Twitter iPhone pliant OnePlus 11 PS5 Disney+ Orange Livebox Windows 11

DC Windows 2003 subitement sourd et muet (au niveau AD pas netbios/SMB)

27 réponses
Avatar
YannX
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de repos
pour les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait
vraimmment trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC
Windows 2003 ne semble plus accepter la replication avec son
partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer
maintenant sur la connexion créée automatiquement en dessous de
celui-ci je recoie un "Accés refusé" , ans l'autre sens ça fonctionne
:-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur de
ce DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu
complet du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois par
avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes j'ai
userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue
global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NT\ANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
\\vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NT\ANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global
suivant et les tentatives n'ont pas réussi.

Catalogue global :
\\vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active Directory
utilisera la recherche de contrôleur de domaine pour tenter de trouver
un serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NT\ANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue
global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defaut\SERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defaut\VSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defaut\SERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERV01\netlogon
Verified share \\SERV01\sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared. Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV01 passed test
CheckSecurityError

Testing server: Premier-Site-par-defaut\VSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systŠme distant n'est pas disponible. Pour obtenir des
informations … propos du d‚pannage r‚seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systŠme distant n'est pas disponible. Pour obtenir des
informations … propos du d‚pannage r‚seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context:
CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccŠs refus‚.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccŠs refus‚.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccŠs refus‚.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:54:29.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\VSERV01\netlogon
Verified share \\VSERV01\sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5).
Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share \\SERV01\netlogon
Verified share \\SERV01\sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source.
See any errors reported in attempting tests.
......................... VSERV01 passed test
CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom

Running enterprise tests on : contoso.local
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside
the scope

provided by the command line arguments provided.
......................... contoso.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\vserv01.contoso.local
Locator Flags: 0xe00003fd
PDC Name: \\vserv01.contoso.local
Locator Flags: 0xe00003fd
Time Server Name: \\vserv01.contoso.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\vserv01.contoso.local
Locator Flags: 0xe00003fd
KDC Name: \\vserv01.contoso.local
Locator Flags: 0xe00003fd
......................... contoso.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: serv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:13:21:7C:D9:F8
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local.
IP:192.168.1.2 [Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure contoso.local.
Test record _dcdiag_test_record added successfully in
zone contoso.local.
Test record _dcdiag_test_record deleted successfully
in zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Intel(R) PRO/1000 MT
Network Connection:
Matching A record found at DNS server
192.168.1.12:
serv01.contoso.local

Matching CNAME record found at DNS server
192.168.1.12:

5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local



DC: vserv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Carte AMD PCNET Family Ethernet
PCI:
MAC address is 00:0C:29:28:5E:87
IP address is static
IP address: 192.168.1.12
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local.
IP:192.168.1.2 [Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure contoso.local.
Test record _dcdiag_test_record added successfully in
zone contoso.local.
Test record _dcdiag_test_record deleted successfully
in zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000001] Carte AMD PCNET Family
Ethernet PCI:
Matching A record found at DNS server
192.168.1.12:
vserv01.contoso.local

Matching CNAME record found at DNS server
192.168.1.12:

3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local

Matching PDC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.pdc._msdcs.contoso.local


Summary of test results for DNS servers used by the above
domain controllers:

DNS server: 192.168.1.12 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered

DNS server: 192.168.1.2 (serv01.contoso.local.)
All tests passed on this DNS server
This is a valid DNS server
Delegation to the domain _msdcs.contoso.local. is
operational

DNS server: 213.251.179.102 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 80.10.246.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 80.10.246.3 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn
RReg Ext

________________________________________________________________
Domain: contoso.local
serv01 PASS PASS PASS PASS WARN
PASS n/a
vserv01 PASS PASS PASS PASS WARN
PASS n/a

......................... contoso.local passed test DNS




AU SECOURS !!!!

10 réponses

1 2 3
Avatar
Jonathan BISMUTH [Bis IT]
Salut YannX,

Pas beaucoup de gourous dans le coin, et en plus quelques précisions à nous
apporter :)

- Tu ne donne que le current time de VServ01, il est à la même heure que
Serv01?
- Combien de cartes réseau (sur l'un comme sur l'autre)?
- La réinitialisation du mot de passe du DC s'est bien passée?
- Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
- Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr
http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de repos
pour les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait
vraimmment trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC Windows
2003 ne semble plus accepter la replication avec son partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer
maintenant sur la connexion créée automatiquement en dessous de celui-ci
je recoie un "Accés refusé" , ans l'autre sens ça fonctionne :-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur de ce
DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu complet
du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois par
avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes j'ai
userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue
global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global suivant
et les tentatives n'ont pas réussi.

Catalogue global :
vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active Directory
utilisera la recherche de contrôleur de domaine pour tenter de trouver un
serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à l'adresse
http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue
global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à l'adresse
http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defautVSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and backlink
on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV01 passed test CheckSecurityError

Testing server: Premier-Site-par-defautVSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:54:29.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share VSERV01netlogon
Verified share VSERV01sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and backlink
on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5). Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source. See
any errors reported in attempting tests.
......................... VSERV01 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom

Running enterprise tests on : contoso.local
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside the
scope

provided by the command line arguments provided.
......................... contoso.local passed test Intersite
Starting test: FsmoCheck
GC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
PDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
KDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
......................... contoso.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: serv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:13:21:7C:D9:F8
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Test record _dcdiag_test_record added successfully in
zone contoso.local.
Test record _dcdiag_test_record deleted successfully in
zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
Matching A record found at DNS server 192.168.1.12:
serv01.contoso.local

Matching CNAME record found at DNS server
192.168.1.12:

5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local



DC: vserv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Carte AMD PCNET Family Ethernet PCI:
MAC address is 00:0C:29:28:5E:87
IP address is static
IP address: 192.168.1.12
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Test record _dcdiag_test_record added successfully in
zone contoso.local.
Test record _dcdiag_test_record deleted successfully in
zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000001] Carte AMD PCNET Family
Ethernet PCI:
Matching A record found at DNS server 192.168.1.12:
vserv01.contoso.local

Matching CNAME record found at DNS server
192.168.1.12:

3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local

Matching PDC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.pdc._msdcs.contoso.local


Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 192.168.1.12 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered

DNS server: 192.168.1.2 (serv01.contoso.local.)
All tests passed on this DNS server
This is a valid DNS server
Delegation to the domain _msdcs.contoso.local. is
operational

DNS server: 213.251.179.102 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 80.10.246.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 80.10.246.3 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg
Ext

________________________________________________________________
Domain: contoso.local
serv01 PASS PASS PASS PASS WARN PASS
n/a
vserv01 PASS PASS PASS PASS WARN PASS
n/a

......................... contoso.local passed test DNS




AU SECOURS !!!!




Avatar
YannX
Bonjour Jonathan,


Toujours fidele au poste ;-)
Merci de ton aide précieuse.

_Alors ,pour ce qui est de la synchro horaire , les 2 DC sont bien
synchro (et sur le même fuseau).

_Pas de firewall sur ces deux DC

_Le reinitialisation s'est bien passée, le DC vserv01 semblant etre
celui qui deconne, a partir de celiui-ci, j'ai lancé la commande:
netdom resetpwd /server:serv01.contoso.local
/userd:contosoadministrateur /passwordd:mot_de_passe
qui m'a retourné le message OK.

_L'acces au SYSVOL se fait nickel et dans les 2 sens.

_Une seule carte réseau sur ces deux DC.

_Je ne vois pas ou il est indiqué 192.168.1.2 pour
vserv01.contoso.local
Normalement :
vserv01.contoso.local2.168.1.12
serv01.contoso.local2.168.1.2

Tous deux sur le même LAN et même switch pas d'elements actifs/filtrage
entre les deux.

Dans le DNS tous les enregistrements sont présents dans la zone _msdcs
etc...

C'est vraiment bizarre car la replication se fait bien dans un sens
mais pas dans l'autre !!!


Merci beaucoup de prendre le temps de m'aider car je suis dans la
pannade !!!!



Jonathan BISMUTH [Bis IT] a exposé le 21/07/2009 :
Salut YannX,

Pas beaucoup de gourous dans le coin, et en plus quelques précisions à nous
apporter :)

- Tu ne donne que le current time de VServ01, il est à la même heure que
Serv01?
- Combien de cartes réseau (sur l'un comme sur l'autre)?
- La réinitialisation du mot de passe du DC s'est bien passée?
- Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
- Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr
http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de repos pour
les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait vraimmment
trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC Windows
2003 ne semble plus accepter la replication avec son partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer maintenant
sur la connexion créée automatiquement en dessous de celui-ci je recoie un
"Accés refusé" , ans l'autre sens ça fonctionne :-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur de ce
DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu complet
du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois par
avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes j'ai
userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global suivant et
les tentatives n'ont pas réussi.

Catalogue global :
vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active Directory
utilisera la recherche de contrôleur de domaine pour tenter de trouver un
serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à l'adresse
http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à l'adresse
http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defautVSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local in
domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and backlink on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local in
domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... SERV01 passed test CheckSecurityError

Testing server: Premier-Site-par-defautVSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05 09:47:02.
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05 09:47:02.
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05 09:47:02.
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05 09:47:02.
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05 09:54:29.
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share VSERV01netlogon
Verified share VSERV01sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and backlink
on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5). Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source. See any
errors reported in attempting tests.
......................... VSERV01 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom

Running enterprise tests on : contoso.local
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside the
scope

provided by the command line arguments provided.
......................... contoso.local passed test Intersite
Starting test: FsmoCheck
GC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
PDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
KDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
......................... contoso.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: serv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:13:21:7C:D9:F8
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Test record _dcdiag_test_record added successfully in zone
contoso.local.
Test record _dcdiag_test_record deleted successfully in
zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
Matching A record found at DNS server 192.168.1.12:
serv01.contoso.local

Matching CNAME record found at DNS server 192.168.1.12:

5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local



DC: vserv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Carte AMD PCNET Family Ethernet PCI:
MAC address is 00:0C:29:28:5E:87
IP address is static
IP address: 192.168.1.12
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Test record _dcdiag_test_record added successfully in zone
contoso.local.
Test record _dcdiag_test_record deleted successfully in
zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000001] Carte AMD PCNET Family Ethernet
PCI:
Matching A record found at DNS server 192.168.1.12:
vserv01.contoso.local

Matching CNAME record found at DNS server 192.168.1.12:

3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local

Matching PDC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.pdc._msdcs.contoso.local


Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 192.168.1.12 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered

DNS server: 192.168.1.2 (serv01.contoso.local.)
All tests passed on this DNS server
This is a valid DNS server
Delegation to the domain _msdcs.contoso.local. is operational

DNS server: 213.251.179.102 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 80.10.246.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 80.10.246.3 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg
Ext

________________________________________________________________
Domain: contoso.local
serv01 PASS PASS PASS PASS WARN PASS
n/a
vserv01 PASS PASS PASS PASS WARN PASS
n/a

......................... contoso.local passed test DNS




AU SECOURS !!!!






Avatar
Jonathan BISMUTH [Bis IT]
Oublie, c'est me syeux qui me font défaut :)
Les vacances approchent....

Si tu fais "repadmin /options serv01" et "repadmin /options vserv01"
Tu obtiens quoi?
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net


"YannX" a écrit dans le message de news:

Bonjour Jonathan,


Toujours fidele au poste ;-)
Merci de ton aide précieuse.

_Alors ,pour ce qui est de la synchro horaire , les 2 DC sont bien synchro
(et sur le même fuseau).

_Pas de firewall sur ces deux DC

_Le reinitialisation s'est bien passée, le DC vserv01 semblant etre celui
qui deconne, a partir de celiui-ci, j'ai lancé la commande:
netdom resetpwd /server:serv01.contoso.local /userd:contosoadministrateur
/passwordd:mot_de_passe
qui m'a retourné le message OK.

_L'acces au SYSVOL se fait nickel et dans les 2 sens.

_Une seule carte réseau sur ces deux DC.

_Je ne vois pas ou il est indiqué 192.168.1.2 pour vserv01.contoso.local
Normalement :
vserv01.contoso.local2.168.1.12
serv01.contoso.local2.168.1.2

Tous deux sur le même LAN et même switch pas d'elements actifs/filtrage
entre les deux.

