API tools faq
paste
Advertisement
Guest User

AD DS Errors

a guest
Aug 27th, 2015
259
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.82 KB | None | 0 0
raw download clone embed print report
  1. Title:
  2. All domains should have at least two functioning domain controllers for redundancy
  3.  
  4. Severity:
  5. Warning
  6.  
  7. Date:
  8. 8/27/2015 1:41:31 PM
  9.  
  10. Category:
  11. Operation
  12.  
  13. Issue:
  14. The domain techlab.net has only one functioning domain controller.
  15.  
  16. Impact:
  17. In the event of a failure on the domain's only domain controller, users will not be able to log in to the domain or access domain resources.
  18.  
  19. Resolution:
  20. Add one or more additional domain controllers to the domain to handle authentication and authorization requests in case there is a failure on the domain's single available domain controller.
  21.  
  22. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126945
  23.  
  24. ---
  25.  
  26. Title:
  27. The directory partition CN=Configuration,DC=techlab,DC=net on the domain controller Oliver.techlab.net should have been backed up within the last 8 days
  28.  
  29. Severity:
  30. Warning
  31.  
  32. Date:
  33. 8/27/2015 1:41:31 PM
  34.  
  35. Category:
  36. Configuration
  37.  
  38. Issue:
  39. The directory partition CN=Configuration,DC=techlab,DC=net on the domain controller Oliver.techlab.net has not been backed up within the last 8 days.
  40.  
  41. Impact:
  42. Restoring Active Directory Domain Services (AD DS) from infrequent backups can result in the loss of Active Directory data that was added, accidentally deleted, or modified since the last backup.
  43.  
  44. Resolution:
  45. To ensure that recent system state backups are available to recover Active Directory data that was recently added, deleted, or modified, perform daily backups of all directory partitions in your forest or keep the time between Active Directory backups to a maximum of 8 days.
  46.  
  47. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=142203
  48.  
  49. ---
  50.  
  51. Title:
  52. The directory partition CN=Schema,CN=Configuration,DC=techlab,DC=net on the domain controller Oliver.techlab.net should have been backed up within the last 8 days
  53.  
  54. Severity:
  55. Warning
  56.  
  57. Date:
  58. 8/27/2015 1:41:31 PM
  59.  
  60. Category:
  61. Configuration
  62.  
  63. Issue:
  64. The directory partition CN=Schema,CN=Configuration,DC=techlab,DC=net on the domain controller Oliver.techlab.net has not been backed up within the last 8 days.
  65.  
  66. Impact:
  67. Restoring Active Directory Domain Services (AD DS) from infrequent backups can result in the loss of Active Directory data that was added, accidentally deleted, or modified since the last backup.
  68.  
  69. Resolution:
  70. To ensure that recent system state backups are available to recover Active Directory data that was recently added, deleted, or modified, perform daily backups of all directory partitions in your forest or keep the time between Active Directory backups to a maximum of 8 days.
  71.  
  72. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=142203
  73.  
  74. ---
  75.  
  76. Title:
  77. The directory partition DC=DomainDnsZones,DC=techlab,DC=net on the domain controller Oliver.techlab.net should have been backed up within the last 8 days
  78.  
  79. Severity:
  80. Warning
  81.  
  82. Date:
  83. 8/27/2015 1:41:31 PM
  84.  
  85. Category:
  86. Configuration
  87.  
  88. Issue:
  89. The directory partition DC=DomainDnsZones,DC=techlab,DC=net on the domain controller Oliver.techlab.net has not been backed up within the last 8 days.
  90.  
  91. Impact:
  92. Restoring Active Directory Domain Services (AD DS) from infrequent backups can result in the loss of Active Directory data that was added, accidentally deleted, or modified since the last backup.
  93.  
  94. Resolution:
  95. To ensure that recent system state backups are available to recover Active Directory data that was recently added, deleted, or modified, perform daily backups of all directory partitions in your forest or keep the time between Active Directory backups to a maximum of 8 days.
  96.  
  97. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=142203
  98.  
  99. ---
  100.  
  101. Title:
  102. The directory partition DC=ForestDnsZones,DC=techlab,DC=net on the domain controller Oliver.techlab.net should have been backed up within the last 8 days
  103.  
  104. Severity:
  105. Warning
  106.  
  107. Date:
  108. 8/27/2015 1:41:31 PM
  109.  
