par sakura sur Mer 14 Mai 2008, 10:35
Hello,
Voici le dcdiag /v
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine dcxxxxxxx1, is a DC.
* Connecting to directory service on server dcxxxxxxx1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 5 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: yyyyyyy\dcxxxxxxx1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... dcxxxxxxx1 passed test Connectivity
Doing primary tests
Testing server: yyyyyyy\dcxxxxxxx1
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=local,DC=yyyyyyy,DC=fr
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=DomainDnsZones,DC=local,DC=yyyyyyy,DC=fr
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=local,DC=yyyyyyy,DC=fr
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
* Replication Site Latency Check
Site
CN=NTDS Site Settings,CN=zzzzzzzz,CN=Sites,CN=Configuration,DC=local,DC=f
inaref,DC=fr
was skipped because it has no servers in it.
......................... dcxxxxxxx1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC dcxxxxxxx1.
* Security Permissions Check for
DC=ForestDnsZones,DC=local,DC=yyyyyyy,DC=fr
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=local,DC=yyyyyyy,DC=fr
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
(Configuration,Version 2)
* Security Permissions Check for
DC=local,DC=yyyyyyy,DC=fr
(Domain,Version 2)
......................... dcxxxxxxx1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\dcxxxxxxx1\netlogon
Verified share \\dcxxxxxxx1\sysvol
......................... dcxxxxxxx1 passed test NetLogons
Starting test: Advertising
The DC dcxxxxxxx1 is advertising itself as a DC and having a DS.
The DC dcxxxxxxx1 is advertising as an LDAP server
The DC dcxxxxxxx1 is advertising as having a writeable directory
The DC dcxxxxxxx1 is advertising as a Key Distribution Center
The DC dcxxxxxxx1 is advertising as a time server
The DS dcxxxxxxx1 is advertising as a GC.
......................... dcxxxxxxx1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=dcxxxxxxx1,CN=Servers,CN=yyyyyyy,C
N=Sites,CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
Role Domain Owner = CN=NTDS Settings,CN=dcxxxxxxx1,CN=Servers,CN=yyyyyyy,C
N=Sites,CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
Role PDC Owner = CN=NTDS Settings,CN=dcxxxxxxx,CN=Servers,CN=yyyyyyy,CN=S
ites,CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
Role Rid Owner = CN=NTDS Settings,CN=dcxxxxxxx1,CN=Servers,CN=yyyyyyy,CN=S
ites,CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
Role Infrastructure Update Owner = CN=NTDS Settings,CN=dcxxxxxxx,CN=Serve
rs,CN=yyyyyyy,CN=Sites,CN=Configuration,DC=local,DC=yyyyyyy,DC=fr
......................... dcxxxxxxx1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 18603 to 1073741823
* dcxxxxxxx1.local.yyyyyyyy.fr is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 17603 to 18102
* rIDPreviousAllocationPool is 17603 to 18102
* rIDNextRID: 17714
......................... dcxxxxxxx1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC dcxxxxxxx1 on DC dcxxxxxxx1.
* SPN found :LDAP/dcxxxxxxx1.local.yyyyyyyy.fr/local.yyyyyyyy.fr
* SPN found :LDAP/dcxxxxxxx1.local.yyyyyyyy.fr
* SPN found :LDAP/dcxxxxxxx1
* SPN found :LDAP/dcxxxxxxx1.local.yyyyyyyy.fr/DOMFF
* SPN found :LDAP/835daadf-e0fb-44dc-b5c0-997e8487e35e._msdcs.local.fin
aref.fr
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/835daadf-e0fb-44dc-b5
c0-997e8487e35e/local.yyyyyyyy.fr
* SPN found :HOST/dcxxxxxxx1.local.yyyyyyyy.fr/local.yyyyyyyy.fr
* SPN found :HOST/dcxxxxxxx1.local.yyyyyyyy.fr
* SPN found :HOST/dcxxxxxxx1
* SPN found :HOST/dcxxxxxxx1.local.yyyyyyyy.fr/DOMFF
* SPN found :GC/dcxxxxxxx1.local.yyyyyyyy.fr/local.yyyyyyyy.fr
......................... dcxxxxxxx1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... dcxxxxxxx1 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
dcxxxxxxx1 is in domain DC=local,DC=yyyyyyy,DC=fr
Checking for CN=dcxxxxxxx1,OU=Domain Controllers,DC=local,DC=yyyyyyy,DC=fr
in domain DC=local,DC=yyyyyyy,DC=fr on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=dcxxxxxxx1,CN=Servers,CN=yyyyyyy,CN=Sites
,CN=Configuration,DC=local,DC=yyyyyyy,DC=fr in domain CN=Configuration,DC=local,
DC=yyyyyyy,DC=fr on 1 servers
Object is up-to-date on all servers.