Dans le DNS tous les enregistrements sont présents dans la zone _msdcs
etc...

C'est vraiment bizarre car la replication se fait bien dans un sens mais
pas dans l'autre !!!


Merci beaucoup de prendre le temps de m'aider car je suis dans la pannade
!!!!



Jonathan BISMUTH [Bis IT] a exposé le 21/07/2009 :
Salut YannX,

Pas beaucoup de gourous dans le coin, et en plus quelques précisions à
nous apporter :)

- Tu ne donne que le current time de VServ01, il est à la même heure que
Serv01?
- Combien de cartes réseau (sur l'un comme sur l'autre)?
- La réinitialisation du mot de passe du DC s'est bien passée?
- Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
- Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de repos
pour les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait
vraimmment trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC
Windows 2003 ne semble plus accepter la replication avec son partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer
maintenant sur la connexion créée automatiquement en dessous de celui-ci
je recoie un "Accés refusé" , ans l'autre sens ça fonctionne :-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur de
ce DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu
complet du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois par
avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes j'ai
userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue
global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global suivant
et les tentatives n'ont pas réussi.

Catalogue global :
vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active Directory
utilisera la recherche de contrôleur de domaine pour tenter de trouver
un serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue
global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defautVSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and backlink
on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV01 passed test CheckSecurityError

Testing server: Premier-Site-par-defautVSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context:
CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:54:29.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share VSERV01netlogon
Verified share VSERV01sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5). Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source. See
any errors reported in attempting tests.
......................... VSERV01 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom

Running enterprise tests on : contoso.local
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside the
scope

provided by the command line arguments provided.
......................... contoso.local passed test Intersite
Starting test: FsmoCheck
GC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
PDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
KDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
......................... contoso.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: serv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:13:21:7C:D9:F8
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Test record _dcdiag_test_record added successfully in
zone contoso.local.
Test record _dcdiag_test_record deleted successfully in
zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
Matching A record found at DNS server 192.168.1.12:
serv01.contoso.local

Matching CNAME record found at DNS server
192.168.1.12:

5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local



DC: vserv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Carte AMD PCNET Family Ethernet PCI:
MAC address is 00:0C:29:28:5E:87
IP address is static
IP address: 192.168.1.12
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Test record _dcdiag_test_record added successfully in
zone contoso.local.
Test record _dcdiag_test_record deleted successfully in
zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000001] Carte AMD PCNET Family
Ethernet PCI:
Matching A record found at DNS server 192.168.1.12:
vserv01.contoso.local

Matching CNAME record found at DNS server
192.168.1.12:

3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local

Matching PDC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.pdc._msdcs.contoso.local


Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 192.168.1.12 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered

DNS server: 192.168.1.2 (serv01.contoso.local.)
All tests passed on this DNS server
This is a valid DNS server
Delegation to the domain _msdcs.contoso.local. is
operational

DNS server: 213.251.179.102 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 80.10.246.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 80.10.246.3 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg
Ext

________________________________________________________________
Domain: contoso.local
serv01 PASS PASS PASS PASS WARN PASS
n/a
vserv01 PASS PASS PASS PASS WARN PASS
n/a

......................... contoso.local passed test DNS




AU SECOURS !!!!










Avatar
YannX
Voici ce que j'obtiens en lançant ces commandes:

C:Program FilesSupport Tools>repadmin /options serv01
Current DC Options: IS_GC

C:Program FilesSupport Tools>repadmin /options vserv01
Current DC Options: IS_GC

Pour info aussi voici ce que me remonte FRSDIAG:

------------------------------------------------------------
FRSDiag v1.7 on 20/07/2009 02:02:04
.VSERV01 on 2009-07-20 at 02.02.04
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....
NtFrs 20/07/2009 01:36:38 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers
VSERV01 pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les
contrôleurs de domaine. Ce message du journal d'événement
apparaîtra une fois par connexion, une fois que le problème a été
résolu, vous verrez un autre message indiquant que la connexion a été
établie.
NtFrs 19/07/2009 20:44:11 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers
VSERV01 pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les
contrôleurs de domaine. Ce message du journal d'événement
apparaîtra une fois par connexion, une fois que le problème a été
résolu, vous verrez un autre message indiquant que la connexion a été
établie.
NtFrs 19/07/2009 11:33:10 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers
VSERV01 pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les
contrôleurs de domaine. Ce message du journal d'événement
apparaîtra une fois par connexion, une fois que le problème a été
résolu, vous verrez un autre message indiquant que la connexion a été
établie.
WARNING: Found Event ID 13508 errors without trailing 13509 ... see
above for (up to) the 3 latest entries!

......... failed 1
Checking for errors in Directory Service Event Log ....
NTDS General 20/07/2009 01:38:28 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve
pas sur le serveur. ID interne : 3200ba0 Action
utilisateur : Vérifiez qu'un catalogue global est disponible dans la
forêt, et qu'il est accessible à partir de ce contrôleur de domaine.
Vous pouvez utiliser l'utilitaire nltest pour diagnostiquer ce
problème.
[..]
NTDS General 19/07/2009 12:37:24 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve
pas sur le serveur. ID interne : 3200ba0 Action
utilisateur : Vérifiez qu'un catalogue global est disponible dans la
forêt, et qu'il est accessible à partir de ce contrôleur de domaine.
Vous pouvez utiliser l'utilitaire nltest pour diagnostiquer ce
problème.
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état
de réplication pour la partition d'annuaire suivante sur le contrôleur
de domaine local. Partition d'annuaire :
DC=ForestDnsZones,DC=contoso,DC=local Le contrôleur de domaine
local n'a pas reçu d'informations de réplication récentes à partir de
certains contrôleurs de domaine. Le nombre de contrôleurs de domaine
est affiché, divisé par les intervalles suivants. Plus de 24
heures : 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus
de deux mois : 0 Plus d'une durée de vie de temporisation : 0
Durée de vie de la temporisation (jours) : 180 Les contrôleurs de
domaine qui ne répliquent pas de manière régulière peuvent rencontrer
des erreurs. Ils peuvent manquer certaines modifications de mot de
passe et ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a
pas répliqué pendant un intervalle de durée de vie de temporisation
peut avoir manqué la suppression de certains objets, et peut se voir
empêcher toute future réplication jusqu'à la réconciliation.
Pour identifier les contrôleurs de domaine par leur nom, installez les
outils de support fournis dans le CD d'installation et exécutez
dcdiag.exe. Vous pouvez également utilisez l'outil de support
repadmin.exe pour afficher les latences des contrôleurs de domaine
dans la forêt. La commande est "repadmin /showvector /latency
<NomUniquePartition>".
[...]
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état
de réplication pour la partition d'annuaire suivante sur le contrôleur
de domaine local. Partition d'annuaire : DC=contoso,DC=local
Le contrôleur de domaine local n'a pas reçu d'informations de
réplication récentes à partir de certains contrôleurs de domaine. Le
nombre de contrôleurs de domaine est affiché, divisé par les
intervalles suivants. Plus de 24 heures : 1 Plus d'une
semaine : 1 Plus d'un mois : 0 Plus de deux mois : 0 Plus
d'une durée de vie de temporisation : 0 Durée de vie de la
temporisation (jours) : 180 Les contrôleurs de domaine qui ne
répliquent pas de manière régulière peuvent rencontrer des erreurs. Ils
peuvent manquer certaines modifications de mot de passe et ne plus
pouvoir authentifier. Un contrôleur de domaine qui n'a pas répliqué
pendant un intervalle de durée de vie de temporisation peut avoir
manqué la suppression de certains objets, et peut se voir empêcher
toute future réplication jusqu'à la réconciliation. Pour
identifier les contrôleurs de domaine par leur nom, installez les
outils de support fournis dans le CD d'installation et exécutez
dcdiag.exe. Vous pouvez également utilisez l'outil de support
repadmin.exe pour afficher les latences des contrôleurs de domaine
dans la forêt. La commande est "repadmin /showvector /latency
<NomUniquePartition>".
etc...etc...
NTDS Replication 13/07/2009 11:05:02 Error 1864 Ceci représente l'état
de réplication pour la partition d'annuaire suivante sur le contrôleur
de domaine local. Partition d'annuaire :
CN=Configuration,DC=contoso,DC=local Le contrôleur de domaine
local n'a pas reçu d'informations de réplication récentes à partir de
certains contrôleurs de domaine. Le nombre de contrôleurs de domaine
est affiché, divisé par les intervalles suivants. Plus de 24
heures : 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus
de deux mois : 0 Plus d'une durée de vie de temporisation : 0
Durée de vie de la temporisation (jours) : 180 Les contrôleurs de
domaine qui ne répliquent pas de manière régulière peuvent rencontrer
des erreurs. Ils peuvent manquer certaines modifications de mot de
passe et ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a
pas répliqué pendant un intervalle de durée de vie de temporisation
peut avoir manqué la suppression de certains objets, et peut se voir
empêcher toute future réplication jusqu'à la réconciliation.
Pour identifier les contrôleurs de domaine par leur nom, installez les
outils de support fournis dans le CD d'installation et exécutez
dcdiag.exe. Vous pouvez également utilisez l'outil de support
repadmin.exe pour afficher les latences des contrôleurs de domaine
dans la forêt. La commande est "repadmin /showvector /latency
<NomUniquePartition>".
WARNING: Found Directory Service Errors in the past 15 days! FRS
Depends on AD so Check AD Replication!

......... failed 200
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is
not checked)...
ERROR: Junction Point missing on "c:windowssysvolsysvol"
ERROR: Junction Point missing on "c:windowssysvolstaging areas"
......... failed 2
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
704: 884: S0: 02:00:58> :SR: Cmd 0026efe0, CxtG 2a56b458,
WS ERROR_ACCESS_DENIED, To serv01.contoso.local Len: (366) [SndFail
- rpc exception]
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
3524: 883: S0: 02:00:58> ++ ERROR - EXCEPTION (00000005) :
WStatus: ERROR_ACCESS_DENIED
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
3524: 884: S0: 02:00:58> :SR: Cmd 013bfd50, CxtG 6cb42b8e,
WS ERROR_ACCESS_DENIED, To serv01.contoso.local Len: (366) [SndFail
- rpc exception]

Found 2030 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed
above

......... failed with 2030 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...
DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:54.29.
2497 consecutive failure(s).

CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
915 consecutive failure(s).

CN=Schema,CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
396 consecutive failure(s).

DC=DomainDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
537 consecutive failure(s).

DC=ForestDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
400 consecutive failure(s).

......... failed 5


Je suis preneur de toutes pistes
Merci.

Jonathan BISMUTH [Bis IT] a écrit :
Oublie, c'est me syeux qui me font défaut :)
Les vacances approchent....

Si tu fais "repadmin /options serv01" et "repadmin /options vserv01"
Tu obtiens quoi?
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net


"YannX" a écrit dans le message de news:

Bonjour Jonathan,


Toujours fidele au poste ;-)
Merci de ton aide précieuse.

_Alors ,pour ce qui est de la synchro horaire , les 2 DC sont bien synchro
(et sur le même fuseau).

_Pas de firewall sur ces deux DC

_Le reinitialisation s'est bien passée, le DC vserv01 semblant etre celui
qui deconne, a partir de celiui-ci, j'ai lancé la commande:
netdom resetpwd /server:serv01.contoso.local /userd:contosoadministrateur
/passwordd:mot_de_passe
qui m'a retourné le message OK.

_L'acces au SYSVOL se fait nickel et dans les 2 sens.

_Une seule carte réseau sur ces deux DC.

_Je ne vois pas ou il est indiqué 192.168.1.2 pour vserv01.contoso.local
Normalement :
vserv01.contoso.local2.168.1.12
serv01.contoso.local2.168.1.2

Tous deux sur le même LAN et même switch pas d'elements actifs/filtrage
entre les deux.

Dans le DNS tous les enregistrements sont présents dans la zone _msdcs
etc...

C'est vraiment bizarre car la replication se fait bien dans un sens mais
pas dans l'autre !!!


Merci beaucoup de prendre le temps de m'aider car je suis dans la pannade
!!!!



