffff::1 через какой-либо из настроенных протоколов; запрос от PID     1b70 (C:Windowssystem32dcdiag.exe).
         Возникла ошибка. Код события (EventID): 0x0000272C
            Время создания: 02/15/2023   10:19:44
            Строка события:
            Не удалось установить связь DCOM с компьютером fec0:0:0:ffff::2 через какой-либо из настроенных протоколов; запрос от PID     1b70 (C:Windowssystem32dcdiag.exe).
         Возникла ошибка. Код события (EventID): 0x0000272C
            Время создания: 02/15/2023   10:19:56
            Строка события:
            Не удалось установить связь DCOM с компьютером fec0:0:0:ffff::3 через какой-либо из настроенных протоколов; запрос от PID     1b70 (C:Windowssystem32dcdiag.exe).
         Возникла ошибка. Код события (EventID): 0x0000272C
            Время создания: 02/15/2023   10:24:30
            Строка события:
            Не удалось установить связь DCOM с компьютером fec0:0:0:ffff::1 через какой-либо из настроенных протоколов; запрос от PID      6c8 (C:Windowssystem32dcdiag.exe).
       ......................... SRV-DC-ASUTP02 - не пройдена проверка
         SystemLog

dcdiag /test:dns с первого контроллера

Кликните здесь для просмотра всего текста

Код

Адаптер [00000001] vmxnet3 Ethernet Adapter:
MAC address is 00:50:56:8C:78:BB
IP-адрес является статическим 
IP address: 10.240.96.251, fe80::1c80:42ec:7883:bf51
DNS-серверы:
10.240.96.250 (SRV-DC-ASUTP01) [Valid]
10.240.96.251 (SRV-DC-ASUTP02) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information: 
fec0:0:0:ffff::1 (<name unavailable>) [Invalid (unreachable)] 
fec0:0:0:ffff::2 (<name unavailable>) [Invalid (unreachable)] 
fec0:0:0:ffff::3 (<name unavailable>) [Invalid (unreachable)] 
Ошибка. Все пересылки в списке пересылок недопустимы.
Root hint Information: 
Name: A.ROOT-SERVERS.NET. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: B.ROOT-SERVERS.NET. IP: 2001:500:84::b [Invalid (unreachable)]
Name: C.ROOT-SERVERS.NET. IP: 2001:500:2::c [Invalid (unreachable)]
Name: D.ROOT-SERVERS.NET. IP: 2001:500:2d::d [Invalid (unreachable)]
Name: E.ROOT-SERVERS.NET. IP: 192.203.230.10 [Valid]
Name: F.ROOT-SERVERS.NET. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: G.ROOT-SERVERS.NET. IP: 192.112.36.4 [Valid]
Name: H.ROOT-SERVERS.NET. IP: 2001:500:1::53 [Invalid (unreachable)]
Name: I.ROOT-SERVERS.NET. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: J.ROOT-SERVERS.NET. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: K.ROOT-SERVERS.NET. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: L.ROOT-SERVERS.NET. IP: 2001:500:9f::42 [Invalid (unreachable)]
Name: M.ROOT-SERVERS.NET. IP: 2001:dc3::35 [Invalid (unreachable)]
Отчет о результатах проверки DNS-серверов, используемых приведенными
выше контроллерами домена:     
DNS-сервер: 2001:500:1::53 (H.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]               
DNS-сервер: 2001:500:2::c (C.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]              
DNS-сервер: 2001:500:2d::d (D.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:500:2f::f (F.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:500:84::b (B.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:500:9f::42 (L.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:503:ba3e::2:30 (A.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:503:c27::2:30 (J.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:7fd::1 (K.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:7fe::53 (I.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:dc3::35 (M.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: fec0:0:0:ffff::1 (<name unavailable>)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::1               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: fec0:0:0:ffff::2 (<name unavailable>)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::2               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: fec0:0:0:ffff::3 (<name unavailable>)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::3               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 10.240.96.250 (SRV-DC-ASUTP01)
Все проверки для данного DNS-сервера пройдены
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered 
DNS-сервер: 10.240.96.251 (SRV-DC-ASUTP02)
Все проверки для данного DNS-сервера пройдены
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered 
DNS-сервер: 192.112.36.4 (G.ROOT-SERVERS.NET.)
Все проверки для данного DNS-сервера пройдены
DNS-сервер: 192.203.230.10 (E.ROOT-SERVERS.NET.)
Все проверки для данного DNS-сервера пройдены
Отчет по результатам проверки DNS:
Auth Basc Forw Del  Dyn  RReg Ext
_________________________________________________________________
Домен: asutp.local
SRV-DC-ASUTP01               PASS PASS FAIL PASS PASS PASS n/a  
SRV-DC-ASUTP02               PASS PASS FAIL PASS PASS PASS n/a  
......................... asutp.local - не пройдена проверка DNS

dcdiag /test:dns с второго контроллера

Кликните здесь для просмотра всего текста

Код

Адаптер [00000001] vmxnet3 Ethernet Adapter:
MAC address is 00:50:56:8C:E5:57
IP-адрес является статическим 
IP address: 10.240.96.250, fe80::d86b:905d:d842:c27b
DNS-серверы:
10.240.96.250 (SRV-DC-ASUTP01) [Valid]
10.240.96.251 (SRV-DC-ASUTP02) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information: 
fec0:0:0:ffff::1 (<name unavailable>) [Invalid (unreachable)] 
fec0:0:0:ffff::2 (<name unavailable>) [Invalid (unreachable)] 
fec0:0:0:ffff::3 (<name unavailable>) [Invalid (unreachable)] 
Ошибка. Все пересылки в списке пересылок недопустимы.
Root hint Information: 
Name: A.ROOT-SERVERS.NET. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: B.ROOT-SERVERS.NET. IP: 2001:500:84::b [Invalid (unreachable)]
Name: C.ROOT-SERVERS.NET. IP: 2001:500:2::c [Invalid (unreachable)]
Name: D.ROOT-SERVERS.NET. IP: 2001:500:2d::d [Invalid (unreachable)]
Name: E.ROOT-SERVERS.NET. IP: 192.203.230.10 [Valid]
Name: F.ROOT-SERVERS.NET. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: G.ROOT-SERVERS.NET. IP: 192.112.36.4 [Valid]
Name: H.ROOT-SERVERS.NET. IP: 2001:500:1::53 [Invalid (unreachable)]
Name: I.ROOT-SERVERS.NET. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: J.ROOT-SERVERS.NET. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: K.ROOT-SERVERS.NET. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: L.ROOT-SERVERS.NET. IP: 2001:500:9f::42 [Invalid (unreachable)]
Name: M.ROOT-SERVERS.NET. IP: 2001:dc3::35 [Invalid (unreachable)]
Отчет о результатах проверки DNS-серверов, используемых приведенными
выше контроллерами домена:
DNS-сервер: 2001:500:1::53 (H.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:500:2::c (C.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:500:2d::d (D.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:500:2f::f (F.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:500:84::b (B.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:500:9f::42 (L.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:503:ba3e::2:30 (A.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:503:c27::2:30 (J.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:7fd::1 (K.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:7fe::53 (I.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 2001:dc3::35 (M.ROOT-SERVERS.NET.)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: fec0:0:0:ffff::1 (<name unavailable>)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::1               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: fec0:0:0:ffff::2 (<name unavailable>)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::2               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: fec0:0:0:ffff::3 (<name unavailable>)
2 - проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::3               [Error details: 1460 (Type: Win32 - Description: Возврат из операции произошел из-за превышения времени ожидания.)]
DNS-сервер: 10.240.96.250 (SRV-DC-ASUTP01)
Все проверки для данного DNS-сервера пройдены
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered 
DNS-сервер: 10.240.96.251 (SRV-DC-ASUTP02)
Все проверки для данного DNS-сервера пройдены
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered 
DNS-сервер: 192.112.36.4 (G.ROOT-SERVERS.NET.)
Все проверки для данного DNS-сервера пройдены
DNS-сервер: 192.203.230.10 (E.ROOT-SERVERS.NET.)
Все проверки для данного DNS-сервера пройдены
Отчет по результатам проверки DNS:
Auth Basc Forw Del  Dyn  RReg Ext
_________________________________________________________________
Домен: asutp.local
SRV-DC-ASUTP02               PASS PASS FAIL PASS PASS PASS n/a  
SRV-DC-ASUTP01               PASS PASS FAIL PASS PASS PASS n/a  
......................... asutp.local - не пройдена проверка DNS

Posted by ZooM_00 2019-03-03T11:52:24Z

Hi,

I have AD installed on
two DCs, running Server 2016,

I faced issues with
GPOs replication, and when trouble shooting it, I found that the location for SysVol
on one of the DCs is not defined, I wasn’t the one who did the installation, so
I’m not sure if that is really the case,

When running repadmin
/Syncall, I get no errors

Screen shots
attached,

Zoom,

27 Replies

Interesting topic. Subscribed so I too can learn from it.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

I Wonder if there’s a way to delete this replication group and re-create it, and if that would actually solve the issue,

However, I can’t seem to find a way to delete it

Was this post helpful?
thumb_up
thumb_down
You won’t be be able to manage Sysvol with the dfsrdiag command or the DFS console. It is a protected replication group.

For troubleshooting please post the output this. From a known good DC and the one that is not working. You can obfuscate the DC names as you see fit.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

You won’t be be able to manage Sysvol with the dfsrdiag command or the DFS console. It is a protected replication group.

For troubleshooting please post the output this. From a known good DC and the one that is not working. You can obfuscate the DC names as you see fit.

Hi Justin,

Thank you for your reply,

output below, I believe that FRS is not configured and supposed not to be working, I don’t understand why it’s flagged as an error,

Can you advise on next step?