......................... dcxxxxxxx1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... dcxxxxxxx1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... dcxxxxxxx1 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... dcxxxxxxx1 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... dcxxxxxxx1 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=dcxxxxxxx1,OU=Domain Controllers,DC=local,DC=yyyyyyy,DC=fr and
backlink on
CN=dcxxxxxxx1,CN=Servers,CN=yyyyyyy,CN=Sites,CN=Configuration,DC=local,DC=
yyyyyyy,DC=fr
are correct.
The system object reference (frsComputerReferenceBL)
CN=dcxxxxxxx1,CN=Domain System Volume (SYSVOL share),CN=File Replication S
ervice,CN=System,DC=local,DC=yyyyyyy,DC=fr
and backlink on
CN=dcxxxxxxx1,OU=Domain Controllers,DC=local,DC=yyyyyyy,DC=fr are
correct.
The system object reference (serverReferenceBL)
CN=dcxxxxxxx1,CN=Domain System Volume (SYSVOL share),CN=File Replication S
ervice,CN=System,DC=local,DC=yyyyyyy,DC=fr
and backlink on
CN=NTDS Settings,CN=dcxxxxxxx1,CN=Servers,CN=yyyyyyy,CN=Sites,CN=Configura
tion,DC=local,DC=yyyyyyy,DC=fr
are correct.
......................... dcxxxxxxx1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : local
Starting test: CrossRefValidation
......................... local passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... local passed test CheckSDRefDom
Running enterprise tests on : local.yyyyyyyy.fr
Starting test: Intersite
Skipping site yyyyyyy, this site is outside the scope provided by the
command line arguments provided.
Skipping site xxxxxxxx, this site is outside the scope provided by the
command line arguments provided.
Skipping site yyyyyyy, this site is outside the scope provided by the
command line arguments provided.
Skipping site wwwwwwwww, this site is outside the scope provided by
the command line arguments provided.
Skipping site nnnnnnnn, this site is outside the scope provided by the
command line arguments provided.
......................... local.yyyyyyyy.fr passed test Intersite
Starting test: FsmoCheck
GC Name: \\dcxxxxxxx1.local.yyyyyyyy.fr
Locator Flags: 0xe00001fc
PDC Name: \\dcxxxxxxx.local.yyyyyyyy.fr
Locator Flags: 0xe00001f9
Time Server Name: \\dcxxxxxxx1.local.yyyyyyyy.fr
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\dcxxxxxxx1.local.yyyyyyyy.fr
Locator Flags: 0xe00001fc
KDC Name: \\dcxxxxxxx1.local.yyyyyyyy.fr
Locator Flags: 0xe00001fc
......................... local.yyyyyyyy.fr passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Mes versions de GPO sont corrects sur tous les DC.
J'ai également fait un dcdiag /test:DNS
dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: rxxxxx\dcxxxxxx
Starting test: Connectivity
......................... dcxxxxxxx passed test Connectivity
Doing primary tests
Testing server: rxxxxx\dcxxxxxx
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : local
Running enterprise tests on : local.yyyyyyyy.fr
Starting test: DNS
Test results for domain controllers:
DC: dcxxxxxxx.local.yyyyyyyy.fr
Domain: local.yyyyyyyy.fr
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: local.yyyyyyyy.fr
dcxxxxxxx PASS PASS FAIL PASS PASS PASS n/a
......................... local.yyyyyyyy.fr failed test DNS
Comme test, j'ai voulu enlever le parametrage de verrouillage de compte car des comptes se verrouillent apparemment seul.
Mais, meme modifiée et à jours sur tous les dc (je me suis connecté sur chaque dc via la gpmc pour verifier), la strat de verouillage est toujours effective bien qu'un rsop dise le contraire.
J'ai fait le test d'un réplication forcée.
DCDIAG avant, kcc ok
DCDIAG aprés, kcc ok
Si vous avez un idée...
Sakura
Y a semble t'il un hic, avec ....... Monsieur Carlo P. 
Tu as investigué là-dessus (plusieurs admins, modifs en même temps??) 
. Je n'ai mis qu'un exemple.
Sur un pc est-ce que tu peux créer un user local avec password < à 8 caractères (diff de la gpo domain) 