Jonathan BISMUTH [Bis IT] a exposé le 21/07/2009 :
Salut YannX,

Pas beaucoup de gourous dans le coin, et en plus quelques précisions à
nous apporter :)

- Tu ne donne que le current time de VServ01, il est à la même heure que
Serv01?
- Combien de cartes réseau (sur l'un comme sur l'autre)?
- La réinitialisation du mot de passe du DC s'est bien passée?
- Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
- Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de repos
pour les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait
vraimmment trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC
Windows 2003 ne semble plus accepter la replication avec son partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer
maintenant sur la connexion créée automatiquement en dessous de celui-ci
je recoie un "Accés refusé" , ans l'autre sens ça fonctionne :-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur de
ce DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu complet
du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois par
avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes j'ai
userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue
global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global suivant
et les tentatives n'ont pas réussi.

Catalogue global :
vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active Directory
utilisera la recherche de contrôleur de domaine pour tenter de trouver un
serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à l'adresse
http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue
global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à l'adresse
http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defautVSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and backlink
on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV01 passed test CheckSecurityError

Testing server: Premier-Site-par-defautVSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:54:29.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share VSERV01netlogon
Verified share VSERV01sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local
in domain DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and backlink
on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5). Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source. See
any errors reported in attempting tests.
......................... VSERV01 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom

Running enterprise tests on : contoso.local
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside the
scope

provided by the command line arguments provided.
......................... contoso.local passed test Intersite
Starting test: FsmoCheck
GC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
PDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
KDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
......................... contoso.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: serv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:13:21:7C:D9:F8
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Test record _dcdiag_test_record added successfully in
zone contoso.local.
Test record _dcdiag_test_record deleted successfully in
zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
Matching A record found at DNS server 192.168.1.12:
serv01.contoso.local

Matching CNAME record found at DNS server
192.168.1.12:

5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local



DC: vserv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Carte AMD PCNET Family Ethernet PCI:
MAC address is 00:0C:29:28:5E:87
IP address is static
IP address: 192.168.1.12
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Te








Avatar
Jonathan BISMUTH [Bis IT]
Hum... problème de point de jonction?

as tu jeté un coup d'oeil à http://support.microsoft.com/kb/315457 afin de
valider les points de jonction?

Et particulièrement à :
To re-create the junction points if the LINKD command reports missing or
invalid junction points, follow these steps:
1.. Type linkd C:WINNTSYSVOLsysvolDNS_Domain_Name Source, where Source
is the root path that is determined by using the NTFRSUTL command.
2.. Type C:linkd "C:WINNTSYSVOLstaging areasDNS_Domain_Name " Source,
where Source is the stage path that is determined by using the NTFRSUTL
command.
??
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr
http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Voici ce que j'obtiens en lançant ces commandes:

C:Program FilesSupport Tools>repadmin /options serv01
Current DC Options: IS_GC

C:Program FilesSupport Tools>repadmin /options vserv01
Current DC Options: IS_GC

Pour info aussi voici ce que me remonte FRSDIAG:

------------------------------------------------------------
FRSDiag v1.7 on 20/07/2009 02:02:04
.VSERV01 on 2009-07-20 at 02.02.04
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....
NtFrs 20/07/2009 01:36:38 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un autre
message indiquant que la connexion a été établie.
NtFrs 19/07/2009 20:44:11 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un autre
message indiquant que la connexion a été établie.
NtFrs 19/07/2009 11:33:10 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un autre
message indiquant que la connexion a été établie.
WARNING: Found Event ID 13508 errors without trailing 13509 ... see above
for (up to) the 3 latest entries!

......... failed 1
Checking for errors in Directory Service Event Log ....
NTDS General 20/07/2009 01:38:28 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
l'utilitaire nltest pour diagnostiquer ce problème.
[..]
NTDS General 19/07/2009 12:37:24 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
l'utilitaire nltest pour diagnostiquer ce problème.
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire :
DC=ForestDnsZones,DC=contoso,DC=local Le contrôleur de domaine
local n'a pas reçu d'informations de réplication récentes à partir de
certains contrôleurs de domaine. Le nombre de contrôleurs de domaine
est affiché, divisé par les intervalles suivants. Plus de 24 heures
: 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de deux
mois : 0 Plus d'une durée de vie de temporisation : 0 Durée de vie
de la temporisation (jours) : 180 Les contrôleurs de domaine qui ne
répliquent pas de manière régulière peuvent rencontrer des erreurs. Ils
peuvent manquer certaines modifications de mot de passe et ne plus
pouvoir authentifier. Un contrôleur de domaine qui n'a pas répliqué
pendant un intervalle de durée de vie de temporisation peut avoir manqué
la suppression de certains objets, et peut se voir empêcher toute future
réplication jusqu'à la réconciliation. Pour identifier les
contrôleurs de domaine par leur nom, installez les outils de support
fournis dans le CD d'installation et exécutez dcdiag.exe. Vous pouvez
également utilisez l'outil de support repadmin.exe pour afficher les
latences des contrôleurs de domaine dans la forêt. La commande est
"repadmin /showvector /latency <NomUniquePartition>".
[...]
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire : DC=contoso,DC=local Le
contrôleur de domaine local n'a pas reçu d'informations de réplication
récentes à partir de certains contrôleurs de domaine. Le nombre de
contrôleurs de domaine est affiché, divisé par les intervalles suivants.
Plus de 24 heures : 1 Plus d'une semaine : 1 Plus d'un mois : 0
Plus de deux mois : 0 Plus d'une durée de vie de temporisation : 0
Durée de vie de la temporisation (jours) : 180 Les contrôleurs de
domaine qui ne répliquent pas de manière régulière peuvent rencontrer des
erreurs. Ils peuvent manquer certaines modifications de mot de passe et
ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a pas
répliqué pendant un intervalle de durée de vie de temporisation peut
avoir manqué la suppression de certains objets, et peut se voir empêcher
toute future réplication jusqu'à la réconciliation. Pour
identifier les contrôleurs de domaine par leur nom, installez les outils
de support fournis dans le CD d'installation et exécutez dcdiag.exe.
Vous pouvez également utilisez l'outil de support repadmin.exe pour
afficher les latences des contrôleurs de domaine dans la forêt. La
commande est "repadmin /showvector /latency <NomUniquePartition>".
etc...etc...
NTDS Replication 13/07/2009 11:05:02 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire :
CN=Configuration,DC=contoso,DC=local Le contrôleur de domaine local
n'a pas reçu d'informations de réplication récentes à partir de certains
contrôleurs de domaine. Le nombre de contrôleurs de domaine est
affiché, divisé par les intervalles suivants. Plus de 24 heures :
1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de deux mois :
0 Plus d'une durée de vie de temporisation : 0 Durée de vie de la
temporisation (jours) : 180 Les contrôleurs de domaine qui ne
répliquent pas de manière régulière peuvent rencontrer des erreurs. Ils
peuvent manquer certaines modifications de mot de passe et ne plus
pouvoir authentifier. Un contrôleur de domaine qui n'a pas répliqué
pendant un intervalle de durée de vie de temporisation peut avoir manqué
la suppression de certains objets, et peut se voir empêcher toute future
réplication jusqu'à la réconciliation. Pour identifier les
contrôleurs de domaine par leur nom, installez les outils de support
fournis dans le CD d'installation et exécutez dcdiag.exe. Vous pouvez
également utilisez l'outil de support repadmin.exe pour afficher les
latences des contrôleurs de domaine dans la forêt. La commande est
"repadmin /showvector /latency <NomUniquePartition>".
WARNING: Found Directory Service Errors in the past 15 days! FRS Depends
on AD so Check AD Replication!

......... failed 200
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not
checked)...
ERROR: Junction Point missing on "c:windowssysvolsysvol"
ERROR: Junction Point missing on "c:windowssysvolstaging areas"
......... failed 2
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
704: 884: S0: 02:00:58> :SR: Cmd 0026efe0, CxtG 2a56b458, WS
ERROR_ACCESS_DENIED, To serv01.contoso.local Len: (366) [SndFail - rpc
exception]
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
3524: 883: S0: 02:00:58> ++ ERROR - EXCEPTION (00000005) : WStatus:
ERROR_ACCESS_DENIED
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
3524: 884: S0: 02:00:58> :SR: Cmd 013bfd50, CxtG 6cb42b8e, WS
ERROR_ACCESS_DENIED, To serv01.contoso.local Len: (366) [SndFail - rpc
exception]

Found 2030 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed
above

......... failed with 2030 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...
DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:54.29.
2497 consecutive failure(s).

CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
915 consecutive failure(s).

CN=Schema,CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
396 consecutive failure(s).

DC=DomainDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
537 consecutive failure(s).

DC=ForestDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
400 consecutive failure(s).

......... failed 5


Je suis preneur de toutes pistes
Merci.



...
Avatar
Jonathan BISMUTH [Bis IT]
Any news Yann?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Voici ce que j'obtiens en lançant ces commandes:

C:Program FilesSupport Tools>repadmin /options serv01
Current DC Options: IS_GC

C:Program FilesSupport Tools>repadmin /options vserv01
Current DC Options: IS_GC

Pour info aussi voici ce que me remonte FRSDIAG:

------------------------------------------------------------
FRSDiag v1.7 on 20/07/2009 02:02:04
.VSERV01 on 2009-07-20 at 02.02.04
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....
NtFrs 20/07/2009 01:36:38 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un autre
message indiquant que la connexion a été établie.
NtFrs 19/07/2009 20:44:11 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un autre
message indiquant que la connexion a été établie.
NtFrs 19/07/2009 11:33:10 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un autre
message indiquant que la connexion a été établie.
WARNING: Found Event ID 13508 errors without trailing 13509 ... see above
for (up to) the 3 latest entries!

......... failed 1
Checking for errors in Directory Service Event Log ....
NTDS General 20/07/2009 01:38:28 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
l'utilitaire nltest pour diagnostiquer ce problème.
[..]
NTDS General 19/07/2009 12:37:24 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
l'utilitaire nltest pour diagnostiquer ce problème.
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire :
DC=ForestDnsZones,DC=contoso,DC=local Le contrôleur de domaine
local n'a pas reçu d'informations de réplication récentes à partir de
certains contrôleurs de domaine. Le nombre de contrôleurs de domaine
est affiché, divisé par les intervalles suivants. Plus de 24 heures
: 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de deux
mois : 0 Plus d'une durée de vie de temporisation : 0 Durée de vie
de la temporisation (jours) : 180 Les contrôleurs de domaine qui ne
répliquent pas de manière régulière peuvent rencontrer des erreurs. Ils
peuvent manquer certaines modifications de mot de passe et ne plus
pouvoir authentifier. Un contrôleur de domaine qui n'a pas répliqué
pendant un intervalle de durée de vie de temporisation peut avoir manqué
la suppression de certains objets, et peut se voir empêcher toute future
réplication jusqu'à la réconciliation. Pour identifier les
contrôleurs de domaine par leur nom, installez les outils de support
fournis dans le CD d'installation et exécutez dcdiag.exe. Vous pouvez
également utilisez l'outil de support repadmin.exe pour afficher les
latences des contrôleurs de domaine dans la forêt. La commande est
"repadmin /showvector /latency <NomUniquePartition>".
[...]
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire : DC=contoso,DC=local Le
contrôleur de domaine local n'a pas reçu d'informations de réplication
récentes à partir de certains contrôleurs de domaine. Le nombre de
contrôleurs de domaine est affiché, divisé par les intervalles suivants.
Plus de 24 heures : 1 Plus d'une semaine : 1 Plus d'un mois : 0
Plus de deux mois : 0 Plus d'une durée de vie de temporisation : 0
Durée de vie de la temporisation (jours) : 180 Les contrôleurs de
domaine qui ne répliquent pas de manière régulière peuvent rencontrer des
erreurs. Ils peuvent manquer certaines modifications de mot de passe et
ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a pas
répliqué pendant un intervalle de durée de vie de temporisation peut
avoir manqué la suppression de certains objets, et peut se voir empêcher
toute future réplication jusqu'à la réconciliation. Pour
identifier les contrôleurs de domaine par leur nom, installez les outils
de support fournis dans le CD d'installation et exécutez dcdiag.exe.
Vous pouvez également utilisez l'outil de support repadmin.exe pour
afficher les latences des contrôleurs de domaine dans la forêt. La
commande est "repadmin /showvector /latency <NomUniquePartition>".
etc...etc...
NTDS Replication 13/07/2009 11:05:02 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire :
CN=Configuration,DC=contoso,DC=local Le contrôleur de domaine local
n'a pas reçu d'informations de réplication récentes à partir de certains
contrôleurs de domaine. Le nombre de contrôleurs de domaine est
affiché, divisé par les intervalles suivants. Plus de 24 heures :
1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de deux mois :
0 Plus d'une durée de vie de temporisation : 0 Durée de vie de la
temporisation (jours) : 180 Les contrôleurs de domaine qui ne
répliquent pas de manière régulière peuvent rencontrer des erreurs. Ils
peuvent manquer certaines modifications de mot de passe et ne plus
pouvoir authentifier. Un contrôleur de domaine qui n'a pas répliqué
pendant un intervalle de durée de vie de temporisation peut avoir manqué
la suppression de certains objets, et peut se voir empêcher toute future
réplication jusqu'à la réconciliation. Pour identifier les
contrôleurs de domaine par leur nom, installez les outils de support
fournis dans le CD d'installation et exécutez dcdiag.exe. Vous pouvez
également utilisez l'outil de support repadmin.exe pour afficher les
latences des contrôleurs de domaine dans la forêt. La commande est
"repadmin /showvector /latency <NomUniquePartition>".
WARNING: Found Directory Service Errors in the past 15 days! FRS Depends
on AD so Check AD Replication!