Zoom,

Was this post helpful?
thumb_up
thumb_down
Have you migrated from FRS to DFSR and did the migration succeed? One of the errors above is the FRS service being disabled which it shouldn’t be unless your DFSR migration was done and was successful.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

This is the output when running the command on AD02

Was this post helpful?
thumb_up
thumb_down
Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

Was this post helpful?
thumb_up
thumb_down

OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

Setting DC1 DNS to: DC2 then DC1

and DC2 to: DC1 then DC2 seems to have caused me many issues,

My DC1 was set to 127.0.0.1 only, DC2 was DC1 then DC2

Forwarder was configured to 8.8.8.8 on both DNS servers

below is output of dcdiag /v /c /e /q after the modification of DNS

Text

C:UsersUser.MYDOMAIN>dcdiag /v /c /e /q
[MYDOMAIN-AD01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
** Did not run Outbound Secure Channels test because /testdomain: was not entered
Invalid service startup type: NtFrs on MYDOMAIN-AD01, current value DISABLED, expected value AUTO_START
NtFrs Service is stopped on [MYDOMAIN-AD01]
......................... MYDOMAIN-AD01 failed test Services
An error event occurred. EventID: 0x80001778
Time Generated: 03/03/2019 20:49:08
Event String: The previous system shutdown at 8:42:23 PM on 3/3/2019 was unexpected.
An error event occurred. EventID: 0xC004002E
Time Generated: 03/03/2019 20:47:45
Event String: Crash dump initialization failed!
An error event occurred. EventID: 0x00000029
Time Generated: 03/03/2019 20:47:47
Event String:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
An error event occurred. EventID: 0x0000410B
Time Generated: 03/03/2019 20:49:45
Event String:
The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:51:00
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 20:55:37
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1b0c (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:58:14
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 21:03:43
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:05:06
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1adc (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:05:06
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1adc (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:16:30
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1940 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:16:30
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1940 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 21:25:05
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 03/03/2019 21:27:29
Event String:
The session setup from the computer PC1-A213 failed to authenticate. The following error occurred:
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:32:54
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1870 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:32:54
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1870 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:36:40
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1aa0 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:36:40
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1aa0 (C:Windowssystem32dcdiag.exe).
......................... MYDOMAIN-AD01 failed test SystemLog
Some objects relating to the DC MYDOMAIN-AD01 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MYDOMAIN-AD01,OU=Domain Controllers,DC=ad,DC=MYDOMAIN,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... MYDOMAIN-AD01 failed test VerifyReferences
[MYDOMAIN-AD02] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... MYDOMAIN-AD02 failed test DFSREvent
** Did not run Outbound Secure Channels test because /testdomain: was not entered
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:46:51
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:46:52
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:46:52
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:49:00
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:49:02
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000410B
Time Generated: 03/03/2019 20:49:50
Event String:
The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:49:56
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:49:58
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000168E
Time Generated: 03/03/2019 20:50:13
Event String:
The dynamic registration of the DNS record '_ldap._tcp.Azure._sites.ad.MYDOMAIN.com. 600 IN SRV 0 100 389 MYDOMAIN-AD02.ad.MYDOMAIN.com.' failed on the following DNS server:
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 20:54:52
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 20:56:32
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1ba8 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:58:13
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:59:25
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:59:31
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:59:34
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:00:48
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1a28 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 21:01:14
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 21:01:35
Event String:
The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 21:09:57
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 03/03/2019 21:12:07
Event String:
The session setup from the computer PC1-A213 failed to authenticate. The following error occurred:
......................... MYDOMAIN-AD02 failed test SystemLog

Do you have any handy tutorial on how to troubleshoot and fix DNS in such cases?

I feel like things are getting more and more complicated!

Zoom,

Was this post helpful?
thumb_up
thumb_down

OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Have you migrated from FRS to DFSR and did the migration succeed? One of the errors above is the FRS service being disabled which it shouldn’t be unless your DFSR migration was done and was successful.

This is a recent setup, I believe FRS was never configured here, they went directly to DFSR

Was this post helpful?
thumb_up
thumb_down
I still think you have external DNS set on the DC’s — DCDiag is complaining about 8.8.8.8 and another external address. It shouldn’t be doing that unless those addresses are configured somewhere outside of the Forwarder’s tab.

It’s also complaining that the FRS service is disabled. If you really are using DFSR it shouldn’t complain about that service being disabled.

See what

Dfsrmig /getmigrationstate shows.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim
Da_Schmoo wrote:

Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

It’s mentioned here Opens a new window, that :
Text
```
If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.
```
I found that loopback ip is the only DNS server for my DC01, I’ll put more time into DNS tomorrow, I’m done for today!!

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

I still think you have external DNS set on the DC’s — DCDiag is complaining about 8.8.8.8 and another external address. It shouldn’t be doing that unless those addresses are configured somewhere outside of the Forwarder’s tab.

It’s also complaining that the FRS service is disabled. If you really are using DFSR it shouldn’t complain about that service being disabled.

See what

Dfsrmig /getmigrationstate shows.

I get your point, Migstate indicates that AD is in Start state, yet globalstate indicates that it’s in eliminated state:

Was this post helpful?
thumb_up
thumb_down
The results on any of the diagnostic tools are suspect until your get your DNS in order.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

The results on any of the diagnostic tools are suspect until your get your DNS in order.

I Agree,

To Sum it up:

DC1 DNS should be: DC2 then Loopback IP

DC2 DNS: DC1 then Loopback IP

8.8.8.8 should only be configured like this:

A restart for both DCs then? anything else?

I really appreciate you support, thank you,

Zoom,

Was this post helpful?
thumb_up
thumb_down
That looks right.

Was this post helpful?
thumb_up
thumb_down

OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

So I revised my DNS configs:

output:

Text

C:UsersUser>dcdiag /v /c /e /q
[MYDOMAIN-AD01] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
An error event occurred. EventID: 0xC0000827
Time Generated: 03/03/2019 22:30:04
Event String:
Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
......................... MYDOMAIN-AD01 failed test KccEvent
** Did not run Outbound Secure Channels test because /testdomain: was not entered
Invalid service startup type: NtFrs on MYDOMAIN-AD01, current value DISABLED, expected value AUTO_START
NtFrs Service is stopped on [MYDOMAIN-AD01]
......................... MYDOMAIN-AD01 failed test Services
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:28:28
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:34:07
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 22:39:17
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1244 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 22:39:17
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1244 (C:Windowssystem32dcdiag.exe).
......................... MYDOMAIN-AD01 failed test SystemLog
Some objects relating to the DC MYDOMAIN-AD01 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MYDOMAIN-AD01,OU=Domain Controllers,DC=ad,DC=MYDOMAIN,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... MYDOMAIN-AD01 failed test VerifyReferences
[MYDOMAIN-AD02] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy
problems.
......................... MYDOMAIN-AD02 failed test DFSREvent
An error event occurred. EventID: 0xC0000827
Time Generated: 03/03/2019 22:29:47
Event String:
Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
......................... MYDOMAIN-AD02 failed test KccEvent
** Did not run Outbound Secure Channels test because /testdomain: was not entered
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:28:27
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 22:29:35
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:29:42
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:31:00
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 22:40:33
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 22:40:55
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 16bc (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 22:40:55
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 16bc (C:Windowssystem32dcdiag.exe).
......................... MYDOMAIN-AD02 failed test SystemLog
Test results for domain controllers:
DC: MYDOMAIN-AD01.ad.MYDOMAIN.com
Domain: ad.MYDOMAIN.com
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network adapters
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: ad.MYDOMAIN.com
MYDOMAIN-AD01 PASS WARN PASS PASS PASS FAIL n/a
......................... ad.MYDOMAIN.com failed test DNS

Dfsrmig /getmigrationstate still reports AD01 to be in «start» State,

@Da_schmoo

Could you please let me know if there’s anything dangerous that might cause my DC to cease working?

Zoom,

Was this post helpful?
thumb_up
thumb_down

Set the startup type of the File Replication Service to Automatic and start it. Some of your errors are because of that.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Running: Repadmin /Syncall and Repadmin /Syncall /AdeP returned no errors

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Set the startup type of the File Replication Service to Automatic and start it. Some of your errors are because of that.

It won’t start

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Missing with the «CN=DFSR-LocalSettings» led the following:

Is there a way to set up DFSR from scratch? or is it time to buy a Microsoft Incident Support ticket?

Was this post helpful?
thumb_up
thumb_down
adam344

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

New contributor
sonora

I am actually having the very same issue. We had an existing 2012 server, implemented a 2019 server, dcpromo and sysvol is having issues. Almost identical to what you’re experiencing.

1 found this helpful
thumb_up
thumb_down
I think your issue is your FRS to DFSR migration didn’t complete. One server thinks it’s done, the other doesn’t. This is likely due to your DNS not being configured properly. Getting the file replication service running on the server it isn’t may let the process complete or you might be able to restart the process.

I’d focus on seeing why you can’t start the service — System Event Log may give an answer to that.

As far as dropping the $500 to have Microsoft fix the issue — I think you’re past the point where I would have done that but I’d try to fix the FRS service issue myself first.

1 found this helpful
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

adam344 wrote:

I am actually having the very same issue. We had an existing 2012 server, implemented a 2019 server, dcpromo and sysvol is having issues. Almost identical to what you’re experiencing.

The case for me is different, the setup is new, implemented immediately on W2k16, no upgrades, nothing. It was done for my client by an IT service provider, signed off, and considered operational, I just took over the project.

I have no idea if FRS was ever configured or no, replication never actually worked. But I just found out now after joining 2k+ pcs, I found out when we started creating GPOs.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

I think your issue is your FRS to DFSR migration didn’t complete. One server thinks it’s done, the other doesn’t. This is likely due to your DNS not being configured properly. Getting the file replication service running on the server it isn’t may let the process complete or you might be able to restart the process.

I’d focus on seeing why you can’t start the service — System Event Log may give an answer to that.

As far as dropping the $500 to have Microsoft fix the issue — I think you’re past the point where I would have done that but I’d try to fix the FRS service issue myself first.

I tried going through the migration, set state to 1,2,3. but always returning that the selected state is invalid.

I don’t know how to troubleshoot the DNS, or how to start, I did exactly as you recommended, can you recommend any articles for that?

As I said earlier, I doubt that the FRS service ever worked.

What is the worst case scenario here? would demoting a DC, cleaning it up, and promoting it again solve the issue?

Zoom,

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Microsoft has been working on this for two days now, and it doesn’t seem that they are close to solve it

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Finally I received a procedure from MS to fix this, tested it on my lab environment, it worked fine,

Gonna do it during weekend, and will post the method and result after that

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Hello,

Finally I got this solved with Microsoft support,

I’ve published a «How-To» to explain the solution, find it here:

https://community.spiceworks.com/how_to/160786-how-to-re-build-sysvol-dfsr-replication-group-without…

Was this post helpful?
thumb_up
thumb_down

Read these next…

Snap! — Artemis 2 Commander, Lying Cameras, Catan, Glasses that Read Lips

Spiceworks Originals

Your daily dose of tech news, in brief.

Welcome to the Snap!

Flashback: April 10, 2002: The Space Sciences Laboratory at UC Berkeley launched BOINC (Read more HERE.)

Bonus Flashback: April 10, 1981: Columbia Space Shuttle Initial Launch D…
Firewall for Lan network configuration?

