API tools faq
paste
Advertisement
Isuress

dcdiag DNS results

Isuress
May 25th, 2016
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.35 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Directory Server Diagnosis
  3.  
  4.  
  5. Performing initial setup:
  6.  
  7. Trying to find home server...
  8.  
  9. Home Server = MYCOMPANY-VM-DOMAIN
  10.  
  11. * Identified AD Forest.
  12. Done gathering initial info.
  13.  
  14.  
  15. Doing initial required tests
  16.  
  17.  
  18. Testing server: MYCOMPANY\MYCOMPANY-VM-DOMAIN
  19.  
  20. Starting test: Connectivity
  21.  
  22. ......................... MYCOMPANY-VM-DOMAIN passed test Connectivity
  23.  
  24.  
  25.  
  26. Doing primary tests
  27.  
  28.  
  29. Testing server: MYCOMPANY\MYCOMPANY-VM-DOMAIN
  30.  
  31. Starting test: Advertising
  32.  
  33. ......................... MYCOMPANY-VM-DOMAIN passed test Advertising
  34.  
  35. Starting test: FrsEvent
  36.  
  37. ......................... MYCOMPANY-VM-DOMAIN passed test FrsEvent
  38.  
  39. Starting test: DFSREvent
  40.  
  41. ......................... MYCOMPANY-VM-DOMAIN passed test DFSREvent
  42.  
  43. Starting test: SysVolCheck
  44.  
  45. ......................... MYCOMPANY-VM-DOMAIN passed test SysVolCheck
  46.  
  47. Starting test: KccEvent
  48.  
  49. A warning event occurred. EventID: 0x80000B46
  50.  
  51. Time Generated: 05/25/2016 12:07:04
  52.  
  53. Event String:
  54.  
  55. The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
  56.  
  57.  
  58. ......................... MYCOMPANY-VM-DOMAIN passed test KccEvent
  59.  
  60. Starting test: KnowsOfRoleHolders
  61.  
  62. ......................... MYCOMPANY-VM-DOMAIN passed test KnowsOfRoleHolders
  63.  
  64. Starting test: MachineAccount
  65.  
  66. ......................... MYCOMPANY-VM-DOMAIN passed test MachineAccount
  67.  
  68. Starting test: NCSecDesc
  69.  
  70. ......................... MYCOMPANY-VM-DOMAIN passed test NCSecDesc
  71.  
  72. Starting test: NetLogons
  73.  
  74. ......................... MYCOMPANY-VM-DOMAIN passed test NetLogons
  75.  
  76. Starting test: ObjectsReplicated
  77.  
  78. ......................... MYCOMPANY-VM-DOMAIN passed test ObjectsReplicated
  79.  
  80. Starting test: Replications
  81.  
  82. ......................... MYCOMPANY-VM-DOMAIN passed test Replications
  83.  
  84. Starting test: RidManager
  85.  
  86. ......................... MYCOMPANY-VM-DOMAIN passed test RidManager
  87.  
  88. Starting test: Services
  89.  
  90. ......................... MYCOMPANY-VM-DOMAIN passed test Services
  91.  
  92. Starting test: SystemLog
  93.  
  94. A warning event occurred. EventID: 0x8000001D
  95.  
  96. Time Generated: 05/25/2016 12:06:55
  97.  
  98. Event String:
  99.  
  100. The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
  101.  
  102. An error event occurred. EventID: 0xC00038D6
  103.  
  104. Time Generated: 05/25/2016 12:07:23
  105.  
  106. Event String:
  107.  
  108. The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
  109.  
  110. A warning event occurred. EventID: 0x000003F6
  111.  
  112. Time Generated: 05/25/2016 12:07:23
  113.  
  114. Event String:
  115.  
  116. Name resolution for the name _ldap._tcp.MYCOMPANY._sites.dc._msdcs.ad.MYCOMPANY.com timed out after none of the configured DNS servers responded.
  117.  
  118. A warning event occurred. EventID: 0x0000000C
  119.  
  120. Time Generated: 05/25/2016 12:07:23
  121.  
  122. Event String:
  123.  
  124. Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  125.  
  126. A warning event occurred. EventID: 0x000727AA
  127.  
  128. Time Generated: 05/25/2016 12:09:40
  129.  
  130. Event String:
  131.  
  132. The WinRM service failed to create the following SPNs: WSMAN/MYCOMPANY-VM-DOMAIN.ad.MYCOMPANY.com; WSMAN/MYCOMPANY-VM-DOMAIN.
  133.  
  134.  