  110. Category:
  111. Configuration
  112.  
  113. Issue:
  114. The directory partition DC=ForestDnsZones,DC=techlab,DC=net on the domain controller Oliver.techlab.net has not been backed up within the last 8 days.
  115.  
  116. Impact:
  117. Restoring Active Directory Domain Services (AD DS) from infrequent backups can result in the loss of Active Directory data that was added, accidentally deleted, or modified since the last backup.
  118.  
  119. Resolution:
  120. To ensure that recent system state backups are available to recover Active Directory data that was recently added, deleted, or modified, perform daily backups of all directory partitions in your forest or keep the time between Active Directory backups to a maximum of 8 days.
  121.  
  122. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=142203
  123.  
  124. ---
  125.  
  126. Title:
  127. The directory partition DC=techlab,DC=net on the domain controller Oliver.techlab.net should have been backed up within the last 8 days
  128.  
  129. Severity:
  130. Warning
  131.  
  132. Date:
  133. 8/27/2015 1:41:31 PM
  134.  
  135. Category:
  136. Configuration
  137.  
  138. Issue:
  139. The directory partition DC=techlab,DC=net on the domain controller Oliver.techlab.net has not been backed up within the last 8 days.
  140.  
  141. Impact:
  142. Restoring Active Directory Domain Services (AD DS) from infrequent backups can result in the loss of Active Directory data that was added, accidentally deleted, or modified since the last backup.
  143.  
  144. Resolution:
  145. To ensure that recent system state backups are available to recover Active Directory data that was recently added, deleted, or modified, perform daily backups of all directory partitions in your forest or keep the time between Active Directory backups to a maximum of 8 days.
  146.  
  147. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=142203
  148.  
  149. ---
  150.  
  151. Title:
  152. The PDC emulator master Oliver.techlab.net in this forest should be configured to correctly synchronize time from a valid time source
  153.  
  154. Severity:
  155. Error
  156.  
  157. Date:
  158. 8/27/2015 1:41:31 PM
  159.  
  160. Category:
  161. Configuration
  162.  
  163. Issue:
  164. The primary domain controller (PDC) emulator operations master in this forest is not configured to correctly synchronize time from a valid time source.
  165.  
  166. Impact:
  167. If the PDC emulator master in this forest is not configured to correctly synchronize time from a valid time source, it might use its internal clock for time synchronization. If the PDC emulator master in this forest fails or otherwise becomes unavailable (and if you have not configured a reliable time server (GTIMESERV) in the forest root domain), other member computers and domain controllers in the forest will not be able to synchronize their time.
  168.  
  169. Resolution:
  170. Set the PDC emulator master in this forest to synchronize time with a reliable external time source. If you have not configured a reliable time server (GTIMESERV) in the forest root domain, set the PDC emulator master in this forest to synchronize time with a hardware clock that is installed on the network (the recommended approach). You can also set the PDC emulator master in this forest to synchronize time with an external time server by running the w32tm /config /computer:Oliver.techlab.net /manualpeerlist:time.windows.com /syncfromflags:manual /update command. If you have configured a reliable time server (GTIMESERV) in the forest root domain, set the PDC emulator master in this forest to synchronize time from the forest root domain hierarchy by running w32tm /config /computer:Oliver.techlab.net /syncfromflags:domhier /update.
  171.  
  172. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=142195
  173.  
  174. ---
  175.  
  176. Title:
  177. This domain controller must advertise as a global catalog server for the forest in its local site
  178.  
  179. Severity:
  180. Error
  181.  
  182. Date:
  183. 8/27/2015 1:41:31 PM
  184.  
  185. Category:
  186. Configuration
  187.  
  188. Issue:
  189. The "GcAtSite" DNS service (SRV) resource record that advertises this domain controller as an available global catalog server for the domain in its local site is not registered. All writeable and read-only global catalogs in the forest must register this record.
  190.  
  191. Impact:
  192. Other member computers and domain controllers in the domain or forest will not be able locate this domain controller in the local site as a global catalog server. This domain controller will not be able to provide a full suite of services.
  193.  
  194. Resolution:
  195. Ensure that "GcAtSite" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) record "_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  196.  
  197. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126953
  198.  
  199. ---
  200.  
  201. Title:
  202. This domain controller must advertise as a KDC for the domain
  203.  
  204. Severity:
  205. Error
  206.  
  207. Date:
  208. 8/27/2015 1:41:31 PM
  209.  