Security

Hi,I heard that is better aproach to configure 1 firewall as a WAN and another as a LAN(routed or transparent)I am little confused about why is necesarry a firewall for LAN isn’t a router like cisco could filter using ACL or use the same firewall for WAN …
Nerd Journey # 212 — Seek and Embrace Flexibility with Leah White (1/2)

Best Practices & General IT

Is there a difference between recruiting and sourcing? Before talking to Leah White (the guest in this episode), I certainly didn’t know the answer to the question. When the plans made for her life had to change from the way she originally imagined, Lea…
Potentially changing jobs to an MSP…

IT & Tech Careers

So my department at the company I’ve been with for 17 years is being outsourced, so I’m in the job market. I have an offer from a local MSP, but I’ve never worked in a billable hours type of environment — all of my professional career has been in orgs.Tho…
Spark! Pro series – 10th April 2023

Spiceworks Originals

Hope you all had a great Easter Weekend. And happy Dyngus Day. Not sure what a Dyngus is… but I seem to
remember my mom calling me a Dyngus… I better go look that up. (Turns out, I think she was using it wrong, …

Environment:

1 VM Windows Server 2012 as AD

1 VM Windows Server 2012 as FS

Errors:

C:Usersfrank>dcdiag

Directory Server Diagnosis

Performing initial setup:
Trying to find home server…
Home Server = SGcompanyAD01
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: company-SGSGcompanyAD01
Starting test: Connectivity
……………………. SGcompanyAD01 passed test Connectivity

Doing primary tests

Testing server: company-SGSGcompanyAD01
Starting test: Advertising
……………………. SGcompanyAD01 passed test Advertising
Starting test: FrsEvent
……………………. SGcompanyAD01 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
……………………. SGcompanyAD01 failed test DFSREvent
Starting test: SysVolCheck
……………………. SGcompanyAD01 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000603
Time Generated: 05/30/2018 11:44:22
Event String:
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.
A warning event occurred. EventID: 0x80000B46
Time Generated: 05/30/2018 11:44:32
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and
LDAP simple binds that are performed on a clear text (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
A warning event occurred. EventID: 0x8000082C
Time Generated: 05/30/2018 11:45:33
Event String:
……………………. SGcompanyAD01 passed test KccEvent
Starting test: KnowsOfRoleHolders
……………………. SGcompanyAD01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
……………………. SGcompanyAD01 passed test MachineAccount
Starting test: NCSecDesc
……………………. SGcompanyAD01 passed test NCSecDesc
Starting test: NetLogons
[SGcompanyAD01] User credentials does not have permission to perform this operation.
The account used for this test must have network logon privileges
for this machine’s domain.
……………………. SGcompanyAD01 failed test NetLogons
Starting test: ObjectsReplicated
……………………. SGcompanyAD01 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SGcompanyAD01] A recent replication attempt failed:
From SGcompanyFS01 to SGcompanyAD01
Naming Context: CN=Schema,CN=Configuration,DC=company-SG,DC=LOCAL
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2018-05-30 11:45:02.
The last success occurred at 2018-05-30 10:56:06.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SGcompanyAD01] A recent replication attempt failed:
From SGcompanyFS01 to SGcompanyAD01
Naming Context: CN=Configuration,DC=company-SG,DC=LOCAL
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2018-05-30 11:45:02.
The last success occurred at 2018-05-30 10:56:06.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
……………………. SGcompanyAD01 failed test Replications
Starting test: RidManager
……………………. SGcompanyAD01 passed test RidManager
Starting test: Services
Could not open NTDS Service on SGcompanyAD01, error 0x5 «Access is denied.»
……………………. SGcompanyAD01 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 05/30/2018 11:03:04
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 05/30/2018 11:43:59
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 05/30/2018 11:44:00
Event String:
The server {4EDD6725-7003-4120-A0BB-BBDEBA704FB7} did not register with DCOM within the required timeout.
A warning event occurred. EventID: 0x000727A5
Time Generated: 05/30/2018 11:44:04
Event String: The WinRM service is not listening for WS-Management requests.
An error event occurred. EventID: 0xC0001B70
Time Generated: 05/30/2018 11:44:04
Event String: The CentraStage service terminated with the following service-specific error:
A warning event occurred. EventID: 0x80040020
Time Generated: 05/30/2018 11:44:22
Event String:
The driver detected that the device DeviceHarddisk0DR0 has its write cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 05/30/2018 11:44:22
Event String:
The driver detected that the device DeviceHarddisk0DR0 has its write cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 05/30/2018 11:44:22
Event String:
The driver detected that the device DeviceHarddisk0DR0 has its write cache enabled. Data corruption may occur.
An error event occurred. EventID: 0xC00110F1
Time Generated: 05/30/2018 11:44:40
Event String: The WINS Server could not initialize security to allow the read-only operations.
A warning event occurred. EventID: 0x000727AA
Time Generated: 05/30/2018 11:44:42
Event String:
The WinRM service failed to create the following SPNs: WSMAN/SGcompanyAD01.company-SG.LOCAL; WSMAN/SGcompanyAD01.
A warning event occurred. EventID: 0x0000000C
Time Generated: 05/30/2018 11:44:44
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in
the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the
authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
An error event occurred. EventID: 0x00002720
Time Generated: 05/30/2018 11:45:21
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
……………………. SGcompanyAD01 failed test SystemLog
Starting test: VerifyReferences
……………………. SGcompanyAD01 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation

Running partition tests on : company-SG
Starting test: CheckSDRefDom
……………………. company-SG passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. company-SG passed test CrossRefValidation

Running enterprise tests on : company-SG.LOCAL
Starting test: LocatorCheck
……………………. company-SG.LOCAL passed test LocatorCheck
Starting test: Intersite
……………………. company-SG.LOCAL passed test Intersite

Moved by

Wednesday, May 30, 2018 6:33 PM
From ADFS

Здравствуйте!

Купили новые сервера решили перенести DC на новые физ. сервера, начал с сервера с именем DC1, поднял на новый сервер с именем DC2 после того
как поднял, понизил контроллер домена DC1 и удалил с него роли согласно этой статьи

https://technet.microsoft.com/en-us/library/jj574104.aspx

Теперь решил провести тесты dcdiag /e вот результат помогите пожалуйста.

Диагностика сервера каталогов

Выполнение начальной настройки:
Выполняется попытка поиска основного сервера…
Основной сервер = dc
* Определен лес AD.
Сбор начальных данных завершен.

Выполнение обязательных начальных проверок

Сервер проверки: Default-First-Site-NameDC
Запуск проверки: Connectivity
……………………. DC — пройдена проверка Connectivity

Сервер проверки: Default-First-Site-NameDC2
Запуск проверки: Connectivity
……………………. DC2 — пройдена проверка Connectivity

Выполнение основных проверок

Сервер проверки: Default-First-Site-NameDC
Запуск проверки: Advertising
……………………. DC — пройдена проверка Advertising
Запуск проверки: FrsEvent
……………………. DC — пройдена проверка FrsEvent
Запуск проверки: DFSREvent
За последние 24 часа после предоставления SYSVOL в общий доступ зафиксированы предупреждения или сообщения об
ошибках. Сбои при репликации SYSVOL могут стать причиной проблем групповой политики.
……………………. DC — не пройдена проверка DFSREvent
Запуск проверки: SysVolCheck
……………………. DC — пройдена проверка SysVolCheck
Запуск проверки: KccEvent
……………………. DC — пройдена проверка KccEvent
Запуск проверки: KnowsOfRoleHolders
……………………. DC — пройдена проверка KnowsOfRoleHolders
Запуск проверки: MachineAccount
……………………. DC — пройдена проверка MachineAccount
Запуск проверки: NCSecDesc
……………………. DC — пройдена проверка NCSecDesc
Запуск проверки: NetLogons
[DC] В учетных данных пользователя отсутствует разрешение на выполнение данной операции.
Учетная запись, используемая для этой проверки, должна иметь права на вход в сеть
для домена данного компьютера.
……………………. DC — не пройдена проверка NetLogons
Запуск проверки: ObjectsReplicated
……………………. DC — пройдена проверка ObjectsReplicated
Запуск проверки: Replications
[Проверка репликации,DC] Сбой функции DsReplicaGetInfo(PENDING_OPS, NULL), ошибка 0x2105
«Доступ к репликации отвергнут.»
……………………. DC — не пройдена проверка Replications
Запуск проверки: RidManager
……………………. DC — пройдена проверка RidManager
Запуск проверки: Services
Не удалось открыть службу NTDS в DC, ошибка 0x5 «Отказано в доступе.»
……………………. DC — не пройдена проверка Services
Запуск проверки: SystemLog
Возникла ошибка. Код события (EventID): 0x000016AD
Время создания: 05/26/2015 08:17:01
Строка события:
Не удалось выполнить проверку подлинности для сеанса компьютера FARHADSHIN_DR. Произошла следующая ошибка:
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 05/26/2015 08:17:41
Строка события:
Не удалось установить связь DCOM с компьютером DC2.smpng.ru через какой-либо из настроенных протоколов; запр
ос от PID 1238 (C:Windowssystem32ServerManager.exe).
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 05/26/2015 08:17:41
Строка события:
Не удалось установить связь DCOM с компьютером DC2.smpng.ru через какой-либо из настроенных протоколов; запр
ос от PID 1238 (C:Windowssystem32ServerManager.exe).
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 05/26/2015 08:17:41
Строка события:
Не удалось установить связь DCOM с компьютером DC2.smpng.ru через какой-либо из настроенных протоколов; запр
ос от PID 1238 (C:Windowssystem32ServerManager.exe).
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 05/26/2015 08:17:41
Строка события:
Не удалось установить связь DCOM с компьютером DC2.smpng.ru через какой-либо из настроенных протоколов; запр
ос от PID 1238 (C:Windowssystem32ServerManager.exe).
Возникла ошибка. Код события (EventID): 0x0000165B
Время создания: 05/26/2015 08:40:55
Строка события:
Не удалось установить сеанс с компьютера «FARHUTDINOV_AV», так как указанная компьютером учетная запись дове
рия «FARHUTDINOV_AV$» отсутствует в базе данных безопасности.
Возникла ошибка. Код события (EventID): 0x000016AD
Время создания: 05/26/2015 08:43:00
Строка события:
Не удалось выполнить проверку подлинности для сеанса компьютера FARHUTDINOV_AV. Произошла следующая ошибка:

Возникла ошибка. Код события (EventID): 0x00009018
Время создания: 05/26/2015 09:00:47
Строка события:
Оповещение о неустранимой ошибке было создано и отправлено удаленной конечной точке. Это может привести к ра
зрыву соединения. Определенный в протоколе TLS код оповещения о неустранимой ошибке: 10. Состояние ошибки Windows SChann
el: 1203.
Возникла ошибка. Код события (EventID): 0x00009018
Время создания: 05/26/2015 09:00:52
Строка события:
Оповещение о неустранимой ошибке было создано и отправлено удаленной конечной точке. Это может привести к ра
зрыву соединения. Определенный в протоколе TLS код оповещения о неустранимой ошибке: 10. Состояние ошибки Windows SChann
el: 1203.
……………………. DC — не пройдена проверка SystemLog
Запуск проверки: VerifyReferences
……………………. DC — пройдена проверка VerifyReferences