  135. ......................... MYCOMPANY-VM-DOMAIN failed test SystemLog
  136.  
  137. Starting test: VerifyReferences
  138.  
  139. ......................... MYCOMPANY-VM-DOMAIN passed test VerifyReferences
  140.  
  141.  
  142.  
  143. Running partition tests on : ForestDnsZones
  144.  
  145. Starting test: CheckSDRefDom
  146.  
  147. ......................... ForestDnsZones passed test CheckSDRefDom
  148.  
  149. Starting test: CrossRefValidation
  150.  
  151. ......................... ForestDnsZones passed test
  152.  
  153. CrossRefValidation
  154.  
  155.  
  156. Running partition tests on : DomainDnsZones
  157.  
  158. Starting test: CheckSDRefDom
  159.  
  160. ......................... DomainDnsZones passed test CheckSDRefDom
  161.  
  162. Starting test: CrossRefValidation
  163.  
  164. ......................... DomainDnsZones passed test
  165.  
  166. CrossRefValidation
  167.  
  168.  
  169. Running partition tests on : Schema
  170.  
  171. Starting test: CheckSDRefDom
  172.  
  173. ......................... Schema passed test CheckSDRefDom
  174.  
  175. Starting test: CrossRefValidation
  176.  
  177. ......................... Schema passed test CrossRefValidation
  178.  
  179.  
  180. Running partition tests on : Configuration
  181.  
  182. Starting test: CheckSDRefDom
  183.  
  184. ......................... Configuration passed test CheckSDRefDom
  185.  
  186. Starting test: CrossRefValidation
  187.  
  188. ......................... Configuration passed test CrossRefValidation
  189.  
  190.  
  191. Running partition tests on : ad
  192.  
  193. Starting test: CheckSDRefDom
  194.  
  195. ......................... ad passed test CheckSDRefDom
  196.  
  197. Starting test: CrossRefValidation
  198.  
  199. ......................... ad passed test CrossRefValidation
  200.  
  201.  
  202. Running enterprise tests on : ad.MYCOMPANY.com
  203.  
  204. Starting test: LocatorCheck
  205.  
  206. ......................... ad.MYCOMPANY.com passed test LocatorCheck
  207.  
  208. Starting test: Intersite
  209.  
  210. ......................... ad.MYCOMPANY.com passed test Intersite
  211.  
  212.  
  213. Directory Server Diagnosis
  214.  
  215.  
  216. Performing initial setup:
  217.  
  218. Trying to find home server...
  219.  
  220. Home Server = MYCOMPANY-VM-DOMAIN
  221.  
  222. * Identified AD Forest.
  223. Done gathering initial info.
  224.  
  225.  
  226. Doing initial required tests
  227.  
  228.  
  229. Testing server: MYCOMPANY\MYCOMPANY-VM-DOMAIN
  230.  
  231. Starting test: Connectivity
  232.  
  233. ......................... MYCOMPANY-VM-DOMAIN passed test Connectivity
  234.  
  235.  
  236.  
  237. Doing primary tests
  238.  
  239.  
  240. Testing server: MYCOMPANY\MYCOMPANY-VM-DOMAIN
  241.  
  242. Starting test: Advertising
  243.  
  244. ......................... MYCOMPANY-VM-DOMAIN passed test Advertising
  245.  
  246. Starting test: FrsEvent
  247.  
  248. ......................... MYCOMPANY-VM-DOMAIN passed test FrsEvent
  249.  
  250. Starting test: DFSREvent
  251.  
  252. ......................... MYCOMPANY-VM-DOMAIN passed test DFSREvent
  253.  
  254. Starting test: SysVolCheck
  255.  
  256. ......................... MYCOMPANY-VM-DOMAIN passed test SysVolCheck
  257.  
  258. Starting test: KccEvent
  259.  
  260. A warning event occurred. EventID: 0x80000B46
  261.  
  262. Time Generated: 05/25/2016 12:07:04
  263.  
  264. Event String:
  265.  
  266. The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
  267.  
  268.  
  269. ......................... MYCOMPANY-VM-DOMAIN passed test KccEvent
  270.  
  271. Starting test: KnowsOfRoleHolders
  272.  
  273. ......................... MYCOMPANY-VM-DOMAIN passed test KnowsOfRoleHolders
  274.  
  275. Starting test: MachineAccount
  276.  
  277. ......................... MYCOMPANY-VM-DOMAIN passed test MachineAccount
  278.  
  279. Starting test: NCSecDesc
  280.  