  210. Category:
  211. Configuration
  212.  
  213. Issue:
  214. The "Kdc" Domain Name System (DNS) service (SRV) resource record that advertises this domain controller as an available Key Distribution Center (KDC) server for the domain is not registered. All KDC servers in the domain must register this record.
  215.  
  216. Impact:
  217. Other member computers and domain controllers in the domain or forest will be not be able to locate this domain controller as a KDC server. This domain controller will not be able to provide a full suite of services.
  218.  
  219. Resolution:
  220. Ensure that "Kdc" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_kerberos._tcp.dc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  221.  
  222. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126954
  223.  
  224. ---
  225.  
  226. Title:
  227. This domain controller must advertise as a KDC for the domain in its local site
  228.  
  229. Severity:
  230. Error
  231.  
  232. Date:
  233. 8/27/2015 1:41:31 PM
  234.  
  235. Category:
  236. Configuration
  237.  
  238. Issue:
  239. The "KdcAtSite" Domain Name System (DNS) service (SRV) resource record that advertises this domain controller as an available Key Distribution Center (KDC) server for the domain is not registered. All KDC servers in the domain must register this record.
  240.  
  241. Impact:
  242. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller in the local site as a KDC server. This domain controller will not be able to provide a full suite of services.
  243.  
  244. Resolution:
  245. Ensure that "KdcAtSite" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS record "_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  246.  
  247. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126955
  248.  
  249. ---
  250.  
  251. Title:
  252. This domain controller must advertise as a PDC for the domain
  253.  
  254. Severity:
  255. Error
  256.  
  257. Date:
  258. 8/27/2015 1:41:31 PM
  259.  
  260. Category:
  261. Configuration
  262.  
  263. Issue:
  264. The "Pdc" Domain Name System (DNS) service (SRV) resource record that advertises this domain controller as an available primary domain controller (PDC) for the domain is not registered. All PDCs in the forest must register this resource record.
  265.  
  266. Impact:
  267. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a PDC. This domain controller will not be able to provide a full suite of services.
  268.  
  269. Resolution:
  270. Ensure that "Pdc" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) record "_ldap._tcp.pdc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  271.  
  272. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126956
  273.  
  274. ---
  275.  
  276. Title:
  277. This domain controller must advertise as an LDAP server for the domain
  278.  
  279. Severity:
  280. Error
  281.  
  282. Date:
  283. 8/27/2015 1:41:31 PM
  284.  
  285. Category:
  286. Configuration
  287.  
  288. Issue:
  289. The "Ldap" DNS service (SRV) resource record that advertises this domain controller as an available LDAP server for the domain is not registered. All writeable domain controllers (but not read-only domain controllers (RODCs)) must register this record.
  290.  
  291. Impact:
  292. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a writeable Lightweight Directory Access Protocol (LDAP) server. This domain controller will not be able to provide a full suite of services.
  293.  
  294. Resolution:
  295. Ensure that "Ldap" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  296.  
  297. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126957
  298.  
  299. ---
  300.  
  301. Title:
  302. This domain controller must advertise as an LDAP server for the domain in its local site
  303.  
  304. Severity:
  305. Error
  306.  
  307. Date:
  308. 8/27/2015 1:41:31 PM
  309.  
  310. Category:
  311. Configuration
  312.  
  313. Issue:
  314. The "LdapAtSite" DNS service (SRV) resource record that advertises this domain controller as an available LDAP server for the domain in its local site is not registered. All writeable domain controllers and read-only domain controllers (RODCs) must register this record.
  315.  
  316. Impact:
  317. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller in the local site as an LDAP server. This domain controller will not be able to provide a full suite of services.
  318.  
  319. Resolution:
  320. Ensure that "LdapAtSite" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.Default-First-Site-Name._sites.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  321.  
  322. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126958
  323.  
  324. ---
  325.  
  326. Title:
  327. This domain controller must advertise as the global catalog server for the forest
  328.  
  329. Severity:
  330. Error
  331.  
  332. Date:
  333. 8/27/2015 1:41:31 PM
  334.  
  335. Category:
  336. Configuration
  337.  
  338. Issue:
  339. The "Gc" DNS service (SRV) resource record that advertises this domain controller as an available global catalog server for the domain is not registered. All writeable global catalogs (not including read-only global catalogs) in the forest must register this record.
  340.  
