Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Directory Server Diagnosis
- Performing initial setup:
- Trying to find home server...
- * Verifying that the local machine DC01, is a Directory Server.
- Home Server = DC01
- * Connecting to directory service on server DC01.
- * Identified AD Forest.
- Collecting AD specific global data
- * Collecting site info.
- Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=excelcg,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
- The previous call succeeded
- Iterating through the sites
- Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- Getting ISTG and options for the site
- * Identifying all servers.
- Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=excelcg,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
- The previous call succeeded....
- The previous call succeeded
- Iterating through the list of servers
- Getting information for the server CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- objectGuid obtained
- InvocationID obtained
- dnsHostname obtained
- site info obtained
- All the info for the server collected
- Getting information for the server CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- objectGuid obtained
- InvocationID obtained
- dnsHostname obtained
- site info obtained
- All the info for the server collected
- * Identifying all NC cross-refs.
- * Found 2 DC(s). Testing 1 of them.
- Done gathering initial info.
- Doing initial required tests
- Testing server: Default-First-Site-Name\DC01
- Starting test: Connectivity
- * Active Directory LDAP Services Check
- Determining IP4 connectivity
- * Active Directory RPC Services Check
- ......................... DC01 passed test Connectivity
- Doing primary tests
- Testing server: Default-First-Site-Name\DC01
- Starting test: Advertising
- The DC DC01 is advertising itself as a DC and having a DS.
- The DC DC01 is advertising as an LDAP server
- The DC DC01 is advertising as having a writeable directory
- The DC DC01 is advertising as a Key Distribution Center
- The DC DC01 is advertising as a time server
- The DS DC01 is advertising as a GC.
- ......................... DC01 passed test Advertising
- Test omitted by user request: CheckSecurityError
- Test omitted by user request: CutoffServers
- Starting test: FrsEvent
- * The File Replication Service Event log test
- Skip the test because the server is running DFSR.
- ......................... DC01 passed test FrsEvent
- Starting test: DFSREvent
- The DFS Replication Event Log.
- ......................... DC01 passed test DFSREvent
- Starting test: SysVolCheck
- * The File Replication Service SYSVOL ready test
- File Replication Service's SYSVOL is ready
- ......................... DC01 passed test SysVolCheck
- Starting test: KccEvent
- * The KCC Event log test
- Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
- ......................... DC01 passed test KccEvent
- Starting test: KnowsOfRoleHolders
- Role Schema Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- Role Domain Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- Role PDC Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- Role Rid Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- ......................... DC01 passed test KnowsOfRoleHolders
- Starting test: MachineAccount
- Checking machine account for DC DC01 on DC DC01.
- * SPN found :LDAP/DC01.mydomain/mydomain
- * SPN found :LDAP/DC01.mydomain
- * SPN found :LDAP/DC01
- * SPN found :LDAP/DC01.mydomain/EXCELCG
- * SPN found :LDAP/39eae90e-bc2f-4e15-b5f7-9905ff0907d5._msdcs.mydomain
- * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/39eae90e-bc2f-4e15-b5f7-9905ff0907d5/mydomain
- * SPN found :HOST/DC01.mydomain/mydomain
- * SPN found :HOST/DC01.mydomain
- * SPN found :HOST/DC01
- * SPN found :HOST/DC01.mydomain/EXCELCG
- * SPN found :GC/DC01.mydomain/mydomain
- ......................... DC01 passed test MachineAccount
- Starting test: NCSecDesc
- * Security Permissions check for all NC's on DC DC01.
- * Security Permissions Check for
- DC=ForestDnsZones,DC=excelcg,DC=local
- (NDNC,Version 3)
- * Security Permissions Check for
- DC=DomainDnsZones,DC=excelcg,DC=local
- (NDNC,Version 3)
- * Security Permissions Check for
- CN=Schema,CN=Configuration,DC=excelcg,DC=local
- (Schema,Version 3)
- * Security Permissions Check for
- CN=Configuration,DC=excelcg,DC=local
- (Configuration,Version 3)
- * Security Permissions Check for
- DC=excelcg,DC=local
- (Domain,Version 3)
- ......................... DC01 passed test NCSecDesc
- Starting test: NetLogons
- * Network Logons Privileges Check
- Verified share \\DC01\netlogon
- Verified share \\DC01\sysvol
- ......................... DC01 passed test NetLogons
- Starting test: ObjectsReplicated
- DC01 is in domain DC=excelcg,DC=local
- Checking for CN=DC01,OU=Domain Controllers,DC=excelcg,DC=local in domain DC=excelcg,DC=local on 1 servers
- Object is up-to-date on all servers.