Сервер проверки: Default-First-Site-NameDC2
Запуск проверки: Advertising
……………………. DC2 — пройдена проверка Advertising
Запуск проверки: FrsEvent
……………………. DC2 — пройдена проверка FrsEvent
Запуск проверки: DFSREvent
Не удалось запросить журнал событий DFS Replication на сервере DC2.smpng.ru, ошибка 0x6ba
«Сервер RPC недоступен.»
……………………. DC2 — не пройдена проверка DFSREvent
Запуск проверки: SysVolCheck
……………………. DC2 — пройдена проверка SysVolCheck
Запуск проверки: KccEvent
Не удалось запросить журнал событий Directory Service на сервере DC2.smpng.ru, ошибка 0x6ba
«Сервер RPC недоступен.»
……………………. DC2 — не пройдена проверка KccEvent
Запуск проверки: KnowsOfRoleHolders
……………………. DC2 — пройдена проверка KnowsOfRoleHolders
Запуск проверки: MachineAccount
……………………. DC2 — пройдена проверка MachineAccount
Запуск проверки: NCSecDesc
……………………. DC2 — пройдена проверка NCSecDesc
Запуск проверки: NetLogons
……………………. DC2 — пройдена проверка NetLogons
Запуск проверки: ObjectsReplicated
……………………. DC2 — пройдена проверка ObjectsReplicated
Запуск проверки: Replications
……………………. DC2 — пройдена проверка Replications
Запуск проверки: RidManager
……………………. DC2 — пройдена проверка RidManager
Запуск проверки: Services
……………………. DC2 — пройдена проверка Services
Запуск проверки: SystemLog
Не удалось запросить журнал событий System на сервере DC2.smpng.ru, ошибка 0x6ba «Сервер RPC недоступен.»
……………………. DC2 — не пройдена проверка SystemLog
Запуск проверки: VerifyReferences
……………………. DC2 — пройдена проверка VerifyReferences

Выполнение проверок разделов на: ForestDnsZones
Запуск проверки: CheckSDRefDom
……………………. ForestDnsZones — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. ForestDnsZones — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: DomainDnsZones
Запуск проверки: CheckSDRefDom
……………………. DomainDnsZones — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. DomainDnsZones — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: Schema
Запуск проверки: CheckSDRefDom
……………………. Schema — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. Schema — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: Configuration
Запуск проверки: CheckSDRefDom
……………………. Configuration — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. Configuration — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: smpng
Запуск проверки: CheckSDRefDom
……………………. smpng — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. smpng — пройдена проверка CrossRefValidation

Выполнение проверок предприятия на: smpng.ru
Запуск проверки: LocatorCheck
……………………. smpng.ru — пройдена проверка LocatorCheck
Запуск проверки: Intersite
……………………. smpng.ru — пройдена проверка Intersite

Okay, so I did some DNS cleaning last night, and ran the DCDIAG command again this morning and this time, i have new errors but the prior ones were gone. See below:

Text

C:Windowssystem32>dcdiag /v /q /a
An error event occurred.  EventID: 0xC00010DF
Time Generated: 11/26/2020   09:25:35
Event String:
A duplicate name has been detected on the TCP network.  The IP addre
ss of the computer that sent the message is in the data. Use nbtstat -n in a com
mand window to see which name is in the Conflict state.
An error event occurred.  EventID: 0xC00010DF
Time Generated: 11/26/2020   09:26:05
Event String:
A duplicate name has been detected on the TCP network.  The IP addre
ss of the computer that sent the message is in the data. Use nbtstat -n in a com
mand window to see which name is in the Conflict state.
An error event occurred.  EventID: 0xC00010DF
Time Generated: 11/26/2020   09:37:02
Event String:
A duplicate name has been detected on the TCP network.  The IP addre
ss of the computer that sent the message is in the data. Use nbtstat -n in a com
mand window to see which name is in the Conflict state.
......................... SRVR710A failed test SystemLog

I ran the nbstat -n command and this is what it spits out:

Text

C:Windowssystem32>nbtstat -n
Ethernet 2:
Node IpAddress: [10.0.0.8] Scope Id: []
NetBIOS Local Name Table
Name               Type         Status
---------------------------------------------
SRVR300C       <20>  UNIQUE      Registered
SRVR300C       <00>  UNIQUE      Registered
JK2           <00>  GROUP       Registered
JK2           <1C>  GROUP       Registered

Trying to find the duplicate name, but have no idea where it would be. No other devices to my knowledge under that name. Anyhow, will keep looking. Thanks again for all the valued feedbacks

Was this post helpful?
thumb_up
thumb_down

Strange, I ran the DCDIAG again, and this time a new set of errors for the SRVR300C

Text

C:Windowssystem32>dcdiag /v /q /a
An error event occurred.  EventID: 0xC00010DF
Time Generated: 11/26/2020   09:25:35
Event String:
A duplicate name has been detected on the TCP network.  The IP addre
ss of the computer that sent the message is in the data. Use nbtstat -n in a com
mand window to see which name is in the Conflict state.
An error event occurred.  EventID: 0xC00010DF
Time Generated: 11/26/2020   09:26:05
Event String:
A duplicate name has been detected on the TCP network.  The IP addre
ss of the computer that sent the message is in the data. Use nbtstat -n in a com
mand window to see which name is in the Conflict state.
An error event occurred.  EventID: 0xC00010DF
Time Generated: 11/26/2020   09:37:02
Event String:
A duplicate name has been detected on the TCP network.  The IP addre
ss of the computer that sent the message is in the data. Use nbtstat -n in a com
mand window to see which name is in the Conflict state.
......................... SRVR710A failed test SystemLog
An error event occurred.  EventID: 0x0000272C
Time Generated: 11/26/2020   10:03:27
Event String:
DCOM was unable to communicate with the computer SRVR700B.JK2.local
using any of the configured protocols; requested by PID     47c0 (C:Windowssy
stem32ServerManager.exe).
An error event occurred.  EventID: 0x0000272C
Time Generated: 11/26/2020   10:03:27
Event String:
DCOM was unable to communicate with the computer SRVR700B.JK2.local
using any of the configured protocols; requested by PID     47c0 (C:Windowssy
stem32ServerManager.exe).
An error event occurred.  EventID: 0x0000272C
Time Generated: 11/26/2020   10:03:27
Event String:
DCOM was unable to communicate with the computer SRVR700B.JK2.local
using any of the configured protocols; requested by PID     47c0 (C:Windowssy
stem32ServerManager.exe).
An error event occurred.  EventID: 0x0000272C
Time Generated: 11/26/2020   10:03:28
Event String:
DCOM was unable to communicate with the computer SRVR700B.JK2.local
using any of the configured protocols; requested by PID     47c0 (C:Windowssy
stem32ServerManager.exe).
......................... SRVR300C failed test SystemLog

Was this post helpful?
thumb_up
thumb_down

Okay, resolve the new error messages that came up by rebooting the servers. Now the only error message that comes up is: The IP 10.0.0.113 is assigned to a workstation.. confused why this is relevant to the dcdiag?

Text

C:Windowssystem32>dcdiag /v /q /a
An error event occurred.  EventID: 0xC0002719
Time Generated: 11/26/2020   14:19:16
Event String:
DCOM was unable to communicate with the computer 10.0.0.113 using an
y of the configured protocols.
......................... SRVR710A failed test SystemLog

Was this post helpful?
thumb_up
thumb_down

Okay, i removed my DNS forwarders and replaced it with my local Fiber ISP DNS servers. Also cleaned up the DNS and removed old lingering DCs that was removed years ago. Rebooted the 2k8 R2 DC and rand dcdiag again, and this time only one error but I think this is related to the C drive low space, so I freed up some space and will check back tomorrow to see if any issues with the SYSVOL replication.

Text

C:Windowssystem32>dcdiag /v /q /a
There are warning or error events within the last 24 hours after the
SYSVOL has been shared.  Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SRVR710A failed test FrsEvent

Was this post helpful?
thumb_up
thumb_down

Da_Schmoo

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

mace

Windows Server Expert

check
152
Best Answers
thumb_up
720
Helpful Votes

That message just means there is an error in the System event log within the past 24 hours. You can clear the event log if you want and then it should be clean.

2 found this helpful
thumb_up
thumb_down

That message just means there is an error in the System event log within the past 24 hours. You can clear the event log if you want and then it should be clean.

Thank you. Thats what I got from a quick google search, as well. Looks like everything is good now, and I was able to successfully demote the old DC. Thanks again for everyone feedback.

1 found this helpful
thumb_up
thumb_down

C:Usersadmin>dcdiag /fix

spoiler

Диагностика сервера каталогов
Выполнение начальной настройки:
Выполняется попытка поиска основного сервера…
Основной сервер = ServerDC
* Определен лес AD.
Сбор начальных данных завершен.

Выполнение обязательных начальных проверок

Сервер проверки: Default-First-Site-NameSERVERDC
Запуск проверки: Connectivity
……………………. SERVERDC — пройдена проверка Connectivity

