Advertisement
Guest User

Untitled

a guest
Apr 29th, 2020
131
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.10 KB | None | 0 0
  1.  
  2. Directory Server Diagnosis
  3.  
  4.  
  5. Performing initial setup:
  6.  
  7. Trying to find home server...
  8.  
  9. * Verifying that the local machine DC01, is a Directory Server.
  10. Home Server = DC01
  11.  
  12. * Connecting to directory service on server DC01.
  13.  
  14. * Identified AD Forest.
  15. Collecting AD specific global data
  16. * Collecting site info.
  17.  
  18. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=excelcg,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
  19. The previous call succeeded
  20. Iterating through the sites
  21. Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  22. Getting ISTG and options for the site
  23. * Identifying all servers.
  24.  
  25. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=excelcg,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
  26. The previous call succeeded....
  27. The previous call succeeded
  28. Iterating through the list of servers
  29. Getting information for the server CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  30. objectGuid obtained
  31. InvocationID obtained
  32. dnsHostname obtained
  33. site info obtained
  34. All the info for the server collected
  35. Getting information for the server CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  36. objectGuid obtained
  37. InvocationID obtained
  38. dnsHostname obtained
  39. site info obtained
  40. All the info for the server collected
  41. * Identifying all NC cross-refs.
  42.  
  43. * Found 2 DC(s). Testing 1 of them.
  44.  
  45. Done gathering initial info.
  46.  
  47.  
  48. Doing initial required tests
  49.  
  50.  
  51. Testing server: Default-First-Site-Name\DC01
  52.  
  53. Starting test: Connectivity
  54.  
  55. * Active Directory LDAP Services Check
  56. Determining IP4 connectivity
  57. * Active Directory RPC Services Check
  58. ......................... DC01 passed test Connectivity
  59.  
  60.  
  61.  
  62. Doing primary tests
  63.  
  64.  
  65. Testing server: Default-First-Site-Name\DC01
  66.  
  67. Starting test: Advertising
  68.  
  69. The DC DC01 is advertising itself as a DC and having a DS.
  70. The DC DC01 is advertising as an LDAP server
  71. The DC DC01 is advertising as having a writeable directory
  72. The DC DC01 is advertising as a Key Distribution Center
  73. The DC DC01 is advertising as a time server
  74. The DS DC01 is advertising as a GC.
  75. ......................... DC01 passed test Advertising
  76.  
  77. Test omitted by user request: CheckSecurityError
  78.  
  79. Test omitted by user request: CutoffServers
  80.  
  81. Starting test: FrsEvent
  82.  
  83. * The File Replication Service Event log test
  84. Skip the test because the server is running DFSR.
  85.  
  86. ......................... DC01 passed test FrsEvent
  87.  
  88. Starting test: DFSREvent
  89.  
  90. The DFS Replication Event Log.
  91. ......................... DC01 passed test DFSREvent
  92.  
  93. Starting test: SysVolCheck
  94.  
  95. * The File Replication Service SYSVOL ready test
  96. File Replication Service's SYSVOL is ready
  97. ......................... DC01 passed test SysVolCheck
  98.  
  99. Starting test: KccEvent
  100.  
  101. * The KCC Event log test
  102. Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
  103. ......................... DC01 passed test KccEvent
  104.  
  105. Starting test: KnowsOfRoleHolders
  106.  
  107. Role Schema Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  108. Role Domain Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  109. Role PDC Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  110. Role Rid Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  111. Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  112. ......................... DC01 passed test KnowsOfRoleHolders
  113.  
  114. Starting test: MachineAccount
  115.  
  116. Checking machine account for DC DC01 on DC DC01.
  117. * SPN found :LDAP/DC01.mydomain/mydomain
  118. * SPN found :LDAP/DC01.mydomain
  119. * SPN found :LDAP/DC01
  120. * SPN found :LDAP/DC01.mydomain/EXCELCG
  121. * SPN found :LDAP/39eae90e-bc2f-4e15-b5f7-9905ff0907d5._msdcs.mydomain
  122. * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/39eae90e-bc2f-4e15-b5f7-9905ff0907d5/mydomain
  123. * SPN found :HOST/DC01.mydomain/mydomain
  124. * SPN found :HOST/DC01.mydomain
  125. * SPN found :HOST/DC01
  126. * SPN found :HOST/DC01.mydomain/EXCELCG
  127. * SPN found :GC/DC01.mydomain/mydomain
  128. ......................... DC01 passed test MachineAccount
  129.  