  281. ......................... MYCOMPANY-VM-DOMAIN passed test NCSecDesc
  282.  
  283. Starting test: NetLogons
  284.  
  285. ......................... MYCOMPANY-VM-DOMAIN passed test NetLogons
  286.  
  287. Starting test: ObjectsReplicated
  288.  
  289. ......................... MYCOMPANY-VM-DOMAIN passed test ObjectsReplicated
  290.  
  291. Starting test: Replications
  292.  
  293. ......................... MYCOMPANY-VM-DOMAIN passed test Replications
  294.  
  295. Starting test: RidManager
  296.  
  297. ......................... MYCOMPANY-VM-DOMAIN passed test RidManager
  298.  
  299. Starting test: Services
  300.  
  301. ......................... MYCOMPANY-VM-DOMAIN passed test Services
  302.  
  303. Starting test: SystemLog
  304.  
  305. A warning event occurred. EventID: 0x8000001D
  306.  
  307. Time Generated: 05/25/2016 12:06:55
  308.  
  309. Event String:
  310.  
  311. The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
  312.  
  313. An error event occurred. EventID: 0xC00038D6
  314.  
  315. Time Generated: 05/25/2016 12:07:23
  316.  
  317. Event String:
  318.  
  319. The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
  320.  
  321. A warning event occurred. EventID: 0x000003F6
  322.  
  323. Time Generated: 05/25/2016 12:07:23
  324.  
  325. Event String:
  326.  
  327. Name resolution for the name _ldap._tcp.MYCOMPANY._sites.dc._msdcs.ad.MYCOMPANY.com timed out after none of the configured DNS servers responded.
  328.  
  329. A warning event occurred. EventID: 0x0000000C
  330.  
  331. Time Generated: 05/25/2016 12:07:23
  332.  
  333. Event String:
  334.  
  335. Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  336.  
  337. A warning event occurred. EventID: 0x000727AA
  338.  
  339. Time Generated: 05/25/2016 12:09:40
  340.  
  341. Event String:
  342.  
  343. The WinRM service failed to create the following SPNs: WSMAN/MYCOMPANY-VM-DOMAIN.ad.MYCOMPANY.com; WSMAN/MYCOMPANY-VM-DOMAIN.
  344.  
  345.  
  346. ......................... MYCOMPANY-VM-DOMAIN failed test SystemLog
  347.  
  348. Starting test: VerifyReferences
  349.  
  350. ......................... MYCOMPANY-VM-DOMAIN passed test VerifyReferences
  351.  
  352.  
  353.  
  354. Running partition tests on : ForestDnsZones
  355.  
  356. Starting test: CheckSDRefDom
  357.  
  358. ......................... ForestDnsZones passed test CheckSDRefDom
  359.  
  360. Starting test: CrossRefValidation
  361.  
  362. ......................... ForestDnsZones passed test
  363.  
  364. CrossRefValidation
  365.  
  366.  
  367. Running partition tests on : DomainDnsZones
  368.  
  369. Starting test: CheckSDRefDom
  370.  
  371. ......................... DomainDnsZones passed test CheckSDRefDom
  372.  
  373. Starting test: CrossRefValidation
  374.  
  375. ......................... DomainDnsZones passed test
  376.  
  377. CrossRefValidation
  378.  
  379.  
  380. Running partition tests on : Schema
  381.  
  382. Starting test: CheckSDRefDom
  383.  
  384. ......................... Schema passed test CheckSDRefDom
  385.  
  386. Starting test: CrossRefValidation
  387.  
  388. ......................... Schema passed test CrossRefValidation
  389.  
  390.  
  391. Running partition tests on : Configuration
  392.  
  393. Starting test: CheckSDRefDom
  394.  
  395. ......................... Configuration passed test CheckSDRefDom
  396.  
  397. Starting test: CrossRefValidation
  398.  
  399. ......................... Configuration passed test CrossRefValidation
  400.  
  401.  
  402. Running partition tests on : ad
  403.  
  404. Starting test: CheckSDRefDom
  405.  
  406. ......................... ad passed test CheckSDRefDom
  407.  
  408. Starting test: CrossRefValidation
  409.  
  410. ......................... ad passed test CrossRefValidation
  411.  
  412.  
  413. Running enterprise tests on : ad.MYCOMPANY.com
  414.  
  415. Starting test: LocatorCheck
  416.  
  417. ......................... ad.MYCOMPANY.com passed test LocatorCheck
  418.  
  419. Starting test: Intersite
  420.  
  421. ......................... ad.MYCOMPANY.com passed test Intersite
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!