Выполнение основных проверок

Сервер проверки: Default-First-Site-NameSERVERDC
Запуск проверки: Advertising
……………………. SERVERDC — пройдена проверка Advertising
Запуск проверки: FrsEvent
……………………. SERVERDC — пройдена проверка FrsEvent
Запуск проверки: DFSREvent
За последние 24 часа после предоставления SYSVOL в общий доступ зафиксированы предупреждения или сообщения об ошибках. Сбои при репликации
SYSVOL могут стать причиной проблем групповой политики.
……………………. SERVERDC — не пройдена проверка DFSREvent
Запуск проверки: SysVolCheck
……………………. SERVERDC — пройдена проверка SysVolCheck
Запуск проверки: KccEvent
……………………. SERVERDC — пройдена проверка KccEvent
Запуск проверки: KnowsOfRoleHolders
……………………. SERVERDC — пройдена проверка KnowsOfRoleHolders
Запуск проверки: MachineAccount
……………………. SERVERDC — пройдена проверка MachineAccount
Запуск проверки: NCSecDesc
……………………. SERVERDC — пройдена проверка NCSecDesc
Запуск проверки: NetLogons
……………………. SERVERDC — пройдена проверка NetLogons
Запуск проверки: ObjectsReplicated
……………………. SERVERDC — пройдена проверка ObjectsReplicated
Запуск проверки: Replications
……………………. SERVERDC — пройдена проверка Replications
Запуск проверки: RidManager
……………………. SERVERDC — пройдена проверка RidManager
Запуск проверки: Services
……………………. SERVERDC — пройдена проверка Services
Запуск проверки: SystemLog
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 07/28/2020 10:39:59
Строка события:
Не удалось установить связь DCOM с компьютером 192.168.0.1 через какой-либо из настроенных протоколов; запрос от PID 13b4 (C:Windowssystem32dcdiag.exe) при активации CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 07/28/2020 10:42:24
Строка события:
Не удалось установить связь DCOM с компьютером 192.168.0.1 через какой-либо из настроенных протоколов; запрос от PID 17b0 (C:Windowssystem32dcdiag.exe) при активации CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Возникло предупреждение. Код события (EventID): 0x0000168D
Время создания: 07/28/2020 10:45:17
Строка события:
Следующий DNS-сервер, полномочный для записей локатора контроллеров доменов DNS, не поддерживает динамическое обновление DNS.
Возникло предупреждение. Код события (EventID): 0x0000168D
Время создания: 07/28/2020 10:52:03
Строка события:
Следующий DNS-сервер, полномочный для записей локатора контроллеров доменов DNS, не поддерживает динамическое обновление DNS.
Возникло предупреждение. Код события (EventID): 0x0000168D
Время создания: 07/28/2020 10:52:04
Строка события:
Следующий DNS-сервер, полномочный для записей локатора контроллеров доменов DNS, не поддерживает динамическое обновление DNS.
Возникло предупреждение. Код события (EventID): 0x0000000C
Время создания: 07/28/2020 10:52:03
Строка события:
NTP-клиент поставщика времени: этот компьютер настроен на использование доменной иерархии для определения своего источника времени, но при этом он является эмулятором основного контроллера домена Active Directory для домена в корне леса, поэтому в доменной иерархии не существует компьютера, расположенного выше, который можно использовать как источник времени. Рекомендуется настроить надежную службу времени в корневом домене или вручную настроить основной контроллер домена Active Directory для синхронизации с внешним источником времени. В противном случае этот компьютер будет выступать в роли заслуживающего доверия источника времени в доменной иерархии. Если внешний источник времени не настроен или не используется для этого компьютера, можно отключить NTP-клиент.
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 07/28/2020 10:55:36
Строка события:
Не удалось установить связь DCOM с компьютером 192.168.0.1 через какой-либо из настроенных протоколов; запрос от PID 1cac (C:Windowssystem32dcdiag.exe) при активации CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Возникло предупреждение. Код события (EventID): 0x000727A5
Время создания: 07/28/2020 11:08:21
Строка события: Служба WinRM не прослушивает запросы WS-Management.
Возникло предупреждение. Код события (EventID): 0x000003F6
Время создания: 07/28/2020 11:08:37
Строка события: Разрешение имен для имени wpad истекло после отсутствия ответа от настроенных серверов DNS.
Возникло предупреждение. Код события (EventID): 0x000003F6
Время создания: 07/28/2020 11:08:38
Строка события: Разрешение имен для имени wpad истекло после отсутствия ответа от настроенных серверов DNS.
Возникла ошибка. Код события (EventID): 0x00002710
Время создания: 07/28/2020 11:08:53
Строка события: Не удалось запустить DCOM-сервер: {9C38ED61-D565-4728-AEEE-C80952F0ECDE}.Ошибка:
Возникло предупреждение. Код события (EventID): 0x000727AA
Время создания: 07/28/2020 11:09:05
Строка события: Службе WinRM не удалось создать следующие имена участников-служб: WSMAN/ServerDC.dom.local, WSMAN/ServerDC.
Возникло предупреждение. Код события (EventID): 0x0000000C
Время создания: 07/28/2020 11:09:05
Строка события:
NTP-клиент поставщика времени: этот компьютер настроен на использование доменной иерархии для определения своего источника времени, но при этом он является эмулятором основного контроллера домена
Возникло предупреждение. Код события (EventID): 0x00001796
Время создания: 07/28/2020 11:09:48
Строка события:
Microsoft Windows Server обнаружено, что в настоящее время между клиентами и этим сервером используется проверка подлинности NTLM. Это событие возникает один раз при каждой загрузке, когда клиент первый раз использует NTLM с этим сервером.
Возникла ошибка. Код события (EventID): 0x00002720
Время создания: 07/28/2020 11:12:49
Строка события: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID
Возникло предупреждение. Код события (EventID): 0x0000168D
Время создания: 07/28/2020 11:14:19
Строка события:
Следующий DNS-сервер, полномочный для записей локатора контроллеров доменов DNS, не поддерживает динамическое обновление DNS.
……………………. SERVERDC — не пройдена проверка SystemLog
Запуск проверки: VerifyReferences
……………………. SERVERDC — пройдена проверка VerifyReferences
Выполнение проверок разделов на: ForestDnsZones
Запуск проверки: CheckSDRefDom
……………………. ForestDnsZones — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. ForestDnsZones — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: dom
Запуск проверки: CheckSDRefDom
……………………. dom — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. dom — пройдена проверка CrossRefValidation

Выполнение проверок предприятия на: dom.local
Запуск проверки: LocatorCheck
……………………. dom.local — пройдена проверка LocatorCheck
Запуск проверки: Intersite
……………………. dom.local — пройдена проверка Intersite
C:Usersadmin>

Переносил кд и ад с 2012 версии на 2019.
После переноса вроде бы все ок, но компьютеры в домен не заносятся. Грешу на проблему с сервером днс, но не знаю, куда копать и как решать. Сразу прошу прощения за глупые вопросы, новичок в Windows Server.
Доходит до ввода данных от учетной записи, а там уже пишет, что невозможно к нему подключиться. Сам сервер видно. пингуется по днс имени тоже.

За последние 24 часа после предоставления SYSVOL в общий доступ

зафиксированы предупреждения или сообщения об ошибках. Сбои при

репликации SYSVOL могут стать причиной проблем групповой политики.
……………………. MSK-DC16 — не пройдена проверка DFSREvent

Возникла ошибка. Код события (EventID): 0x0000272C

Время создания: 12/12/2019 11:29:36

Строка события:

Не удалось установить связь DCOM с компьютером 1.1.1.1 через какой-либо из настроенных протоколов; запрос от PID 1b24 (C:Windowssystem32dcdiag.exe).

Возникла ошибка. Код события (EventID): 0x0000272C

Время создания: 12/12/2019 11:29:57

Строка события:

Не удалось установить связь DCOM с компьютером 2.2.2.2 через какой-либо из настроенных протоколов; запрос от PID 1b24 (C:Windowssystem32dcdiag.exe).

Возникла ошибка. Код события (EventID): 0x0000272C

Время создания: 12/12/2019 11:30:18

Строка события:

Не удалось установить связь DCOM с компьютером 3.3.3.3 через какой-либо из настроенных протоколов; запрос от PID 1b24 (C:Windowssystem32dcdiag.exe).

Возникла ошибка. Код события (EventID): 0x0000272C

Время создания: 12/12/2019 11:30:19

Строка события:

Не удалось установить связь DCOM с компьютером 4.4.4.4 через какой-либо из настроенных протоколов; запрос от PID 1b24 (C:Windowssystem32dcdiag.exe).

……………………. MSK-DC16 — не пройдена проверка SystemLog

Remove From My Forums

Question
<article class=»topic-body» style=»width:1040px;»>

Hey Guys,

When Running a dcdiag today I noticed that I’m getting this error.

* The System Event log test
An error event occurred. EventID: 0x0000272C

Time Generated: 07/11/2018 14:31:31

Event String:

DCOM was unable to communicate with the computer mail1.my.domain using any of the configured protocols; requested by PID 4fa0 (C:Windowssystem32taskhost.exe).

An error event occurred. EventID: 0x0000272C

Time Generated: 07/11/2018 14:31:31

Event String:

DCOM was unable to communicate with the computer xchg.my.domain using any of the configured protocols; requested by PID 4fa0 (C:Windowssystem32taskhost.exe).

……………………. MCPDC1 failed test SystemLog

Mail1 and xchg no longer exist. I deleted them from Active Directory a while ago, and they’re not in DNS either. Any idea what’s cuasing this? It’s also causing a DCOM error to show in Event Viewer about twice a day. Thanks!

With tons of resources, progress tracking, and achievement badges you’re bound to improve your IT skills.

Webinar: Best Practices for adopting Cloud-based Backup and DR

<iframe frameborder=»0″ height=»250″ id=»google_ads_iframe_/8951970/com/topic/secondary_0″ marginheight=»0″ marginwidth=»0″ name=»google_ads_iframe_/8951970/com/topic/secondary_0″ scrolling=»no»
style=»border-width:0px;border-style:initial;vertical-align:bottom;» title=»3rd party ad content» width=»300″></iframe>

<section class=»replies » data-replies-section=»true» style=»margin:0px auto;max-width:800px;»>

2 Replies
Anaheim
Anaheim

OP
patrickwilson9 Jul
12, 2018 at 8:57 AM

Polymar wrote:

Hi,
Exchange is pretty well rooted in AD (depending on its version). How did you removed the exchange machine from the directory?

I’m pretty sure that I just went in to AD, right clicked on mail1 and clicked delete. I’m not sure about xchang as that one was done before my time here.

Reply
</section>

<form accept-charset=»UTF-8″ action=»https://community.spiceworks.com/posts» class=»post_form form-vertical» data-remote-json=»true» enctype=»multipart/form-data» id=»new_post» method=»post»
style=»margin:0px;padding:0px;»>

<iframe allowtransparency=»true» class=»wysihtml5-sandbox» frameborder=»0″ height=»0″ marginheight=»0″ marginwidth=»0″ security=»restricted» style=»border-width:1px;border-style:solid;border-color:#e7e7e7;box-sizing:border-box;display:inline-block;transition:height
0.35s ease;height:98px;border-collapse:separate;clear:none;float:none;margin:0px;outline:rgb(74, 74, 74) none 0px;outline-offset:0px;padding:12px 14px;right:auto;bottom:auto;vertical-align:top;box-shadow:none;border-radius:0px;width:1040px;» width=»0″></iframe>

<input checked=»checked» class=»checkbox» id=»enable_notify» name=»enable_notify» style=»margin:2px 0px 4px;padding:0px;font-family:inherit;font-size:14px;font-style:inherit;font-weight:inherit;vertical-align:middle;background:rgb(255,
255, 255);height:auto;color:#4a4a4a;border-width:1px;border-style:solid;border-color:#e7e7e7;white-space:nowrap;border-radius:4px;transition:border 0.2s linear, box-shadow 0.2s linear, padding 0.2s linear;width:auto;» type=»checkbox» value=»t»
/><label for=»enable_notify» style=»box-sizing:border-box;display:inline;font-size:14px;line-height:21px;»></label>

<button class=»sui-bttn—primary sui-bttn sui-bttn—small» data-button-type=»submit» data-primary=»true» id=»post-reply-submit» style=»margin:0px;padding:0px 20px;font-family:’Open Sans’, Arial, sans-serif;font-size:14px;font-style:inherit;font-weight:inherit;vertical-align:baseline;line-height:30px;cursor:pointer;min-width:75px;border-width:initial;border-style:none;border-color:initial;border-radius:4px;background-color:#2186ca;color:#ffffff;transition:background
0.2s linear;» type=»submit»>Reply</button></form>

</article>

Remove From My Forums

Question
<article class=»topic-body» style=»width:1040px;»>

Hey Guys,

When Running a dcdiag today I noticed that I’m getting this error.

* The System Event log test
An error event occurred. EventID: 0x0000272C

Time Generated: 07/11/2018 14:31:31

Event String:

DCOM was unable to communicate with the computer mail1.my.domain using any of the configured protocols; requested by PID 4fa0 (C:Windowssystem32taskhost.exe).

An error event occurred. EventID: 0x0000272C

Time Generated: 07/11/2018 14:31:31

Event String:

DCOM was unable to communicate with the computer xchg.my.domain using any of the configured protocols; requested by PID 4fa0 (C:Windowssystem32taskhost.exe).

……………………. MCPDC1 failed test SystemLog

Mail1 and xchg no longer exist. I deleted them from Active Directory a while ago, and they’re not in DNS either. Any idea what’s cuasing this? It’s also causing a DCOM error to show in Event Viewer about twice a day. Thanks!

With tons of resources, progress tracking, and achievement badges you’re bound to improve your IT skills.

Webinar: Best Practices for adopting Cloud-based Backup and DR

<iframe frameborder=»0″ height=»250″ id=»google_ads_iframe_/8951970/com/topic/secondary_0″ marginheight=»0″ marginwidth=»0″ name=»google_ads_iframe_/8951970/com/topic/secondary_0″ scrolling=»no»
style=»border-width:0px;border-style:initial;vertical-align:bottom;» title=»3rd party ad content» width=»300″></iframe>

<section class=»replies » data-replies-section=»true» style=»margin:0px auto;max-width:800px;»>

2 Replies
Anaheim
Anaheim

OP
patrickwilson9 Jul
12, 2018 at 8:57 AM

Polymar wrote:

Hi,
Exchange is pretty well rooted in AD (depending on its version). How did you removed the exchange machine from the directory?

I’m pretty sure that I just went in to AD, right clicked on mail1 and clicked delete. I’m not sure about xchang as that one was done before my time here.

Reply
</section>

<form accept-charset=»UTF-8″ action=»https://community.spiceworks.com/posts» class=»post_form form-vertical» data-remote-json=»true» enctype=»multipart/form-data» id=»new_post» method=»post»
style=»margin:0px;padding:0px;»>

<iframe allowtransparency=»true» class=»wysihtml5-sandbox» frameborder=»0″ height=»0″ marginheight=»0″ marginwidth=»0″ security=»restricted» style=»border-width:1px;border-style:solid;border-color:#e7e7e7;box-sizing:border-box;display:inline-block;transition:height
0.35s ease;height:98px;border-collapse:separate;clear:none;float:none;margin:0px;outline:rgb(74, 74, 74) none 0px;outline-offset:0px;padding:12px 14px;right:auto;bottom:auto;vertical-align:top;box-shadow:none;border-radius:0px;width:1040px;» width=»0″></iframe>

<input checked=»checked» class=»checkbox» id=»enable_notify» name=»enable_notify» style=»margin:2px 0px 4px;padding:0px;font-family:inherit;font-size:14px;font-style:inherit;font-weight:inherit;vertical-align:middle;background:rgb(255,
255, 255);height:auto;color:#4a4a4a;border-width:1px;border-style:solid;border-color:#e7e7e7;white-space:nowrap;border-radius:4px;transition:border 0.2s linear, box-shadow 0.2s linear, padding 0.2s linear;width:auto;» type=»checkbox» value=»t»
/><label for=»enable_notify» style=»box-sizing:border-box;display:inline;font-size:14px;line-height:21px;»></label>

<button class=»sui-bttn—primary sui-bttn sui-bttn—small» data-button-type=»submit» data-primary=»true» id=»post-reply-submit» style=»margin:0px;padding:0px 20px;font-family:’Open Sans’, Arial, sans-serif;font-size:14px;font-style:inherit;font-weight:inherit;vertical-align:baseline;line-height:30px;cursor:pointer;min-width:75px;border-width:initial;border-style:none;border-color:initial;border-radius:4px;background-color:#2186ca;color:#ffffff;transition:background
0.2s linear;» type=»submit»>Reply</button></form>

</article>

Добавка
Выгрузка CD2^

Кликните здесь для просмотра всего текста

PS C:Windowssystem32> dcdiag

Диагностика сервера каталогов

Выполнение начальной настройки:
Выполняется попытка поиска основного сервера…
Основной сервер = DC2
* Определен лес AD.
Сбор начальных данных завершен.

Выполнение обязательных начальных проверок

Сервер проверки: Default-First-Site-NameDC2
Запуск проверки: Connectivity
……………………. DC2 — пройдена проверка Connectivity

Выполнение основных проверок

Сервер проверки: Default-First-Site-NameDC2
Запуск проверки: Advertising
Внимание: DC2 не объявлен как сервер времени.
……………………. DC2 — не пройдена проверка Advertising
Запуск проверки: FrsEvent
……………………. DC2 — пройдена проверка FrsEvent
Запуск проверки: DFSREvent
За последние 24 часа после предоставления SYSVOL в общий доступ зафиксированы предупреждения или сообщения об
ошибках. Сбои при репликации SYSVOL могут стать причиной проблем групповой политики.
……………………. DC2 — не пройдена проверка DFSREvent
Запуск проверки: SysVolCheck
……………………. DC2 — пройдена проверка SysVolCheck
Запуск проверки: KccEvent
Возникло предупреждение. Код события (EventID): 0x80000603
Время создания: 07/29/2015 12:27:55
Строка события:
Доменным службам Active Directory не удается отключить программный кэш записи на следующий жесткий диск.
Возникло предупреждение. Код события (EventID): 0x80000B46
Время создания: 07/29/2015 12:28:07
Строка события:
Безопасность данного сервера каталогов можно существенно повысить, если настроить его на отклонение привязок
LDAP SASL (согласование, Kerberos, NTLM или дайджест), не требующих подписи (проверки целостности), и простых привязок
LDAP, которые выполняются через открытое (не зашифрованное с помощью SSL/TLS) подключение. Даже если клиенты не использ
уют такие привязки, настройка сервера на их отклонение улучшит его безопасность.
……………………. DC2 — пройдена проверка KccEvent
Запуск проверки: KnowsOfRoleHolders
……………………. DC2 — пройдена проверка KnowsOfRoleHolders
Запуск проверки: MachineAccount
……………………. DC2 — пройдена проверка MachineAccount
Запуск проверки: NCSecDesc
……………………. DC2 — пройдена проверка NCSecDesc
Запуск проверки: NetLogons
……………………. DC2 — пройдена проверка NetLogons
Запуск проверки: ObjectsReplicated
……………………. DC2 — пройдена проверка ObjectsReplicated
Запуск проверки: Replications
……………………. DC2 — пройдена проверка Replications
Запуск проверки: RidManager
……………………. DC2 — пройдена проверка RidManager
Запуск проверки: Services
……………………. DC2 — пройдена проверка Services
Запуск проверки: SystemLog
Возникло предупреждение. Код события (EventID): 0x000727A5
Время создания: 07/29/2015 12:27:22
Строка события: Служба WinRM не прослушивает запросы WS-Management.
Возникло предупреждение. Код события (EventID): 0x80040020
Время создания: 07/29/2015 12:27:55
Строка события:
Драйвер обнаружил, что для устройства DeviceHarddisk0DR0 включен буфер записи. В результате возможно повр
еждение данных.
Возникло предупреждение. Код события (EventID): 0x80040020
Время создания: 07/29/2015 12:27:55
Строка события:
Драйвер обнаружил, что для устройства DeviceHarddisk0DR0 включен буфер записи. В результате возможно повр
еждение данных.
Возникло предупреждение. Код события (EventID): 0x80040020
Время создания: 07/29/2015 12:27:55
Строка события:
Драйвер обнаружил, что для устройства DeviceHarddisk0DR0 включен буфер записи. В результате возможно повр
еждение данных.
Возникла ошибка. Код события (EventID): 0x0000106A
Время создания: 07/29/2015 12:28:17
Строка события:
Не удалось обновить IP-адрес на интерфейсе Isatap isatap.{7118B4B7-EA5C-4285-9041-361A6A11A86B}. Тип обновле
ния: 1. Код ошибки: 0x490.
Возникло предупреждение. Код события (EventID): 0x00002724
Время создания: 07/29/2015 12:28:22
Строка события:
Этому компьютеру назначен по крайней мере один динамический IPv6-адрес. Для надежной работы DHCPv6-сервера с
ледует использовать только статические IPv6-адреса.
……………………. DC2 — не пройдена проверка SystemLog
Запуск проверки: VerifyReferences
……………………. DC2 — пройдена проверка VerifyReferences

Выполнение проверок разделов на: mydomain
Запуск проверки: CheckSDRefDom
……………………. mydomain — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. mydomain — пройдена проверка CrossRefValidation

Выполнение проверок предприятия на: mydomain.ru
Запуск проверки: LocatorCheck
……………………. mydomain.ru — пройдена проверка LocatorCheck
Запуск проверки: Intersite
……………………. mydomain.ru — пройдена проверка Intersite
PS C:Windowssystem32>

Добавлено через 19 минут
прошу прощения з неточности. Пропала репликация между контролерами

Источник

Может кому поможет еще….

Сервер на Windows Server 2008R2 standard. Вписан в домен и на сервере развернуты роли AD и DNS. Сервер является не первым контроллером
в домене. Другие контроллеры исправно работают. После установки роли AD и перезагрузки сервера, сервер не считает себя контроллером домена и выдает ошибку при запуске dcdiag:

Сервер проверки: Default-First-Site-Name\DC02-SERVER
Запуск проверки: Advertising
Внимание: DsGetDcName вернул сведения для \\TS-server.mydomain.local
при попытке получения доступа к DC02-SERVER.
СЕРВЕР НЕ ОТВЕЧАЕТ или НЕ СЧИТАЕТСЯ ПРИЕМЛЕМЫМ.
……………………. DC02-SERVER — не пройдена проверка

При этом на сервере не созданы папки sysvol после первой репликации

DNS настроены верно и работают, репликация запущенная в ручную через repadmin /syncall работает

Для исправления нужно изменить параметр реестра. Открываем rededit и идем в ветку:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Изменяем значение параметра SysvolReady на «1»
Перезагружаемся

Взято от сюда:

http://forum.oszone.net/post-2230921.html

5 минут полет нормальный

Поэтому потрудитесь исправить ошибку.