......... failed 200
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not
checked)...
ERROR: Junction Point missing on "c:windowssysvolsysvol"
ERROR: Junction Point missing on "c:windowssysvolstaging areas"
......... failed 2
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
704: 884: S0: 02:00:58> :SR: Cmd 0026efe0, CxtG 2a56b458, WS
ERROR_ACCESS_DENIED, To serv01.contoso.local Len: (366) [SndFail - rpc
exception]
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
3524: 883: S0: 02:00:58> ++ ERROR - EXCEPTION (00000005) : WStatus:
ERROR_ACCESS_DENIED
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:
3524: 884: S0: 02:00:58> :SR: Cmd 013bfd50, CxtG 6cb42b8e, WS
ERROR_ACCESS_DENIED, To serv01.contoso.local Len: (366) [SndFail - rpc
exception]

Found 2030 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed
above

......... failed with 2030 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...
DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:54.29.
2497 consecutive failure(s).

CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
915 consecutive failure(s).

CN=Schema,CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
396 consecutive failure(s).

DC=DomainDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
537 consecutive failure(s).

DC=ForestDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
400 consecutive failure(s).

......... failed 5


Je suis preneur de toutes pistes
Merci.

Jonathan BISMUTH [Bis IT] a écrit :
Oublie, c'est me syeux qui me font défaut :)
Les vacances approchent....

Si tu fais "repadmin /options serv01" et "repadmin /options vserv01"
Tu obtiens quoi?
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net


"YannX" a écrit dans le message de news:

Bonjour Jonathan,


Toujours fidele au poste ;-)
Merci de ton aide précieuse.

_Alors ,pour ce qui est de la synchro horaire , les 2 DC sont bien
synchro (et sur le même fuseau).

_Pas de firewall sur ces deux DC

_Le reinitialisation s'est bien passée, le DC vserv01 semblant etre
celui qui deconne, a partir de celiui-ci, j'ai lancé la commande:
netdom resetpwd /server:serv01.contoso.local
/userd:contosoadministrateur /passwordd:mot_de_passe
qui m'a retourné le message OK.

_L'acces au SYSVOL se fait nickel et dans les 2 sens.

_Une seule carte réseau sur ces deux DC.

_Je ne vois pas ou il est indiqué 192.168.1.2 pour vserv01.contoso.local
Normalement :
vserv01.contoso.local2.168.1.12
serv01.contoso.local2.168.1.2

Tous deux sur le même LAN et même switch pas d'elements actifs/filtrage
entre les deux.

Dans le DNS tous les enregistrements sont présents dans la zone _msdcs
etc...

C'est vraiment bizarre car la replication se fait bien dans un sens mais
pas dans l'autre !!!


Merci beaucoup de prendre le temps de m'aider car je suis dans la
pannade !!!!



Jonathan BISMUTH [Bis IT] a exposé le 21/07/2009 :
Salut YannX,

Pas beaucoup de gourous dans le coin, et en plus quelques précisions à
nous apporter :)

- Tu ne donne que le current time de VServ01, il est à la même heure
que Serv01?
- Combien de cartes réseau (sur l'un comme sur l'autre)?
- La réinitialisation du mot de passe du DC s'est bien passée?
- Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
- Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de repos
pour les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait
vraimmment trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC
Windows 2003 ne semble plus accepter la replication avec son
partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer
maintenant sur la connexion créée automatiquement en dessous de
celui-ci je recoie un "Accés refusé" , ans l'autre sens ça fonctionne
:-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur
de ce DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu
complet du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois par
avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes
j'ai userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue
global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global
suivant et les tentatives n'ont pas réussi.

Catalogue global :
vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active Directory
utilisera la recherche de contrôleur de domaine pour tenter de trouver
un serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue
global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defautVSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared. Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV01 passed test
CheckSecurityError

Testing server: Premier-Site-par-defautVSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context:
CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:54:29.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share VSERV01netlogon
Verified share VSERV01sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5).
Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source.
See any errors reported in attempting tests.
......................... VSERV01 passed test
CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom

Running enterprise tests on : contoso.local
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside
the scope

provided by the command line arguments provided.
......................... contoso.local passed test Intersite
Starting test: FsmoCheck
GC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
PDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
KDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
......................... contoso.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: serv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:13:21:7C:D9:F8
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local.
IP:192.168.1.2 [Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure contoso.local.
Test record _dcdiag_test_record added successfully in
zone contoso.local.
Test record _dcdiag_test_record deleted successfully
in zone contoso.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Intel(R) PRO/1000 MT
Network Connection:
Matching A record found at DNS server
192.168.1.12:
serv01.contoso.local

Matching CNAME record found at DNS server
192.168.1.12:

5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local

Matching DC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.dc._msdcs.contoso.local

Matching GC SRV record found at DNS server
192.168.1.12:
_ldap._tcp.gc._msdcs.contoso.local



DC: vserv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running










Avatar
YannX
Not yet Jonathan, je n'ai pas pu faire les manip car pas sur site.
Dés que j'en ai je ne manquerai pas de te tenir au courant,

merci.


Après mûre réflexion, Jonathan BISMUTH [Bis IT] a écrit :
Any news Yann?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Voici ce que j'obtiens en lançant ces commandes:

C:Program FilesSupport Tools>repadmin /options serv01
Current DC Options: IS_GC

C:Program FilesSupport Tools>repadmin /options vserv01
Current DC Options: IS_GC

Pour info aussi voici ce que me remonte FRSDIAG:

------------------------------------------------------------
FRSDiag v1.7 on 20/07/2009 02:02:04
.VSERV01 on 2009-07-20 at 02.02.04
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....
NtFrs 20/07/2009 01:36:38 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS serv01.contoso.local.
FRS va essayer à nouveau. Ci-dessous sont certaines des raisons de cet
avertissement. [1] FRS ne peut pas résoudre le nom DNS
serv01.contoso.local correctement à partir de cet ordinateur. [2] FRS
n'est pas en cours d'exécution sur serv01.contoso.local. [3] Les
informations de topologie dans Active Directory pour ce réplica n'ont pas
été répliquées à tous les contrôleurs de domaine. Ce message du
journal d'événement apparaîtra une fois par connexion, une fois que le
problème a été résolu, vous verrez un autre message indiquant que la
connexion a été établie.
NtFrs 19/07/2009 20:44:11 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS serv01.contoso.local.
FRS va essayer à nouveau. Ci-dessous sont certaines des raisons de cet
avertissement. [1] FRS ne peut pas résoudre le nom DNS
serv01.contoso.local correctement à partir de cet ordinateur. [2] FRS
n'est pas en cours d'exécution sur serv01.contoso.local. [3] Les
informations de topologie dans Active Directory pour ce réplica n'ont pas
été répliquées à tous les contrôleurs de domaine. Ce message du
journal d'événement apparaîtra une fois par connexion, une fois que le
problème a été résolu, vous verrez un autre message indiquant que la
connexion a été établie.
NtFrs 19/07/2009 11:33:10 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS serv01.contoso.local.
FRS va essayer à nouveau. Ci-dessous sont certaines des raisons de cet
avertissement. [1] FRS ne peut pas résoudre le nom DNS
serv01.contoso.local correctement à partir de cet ordinateur. [2] FRS
n'est pas en cours d'exécution sur serv01.contoso.local. [3] Les
informations de topologie dans Active Directory pour ce réplica n'ont pas
été répliquées à tous les contrôleurs de domaine. Ce message du
journal d'événement apparaîtra une fois par connexion, une fois que le
problème a été résolu, vous verrez un autre message indiquant que la
connexion a été établie.
WARNING: Found Event ID 13508 errors without trailing 13509 ... see above
for (up to) the 3 latest entries!

......... failed 1
Checking for errors in Directory Service Event Log ....
NTDS General 20/07/2009 01:38:28 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
l'utilitaire nltest pour diagnostiquer ce problème.
[..]
NTDS General 19/07/2009 12:37:24 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
l'utilitaire nltest pour diagnostiquer ce problème.
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire :
DC=ForestDnsZones,DC=contoso,DC=local Le contrôleur de domaine local
n'a pas reçu d'informations de réplication récentes à partir de certains
contrôleurs de domaine. Le nombre de contrôleurs de domaine est affiché,
divisé par les intervalles suivants. Plus de 24 heures
> 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de deux
mois : 0 Plus d'une durée de vie de temporisation : 0 Durée de vie
de la temporisation (jours) : 180 Les contrôleurs de domaine qui ne
répliquent pas de manière régulière peuvent rencontrer des erreurs. Ils
peuvent manquer certaines modifications de mot de passe et ne plus pouvoir
authentifier. Un contrôleur de domaine qui n'a pas répliqué pendant un
intervalle de durée de vie de temporisation peut avoir manqué la
suppression de certains objets, et peut se voir empêcher toute future
réplication jusqu'à la réconciliation. Pour identifier les
contrôleurs de domaine par leur nom, installez les outils de support
fournis dans le CD d'installation et exécutez dcdiag.exe. Vous pouvez
également utilisez l'outil de support repadmin.exe pour afficher les
latences des contrôleurs de domaine dans la forêt. La commande est
"repadmin /showvector /latency <NomUniquePartition>".
[...]
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire : DC=contoso,DC=local Le
contrôleur de domaine local n'a pas reçu d'informations de réplication
récentes à partir de certains contrôleurs de domaine. Le nombre de
contrôleurs de domaine est affiché, divisé par les intervalles suivants.
Plus de 24 heures : 1 Plus d'une semaine : 1 Plus d'un mois : 0
Plus de deux mois : 0 Plus d'une durée de vie de temporisation : 0
Durée de vie de la temporisation (jours) : 180 Les contrôleurs de
domaine qui ne répliquent pas de manière régulière peuvent rencontrer des
erreurs. Ils peuvent manquer certaines modifications de mot de passe et ne
plus pouvoir authentifier. Un contrôleur de domaine qui n'a pas répliqué
pendant un intervalle de durée de vie de temporisation peut avoir manqué
la suppression de certains objets, et peut se voir empêcher toute future
réplication jusqu'à la réconciliation. Pour identifier les
contrôleurs de domaine par leur nom, installez les outils de support
fournis dans le CD d'installation et exécutez dcdiag.exe. Vous pouvez
également utilisez l'outil de support repadmin.exe pour afficher les
latences des contrôleurs de domaine dans la forêt. La commande est
"repadmin /showvector /latency <NomUniquePartition>".
etc...etc...
NTDS Replication 13/07/2009 11:05:02 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire :
CN=Configuration,DC=contoso,DC=local Le contrôleur de domaine local
n'a pas reçu d'informations de réplication récentes à partir de certains
contrôleurs de domaine. Le nombre de contrôleurs de domaine est affiché,
divisé par les intervalles suivants. Plus de 24 heures : 1 Plus
d'une semaine : 1 Plus d'un mois : 0 Plus de deux mois : 0 Plus
d'une durée de vie de temporisation : 0 Durée de vie de la
temporisation (jours) : 180 Les contrôleurs de domaine qui ne
répliquent pas de manière régulière peuvent rencontrer des erreurs. Ils
peuvent manquer certaines modifications de mot de passe et ne plus pouvoir
authentifier. Un contrôleur de domaine qui n'a pas répliqué pendant un
intervalle de durée de vie de temporisation peut avoir manqué la
suppression de certains objets, et peut se voir empêcher toute future
réplication jusqu'à la réconciliation. Pour identifier les
contrôleurs de domaine par leur nom, installez les outils de support
fournis dans le CD d'installation et exécutez dcdiag.exe. Vous pouvez
également utilisez l'outil de support repadmin.exe pour afficher les
latences des contrôleurs de domaine dans la forêt. La commande est
"repadmin /showvector /latency <NomUniquePartition>".
WARNING: Found Directory Service Errors in the past 15 days! FRS Depends on
AD so Check AD Replication!