  130. Starting test: NCSecDesc
  131.  
  132. * Security Permissions check for all NC's on DC DC01.
  133. * Security Permissions Check for
  134.  
  135. DC=ForestDnsZones,DC=excelcg,DC=local
  136. (NDNC,Version 3)
  137. * Security Permissions Check for
  138.  
  139. DC=DomainDnsZones,DC=excelcg,DC=local
  140. (NDNC,Version 3)
  141. * Security Permissions Check for
  142.  
  143. CN=Schema,CN=Configuration,DC=excelcg,DC=local
  144. (Schema,Version 3)
  145. * Security Permissions Check for
  146.  
  147. CN=Configuration,DC=excelcg,DC=local
  148. (Configuration,Version 3)
  149. * Security Permissions Check for
  150.  
  151. DC=excelcg,DC=local
  152. (Domain,Version 3)
  153. ......................... DC01 passed test NCSecDesc
  154.  
  155. Starting test: NetLogons
  156.  
  157. * Network Logons Privileges Check
  158. Verified share \\DC01\netlogon
  159. Verified share \\DC01\sysvol
  160. ......................... DC01 passed test NetLogons
  161.  
  162. Starting test: ObjectsReplicated
  163.  
  164. DC01 is in domain DC=excelcg,DC=local
  165. Checking for CN=DC01,OU=Domain Controllers,DC=excelcg,DC=local in domain DC=excelcg,DC=local on 1 servers
  166. Object is up-to-date on all servers.
  167. Checking for CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local in domain CN=Configuration,DC=excelcg,DC=local on 1 servers
  168. Object is up-to-date on all servers.
  169. ......................... DC01 passed test ObjectsReplicated
  170.  
  171. Test omitted by user request: OutboundSecureChannels
  172.  
  173. Starting test: Replications
  174.  
  175. * Replications Check
  176. * Replication Latency Check
  177. DC=ForestDnsZones,DC=excelcg,DC=local
  178. Latency information for 2 entries in the vector were ignored.
  179. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
  180. DC=DomainDnsZones,DC=excelcg,DC=local
  181. Latency information for 2 entries in the vector were ignored.
  182. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
  183. CN=Schema,CN=Configuration,DC=excelcg,DC=local
  184. Latency information for 2 entries in the vector were ignored.
  185. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
  186. CN=Configuration,DC=excelcg,DC=local
  187. Latency information for 2 entries in the vector were ignored.
  188. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
  189. DC=excelcg,DC=local
  190. Latency information for 2 entries in the vector were ignored.
  191. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
  192. ......................... DC01 passed test Replications
  193.  
  194. Starting test: RidManager
  195.  
  196. * Available RID Pool for the Domain is 3100 to 1073741823
  197. * DC01.mydomain is the RID Master
  198. * DsBind with RID Master was successful
  199. * rIDAllocationPool is 2100 to 2599
  200. * rIDPreviousAllocationPool is 2100 to 2599
  201. * rIDNextRID: 2113
  202. ......................... DC01 passed test RidManager
  203.  
  204. Starting test: Services
  205.  
  206. * Checking Service: EventSystem
  207. * Checking Service: RpcSs
  208. * Checking Service: NTDS
  209. * Checking Service: DnsCache
  210. * Checking Service: DFSR
  211. * Checking Service: IsmServ
  212. * Checking Service: kdc
  213. * Checking Service: SamSs
  214. * Checking Service: LanmanServer
  215. * Checking Service: LanmanWorkstation
  216. * Checking Service: w32time
  217. * Checking Service: NETLOGON
  218. ......................... DC01 passed test Services
  219.  
  220. Starting test: SystemLog
  221.  