- Checking for CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local in domain CN=Configuration,DC=excelcg,DC=local on 1 servers
- Object is up-to-date on all servers.
- ......................... DC01 passed test ObjectsReplicated
- Test omitted by user request: OutboundSecureChannels
- Starting test: Replications
- * Replications Check
- * Replication Latency Check
- DC=ForestDnsZones,DC=excelcg,DC=local
- Latency information for 2 entries in the vector were ignored.
- 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
- DC=DomainDnsZones,DC=excelcg,DC=local
- Latency information for 2 entries in the vector were ignored.
- 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
- CN=Schema,CN=Configuration,DC=excelcg,DC=local
- Latency information for 2 entries in the vector were ignored.
- 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
- CN=Configuration,DC=excelcg,DC=local
- Latency information for 2 entries in the vector were ignored.
- 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
- DC=excelcg,DC=local
- Latency information for 2 entries in the vector were ignored.
- 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
- ......................... DC01 passed test Replications
- Starting test: RidManager
- * Available RID Pool for the Domain is 3100 to 1073741823
- * DC01.mydomain is the RID Master
- * DsBind with RID Master was successful
- * rIDAllocationPool is 2100 to 2599
- * rIDPreviousAllocationPool is 2100 to 2599
- * rIDNextRID: 2113
- ......................... DC01 passed test RidManager
- Starting test: Services
- * Checking Service: EventSystem
- * Checking Service: RpcSs
- * Checking Service: NTDS
- * Checking Service: DnsCache
- * Checking Service: DFSR
- * Checking Service: IsmServ
- * Checking Service: kdc
- * Checking Service: SamSs
- * Checking Service: LanmanServer
- * Checking Service: LanmanWorkstation
- * Checking Service: w32time
- * Checking Service: NETLOGON
- ......................... DC01 passed test Services
- Starting test: SystemLog
- * The System Event log test
- A warning event occurred. EventID: 0x0000000C
- Time Generated: 04/29/2020 07:25:57
- Event String:
- Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
- A warning event occurred. EventID: 0x0000000C
- Time Generated: 04/29/2020 07:37:10
- Event String:
- Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
- A warning event occurred. EventID: 0x0000000C
- Time Generated: 04/29/2020 07:37:28
- Event String:
- Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
- A warning event occurred. EventID: 0x0000000C
- Time Generated: 04/29/2020 07:39:54
- Event String:
- Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
- A warning event occurred. EventID: 0x0000000C
- Time Generated: 04/29/2020 07:40:09
- Event String:
- Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
- A warning event occurred. EventID: 0x80040020
- Time Generated: 04/29/2020 07:44:49
- Event String:
- The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
- A warning event occurred. EventID: 0x80040020
- Time Generated: 04/29/2020 07:44:49
- Event String:
- The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
- A warning event occurred. EventID: 0x80040020
- Time Generated: 04/29/2020 07:44:49
- Event String:
- The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
- An error event occurred. EventID: 0xC0001B61
- Time Generated: 04/29/2020 07:44:56
- Event String:
- A timeout was reached (30000 milliseconds) while waiting for the VBoxService service to connect.
- An error event occurred. EventID: 0xC0001B58
- Time Generated: 04/29/2020 07:44:56
- Event String:
- The VBoxService service failed to start due to the following error:
- The service did not respond to the start or control request in a timely fashion.
- A warning event occurred. EventID: 0x0000000C
- Time Generated: 04/29/2020 07:45:17
- Event String:
- Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
- An error event occurred. EventID: 0x00002710
- Time Generated: 04/29/2020 07:45:27
- Event String:
- Unable to start a DCOM Server: {9C38ED61-D565-4728-AEEE-C80952F0ECDE}. The error:
- "0"
- Happened while starting this command:
- C:\Windows\System32\vdsldr.exe -Embedding
- An error event occurred. EventID: 0xC0001B5E
- Time Generated: 04/29/2020 07:45:40
- Event String:
- The ScRegSetValueExW call failed for Description with the following error:
- Access is denied.
- A warning event occurred. EventID: 0x00001796
- Time Generated: 04/29/2020 07:46:35
- Event String:
- Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
- NTLM is a weaker authentication mechanism. Please check:
- Which applications are using NTLM authentication?
- Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
- If NTLM must be supported, is Extended Protection configured?
- Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
- An error event occurred. EventID: 0x00002720
- Time Generated: 04/29/2020 08:02:26
- Event String:
- The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
- and APPID
- {15C20B67-12E7-4BB6-92BB-7AFF07997402}
- to the user EXCELCG\Administrator SID (S-1-5-21-44761719-4196749728-97561086-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- ......................... DC01 failed test SystemLog
- Test omitted by user request: Topology
- Test omitted by user request: VerifyEnterpriseReferences
- Starting test: VerifyReferences
- The system object reference (serverReference)
- CN=DC01,OU=Domain Controllers,DC=excelcg,DC=local and backlink on
- CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- are correct.
- The system object reference (serverReferenceBL)
- CN=WIN-BER6E9O3PHN,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=excelcg,DC=local
- and backlink on
- CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
- are correct.
- The system object reference (msDFSR-ComputerReferenceBL)
- CN=WIN-BER6E9O3PHN,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=excelcg,DC=local
- and backlink on CN=DC01,OU=Domain Controllers,DC=excelcg,DC=local are
- correct.
- ......................... DC01 passed test VerifyReferences
- Test omitted by user request: VerifyReplicas
- Test omitted by user request: DNS
- Test omitted by user request: DNS
- Running partition tests on : ForestDnsZones
- Starting test: CheckSDRefDom
- ......................... ForestDnsZones passed test CheckSDRefDom
- Starting test: CrossRefValidation
- ......................... ForestDnsZones passed test
- CrossRefValidation
- Running partition tests on : DomainDnsZones
- Starting test: CheckSDRefDom
- ......................... DomainDnsZones passed test CheckSDRefDom
- Starting test: CrossRefValidation
- ......................... DomainDnsZones passed test
- CrossRefValidation
- Running partition tests on : Schema
- Starting test: CheckSDRefDom
- ......................... Schema passed test CheckSDRefDom
- Starting test: CrossRefValidation
- ......................... Schema passed test CrossRefValidation
- Running partition tests on : Configuration
- Starting test: CheckSDRefDom
- ......................... Configuration passed test CheckSDRefDom
- Starting test: CrossRefValidation
- ......................... Configuration passed test CrossRefValidation
- Running partition tests on : excelcg
- Starting test: CheckSDRefDom
- ......................... excelcg passed test CheckSDRefDom
- Starting test: CrossRefValidation
- ......................... excelcg passed test CrossRefValidation
- Running enterprise tests on : mydomain
- Test omitted by user request: DNS
- Test omitted by user request: DNS
- Starting test: LocatorCheck
- GC Name: \\DC01.mydomain
- Locator Flags: 0xe003f3fd
- PDC Name: \\DC01.mydomain
- Locator Flags: 0xe003f3fd
- Time Server Name: \\DC01.mydomain
- Locator Flags: 0xe003f3fd
- Preferred Time Server Name: \\DC01.mydomain
- Locator Flags: 0xe003f3fd
- KDC Name: \\DC01.mydomain
- Locator Flags: 0xe003f3fd
- ......................... mydomain passed test LocatorCheck
- Starting test: Intersite
- Skipping site Default-First-Site-Name, this site is outside the scope
- provided by the command line arguments provided.
- ......................... mydomain passed test Intersite
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement