Not sure what repadmin will show, to help, since there are no replication
partners
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks. I reformatted my computer just in case something else I had done
was messing things up but even after a fresh install and the only item I
added other than windows update was AD (which also installs DNS) I see the
same issue.
I checked and it changed my internal IP address for the DNS to the
127.0.0.1 (it was set for 192.168.20.100) address during active directory DS
wizard

Windows IP Configuration

Host Name . . . . . . . . . . . . : abc-6700
Primary Dns Suffix . . . . . . . : abc.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.lan

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 PL Network
Connection
Physical Address. . . . . . . . . : 00-16-76-B0-E1-D3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.20.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{F1B7B090-D154-4AF3-B3F1-23390FB8E
7FD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes




C:\Users\Administrator>dcdiag /v

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
* Verifying that the local machine abc-6700, is a Directory Server.
Home Server = abc-6700
* Connecting to directory service on server abc-6700.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=abc,DC=lan,LDA
P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=abc,DC=lan
Getting ISTG and options for the site
* Identifying all servers.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=abc,DC=lan,LDA
P_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN
=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\abc-6700
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... abc-6700 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\abc-6700
Starting test: Advertising
The DC abc-6700 is advertising itself as a DC and having a DS.
The DC abc-6700 is advertising as an LDAP server
The DC abc-6700 is advertising as having a writeable directory
The DC abc-6700 is advertising as a Key Distribution Center
The DC abc-6700 is advertising as a time server
The DS abc-6700 is advertising as a GC.
......................... abc-6700 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the event log File Replication Service does
not e
xist.
......................... abc-6700 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after
the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
An Error Event occurred. EventID: 0xC00004B2
Time Generated: 06/13/2008 08:54:53
Event String:
The DFS Replication service failed to contact domain controller
to
access configuration information. Replication is stopped. The service will
try a
gain during the next configuration polling cycle, which will occur in 60
minutes
. This event can be caused by TCP/IP connectivity, firewall, Active
Directory Do
main Services, or DNS issues.

Additional Information:
Error: 1355 (The specified domain either does not exist or could
not
be contacted.)
......................... abc-6700 failed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... abc-6700 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
An Warning Event occurred. EventID: 0x80000B46
Time Generated: 06/13/2008 09:00:23
Event String:
The security of this directory server can be significantly
enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or
Digest)
LDAP binds that do not request signing (integrity verification) and LDAP
simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted)
connection. E
ven if no clients are using such binds, configuring the server to reject
them wi
ll improve the security of this server.

Some clients may currently be relying on unsigned SASL binds or
LDAP
simple binds over a non-SSL/TLS connection, and will stop working if this
confi
guration change is made. To assist in identifying these clients, if such
binds
occur this directory server will log a summary event once every 24 hours
indica
ting how many such binds occurred. You are encouraged to configure those
clien
ts to not use such binds. Once no such events are observed for an extended
per
iod, it is recommended that you configure the server to reject such binds.

For more details and information on how to make this
configuration c
hange to the server, please see
http://go.microsoft.com/fwlink/?LinkID=87923.

You can enable additional logging to log an event each time a
client
makes such a bind, including information on which client made the bind. To
do
so, please raise the setting for the "LDAP Interface Events" event logging
categ
ory to level 2 or higher.
An Warning Event occurred. EventID: 0x80000734
Time Generated: 06/13/2008 09:01:03
Event String:
The local domain controller could not connect with the following
dom
ain controller hosting the following directory partition to resolve
distinguishe
d names.

Domain controller:

Directory partition:
abc.lan

Additional Data
Error value:
1355 The specified domain either does not exist or could not be
cont
acted.
Internal ID:
3200d50
Found no KCC errors in "Directory Service" Event log in the last 15
min
utes.
......................... abc-6700 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Domain Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role PDC Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Rid Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=abc-6700,CN=Serv
ers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
......................... abc-6700 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC abc-6700 on DC abc-6700.
* SPN found :LDAP/abc-6700.abc.lan/abc.lan
* SPN found :LDAP/abc-6700.abc.lan
* SPN found :LDAP/abc-6700
* SPN found :LDAP/abc-6700.abc.lan/abc
* SPN found
:LDAP/8c6aa57c-181d-4105-bc9d-0f2b1ec89215._msdcs.abc.lan
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/8c6aa57c-181d-4105-bc
9d-0f2b1ec89215/abc.lan
* SPN found :HOST/abc-6700.abc.lan/abc.lan
* SPN found :HOST/abc-6700.abc.lan
* SPN found :HOST/abc-6700
* SPN found :HOST/abc-6700.abc.lan/abc
* SPN found :GC/abc-6700.abc.lan/abc.lan
......................... abc-6700 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC abc-6700.
* Security Permissions Check for
DC=ForestDnsZones,DC=abc,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=abc,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=abc,DC=lan
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=abc,DC=lan
(Configuration,Version 3)
* Security Permissions Check for
DC=abc,DC=lan
(Domain,Version 3)
......................... abc-6700 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\abc-6700\netlogon
Verified share \\abc-6700\sysvol
......................... abc-6700 passed test NetLogons
Starting test: ObjectsReplicated
abc-6700 is in domain DC=abc,DC=lan
Checking for CN=abc-6700,OU=Domain Controllers,DC=abc,DC=lan in
domain
DC=abc,DC=lan on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan in domain
CN=Configuration,DC=C
SD,DC=lan on 1 servers
Object is up-to-date on all servers.
......................... abc-6700 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... abc-6700 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* abc-6700.abc.lan is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1102
......................... abc-6700 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... abc-6700 passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x80040022
Time Generated: 06/13/2008 08:58:16
Event String:
The driver disabled the write cache on device
\Device\Harddisk2\DR2.

An Warning Event occurred. EventID: 0x8000001D
Time Generated: 06/13/2008 09:00:25
Event String:
The Key Distribution Center (KDC) cannot find a suitable
certificate
to use for smart card logons, or the KDC certificate could not be verified.
Sma
rt card logon may not function correctly if this problem is not resolved. To
cor
rect this problem, either verify the existing KDC certificate using
certutil.exe
or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 06/13/2008 09:00:59
Event String:
Time Provider NtpClient: This machine is configured to use the
domai
n hierarchy to determine its time source, but it is the AD PDC emulator for
the
domain at the root of the forest, so there is no machine above it in the
domain
hierarchy to use as a time source. It is recommended that you either
configure a
reliable time service in the root domain, or manually configure the AD PDC
to s
ynchronize with an external time source. Otherwise, this machine will
function a
s the authoritative time source in the domain hierarchy. If an external time
sou
rce is not configured or used for this computer, you may choose to disable
the N
tpClient.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 06/13/2008 09:01:35
Event String:
Time Provider NtpClient: This machine is configured to use the
domai
n hierarchy to determine its time source, but it is the AD PDC emulator for
the
domain at the root of the forest, so there is no machine above it in the
domain
hierarchy to use as a time source. It is recommended that you either
configure a
reliable time service in the root domain, or manually configure the AD PDC
to s
ynchronize with an external time source. Otherwise, this machine will
function a
s the authoritative time source in the domain hierarchy. If an external time
sou
rce is not configured or used for this computer, you may choose to disable
the N
tpClient.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 06/13/2008 09:04:00
Event String:
The dynamic registration of the DNS record 'abc.lan. 600 IN A
192.16
8.20.100' failed on the following DNS server:

DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0

For computers and users to locate this domain controller, this
recor
d must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the
problem,
and initiate registration of the DNS records by the domain controller. To
determ
ine what might have caused this failure, run DCDiag.exe. To learn more about
DCD
iag.exe, see Help and Support Center. To initiate registration of the DNS
record
s by this domain controller, run 'nltest.exe /dsregdns' from the command
prompt
on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not
recomme
nded.

ADDITIONAL DATA
Error Value: DNS operation refused.
An Warning Event occurred. EventID: 0x00001695
Time Generated: 06/13/2008 09:04:00
Event String:
Dynamic registration or deletion of one or more DNS records
associat
ed with DNS domain 'abc.lan.' failed. These records are used by other
computers
to locate this server as a domain controller (if the specified domain is an
Act
ive Directory domain) or as an LDAP server (if the specified domain is an
applic
ation partition).

Possible causes of failure include:
- TCP/IP properties of the network connections of this computer
cont
ain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not
runn
ing
- Preferred or alternate DNS servers are configured with wrong
root
hints
- Parent DNS zone contains incorrect delegation to the child
zone au
thoritative for the DNS records that failed registration

USER ACTION
Fix possible misconfiguration(s) specified above and initiate
regist
ration or deletion of the DNS records by running 'nltest.exe /dsregdns' from
the
command prompt on the domain controller or by restarting Net Logon service
on t
he domain controller.
......................... abc-6700 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=abc-6700,OU=Domain Controllers,DC=abc,DC=lan and backlink on
CN=abc-6700,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura
tion,DC=abc,DC=lan
are correct.
The system object reference (serverReferenceBL)
CN=abc-6700,CN=Topology,CN=Domain System
Volume,CN=DFSR-GlobalSettings,
CN=System,DC=abc,DC=lan
and backlink on
CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-First-Site-Name,CN=S
ites,CN=Configuration,DC=abc,DC=lan
are correct.
......................... abc-6700 passed test VerifyReferences
Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS
Test omitted by user request: DNS

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation

Running partition tests on : abc
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation

Running enterprise tests on : abc.lan
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
PDC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
Time Server Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
KDC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
......................... abc.lan passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... abc.lan passed test Intersite

C:\Users\Administrator>