  341. Impact:
  342. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a global catalog server. This domain controller will not be able to provide a full suite of services.
  343.  
  344. Resolution:
  345. Ensure that "Gc" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.gc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  346.  
  347. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126959
  348.  
  349. ---
  350.  
  351. Title:
  352. This domain controller must advertise itself as a generic global catalog server for the forest
  353.  
  354. Severity:
  355. Error
  356.  
  357. Date:
  358. 8/27/2015 1:41:31 PM
  359.  
  360. Category:
  361. Configuration
  362.  
  363. Issue:
  364. The "GenericGc" DNS service (SRV) resource record that advertises this domain controller as an available generic global catalog server for the forest is not registered. All global catalogs (but not read-only global catalogs) in the forest must register this record.
  365.  
  366. Impact:
  367. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a generic global catalog server. This domain controller will not be able to provide a full suite of services.
  368.  
  369. Resolution:
  370. Ensure that "GenericGc" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS record "_gc._tcp.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  371.  
  372. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126960
  373.  
  374. ---
  375.  
  376. Title:
  377. This domain controller must advertise itself as a generic global catalog server for the forest in its local site
  378.  
  379. Severity:
  380. Error
  381.  
  382. Date:
  383. 8/27/2015 1:41:31 PM
  384.  
  385. Category:
  386. Configuration
  387.  
  388. Issue:
  389. The "GenericGcAtSite" DNS service (SRV) resource record that advertises this domain controller as an available generic global catalog server for the forest in its local site is not registered. All global catalogs and read-only global catalogs in the forest must register this record.
  390.  
  391. Impact:
  392. Other member computers and domain controllers in the domain or forest will be not be able to locate this domain controller as a generic global catalog server in the local site. This domain controller will not be able to provide a full suite of services.
  393.  
  394. Resolution:
  395. Ensure that "GenericGcAtSite" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_gc._tcp.Default-First-Site-Name._sites.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  396.  
  397. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126961
  398.  
  399. ---
  400.  
  401. Title:
  402. This domain controller must advertise itself as a Kerberos server for the domain in its local site
  403.  
  404. Severity:
  405. Error
  406.  
  407. Date:
  408. 8/27/2015 1:41:31 PM
  409.  
  410. Category:
  411. Configuration
  412.  
  413. Issue:
  414. The "Rfc1510KdcAtSite" Domain Name System (DNS) service (SRV) resource record that advertises this domain controller as an available Kerberos server for the domain in its local site is not registered. All Kerberos servers in the domain must register this record.
  415.  
  416. Impact:
  417. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a Kerberos server in the local site. This domain controller will not be able to provide a full suite of services.
  418.  
  419. Resolution:
  420. Ensure that "Rfc1510KdcAtSite" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS record "_kerberos._tcp.Default-First-Site-Name._sites.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  421.  
  422. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126963
  423.  
  424. ---
  425.  
  426. Title:
  427. This domain controller must register a DNS SRV resource record, which is required for replication to function correctly
  428.  
  429. Severity:
  430. Error
  431.  
  432. Date:
  433. 8/27/2015 1:41:31 PM
  434.  
  435. Category:
  436. Configuration
  437.  
  438. Issue:
  439. The "DcByGuid" DNS service (SRV) resource record that advertises this server as an available domain controller in the domain and ensures correct replication is not registered. All domain controllers (but not RODCs) in the domain must register this record.
  440.  
  441. Impact:
  442. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller. This domain controller will not be able to provide a full suite of services.
  443.  
  444. Resolution:
  445. Ensure that "DcByGuid" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.96108ba3-a12d-4968-86b6-c0329b926a86.domains._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  446.  
  447. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126968
  448.  
  449. ---
  450.  
  451. Title:
  452. This domain controller must register an alias (CNAME) resource record with its DsaGuid for the forest
  453.  
  454. Severity:
  455. Error
  456.  
  457. Date:
  458. 8/27/2015 1:41:31 PM
  459.  
  460. Category:
  461. Configuration
  462.  
  463. Issue:
  464. The "DsaCname" Domain Name System (DNS) alias (CNAME) resource record that ensures correct replication functionality is not registered on this domain controller. All writeable domain controllers must register this record.
  465.  
  466. Impact:
  467. Replication is not functioning correctly on this domain controller. If other domain controllers in the domain or forest are not able to resolve the CNAME record of this domain controller, the changes that are made on this domain controller will not be replicated to any other domain controllers in the domain or forest.