......... failed 200
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not
checked)...
ERROR: Junction Point missing on "c:windowssysvolsysvol"
ERROR: Junction Point missing on "c:windowssysvolstaging areas"
......... failed 2
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 704: 884:
S0: 02:00:58> :SR: Cmd 0026efe0, CxtG 2a56b458, WS ERROR_ACCESS_DENIED, To
serv01.contoso.local Len: (366) [SndFail - rpc exception]
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3524: 883:
S0: 02:00:58> ++ ERROR - EXCEPTION (00000005) : WStatus:
ERROR_ACCESS_DENIED
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3524: 884:
S0: 02:00:58> :SR: Cmd 013bfd50, CxtG 6cb42b8e, WS ERROR_ACCESS_DENIED, To
serv01.contoso.local Len: (366) [SndFail - rpc exception]

Found 2030 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above

......... failed with 2030 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...
DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:54.29.
2497 consecutive failure(s).

CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
915 consecutive failure(s).

CN=Schema,CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
396 consecutive failure(s).

DC=DomainDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
537 consecutive failure(s).

DC=ForestDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
400 consecutive failure(s).

......... failed 5


Je suis preneur de toutes pistes
Merci.

Jonathan BISMUTH [Bis IT] a écrit :
Oublie, c'est me syeux qui me font défaut :)
Les vacances approchent....

Si tu fais "repadmin /options serv01" et "repadmin /options vserv01"
Tu obtiens quoi?
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net


"YannX" a écrit dans le message de news:

Bonjour Jonathan,


Toujours fidele au poste ;-)
Merci de ton aide précieuse.

_Alors ,pour ce qui est de la synchro horaire , les 2 DC sont bien
synchro (et sur le même fuseau).

_Pas de firewall sur ces deux DC

_Le reinitialisation s'est bien passée, le DC vserv01 semblant etre celui
qui deconne, a partir de celiui-ci, j'ai lancé la commande:
netdom resetpwd /server:serv01.contoso.local
/userd:contosoadministrateur /passwordd:mot_de_passe
qui m'a retourné le message OK.

_L'acces au SYSVOL se fait nickel et dans les 2 sens.

_Une seule carte réseau sur ces deux DC.

_Je ne vois pas ou il est indiqué 192.168.1.2 pour vserv01.contoso.local
Normalement :
vserv01.contoso.local2.168.1.12
serv01.contoso.local2.168.1.2

Tous deux sur le même LAN et même switch pas d'elements actifs/filtrage
entre les deux.

Dans le DNS tous les enregistrements sont présents dans la zone _msdcs
etc...

C'est vraiment bizarre car la replication se fait bien dans un sens mais
pas dans l'autre !!!


Merci beaucoup de prendre le temps de m'aider car je suis dans la pannade
!!!!



Jonathan BISMUTH [Bis IT] a exposé le 21/07/2009 :
Salut YannX,

Pas beaucoup de gourous dans le coin, et en plus quelques précisions à
nous apporter :)

- Tu ne donne que le current time de VServ01, il est à la même heure que
Serv01?
- Combien de cartes réseau (sur l'un comme sur l'autre)?
- La réinitialisation du mot de passe du DC s'est bien passée?
- Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
- Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de repos
pour les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait
vraimmment trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC
Windows 2003 ne semble plus accepter la replication avec son
partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer
maintenant sur la connexion créée automatiquement en dessous de
celui-ci je recoie un "Accés refusé" , ans l'autre sens ça fonctionne
:-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur de
ce DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu
complet du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois par
avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes j'ai
userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue
global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global
suivant et les tentatives n'ont pas réussi.

Catalogue global :
vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active Directory
utilisera la recherche de contrôleur de domaine pour tenter de trouver
un serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue
global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defautVSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared. Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV01 passed test CheckSecurityError

Testing server: Premier-Site-par-defautVSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context:
CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:54:29.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share VSERV01netlogon
Verified share VSERV01sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5). Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source. See
any errors reported in attempting tests.
......................... VSERV01 passed test
CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom

Running enterprise tests on : contoso.local
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside the
scope

provided by the command line arguments provided.
......................... contoso.local passed test Intersite
Starting test: FsmoCheck
GC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
PDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
KDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
......................... contoso.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: serv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:13:21:7C:D9:F8
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.12 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.251.179.102 (<name unavailable>) [Valid]
80.10.246.2 (<name unavailable>) [Valid]
80.10.246.3 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: contoso.local.
Delegated domain name: _msdcs.contoso.local.
DNS server: serv01.contoso.local. IP:192.168.1.2
[Valid]

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure contoso.local.
Test record _dcdiag_test_reco












Avatar
Jonathan BISMUTH [Bis IT]
pas de soucis,
bon courage!
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:

Not yet Jonathan, je n'ai pas pu faire les manip car pas sur site.
Dés que j'en ai je ne manquerai pas de te tenir au courant,

merci.


Après mûre réflexion, Jonathan BISMUTH [Bis IT] a écrit :
Any news Yann?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Voici ce que j'obtiens en lançant ces commandes:

C:Program FilesSupport Tools>repadmin /options serv01
Current DC Options: IS_GC

C:Program FilesSupport Tools>repadmin /options vserv01
Current DC Options: IS_GC

Pour info aussi voici ce que me remonte FRSDIAG:

------------------------------------------------------------
FRSDiag v1.7 on 20/07/2009 02:02:04
.VSERV01 on 2009-07-20 at 02.02.04
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....
NtFrs 20/07/2009 01:36:38 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les
contrôleurs de domaine. Ce message du journal d'événement
apparaîtra une fois par connexion, une fois que le problème a été
résolu, vous verrez un autre message indiquant que la connexion a été
établie.
NtFrs 19/07/2009 20:44:11 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les
contrôleurs de domaine. Ce message du journal d'événement
apparaîtra une fois par connexion, une fois que le problème a été
résolu, vous verrez un autre message indiquant que la connexion a été
établie.
NtFrs 19/07/2009 11:33:10 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les
contrôleurs de domaine. Ce message du journal d'événement
apparaîtra une fois par connexion, une fois que le problème a été
résolu, vous verrez un autre message indiquant que la connexion a été
établie.
WARNING: Found Event ID 13508 errors without trailing 13509 ... see
above for (up to) the 3 latest entries!

......... failed 1
Checking for errors in Directory Service Event Log ....
NTDS General 20/07/2009 01:38:28 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.
[..]
NTDS General 19/07/2009 12:37:24 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état
de réplication pour la partition d'annuaire suivante sur le contrôleur
de domaine local. Partition d'annuaire :
DC=ForestDnsZones,DC=contoso,DC=local Le contrôleur de domaine
local n'a pas reçu d'informations de réplication récentes à partir de
certains contrôleurs de domaine. Le nombre de contrôleurs de domaine
est affiché, divisé par les intervalles suivants. Plus de 24
heures
> 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de deux
mois : 0 Plus d'une durée de vie de temporisation : 0 Durée de
vie de la temporisation (jours) : 180 Les contrôleurs de domaine
qui ne répliquent pas de manière régulière peuvent rencontrer des
erreurs. Ils peuvent manquer certaines modifications de mot de passe et
ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a pas
répliqué pendant un intervalle de durée de vie de temporisation peut
avoir manqué la suppression de certains objets, et peut se voir empêcher
toute future réplication jusqu'à la réconciliation. Pour
identifier les contrôleurs de domaine par leur nom, installez les outils
de support fournis dans le CD d'installation et exécutez dcdiag.exe.
Vous pouvez également utilisez l'outil de support repadmin.exe pour
afficher les latences des contrôleurs de domaine dans la forêt. La
commande est "repadmin /showvector /latency <NomUniquePartition>".
[...]
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état
de réplication pour la partition d'annuaire suivante sur le contrôleur
de domaine local. Partition d'annuaire : DC=contoso,DC=local
Le contrôleur de domaine local n'a pas reçu d'informations de
réplication récentes à partir de certains contrôleurs de domaine. Le
nombre de contrôleurs de domaine est affiché, divisé par les intervalles
suivants. Plus de 24 heures : 1 Plus d'une semaine : 1 Plus d'un
mois : 0 Plus de deux mois : 0 Plus d'une durée de vie de
temporisation : 0 Durée de vie de la temporisation (jours) : 180
Les contrôleurs de domaine qui ne répliquent pas de manière régulière
peuvent rencontrer des erreurs. Ils peuvent manquer certaines
modifications de mot de passe et ne plus pouvoir authentifier. Un
contrôleur de domaine qui n'a pas répliqué pendant un intervalle de
durée de vie de temporisation peut avoir manqué la suppression de
certains objets, et peut se voir empêcher toute future réplication
jusqu'à la réconciliation. Pour identifier les contrôleurs de
domaine par leur nom, installez les outils de support fournis dans le
CD d'installation et exécutez dcdiag.exe. Vous pouvez également utilisez
l'outil de support repadmin.exe pour afficher les latences des
contrôleurs de domaine dans la forêt. La commande est "repadmin
/showvector /latency <NomUniquePartition>".
etc...etc...
NTDS Replication 13/07/2009 11:05:02 Error 1864 Ceci représente l'état
de réplication pour la partition d'annuaire suivante sur le contrôleur
de domaine local. Partition d'annuaire :
CN=Configuration,DC=contoso,DC=local Le contrôleur de domaine
local n'a pas reçu d'informations de réplication récentes à partir de
certains contrôleurs de domaine. Le nombre de contrôleurs de domaine
est affiché, divisé par les intervalles suivants. Plus de 24
heures : 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de
deux mois : 0 Plus d'une durée de vie de temporisation : 0 Durée
de vie de la temporisation (jours) : 180 Les contrôleurs de
domaine qui ne répliquent pas de manière régulière peuvent rencontrer
des erreurs. Ils peuvent manquer certaines modifications de mot de
passe et ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a
pas répliqué pendant un intervalle de durée de vie de temporisation
peut avoir manqué la suppression de certains objets, et peut se voir
empêcher toute future réplication jusqu'à la réconciliation.
Pour identifier les contrôleurs de domaine par leur nom, installez les
outils de support fournis dans le CD d'installation et exécutez
dcdiag.exe. Vous pouvez également utilisez l'outil de support
repadmin.exe pour afficher les latences des contrôleurs de domaine dans
la forêt. La commande est "repadmin /showvector /latency
<NomUniquePartition>".
WARNING: Found Directory Service Errors in the past 15 days! FRS Depends
on AD so Check AD Replication!

......... failed 200
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not
checked)...
ERROR: Junction Point missing on "c:windowssysvolsysvol"
ERROR: Junction Point missing on "c:windowssysvolstaging areas"
......... failed 2
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 704:
884: S0: 02:00:58> :SR: Cmd 0026efe0, CxtG 2a56b458, WS
ERROR_ACCESS_DENIED, To serv01.contoso.local Len: (366) [SndFail - rpc
exception]
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3524:
883: S0: 02:00:58> ++ ERROR - EXCEPTION (00000005) : WStatus:
ERROR_ACCESS_DENIED
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3524:
884: S0: 02:00:58> :SR: Cmd 013bfd50, CxtG 6cb42b8e, WS
ERROR_ACCESS_DENIED, To serv01.contoso.local Len: (366) [SndFail - rpc
exception]

Found 2030 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed
above

......... failed with 2030 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...
DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:54.29.
2497 consecutive failure(s).

CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
915 consecutive failure(s).

CN=Schema,CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
396 consecutive failure(s).

DC=DomainDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
537 consecutive failure(s).

DC=ForestDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
400 consecutive failure(s).

......... failed 5


Je suis preneur de toutes pistes
Merci.

Jonathan BISMUTH [Bis IT] a écrit :
Oublie, c'est me syeux qui me font défaut :)
Les vacances approchent....

Si tu fais "repadmin /options serv01" et "repadmin /options vserv01"
Tu obtiens quoi?
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net


"YannX" a écrit dans le message de news:

Bonjour Jonathan,


Toujours fidele au poste ;-)
Merci de ton aide précieuse.

_Alors ,pour ce qui est de la synchro horaire , les 2 DC sont bien
synchro (et sur le même fuseau).

_Pas de firewall sur ces deux DC

_Le reinitialisation s'est bien passée, le DC vserv01 semblant etre
celui qui deconne, a partir de celiui-ci, j'ai lancé la commande:
netdom resetpwd /server:serv01.contoso.local
/userd:contosoadministrateur /passwordd:mot_de_passe
qui m'a retourné le message OK.

_L'acces au SYSVOL se fait nickel et dans les 2 sens.

_Une seule carte réseau sur ces deux DC.

_Je ne vois pas ou il est indiqué 192.168.1.2 pour
vserv01.contoso.local
Normalement :
vserv01.contoso.local2.168.1.12
serv01.contoso.local2.168.1.2

Tous deux sur le même LAN et même switch pas d'elements
actifs/filtrage entre les deux.

Dans le DNS tous les enregistrements sont présents dans la zone _msdcs
etc...

C'est vraiment bizarre car la replication se fait bien dans un sens
mais pas dans l'autre !!!


Merci beaucoup de prendre le temps de m'aider car je suis dans la
pannade !!!!



Jonathan BISMUTH [Bis IT] a exposé le 21/07/2009 :
Salut YannX,

Pas beaucoup de gourous dans le coin, et en plus quelques précisions
à nous apporter :)

- Tu ne donne que le current time de VServ01, il est à la même heure
que Serv01?
- Combien de cartes réseau (sur l'un comme sur l'autre)?
- La réinitialisation du mot de passe du DC s'est bien passée?
- Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
- Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de
repos pour les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait
vraimmment trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC
Windows 2003 ne semble plus accepter la replication avec son
partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer
maintenant sur la connexion créée automatiquement en dessous de
celui-ci je recoie un "Accés refusé" , ans l'autre sens ça
fonctionne
:-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur
de ce DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu
complet du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois
par avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes
j'ai userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue
global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global
suivant et les tentatives n'ont pas réussi.

Catalogue global :
vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active
Directory utilisera la recherche de contrôleur de domaine pour
tenter de trouver un serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue
global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et
qu'il est accessible à partir de ce contrôleur de domaine. Vous
pouvez utiliser l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defautVSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared. Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found
on this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV01 passed test
CheckSecurityError

Testing server: Premier-Site-par-defautVSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context:
CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:54:29.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share VSERV01netlogon
Verified share VSERV01sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a
DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable
directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5).
Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC
SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source.
See any errors reported in attempting tests.
......................... VSERV01 passed test
CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom

Running enterprise tests on : contoso.local
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside
the scope

provided by the command line arguments provided.
......................... contoso.local passed test
Intersite
Starting test: FsmoCheck
GC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
PDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
KDC Name: vserv01.contoso.local
Locator Flags: 0xe00003fd
......................... contoso.local passed test
FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: serv01.contoso.local
Domain: contoso.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running














Avatar
YannX
Encore moi,

Comme expliquer j'attends d'être sur site car apparement les manip ne
sont pas annodines et me paraissant même un poil risky non ?
Je ne peux pas risquer de faire tomber le serveur en pleine
production....

Sinon je m'interroge sur le fait que le pb soit bien sur le bon de mes
deux serveurs.
Car s'il est vrai que celui qui me remonte le + erreur notement au
niveau des userenv ID 1030 & 1097,c'esr VSERV01 peut-être mon
acharnement (reset computer password etc...) n'est pas sur le bon DC...

Ci dessous un descriptif du comportement, merci de me donner ton avis
SERV01 ou VSERV01 ??

Sur VSERV01:

Dans la mmc "Sites et Services" dans

Sites
Permier Sites Par defaut
Servers
SERV01
NTDS Settings
<généré automatiquement> (depuis le serveur: VSERV01)


VSERV01
NTDS Settings
<généré automatiquement> (depuis le serveur: SERV01) C'EST
CE DERNIER QUI RECOIE UN ACCESS DENIED

Dans les propriétés de ces connexions, j'ai ceci

Contextes de noms repliqués:
ForestDnsZones.contoso.local, DomainDnsZones.contoso.local,
contoso.local



ET SUR SERV01

Dans la mmc "Sites et Services" dans

Sites
Permier Sites Par defaut
Servers
SERV01
NTDS Settings
<généré automatiquement> (depuis le serveur: VSERV01)


VSERV01
NTDS Settings
VIDE !!!!!

Dans les propriétés de la 1er connexion, j'ai ceci

Contextes de noms repliqués:
ForestDnsZones.contoso.local, DomainDnsZones.contoso.local,
contoso.local



Jonathan BISMUTH [Bis IT] a formulé ce mercredi :
pas de soucis,
bon courage!
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:

Not yet Jonathan, je n'ai pas pu faire les manip car pas sur site.
Dés que j'en ai je ne manquerai pas de te tenir au courant,

merci.


Après mûre réflexion, Jonathan BISMUTH [Bis IT] a écrit :
Any news Yann?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Voici ce que j'obtiens en lançant ces commandes:

C:Program FilesSupport Tools>repadmin /options serv01
Current DC Options: IS_GC

C:Program FilesSupport Tools>repadmin /options vserv01
Current DC Options: IS_GC

Pour info aussi voici ce que me remonte FRSDIAG:

------------------------------------------------------------
FRSDiag v1.7 on 20/07/2009 02:02:04
.VSERV01 on 2009-07-20 at 02.02.04
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....
NtFrs 20/07/2009 01:36:38 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un
autre message indiquant que la connexion a été établie.
NtFrs 19/07/2009 20:44:11 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un
autre message indiquant que la connexion a été établie.
NtFrs 19/07/2009 11:33:10 Warning 13508 Le service de réplication de
fichiers a des problèmes à activer la réplication de SERV01 vers VSERV01
pour c:windowssysvoldomain en utilisant le nom DNS
serv01.contoso.local. FRS va essayer à nouveau. Ci-dessous sont
certaines des raisons de cet avertissement. [1] FRS ne peut pas
résoudre le nom DNS serv01.contoso.local correctement à partir de cet
ordinateur. [2] FRS n'est pas en cours d'exécution sur
serv01.contoso.local. [3] Les informations de topologie dans Active
Directory pour ce réplica n'ont pas été répliquées à tous les contrôleurs
de domaine. Ce message du journal d'événement apparaîtra une fois
par connexion, une fois que le problème a été résolu, vous verrez un
autre message indiquant que la connexion a été établie.
WARNING: Found Event ID 13508 errors without trailing 13509 ... see above
for (up to) the 3 latest entries!

......... failed 1
Checking for errors in Directory Service Event Log ....
NTDS General 20/07/2009 01:38:28 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.
[..]
NTDS General 19/07/2009 12:37:24 Error 1126 Active Directory n'a pas pu
établir une connexion avec le catalogue global. Données
supplémentaires Valeur de l'erreur : 8240 Cet objet ne se trouve pas
sur le serveur. ID interne : 3200ba0 Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il
est accessible à partir de ce contrôleur de domaine. Vous pouvez
utiliser l'utilitaire nltest pour diagnostiquer ce problème.
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire :
DC=ForestDnsZones,DC=contoso,DC=local Le contrôleur de domaine
local n'a pas reçu d'informations de réplication récentes à partir de
certains contrôleurs de domaine. Le nombre de contrôleurs de domaine
est affiché, divisé par les intervalles suivants. Plus de 24
heures
> 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de deux
mois : 0 Plus d'une durée de vie de temporisation : 0 Durée de
vie de la temporisation (jours) : 180 Les contrôleurs de domaine
qui ne répliquent pas de manière régulière peuvent rencontrer des
erreurs. Ils peuvent manquer certaines modifications de mot de passe et
ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a pas
répliqué pendant un intervalle de durée de vie de temporisation peut
avoir manqué la suppression de certains objets, et peut se voir empêcher
toute future réplication jusqu'à la réconciliation. Pour
identifier les contrôleurs de domaine par leur nom, installez les outils
de support fournis dans le CD d'installation et exécutez dcdiag.exe.
Vous pouvez également utilisez l'outil de support repadmin.exe pour
afficher les latences des contrôleurs de domaine dans la forêt. La
commande est "repadmin /showvector /latency <NomUniquePartition>".
[...]
NTDS Replication 19/07/2009 12:22:23 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire : DC=contoso,DC=local Le
contrôleur de domaine local n'a pas reçu d'informations de réplication
récentes à partir de certains contrôleurs de domaine. Le nombre de
contrôleurs de domaine est affiché, divisé par les intervalles suivants.
Plus de 24 heures : 1 Plus d'une semaine : 1 Plus d'un mois : 0
Plus de deux mois : 0 Plus d'une durée de vie de temporisation : 0
Durée de vie de la temporisation (jours) : 180 Les contrôleurs de
domaine qui ne répliquent pas de manière régulière peuvent rencontrer des
erreurs. Ils peuvent manquer certaines modifications de mot de passe et
ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a pas
répliqué pendant un intervalle de durée de vie de temporisation peut
avoir manqué la suppression de certains objets, et peut se voir empêcher
toute future réplication jusqu'à la réconciliation. Pour
identifier les contrôleurs de domaine par leur nom, installez les outils
de support fournis dans le CD d'installation et exécutez dcdiag.exe.
Vous pouvez également utilisez l'outil de support repadmin.exe pour
afficher les latences des contrôleurs de domaine dans la forêt. La
commande est "repadmin /showvector /latency <NomUniquePartition>".
etc...etc...
NTDS Replication 13/07/2009 11:05:02 Error 1864 Ceci représente l'état de
réplication pour la partition d'annuaire suivante sur le contrôleur de
domaine local. Partition d'annuaire :
CN=Configuration,DC=contoso,DC=local Le contrôleur de domaine
local n'a pas reçu d'informations de réplication récentes à partir de
certains contrôleurs de domaine. Le nombre de contrôleurs de domaine
est affiché, divisé par les intervalles suivants. Plus de 24
heures : 1 Plus d'une semaine : 1 Plus d'un mois : 0 Plus de
deux mois : 0 Plus d'une durée de vie de temporisation : 0 Durée
de vie de la temporisation (jours) : 180 Les contrôleurs de domaine
qui ne répliquent pas de manière régulière peuvent rencontrer des
erreurs. Ils peuvent manquer certaines modifications de mot de passe et
ne plus pouvoir authentifier. Un contrôleur de domaine qui n'a pas
répliqué pendant un intervalle de durée de vie de temporisation peut
avoir manqué la suppression de certains objets, et peut se voir empêcher
toute future réplication jusqu'à la réconciliation. Pour identifier les
contrôleurs de domaine par leur nom, installez les outils de support
fournis dans le CD d'installation et exécutez dcdiag.exe. Vous pouvez
également utilisez l'outil de support repadmin.exe pour afficher les
latences des contrôleurs de domaine dans la forêt. La commande est
"repadmin /showvector /latency <NomUniquePartition>".
WARNING: Found Directory Service Errors in the past 15 days! FRS Depends
on AD so Check AD Replication!

......... failed 200
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not
checked)...
ERROR: Junction Point missing on "c:windowssysvolsysvol"
ERROR: Junction Point missing on "c:windowssysvolstaging areas"
......... failed 2
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 704: 884:
S0: 02:00:58> :SR: Cmd 0026efe0, CxtG 2a56b458, WS ERROR_ACCESS_DENIED,
To serv01.contoso.local Len: (366) [SndFail - rpc exception]
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3524: 883:
S0: 02:00:58> ++ ERROR - EXCEPTION (00000005) : WStatus:
ERROR_ACCESS_DENIED
ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3524: 884:
S0: 02:00:58> :SR: Cmd 013bfd50, CxtG 6cb42b8e, WS ERROR_ACCESS_DENIED,
To serv01.contoso.local Len: (366) [SndFail - rpc exception]

Found 2030 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed
above

......... failed with 2030 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...
DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:54.29.
2497 consecutive failure(s).

CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
915 consecutive failure(s).

CN=Schema,CN=Configuration,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 5:
Accès refusé.
Last success @ 2009-07-05 09:47.02.
396 consecutive failure(s).

DC=DomainDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
537 consecutive failure(s).

DC=ForestDnsZones,DC=contoso,DC=local
Premier-Site-par-defautSERV01 via RPC
objectGuid: 5610d2e0-4e0f-4558-8e93-38da5120c503
Last attempt @ 2009-07-20 01:53.28 failed, result 1256:
Le système distant n'est pas disponible. Pour obtenir des
informations à propos du dépannage réseau, consulter l'Aide Windows.
Last success @ 2009-07-05 09:47.02.
400 consecutive failure(s).

......... failed 5


Je suis preneur de toutes pistes
Merci.

Jonathan BISMUTH [Bis IT] a écrit :
Oublie, c'est me syeux qui me font défaut :)
Les vacances approchent....

Si tu fais "repadmin /options serv01" et "repadmin /options vserv01"
Tu obtiens quoi?
--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net


"YannX" a écrit dans le message de news:

Bonjour Jonathan,


Toujours fidele au poste ;-)
Merci de ton aide précieuse.

_Alors ,pour ce qui est de la synchro horaire , les 2 DC sont bien
synchro (et sur le même fuseau).

_Pas de firewall sur ces deux DC

_Le reinitialisation s'est bien passée, le DC vserv01 semblant etre
celui qui deconne, a partir de celiui-ci, j'ai lancé la commande:
netdom resetpwd /server:serv01.contoso.local
/userd:contosoadministrateur /passwordd:mot_de_passe
qui m'a retourné le message OK.

_L'acces au SYSVOL se fait nickel et dans les 2 sens.

_Une seule carte réseau sur ces deux DC.

_Je ne vois pas ou il est indiqué 192.168.1.2 pour
vserv01.contoso.local
Normalement :
vserv01.contoso.local2.168.1.12
serv01.contoso.local2.168.1.2

Tous deux sur le même LAN et même switch pas d'elements actifs/filtrage
entre les deux.

Dans le DNS tous les enregistrements sont présents dans la zone _msdcs
etc...

C'est vraiment bizarre car la replication se fait bien dans un sens
mais pas dans l'autre !!!


Merci beaucoup de prendre le temps de m'aider car je suis dans la
pannade !!!!



Jonathan BISMUTH [Bis IT] a exposé le 21/07/2009 :
Salut YannX,

Pas beaucoup de gourous dans le coin, et en plus quelques précisions à
nous apporter :)

- Tu ne donne que le current time de VServ01, il est à la même heure
que Serv01?
- Combien de cartes réseau (sur l'un comme sur l'autre)?
- La réinitialisation du mot de passe du DC s'est bien passée?
- Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
- Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?

--
Jonathan BISMUTH
Bis IT
MVP Windows Server - Directory Services
http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://www.bis-it.fr
http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://blog.portail-mcse.net

"YannX" a écrit dans le message de news:
%
Bonsoir,

Je sais que nous sommes en plaine periode de congés mais "pas de
repos pour les braves" !!!!

Du coup si un grand Gourou de l'AD peut m'aider je lui en serait
vraimmment trés trés reconnaissant...

Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC
Windows 2003 ne semble plus accepter la replication avec son
partenaire.

Dans "Sites et services" si je fais un clique-droit et repliquer
maintenant sur la connexion créée automatiquement en dessous de
celui-ci je recoie un "Accés refusé" , ans l'autre sens ça fonctionne
:-(

J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur
de ce DC avec la commande netdom mais NIET.

Les droits d'accés me semblent bon , j'arrive à copier le contenu
complet du dossier SYSVOL de l'un vers l'autre via les partages.


J'essaie de vous donner un MAX d'info et encore merci milles fois par
avance de votre précieuse aide :


Sur ce même DC foireux:

_Dans le journal des evenements "Application" toutes les 5 minutes
j'ai userenv qui me genere de erreurs ID 1030 & 1097.

_Dans le journal des evenements "Service d'annuaire"
Active Directory n'a pas pu établir une connexion avec le catalogue
global:

Type de l'événement : Informations
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1869
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a trouvé un catalogue global dans le site suivant.

Catalogue global :
vserv01.contoso.local
Site :
Premier-Site-par-defaut

PUIS:

Type de l'événement : Avertissement
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1655
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory a tenté de communiquer avec le catalogue global
suivant et les tentatives n'ont pas réussi.

Catalogue global :
vserv01.contoso.local

L'opération en cours peut ne plus pouvoir continuer. Active Directory
utilisera la recherche de contrôleur de domaine pour tenter de
trouver un serveur de catalogue global disponible.

Données supplémentaires
Valeur de l'erreur :
5 Accès refusé.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.

PUIS:

Type de l'événement : Erreur
Source de l'événement : NTDS General
Catégorie de l'événement : Catalogue global
ID de l'événement : 1126
Date : 20/07/2009
Heure : 23:38:31
Utilisateur : AUTORITE NTANONYMOUS LOGON
Ordinateur : VSERV01
Description :
Active Directory n'a pas pu établir une connexion avec le catalogue
global.

Données supplémentaires
Valeur de l'erreur :
8240 Cet objet ne se trouve pas sur le serveur.
ID interne :
3200ba0

Action utilisateur :
Vérifiez qu'un catalogue global est disponible dans la forêt, et
qu'il est accessible à partir de ce contrôleur de domaine. Vous
pouvez utiliser l'utilitaire nltest pour diagnostiquer ce problème.

Pour plus d'informations, consultez le centre Aide et support à
l'adresse http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.



J'ai fait un dcdiag /c /e /v qui me remonte ceci:



Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine vserv01, is a DC.
* Connecting to directory service on server vserv01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERV01 passed test Connectivity

Testing server: Premier-Site-par-defautVSERV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VSERV01 passed test Connectivity

Doing primary tests

Testing server: Premier-Site-par-defautSERV01
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source VSERV01
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
DC=ForestDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Latency information for 2 entries in the vector were
ignored.
2 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=ForestDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
DC=DomainDnsZones,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=contoso,DC=local.
These servers can't get changes from home server SERV01:
Premier-Site-par-defaut/VSERV01
......................... SERV01 failed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... SERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
......................... SERV01 passed test NetLogons
Starting test: Advertising
The DC SERV01 is advertising itself as a DC and having a DS.
The DC SERV01 is advertising as an LDAP server
The DC SERV01 is advertising as having a writeable directory
The DC SERV01 is advertising as a Key Distribution Center
The DC SERV01 is advertising as a time server
The DS SERV01 is advertising as a GC.
......................... SERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... SERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1295
......................... SERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SERV01 on DC SERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
......................... SERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
SERV01 is in domain DC=contoso,DC=local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... SERV01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared. Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/20/2009 04:48:45
(Event String could not be retrieved)
......................... SERV01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minutes.
......................... SERV01 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERV01 passed test systemlog
Starting test: VerifyReplicas
......................... SERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=SERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... SERV01 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV01 passed test
CheckSecurityError

Testing server: Premier-Site-par-defautVSERV01
Starting test: Replications
* Replications Check
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=ForestDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
424 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=DomainDnsZones,DC=contoso,DC=local
The replication generated an error (1256):
Le systSme distant n'est pas disponible. Pour obtenir des
informations . propos du d,pannage r,seau, consulter l'Aide Windows.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
561 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context:
CN=Schema,CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 01:53:29.
The last success occurred at 2009-07-05 09:47:02.
420 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: CN=Configuration,DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:14:19.
The last success occurred at 2009-07-05 09:47:02.
973 failures have occurred since the last success.
[Replications Check,VSERV01] A recent replication attempt
failed:
From SERV01 to VSERV01
Naming Context: DC=contoso,DC=local
The replication generated an error (5):
AccSs refus,.
The failure occurred at 2009-07-21 02:27:33.
The last success occurred at 2009-07-05 09:54:29.
2778 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
VSERV01: Current time is 2009-07-21 02:32:08.
DC=ForestDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:47:02.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=contoso,DC=local
Last replication recieved from SERV01 at 2009-07-05
09:54:29.
Latency information for 1 entries in the vector were
ignored.
1 were retired Invocations. 0 were either:
read-only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... VSERV01 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=contoso,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... VSERV01 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VSERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
......................... VSERV01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share VSERV01netlogon
Verified share VSERV01sysvol
......................... VSERV01 passed test NetLogons
Starting test: Advertising
The DC VSERV01 is advertising itself as a DC and having a DS.
The DC VSERV01 is advertising as an LDAP server
The DC VSERV01 is advertising as having a writeable directory
The DC VSERV01 is advertising as a Key Distribution Center
The DC VSERV01 is advertising as a time server
The DS VSERV01 is advertising as a GC.
......................... VSERV01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
......................... VSERV01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* vserv01.contoso.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2149
......................... VSERV01 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
......................... VSERV01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VSERV01 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... VSERV01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
VSERV01 is in domain DC=contoso,DC=local
Checking for CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local
in domain CN=Configuration,DC=contoso,DC=local on 2 servers
Object is up-to-date on all servers.
......................... VSERV01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... VSERV01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... VSERV01 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 07/21/2009 02:23:30
(Event String could not be retrieved)
......................... VSERV01 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... VSERV01 passed test systemlog
Starting test: VerifyReplicas
......................... VSERV01 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=VSERV01,OU=Domain Controllers,DC=contoso,DC=local and
backlink on


CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on CN=VSERV01,OU=Domain
Controllers,DC=contoso,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=VSERV01,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=contoso,DC=local

and backlink on

CN=NTDS
Settings,CN=VSERV01,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=contoso,DC=local

are correct.
......................... VSERV01 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... VSERV01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking machine account for DC VSERV01 on DC VSERV01.
* SPN found :LDAP/vserv01.contoso.local/contoso.local
* SPN found :LDAP/vserv01.contoso.local
* SPN found :LDAP/VSERV01
* SPN found :LDAP/vserv01.contoso.local/contoso
* SPN found
:LDAP/3fc3ac18-a36e-482e-9801-ca50cbee6292._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fc3ac18-a36e-482e-9801-ca50cbee6292/contoso.local
* SPN found :HOST/vserv01.contoso.local/contoso.local
* SPN found :HOST/vserv01.contoso.local
* SPN found :HOST/VSERV01
* SPN found :HOST/vserv01.contoso.local/contoso
* SPN found :GC/vserv01.contoso.local/contoso.local
Source DC SERV01 has possible security error (5).
Diagnosing...
Found KDC VSERV01 for domain contoso.local in site
Premier-Site-par-defaut
Checking time skew between servers:
SERV01
VSERV01
Time is in sync: 0 seconds different.
Checking machine account for DC SERV01 on DC VSERV01.
* SPN found :LDAP/serv01.contoso.local/contoso.local
* SPN found :LDAP/serv01.contoso.local
* SPN found :LDAP/SERV01
* SPN found :LDAP/serv01.contoso.local/contoso
* SPN found
:LDAP/5610d2e0-4e0f-4558-8e93-38da5120c503._msdcs.contoso.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5610d2e0-4e0f-4558-8e93-38da5120c503/contoso.local
* SPN found :HOST/serv01.contoso.local/contoso.local
* SPN found :HOST/serv01.contoso.local
* SPN found :HOST/SERV01
* SPN found :HOST/serv01.contoso.local/contoso
* SPN found :GC/serv01.contoso.local/contoso.local
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
* Security Permissions check for all NC's on DC SERV01.
* Security Permissions Check for
DC=ForestDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=contoso,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=contoso,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=contoso,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=contoso,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share SERV01netlogon
Verified share SERV01sysvol
Checking for CN=SERV01,OU=Domain
Controllers,DC=contoso,DC=local in domain DC=contoso,DC=local on 2
servers
Object is up-to-date on all servers.
[SERV01] Unable to diagnose problem for this source.
See any errors reported in attempting tests.
......................... VSERV01 passed test
CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

















Avatar
Emmanuel Dreux [ILINFO]
Jonathan,

ta vue baisse, avec un plein de vacances, ça repartira... :-)

netdom resetpwd /server:serv01.contoso.local
C'est pas bon comme commande.

Le mot de passe doit etre changé sur l'autre DC, pas sur le DC "malade".
Sur le DC malade:
arrêter le service KDC, le mettre en manuel.
sur ce dc "malade", lancer netdom resetpwd /server:Nom_du_partenaire etc...
Rebooter puis remettre le kdc en automatique et démarrer.


--
Cordialement,
Emmanuel Dreux
http://www.ilinfo.fr


"YannX" wrote:

Bonjour Jonathan,


Toujours fidele au poste ;-)
Merci de ton aide précieuse.

_Alors ,pour ce qui est de la synchro horaire , les 2 DC sont bien
synchro (et sur le même fuseau).

_Pas de firewall sur ces deux DC

_Le reinitialisation s'est bien passée, le DC vserv01 semblant etre
celui qui deconne, a partir de celiui-ci, j'ai lancé la commande:
netdom resetpwd /server:serv01.contoso.local
/userd:contosoadministrateur /passwordd:mot_de_passe
qui m'a retourné le message OK.

_L'acces au SYSVOL se fait nickel et dans les 2 sens.

_Une seule carte réseau sur ces deux DC.

_Je ne vois pas ou il est indiqué 192.168.1.2 pour
vserv01.contoso.local
Normalement :
vserv01.contoso.local2.168.1.12
serv01.contoso.local2.168.1.2

Tous deux sur le même LAN et même switch pas d'elements actifs/filtrage
entre les deux.

Dans le DNS tous les enregistrements sont présents dans la zone _msdcs
etc...

C'est vraiment bizarre car la replication se fait bien dans un sens
mais pas dans l'autre !!!


Merci beaucoup de prendre le temps de m'aider car je suis dans la
pannade !!!!



Jonathan BISMUTH [Bis IT] a exposé le 21/07/2009 :
> Salut YannX,
>
> Pas beaucoup de gourous dans le coin, et en plus quelques précisions à nous
> apporter :)
>
> - Tu ne donne que le current time de VServ01, il est à la même heure que
> Serv01?
> - Combien de cartes réseau (sur l'un comme sur l'autre)?
> - La réinitialisation du mot de passe du DC s'est bien passée?
> - Pour "DC: serv01.contoso.local", tu indique une IP à IP address:
> 192.168.1.2, pour "DC: vserv01.contoso.local" tu indique aussi
> - Depuis VServ01, tu accède à Serv01sysvol? Et l'inverse?
>
> --
> Jonathan BISMUTH
> Bis IT
> MVP Windows Server - Directory Services
> http://www.bis-it.fr
> http://blog.portail-mcse.net
>
> "YannX" a écrit dans le message de news:
> %
>> Bonsoir,
>>
>> Je sais que nous sommes en plaine periode de congés mais "pas de repos pour
>> les braves" !!!!
>>
>> Du coup si un grand Gourou de l'AD peut m'aider je lui en serait vraimmment
>> trés trés reconnaissant...
>>
>> Voici que depuis le 5 Juillet (d'aprés mes logs) qu'un de mes 2 DC Windows
>> 2003 ne semble plus accepter la replication avec son partenaire.
>>
>> Dans "Sites et services" si je fais un clique-droit et repliquer maintenant
>> sur la connexion créée automatiquement en dessous de celui-ci je recoie un
>> "Accés refusé" , ans l'autre sens ça fonctionne :-(
>>
>> J'ai essayé de re-initialiser le mot de passe du compte d'ordinateur de ce
>> DC avec la commande netdom mais NIET.
>>
>> Les droits d'accés me semblent bon , j'arrive à copier le contenu complet
>> du dossier SYSVOL de l'un vers l'autre via les partages.
>>
>>
>> J'essaie de vous donner un MAX d'info et encore merci milles fois par
>> avance de votre précieuse aide :
>>
>>
>> Sur ce même DC foireux:
>>
>> _Dans le journal des evenements "Application" toutes les 5 minutes j'ai
>> userenv qui me genere de erreurs ID 1030 & 1097.
>>
>> _Dans le journal des evenements "Service d'annuaire"
>> Active Directory n'a pas pu établir une connexion avec le catalogue global:
>>
>> Type de l'événement : Informations
>> Source de l'événement : NTDS General
>> Catégorie de l'événement : Catalogue global
>> ID de l'événement : 1869
>> Date : 20/07/2009
>> Heure : 23:38:31
>> Utilisateur : AUTORITE NTANONYMOUS LOGON
>> Ordinateur : VSERV01
>> Description :
>> Active Directory a trouvé un catalogue global dans le site suivant.
>>
>> Catalogue global :
>> vserv01.contoso.local
>> Site :
>> Premier-Site-par-defaut
>>
>> PUIS:
>>
>> Type de l'événement : Avertissement
>> Source de l'événement : NTDS General
>> Catégorie de l'événement : Catalogue global
>> ID de l'événement : 1655
>> Date : 20/07/2009
>> Heure : 23:38:31
>> Utilisateur : AUTORITE NTANONYMOUS LOGON
>> Ordinateur : VSERV01
>> Description :
>> Active Directory a tenté de communiquer avec le catalogue global suivant et
>> les tentatives n'ont pas réussi.
>>
>> Catalogue global :
>> vserv01.contoso.local
>>
>> L'opération en cours peut ne plus pouvoir continuer. Active Directory
>> utilisera la recherche de contrôleur de domaine pour tenter de trouver un
>> serveur de catalogue global disponible.
>>
>> Données supplémentaires
>> Valeur de l'erreur :
>> 5 Accès refusé.
>>
>> Pour plus d'informations, consultez le centre Aide et support à l'adresse
>> http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.
>>
>> PUIS:
>>
>> Type de l'événement : Erreur
>> Source de l'événement : NTDS General
>> Catégorie de l'événement : Catalogue global
>> ID de l'événement : 1126
>> Date : 20/07/2009
>> Heure : 23:38:31
>> Utilisateur : AUTORITE NTANONYMOUS LOGON
>> Ordinateur : VSERV01
>> Description :
>> Active Directory n'a pas pu établir une connexion avec le catalogue global.
>>
>> Données supplémentaires
>> Valeur de l'erreur :
>> 8240 Cet objet ne se trouve pas sur le serveur.
>> ID interne :
>> 3200ba0
>>
>> Action utilisateur :
>> Vérifiez qu'un catalogue global est disponible dans la forêt, et qu'il est
>> accessible à partir de ce contrôleur de domaine. Vous pouvez utiliser
>> l'utilitaire nltest pour diagnostiquer ce problème.
>>
>> Pour plus d'informations, consultez le centre Aide et support à l'adresse
>> http://go.microsoft.com/fwlink/events.asp" target="_blank" class="text-blue hover:opacity-90 " style="word-break: break-all;" rel="noopener nofollow">http://go.microsoft.com/fwlink/events.asp.
>>
>>
>>
>> J'ai fait un dcdiag /c /e /v qui me remonte ceci:
>>
>>
>>
>> Domain Controller Diagnosis
>>
>> Performing initial setup:
>> * Verifying that the local machine vserv01, is a DC.
>> * Connecting to directory service on server vserv01.
>> * Collecting site info.
>> * Identifying all servers.
>> * Identifying all NC cross-refs.
>> * Found 2 DC(s). Testing 2 of them.
>> Done gathering initial info.
>>
>> Doing initial required tests
>>
>> Testing server: Premier-Site-par-defautSERV01
>> Starting test: Connectivity
>> * Active Directory LDAP Services Check
>> * Active Directory RPC Services Check
>> ......................... SERV01 passed test Connectivity
>>
>> Testing server: Premier-Site-par-defautVSERV01
>> Starting test: Connectivity
>> * Active Directory LDAP Services Check
>> * Active Directory RPC Services Check
>> ......................... VSERV01 passed test Connectivity
>>
>> Doing primary tests
>>
>> Testing server: Premier-Site-par-defautSERV01
>> Starting test: Replications
>> * Replications Check
>> REPLICATION LATENCY WARNING
>> ERROR: Expected notification link is missing.
>> Source VSERV01
>> Replication of new changes along this path will be delayed.
>> This problem should self-correct on the next periodic sync.
>> REPLICATION LATENCY WARNING
>> ERROR: Expected notification link is missing.
>> Source VSERV01
>> Replication of new changes along this path will be delayed.
>> This problem should self-correct on the next periodic sync.
>> * Replication Latency Check
>> DC=ForestDnsZones,DC=contoso,DC=local
>> Latency information for 1 entries in the vector were ignored.
>> 1 were retired Invocations. 0 were either: read-only
>> replicas and are not verifiably latent, or dc's no longer replicating this
>> nc. 0 had no latency information (Win2K DC).
>> DC=DomainDnsZones,DC=contoso,DC=local
>> Latency information for 1 entries in the vector were ignored.
>> 1 were retired Invocations. 0 were either: read-only
>> replicas and are not verifiably latent, or dc's no longer replicating this
>> nc. 0 had no latency information (Win2K DC).
>> CN=Schema,CN=Configuration,DC=contoso,DC=local
>> Latency information for 2 entries in the vector were ignored.
>> 2 were retired Invocations. 0 were either: read-only
>> replicas and are not verifiably latent, or dc's no longer replicating this
>> nc. 0 had no latency information (Win2K DC).
>> CN=Configuration,DC=contoso,DC=local
>> Latency information for 2 entries in the vector were ignored.
>> 2 were retired Invocations. 0 were either: read-only
>> replicas and are not verifiably latent, or dc's no longer replicating this
>> nc. 0 had no latency information (Win2K DC).
>> DC=contoso,DC=local
>> Latency information for 2 entries in the vector were ignored.
>> 2 were retired Invocations. 0 were either: read-only
>> replicas and are not verifiably latent, or dc's no longer replicating this
>> nc. 0 had no latency information (Win2K DC).
>> * Replication Site Latency Check
>> ......................... SERV01 passed test Replications
>> Starting test: Topology
>> * Configuration Topology Integrity Check
>> * Analyzing the connection topology for
>> DC=ForestDnsZones,DC=contoso,DC=local.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for
>> DC=ForestDnsZones,DC=contoso,DC=local.
>> These servers can't get changes from home server SERV01:
>> Premier-Site-par-defaut/VSERV01
>> * Analyzing the connection topology for
>> DC=DomainDnsZones,DC=contoso,DC=local.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for
>> DC=DomainDnsZones,DC=contoso,DC=local.
>> These servers can't get changes from home server SERV01:
>> Premier-Site-par-defaut/VSERV01
>> * Analyzing the connection topology for
>> CN=Schema,CN=Configuration,DC=contoso,DC=local.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for
>> CN=Schema,CN=Configuration,DC=contoso,DC=local.
>> These servers can't get changes from home server SERV01:
>> Premier-Site-par-defaut/VSERV01
>> * Analyzing the connection topology for
>> CN=Configuration,DC=contoso,DC=local.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for
>> CN=Configuration,DC=contoso,DC=local.
>> These servers can't get changes from home server SERV01:
>> Premier-Site-par-defaut/VSERV01
>> * Analyzing the connection topology for DC=contoso,DC=local.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for DC=contoso,DC=local.
>> These servers can't get changes from home server SERV01:
>> Premier-Site-par-defaut/VSERV01
>> ......................... SERV01 failed test Topology
>> Starting test: CutoffServers
>> * Configuration Topology Aliveness Check
>> * Analyzing the alive system replication topology for
>> DC=ForestDnsZones,DC=contoso,DC=local.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for
>> DC=ForestDnsZones,DC=contoso,DC=local.
>> These servers can't get changes from home server SERV01:
>> Premier-Site-par-defaut/VSERV01
>> * Analyzing the alive system replication topology for
>> DC=DomainDnsZones,DC=contoso,DC=local.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for


1 2 3