Для начала обязательно сделайте резервную копию содержимого SYSVOL (С:\WINDOWS\SYSVOL\DOMAIN, там должны быть папки Policies и Scripts) на старом КД. Далее, посмотрите на нём в журнале событий Службы репликации файлов наличие
ошибок или предупреждений. Если их не увидите — перезапустите эту службу и через 15-30 минут посмотрите снова: некоторые ошибки проявляются не сразу и записываются в журнал только однократно после запуска службы.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup\BurFlags. Именно это можно будет проделать и в случае пропадания данных из SYSVOL — только предварительно нужно будет остановить службу
NtFrs и скопировать обратно данные из резервной копии.

Слава России!

Marked as answer by
IlyaBratskiy
Wednesday, July 20, 2016 12:52 PM

Источник

Posted by ZooM_00 2019-03-03T11:52:24Z

Hi,

I have AD installed on
two DCs, running Server 2016,

When running repadmin
/Syncall, I get no errors

Screen shots
attached,

Zoom,

27 Replies

Interesting topic. Subscribed so I too can learn from it.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

I Wonder if there’s a way to delete this replication group and re-create it, and if that would actually solve the issue,

However, I can’t seem to find a way to delete it

Was this post helpful?
thumb_up
thumb_down
You won’t be be able to manage Sysvol with the dfsrdiag command or the DFS console. It is a protected replication group.

For troubleshooting please post the output this. From a known good DC and the one that is not working. You can obfuscate the DC names as you see fit.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

You won’t be be able to manage Sysvol with the dfsrdiag command or the DFS console. It is a protected replication group.

For troubleshooting please post the output this. From a known good DC and the one that is not working. You can obfuscate the DC names as you see fit.

Hi Justin,

Thank you for your reply,

output below, I believe that FRS is not configured and supposed not to be working, I don’t understand why it’s flagged as an error,

Can you advise on next step?

Zoom,

Was this post helpful?
thumb_up
thumb_down
Have you migrated from FRS to DFSR and did the migration succeed? One of the errors above is the FRS service being disabled which it shouldn’t be unless your DFSR migration was done and was successful.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

This is the output when running the command on AD02

Was this post helpful?
thumb_up
thumb_down
Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

Was this post helpful?
thumb_up
thumb_down

OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

Setting DC1 DNS to: DC2 then DC1

and DC2 to: DC1 then DC2 seems to have caused me many issues,

My DC1 was set to 127.0.0.1 only, DC2 was DC1 then DC2

Forwarder was configured to 8.8.8.8 on both DNS servers

below is output of dcdiag /v /c /e /q after the modification of DNS

Text

C:\Users\User.MYDOMAIN>dcdiag /v /c /e /q
[MYDOMAIN-AD01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
** Did not run Outbound Secure Channels test because /testdomain: was not entered
Invalid service startup type: NtFrs on MYDOMAIN-AD01, current value DISABLED, expected value AUTO_START
NtFrs Service is stopped on [MYDOMAIN-AD01]
......................... MYDOMAIN-AD01 failed test Services
An error event occurred. EventID: 0x80001778
Time Generated: 03/03/2019 20:49:08
Event String: The previous system shutdown at 8:42:23 PM on 3/3/2019 was unexpected.
An error event occurred. EventID: 0xC004002E
Time Generated: 03/03/2019 20:47:45
Event String: Crash dump initialization failed!
An error event occurred. EventID: 0x00000029
Time Generated: 03/03/2019 20:47:47
Event String:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
An error event occurred. EventID: 0x0000410B
Time Generated: 03/03/2019 20:49:45
Event String:
The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:51:00
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 20:55:37
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1b0c (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:58:14
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 21:03:43
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:05:06
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1adc (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:05:06
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1adc (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:16:30
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1940 (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:16:30
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1940 (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 21:25:05
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 03/03/2019 21:27:29
Event String:
The session setup from the computer PC1-A213 failed to authenticate. The following error occurred:
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:32:54
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1870 (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:32:54
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1870 (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:36:40
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1aa0 (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:36:40
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1aa0 (C:\Windows\system32\dcdiag.exe).
......................... MYDOMAIN-AD01 failed test SystemLog
Some objects relating to the DC MYDOMAIN-AD01 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MYDOMAIN-AD01,OU=Domain Controllers,DC=ad,DC=MYDOMAIN,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

......................... MYDOMAIN-AD01 failed test VerifyReferences
[MYDOMAIN-AD02] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... MYDOMAIN-AD02 failed test DFSREvent
** Did not run Outbound Secure Channels test because /testdomain: was not entered
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:46:51
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:46:52
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:46:52
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:49:00
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:49:02
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000410B
Time Generated: 03/03/2019 20:49:50
Event String:
The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:49:56
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:49:58
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000168E
Time Generated: 03/03/2019 20:50:13
Event String:
The dynamic registration of the DNS record '_ldap._tcp.Azure._sites.ad.MYDOMAIN.com. 600 IN SRV 0 100 389 MYDOMAIN-AD02.ad.MYDOMAIN.com.' failed on the following DNS server:
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 20:54:52
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 20:56:32
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1ba8 (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:58:13
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:59:25
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:59:31
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:59:34
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:00:48
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1a28 (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 21:01:14
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 21:01:35
Event String:
The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 21:09:57
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 03/03/2019 21:12:07
Event String:
The session setup from the computer PC1-A213 failed to authenticate. The following error occurred:
......................... MYDOMAIN-AD02 failed test SystemLog

Do you have any handy tutorial on how to troubleshoot and fix DNS in such cases?

I feel like things are getting more and more complicated!

Zoom,

Was this post helpful?
thumb_up
thumb_down

OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Have you migrated from FRS to DFSR and did the migration succeed? One of the errors above is the FRS service being disabled which it shouldn’t be unless your DFSR migration was done and was successful.

This is a recent setup, I believe FRS was never configured here, they went directly to DFSR

Was this post helpful?
thumb_up
thumb_down
I still think you have external DNS set on the DC’s — DCDiag is complaining about 8.8.8.8 and another external address. It shouldn’t be doing that unless those addresses are configured somewhere outside of the Forwarder’s tab.

It’s also complaining that the FRS service is disabled. If you really are using DFSR it shouldn’t complain about that service being disabled.

See what

Dfsrmig /getmigrationstate shows.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim
Da_Schmoo wrote:

Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

It’s mentioned here Opens a new window, that :
Text
```
If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.
```
I found that loopback ip is the only DNS server for my DC01, I’ll put more time into DNS tomorrow, I’m done for today!!

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

I still think you have external DNS set on the DC’s — DCDiag is complaining about 8.8.8.8 and another external address. It shouldn’t be doing that unless those addresses are configured somewhere outside of the Forwarder’s tab.

It’s also complaining that the FRS service is disabled. If you really are using DFSR it shouldn’t complain about that service being disabled.

See what

Dfsrmig /getmigrationstate shows.

I get your point, Migstate indicates that AD is in Start state, yet globalstate indicates that it’s in eliminated state:

Was this post helpful?
thumb_up
thumb_down
The results on any of the diagnostic tools are suspect until your get your DNS in order.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

The results on any of the diagnostic tools are suspect until your get your DNS in order.

I Agree,

To Sum it up:

DC1 DNS should be: DC2 then Loopback IP

DC2 DNS: DC1 then Loopback IP

8.8.8.8 should only be configured like this:

A restart for both DCs then? anything else?

I really appreciate you support, thank you,

Zoom,

Was this post helpful?
thumb_up
thumb_down
That looks right.

Was this post helpful?
thumb_up
thumb_down

OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

So I revised my DNS configs:

output:

Text

C:\Users\User>dcdiag /v /c /e /q
[MYDOMAIN-AD01] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
An error event occurred. EventID: 0xC0000827
Time Generated: 03/03/2019 22:30:04
Event String:
Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
......................... MYDOMAIN-AD01 failed test KccEvent
** Did not run Outbound Secure Channels test because /testdomain: was not entered
Invalid service startup type: NtFrs on MYDOMAIN-AD01, current value DISABLED, expected value AUTO_START
NtFrs Service is stopped on [MYDOMAIN-AD01]
......................... MYDOMAIN-AD01 failed test Services
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:28:28
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:34:07
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 22:39:17
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1244 (C:\Windows\system32\dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 22:39:17
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1244 (C:\Windows\system32\dcdiag.exe).
......................... MYDOMAIN-AD01 failed test SystemLog
Some objects relating to the DC MYDOMAIN-AD01 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MYDOMAIN-AD01,OU=Domain Controllers,DC=ad,DC=MYDOMAIN,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

DC: MYDOMAIN-AD01.ad.MYDOMAIN.com
Domain: ad.MYDOMAIN.com

TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network adapters

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: ad.MYDOMAIN.com
MYDOMAIN-AD01 PASS WARN PASS PASS PASS FAIL n/a

......................... ad.MYDOMAIN.com failed test DNS

Dfsrmig /getmigrationstate still reports AD01 to be in «start» State,

@Da_schmoo

Could you please let me know if there’s anything dangerous that might cause my DC to cease working?

Zoom,

Was this post helpful?
thumb_up
thumb_down

Set the startup type of the File Replication Service to Automatic and start it. Some of your errors are because of that.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Running: Repadmin /Syncall and Repadmin /Syncall /AdeP returned no errors

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Set the startup type of the File Replication Service to Automatic and start it. Some of your errors are because of that.

It won’t start

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Missing with the «CN=DFSR-LocalSettings» led the following:

Is there a way to set up DFSR from scratch? or is it time to buy a Microsoft Incident Support ticket?

Was this post helpful?
thumb_up
thumb_down
adam344

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

New contributor
sonora

I am actually having the very same issue. We had an existing 2012 server, implemented a 2019 server, dcpromo and sysvol is having issues. Almost identical to what you’re experiencing.

1 found this helpful
thumb_up
thumb_down
I think your issue is your FRS to DFSR migration didn’t complete. One server thinks it’s done, the other doesn’t. This is likely due to your DNS not being configured properly. Getting the file replication service running on the server it isn’t may let the process complete or you might be able to restart the process.

I’d focus on seeing why you can’t start the service — System Event Log may give an answer to that.

As far as dropping the $500 to have Microsoft fix the issue — I think you’re past the point where I would have done that but I’d try to fix the FRS service issue myself first.

1 found this helpful
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

adam344 wrote:

I am actually having the very same issue. We had an existing 2012 server, implemented a 2019 server, dcpromo and sysvol is having issues. Almost identical to what you’re experiencing.