  468.  
  469. Resolution:
  470. Ensure that "DsaCname" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS CNAME resource record "10f0d9db-d6e9-4516-84f0-52de9c55fe4c._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  471.  
  472. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkID=126969
  473.  
  474. ---
  475.  
  476. Title:
  477. This domain controller must register its DNS host (A or AAAA) resource records for the domain
  478.  
  479. Severity:
  480. Error
  481.  
  482. Date:
  483. 8/27/2015 1:41:31 PM
  484.  
  485. Category:
  486. Configuration
  487.  
  488. Issue:
  489. The "LdapIpAddress" DNS (A/AAAA) resource records that advertise this domain controller as an available LDAP server in the domain and point to its IPv4 or IPv6 addresses are not registered. All writeable domain controllers in the domain (but not read-only domain controllers (RODCs)) must register these records.
  490.  
  491. Impact:
  492. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a writeable Lightweight Directory Access Protocol (LDAP) server. This domain controller will not be able to provide a full suite of services.
  493.  
  494. Resolution:
  495. Ensure that "LdapIpAddress" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the host (A/AAAA) resource records "techlab.net", pointing to the local computer's IP addresses, are registered in DNS.
  496.  
  497. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126970
  498.  
  499. ---
  500.  
  501. Title:
  502. This domain controller must register its DNS host A/AAAA records
  503.  
  504. Severity:
  505. Error
  506.  
  507. Date:
  508. 8/27/2015 1:41:31 PM
  509.  
  510. Category:
  511. Configuration
  512.  
  513. Issue:
  514. The Domain Name System (DNS) host (A/AAAA) resource records that map from the fully qualified DNS domain name to the IPv4 or IPv6 addresses are not registered on this domain controller. All domain controllers must register these records.
  515.  
  516. Impact:
  517. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller. This domain controller will not be able to provide a full suite of services.
  518.  
  519. Resolution:
  520. Ensure that the DNS Client service on the server is configured to register the appropriate host (A/AAAA) resource records with an authoritative DNS server for the domain.
  521.  
  522. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126971
  523.  
  524. ---
  525.  
  526. Title:
  527. This domain controller must register its Rfc1510Kdc DNS record to advertise itself as Kerberos Server for the domain
  528.  
  529. Severity:
  530. Error
  531.  
  532. Date:
  533. 8/27/2015 1:41:31 PM
  534.  
  535. Category:
  536. Configuration
  537.  
  538. Issue:
  539. The "Rfc1510Kdc" Domain Name System (DNS) service (SRV) resource record that advertises this domain controller as an available Kerberos server for the domain is not registered. All Kerberos servers in the domain must register this record.
  540.  
  541. Impact:
  542. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a Kerberos server. This domain controller will not be able to provide a full suite of services.
  543.  
  544. Resolution:
  545. Ensure that "Rfc1510Kdc" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS record "_kerberos._tcp.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  546.  
  547. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126962
  548.  
  549. ---
  550.  
  551. Title:
  552. This domain controller must register its Rfc1510Kpwd DNS record to advertise itself as Kerberos Server for the domain
  553.  
  554. Severity:
  555. Error
  556.  
  557. Date:
  558. 8/27/2015 1:41:31 PM
  559.  
  560. Category:
  561. Configuration
  562.  
  563. Issue:
  564. The "Rfc1510Kpwd" Domain Name System (DNS) service (SRV) resource record that advertises this domain controller as an available Kerberos server for the domain is not registered. All Kerberos servers in the domain must register this record.
  565.  
  566. Impact:
  567. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a Kerberos server. This domain controller will not be able to provide a full suite of services.
  568.  
  569. Resolution:
  570. Ensure that "Rfc1510Kpwd" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_kpasswd._tcp.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  571.  
  572. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126966
  573.  
  574. ---
  575.  
  576. Title:
  577. This domain controller must register its Rfc1510UdpKdc DNS record to advertise itself as Kerberos Server for the domain
  578.  
  579. Severity:
  580. Error
  581.  
  582. Date:
  583. 8/27/2015 1:41:31 PM
  584.  
  585. Category:
  586. Configuration
  587.  
  588. Issue:
  589. The "Rfc1510UdpKdc" Domain Name System (DNS) service (SRV) resource record that advertises this domain controller as an available Kerberos server for the domain is not registered. All Kerberos servers in the domain must register this resource record.
  590.  
  591. Impact:
  592. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a Kerberos server. This domain controller will not be able to provide a full suite of services.
  593.  
  594. Resolution:
  595. Ensure that "Rfc1510UdpKdc" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_kerberos._udp.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  596.  
  597. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126965
  598.  
  599. ---
  600.  
  601. Title:
  602. This domain controller must register its Rfc1510UdpKpwd DNS record to advertise itself as Kerberos Server for the domain
  603.  
  604. Severity:
  605. Error
  606.  
  607. Date:
  608. 8/27/2015 1:41:31 PM
  609.  
  610. Category:
  611. Configuration
  612.  
  613. Issue:
  614. The "Rfc1510UdpKpwd" Domain Name System (DNS) service (SRV) resource record that advertises this domain controller as an available Kerberos server for the domain is not registered. All Kerberos servers in the domain must register this record.
  615.  
  616. Impact:
  617. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a Kerberos server. This domain controller will not be able to provide a full suite of services.
  618.  
  619. Resolution:
  620. Ensure that "Rfc1510UdpKpwd" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_kpasswd._udp.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  621.  
  622. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126967
  623.  
  624. ---
  625.  
  626. Title:
  627. This global catalog server must register its host (A/AAAA) resource records for the forest
  628.  
  629. Severity:
  630. Error
  631.  
  632. Date:
  633. 8/27/2015 1:41:31 PM
  634.  
  635. Category:
  636. Configuration
  637.  
  638. Issue:
  639. The "GcIpAddress" DNS host (A/AAAA) resource records that advertise this domain controller as a global catalog server for the forest and point to its IPv4 or IPv6 addresses are not registered. All global catalogs (but not read-only global catalogs) in the forest must register these records.
  640.  
  641. Impact:
  642. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller as a global catalog server. This domain controller will not be able to provide a full suite of services.
  643.  
  644. Resolution:
  645. Ensure that "GcIpAddress" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "gc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  646.  
  647. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126972
  648.  
  649. ---
  650.  
  651. Title:
  652. This server must advertise itself as a domain controller for the domain
  653.  
  654. Severity:
  655. Error
  656.  
  657. Date:
  658. 8/27/2015 1:41:31 PM
  659.  
  660. Category:
  661. Configuration
  662.  
  663. Issue:
  664. The "Dc" DNS service (SRV) resource record that advertises this server as an available domain controller for the domain is not registered. All writeable domain controllers (but not read-only domain controllers (RODCs)) in the domain must register this resource record.
  665.  
  666. Impact:
  667. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller. This domain controller will not be able to provide a full suite of services.
  668.  
  669. Resolution:
  670. Ensure that "Dc" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS record "_ldap._tcp.dc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  671.  
  672. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126973
  673.  
  674. ---
  675.  
  676. Title:
  677. This server must advertise itself as a domain controller for the domain in its local site
  678.  
  679. Severity:
  680. Error
  681.  
  682. Date:
  683. 8/27/2015 1:41:31 PM
  684.  
  685. Category:
  686. Configuration
  687.  
  688. Issue:
  689. The "DcAtSite" DNS service (SRV) resource record that advertises this server as an available domain controller for the domain in its local site is not registered. All writeable and read-only domain controllers (RODCs) in the domain must register this record.
  690.  
  691. Impact:
  692. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller in the local site. This domain controller will not be able to provide a full suite of services.
  693.  
  694. Resolution:
  695. Ensure that "DcAtSite" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  696.  
  697. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126974
  698.  
  699. ---
  700.  
  701. Title:
  702. This server must advertise itself as a domain controller for the domain in its local site
  703.  
  704. Severity:
  705. Error
  706.  
  707. Date:
  708. 8/27/2015 1:41:31 PM
  709.  
  710. Category:
  711. Configuration
  712.  
  713. Issue:
  714. The "DcAtSite" DNS service (SRV) resource record that advertises this server as an available domain controller for the domain in its local site is not registered. All writeable and read-only domain controllers (RODCs) in the domain must register this record.
  715.  
  716. Impact:
  717. Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller in the local site. This domain controller will not be able to provide a full suite of services.
  718.  
  719. Resolution:
  720. Ensure that "DcAtSite" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.techlab.net", pointing to the local domain controller "Oliver.techlab.net", is registered in DNS.
  721.  
  722. More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126974
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!