  222. * The System Event log test
  223. A warning event occurred. EventID: 0x0000000C
  224.  
  225. Time Generated: 04/29/2020 07:25:57
  226.  
  227. Event String:
  228.  
  229. Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  230.  
  231. A warning event occurred. EventID: 0x0000000C
  232.  
  233. Time Generated: 04/29/2020 07:37:10
  234.  
  235. Event String:
  236.  
  237. Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  238.  
  239. A warning event occurred. EventID: 0x0000000C
  240.  
  241. Time Generated: 04/29/2020 07:37:28
  242.  
  243. Event String:
  244.  
  245. Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  246.  
  247. A warning event occurred. EventID: 0x0000000C
  248.  
  249. Time Generated: 04/29/2020 07:39:54
  250.  
  251. Event String:
  252.  
  253. Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  254.  
  255. A warning event occurred. EventID: 0x0000000C
  256.  
  257. Time Generated: 04/29/2020 07:40:09
  258.  
  259. Event String:
  260.  
  261. Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  262.  
  263. A warning event occurred. EventID: 0x80040020
  264.  
  265. Time Generated: 04/29/2020 07:44:49
  266.  
  267. Event String:
  268.  
  269. The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
  270.  
  271. A warning event occurred. EventID: 0x80040020
  272.  
  273. Time Generated: 04/29/2020 07:44:49
  274.  
  275. Event String:
  276.  
  277. The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
  278.  
  279. A warning event occurred. EventID: 0x80040020
  280.  
  281. Time Generated: 04/29/2020 07:44:49
  282.  
  283. Event String:
  284.  
  285. The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
  286.  
  287. An error event occurred. EventID: 0xC0001B61
  288.  
  289. Time Generated: 04/29/2020 07:44:56
  290.  
  291. Event String:
  292.  
  293. A timeout was reached (30000 milliseconds) while waiting for the VBoxService service to connect.
  294.  
  295. An error event occurred. EventID: 0xC0001B58
  296.  
  297. Time Generated: 04/29/2020 07:44:56
  298.  
  299. Event String:
  300.  
  301. The VBoxService service failed to start due to the following error:
  302.  
  303. The service did not respond to the start or control request in a timely fashion.
  304.  
  305. A warning event occurred. EventID: 0x0000000C
  306.  
  307. Time Generated: 04/29/2020 07:45:17
  308.  
  309. Event String:
  310.  
  311. Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  312.  
  313. An error event occurred. EventID: 0x00002710
  314.  
  315. Time Generated: 04/29/2020 07:45:27
  316.  
  317. Event String:
  318.  
  319. Unable to start a DCOM Server: {9C38ED61-D565-4728-AEEE-C80952F0ECDE}. The error:
  320.  
  321. "0"
  322.  
  323. Happened while starting this command:
  324.  
  325. C:\Windows\System32\vdsldr.exe -Embedding
  326.  
  327. An error event occurred. EventID: 0xC0001B5E
  328.  
  329. Time Generated: 04/29/2020 07:45:40
  330.  
  331. Event String:
  332.  
  333. The ScRegSetValueExW call failed for Description with the following error:
  334.  
  335. Access is denied.
  336.  
  337. A warning event occurred. EventID: 0x00001796
  338.  
  339. Time Generated: 04/29/2020 07:46:35
  340.  
  341. Event String:
  342.  
  343. Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
  344.  
  345.  
  346.  
  347. NTLM is a weaker authentication mechanism. Please check:
  348.  
  349.  
  350.  
  351. Which applications are using NTLM authentication?
  352.  
  353. Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
  354.  
  355. If NTLM must be supported, is Extended Protection configured?
  356.  
  357.  
  358.  
  359. Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
  360.  
  361. An error event occurred. EventID: 0x00002720
  362.  
  363. Time Generated: 04/29/2020 08:02:26
  364.  
  365. Event String:
  366.  
  367. The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  368.  
  369. {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
  370.  
  371. and APPID
  372.  
  373. {15C20B67-12E7-4BB6-92BB-7AFF07997402}
  374.  
  375. to the user EXCELCG\Administrator SID (S-1-5-21-44761719-4196749728-97561086-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
  376.  