The case for me is different, the setup is new, implemented immediately on W2k16, no upgrades, nothing. It was done for my client by an IT service provider, signed off, and considered operational, I just took over the project.

I have no idea if FRS was ever configured or no, replication never actually worked. But I just found out now after joining 2k+ pcs, I found out when we started creating GPOs.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

I think your issue is your FRS to DFSR migration didn’t complete. One server thinks it’s done, the other doesn’t. This is likely due to your DNS not being configured properly. Getting the file replication service running on the server it isn’t may let the process complete or you might be able to restart the process.

I’d focus on seeing why you can’t start the service — System Event Log may give an answer to that.

As far as dropping the $500 to have Microsoft fix the issue — I think you’re past the point where I would have done that but I’d try to fix the FRS service issue myself first.

I tried going through the migration, set state to 1,2,3. but always returning that the selected state is invalid.

I don’t know how to troubleshoot the DNS, or how to start, I did exactly as you recommended, can you recommend any articles for that?

As I said earlier, I doubt that the FRS service ever worked.

What is the worst case scenario here? would demoting a DC, cleaning it up, and promoting it again solve the issue?

Zoom,

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Microsoft has been working on this for two days now, and it doesn’t seem that they are close to solve it

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Finally I received a procedure from MS to fix this, tested it on my lab environment, it worked fine,

Gonna do it during weekend, and will post the method and result after that

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Hello,

Finally I got this solved with Microsoft support,

I’ve published a «How-To» to explain the solution, find it here:

https://community.spiceworks.com/how_to/160786-how-to-re-build-sysvol-dfsr-replication-group-without…

Was this post helpful?
thumb_up
thumb_down

Read these next…

Snap! — Space Submarines, Brain Waves, Chernobyl Wind Farm, Real-Life Asteroids

Spiceworks Originals

Your daily dose of tech news, in brief.

Welcome to the Snap!

Flashback: September 21, 1996: Programming Error May Have Contributed to Plane Crash (Read more HERE.)

Bonus Flashback: September 21, 2003: Galileo Completes Jupiter Mission (Re…
Large amount of spam recently getting around filters. How to stop these?

Security

Got a HUGE uptick in spam emails recently, and they are actually getting through. The spam is coming from gibberish@gibberish.onmicrosoft.com and coming from IPs 40.107.X.X which after a quick search is Microsoft IPs…I am not able to just filter the do…
Old invoicing / tracking software

Software

Hi wonderful people. I hope someone may be able to assist with a rather perplexing issue.We started working with a company a few years ago providing their IT support.They use a very old (20 years plus) software package which they had built from scratch. …
Receive 250 Spicepoints and $100 Amazon GC for your participation!

Hardware

Spiceworks is looking for a couple of Lenovo advocates from the community to participate in a case study! We’re looking for those who also have experience using Apple Laptops to draw on comparisons for the case study.

We’d be asking for 30 minutes of …
Spark! Pro series — 21st September 2023

Spiceworks Originals

Today in History: 1942 — The Superfortress bomber takes flight

On September 21, 1942, the U.S. B-29 Superfortress makes its debut flight in Seattle, Washington. It was the largest bomber used in the war by any nation.
The B-29 was conceived in 1939…

Источник

C:\Users\admin>dcdiag /fix

spoiler

Выполнение обязательных начальных проверок

Сервер проверки: Default-First-Site-Name\SERVERDC
Запуск проверки: Connectivity
……………………. SERVERDC — пройдена проверка Connectivity

Выполнение основных проверок

Сервер проверки: Default-First-Site-Name\SERVERDC
Запуск проверки: Advertising
……………………. SERVERDC — пройдена проверка Advertising
Запуск проверки: FrsEvent
……………………. SERVERDC — пройдена проверка FrsEvent
Запуск проверки: DFSREvent
За последние 24 часа после предоставления SYSVOL в общий доступ зафиксированы предупреждения или сообщения об ошибках. Сбои при репликации
SYSVOL могут стать причиной проблем групповой политики.
……………………. SERVERDC — не пройдена проверка DFSREvent
Запуск проверки: SysVolCheck
……………………. SERVERDC — пройдена проверка SysVolCheck
Запуск проверки: KccEvent
……………………. SERVERDC — пройдена проверка KccEvent
Запуск проверки: KnowsOfRoleHolders
……………………. SERVERDC — пройдена проверка KnowsOfRoleHolders
Запуск проверки: MachineAccount
……………………. SERVERDC — пройдена проверка MachineAccount
Запуск проверки: NCSecDesc
……………………. SERVERDC — пройдена проверка NCSecDesc
Запуск проверки: NetLogons
……………………. SERVERDC — пройдена проверка NetLogons
Запуск проверки: ObjectsReplicated
……………………. SERVERDC — пройдена проверка ObjectsReplicated
Запуск проверки: Replications
……………………. SERVERDC — пройдена проверка Replications
Запуск проверки: RidManager
……………………. SERVERDC — пройдена проверка RidManager
Запуск проверки: Services
……………………. SERVERDC — пройдена проверка Services
Запуск проверки: SystemLog
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 07/28/2020 10:39:59
Строка события:
Не удалось установить связь DCOM с компьютером 192.168.0.1 через какой-либо из настроенных протоколов; запрос от PID 13b4 (C:\Windows\system32\dcdiag.exe) при активации CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 07/28/2020 10:42:24
Строка события:
Не удалось установить связь DCOM с компьютером 192.168.0.1 через какой-либо из настроенных протоколов; запрос от PID 17b0 (C:\Windows\system32\dcdiag.exe) при активации CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Возникло предупреждение. Код события (EventID): 0x0000168D
Время создания: 07/28/2020 10:45:17
Строка события:
Следующий DNS-сервер, полномочный для записей локатора контроллеров доменов DNS, не поддерживает динамическое обновление DNS.
Возникло предупреждение. Код события (EventID): 0x0000168D
Время создания: 07/28/2020 10:52:03
Строка события:
Следующий DNS-сервер, полномочный для записей локатора контроллеров доменов DNS, не поддерживает динамическое обновление DNS.
Возникло предупреждение. Код события (EventID): 0x0000168D
Время создания: 07/28/2020 10:52:04
Строка события:
Следующий DNS-сервер, полномочный для записей локатора контроллеров доменов DNS, не поддерживает динамическое обновление DNS.
Возникло предупреждение. Код события (EventID): 0x0000000C
Время создания: 07/28/2020 10:52:03
Строка события:
NTP-клиент поставщика времени: этот компьютер настроен на использование доменной иерархии для определения своего источника времени, но при этом он является эмулятором основного контроллера домена Active Directory для домена в корне леса, поэтому в доменной иерархии не существует компьютера, расположенного выше, который можно использовать как источник времени. Рекомендуется настроить надежную службу времени в корневом домене или вручную настроить основной контроллер домена Active Directory для синхронизации с внешним источником времени. В противном случае этот компьютер будет выступать в роли заслуживающего доверия источника времени в доменной иерархии. Если внешний источник времени не настроен или не используется для этого компьютера, можно отключить NTP-клиент.
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 07/28/2020 10:55:36
Строка события:
Не удалось установить связь DCOM с компьютером 192.168.0.1 через какой-либо из настроенных протоколов; запрос от PID 1cac (C:\Windows\system32\dcdiag.exe) при активации CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Возникло предупреждение. Код события (EventID): 0x000727A5
Время создания: 07/28/2020 11:08:21
Строка события: Служба WinRM не прослушивает запросы WS-Management.
Возникло предупреждение. Код события (EventID): 0x000003F6
Время создания: 07/28/2020 11:08:37
Строка события: Разрешение имен для имени wpad истекло после отсутствия ответа от настроенных серверов DNS.
Возникло предупреждение. Код события (EventID): 0x000003F6
Время создания: 07/28/2020 11:08:38
Строка события: Разрешение имен для имени wpad истекло после отсутствия ответа от настроенных серверов DNS.
Возникла ошибка. Код события (EventID): 0x00002710
Время создания: 07/28/2020 11:08:53
Строка события: Не удалось запустить DCOM-сервер: {9C38ED61-D565-4728-AEEE-C80952F0ECDE}.Ошибка:
Возникло предупреждение. Код события (EventID): 0x000727AA
Время создания: 07/28/2020 11:09:05
Строка события: Службе WinRM не удалось создать следующие имена участников-служб: WSMAN/ServerDC.dom.local, WSMAN/ServerDC.
Возникло предупреждение. Код события (EventID): 0x0000000C
Время создания: 07/28/2020 11:09:05
Строка события:
NTP-клиент поставщика времени: этот компьютер настроен на использование доменной иерархии для определения своего источника времени, но при этом он является эмулятором основного контроллера домена
Возникло предупреждение. Код события (EventID): 0x00001796
Время создания: 07/28/2020 11:09:48
Строка события:
Microsoft Windows Server обнаружено, что в настоящее время между клиентами и этим сервером используется проверка подлинности NTLM. Это событие возникает один раз при каждой загрузке, когда клиент первый раз использует NTLM с этим сервером.
Возникла ошибка. Код события (EventID): 0x00002720
Время создания: 07/28/2020 11:12:49
Строка события: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID
Возникло предупреждение. Код события (EventID): 0x0000168D
Время создания: 07/28/2020 11:14:19
Строка события:
Следующий DNS-сервер, полномочный для записей локатора контроллеров доменов DNS, не поддерживает динамическое обновление DNS.
……………………. SERVERDC — не пройдена проверка SystemLog
Запуск проверки: VerifyReferences
……………………. SERVERDC — пройдена проверка VerifyReferences
Выполнение проверок разделов на: ForestDnsZones
Запуск проверки: CheckSDRefDom
……………………. ForestDnsZones — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. ForestDnsZones — пройдена проверка CrossRefValidation

Источник

27 Replies

Read these next…

Snap! — Artemis 2 Commander, Lying Cameras, Catan, Glasses that Read Lips

Firewall for Lan network configuration?

Nerd Journey # 212 — Seek and Embrace Flexibility with Leah White (1/2)

Potentially changing jobs to an MSP…

Spark! Pro series – 10th April 2023

Question

2 Replies

patrickwilson9 Jul 12, 2018 at 8:57 AM

Question

2 Replies

patrickwilson9 Jul 12, 2018 at 8:57 AM

27 Replies

Read these next…

Snap! — Space Submarines, Brain Waves, Chernobyl Wind Farm, Real-Life Asteroids

Large amount of spam recently getting around filters. How to stop these?

Old invoicing / tracking software

Receive 250 Spicepoints and $100 Amazon GC for your participation!

Spark! Pro series — 21st September 2023

patrickwilson9 Jul
12, 2018 at 8:57 AM

patrickwilson9 Jul
12, 2018 at 8:57 AM