  377. ......................... DC01 failed test SystemLog
  378.  
  379. Test omitted by user request: Topology
  380.  
  381. Test omitted by user request: VerifyEnterpriseReferences
  382.  
  383. Starting test: VerifyReferences
  384.  
  385. The system object reference (serverReference)
  386.  
  387. CN=DC01,OU=Domain Controllers,DC=excelcg,DC=local and backlink on
  388.  
  389. CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  390.  
  391. are correct.
  392. The system object reference (serverReferenceBL)
  393.  
  394. CN=WIN-BER6E9O3PHN,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=excelcg,DC=local
  395.  
  396. and backlink on
  397.  
  398. CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=excelcg,DC=local
  399.  
  400. are correct.
  401. The system object reference (msDFSR-ComputerReferenceBL)
  402.  
  403. CN=WIN-BER6E9O3PHN,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=excelcg,DC=local
  404.  
  405. and backlink on CN=DC01,OU=Domain Controllers,DC=excelcg,DC=local are
  406.  
  407. correct.
  408. ......................... DC01 passed test VerifyReferences
  409.  
  410. Test omitted by user request: VerifyReplicas
  411.  
  412.  
  413. Test omitted by user request: DNS
  414.  
  415. Test omitted by user request: DNS
  416.  
  417.  
  418. Running partition tests on : ForestDnsZones
  419.  
  420. Starting test: CheckSDRefDom
  421.  
  422. ......................... ForestDnsZones passed test CheckSDRefDom
  423.  
  424. Starting test: CrossRefValidation
  425.  
  426. ......................... ForestDnsZones passed test
  427.  
  428. CrossRefValidation
  429.  
  430.  
  431. Running partition tests on : DomainDnsZones
  432.  
  433. Starting test: CheckSDRefDom
  434.  
  435. ......................... DomainDnsZones passed test CheckSDRefDom
  436.  
  437. Starting test: CrossRefValidation
  438.  
  439. ......................... DomainDnsZones passed test
  440.  
  441. CrossRefValidation
  442.  
  443.  
  444. Running partition tests on : Schema
  445.  
  446. Starting test: CheckSDRefDom
  447.  
  448. ......................... Schema passed test CheckSDRefDom
  449.  
  450. Starting test: CrossRefValidation
  451.  
  452. ......................... Schema passed test CrossRefValidation
  453.  
  454.  
  455. Running partition tests on : Configuration
  456.  
  457. Starting test: CheckSDRefDom
  458.  
  459. ......................... Configuration passed test CheckSDRefDom
  460.  
  461. Starting test: CrossRefValidation
  462.  
  463. ......................... Configuration passed test CrossRefValidation
  464.  
  465.  
  466. Running partition tests on : excelcg
  467.  
  468. Starting test: CheckSDRefDom
  469.  
  470. ......................... excelcg passed test CheckSDRefDom
  471.  
  472. Starting test: CrossRefValidation
  473.  
  474. ......................... excelcg passed test CrossRefValidation
  475.  
  476.  
  477. Running enterprise tests on : mydomain
  478.  
  479. Test omitted by user request: DNS
  480.  
  481. Test omitted by user request: DNS
  482.  
  483. Starting test: LocatorCheck
  484.  
  485. GC Name: \\DC01.mydomain
  486.  
  487. Locator Flags: 0xe003f3fd
  488. PDC Name: \\DC01.mydomain
  489. Locator Flags: 0xe003f3fd
  490. Time Server Name: \\DC01.mydomain
  491. Locator Flags: 0xe003f3fd
  492. Preferred Time Server Name: \\DC01.mydomain
  493. Locator Flags: 0xe003f3fd
  494. KDC Name: \\DC01.mydomain
  495. Locator Flags: 0xe003f3fd
  496. ......................... mydomain passed test LocatorCheck
  497.  
  498. Starting test: Intersite
  499.  
  500. Skipping site Default-First-Site-Name, this site is outside the scope
  501.  
  502. provided by the command line arguments provided.
  503. ......................... mydomain passed test Intersite
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement