Hallo zusammen und noch ein Frohes Neues Jahr! Ich habe bei einem Kunden-AD (alles 2008R2, nichts migriert sondern komplett frisch installiert) ein Problem mit den Ergebnissen der DCDIAG-DNS-Tests (alle genannten Server sind auf 2008 R2 SP1 mit aktuellem Patch-Stand): - Wenn DCDIAG ich auf DC1 lokale laufen lasse (dcdiag /test:DNS /v), so läuft alles sauber durch. - Lasse ich DCDIAG auf DC1 laufen, gebe auf der Kommandozeile aber DC2 als "Ziel" an (dcdiag /test:DNS /v /s:DC2.my.domain), so läuft ebenfalls alles prima ohne Fehler durch. Alles prima bis hierhin, jetzt kommts: Nehme ich einen Memberserver (mit installierten Administrationstools), lasse dort DCDIAG laufen und gebe als Ziel einen der beiden DCs an so gibt's folgendes Ergebnis (habe hier nur den Teil ausgeführt, der die Fehler beinhaltet. Alle anderen DNS-Tests gehen ohne Fehler durch): -----<schnipp>----- >dcdiag /s:DC2.my.domain /test:DNS /DnsRecordRegistration /v Directory Server Diagnosis Performing initial setup: * Connecting to directory service on server DC1.my.domain. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=my,DC=domain,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=my,DC=domain,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\DC2 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity * Active Directory RPC Services Check ......................... DC2 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\DC2 Test omitted by user request: Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Test omitted by user request: FrsEvent Test omitted by user request: DFSREvent Test omitted by user request: SysVolCheck Test omitted by user request: KccEvent Test omitted by user request: KnowsOfRoleHolders Test omitted by user request: MachineAccount Test omitted by user request: NCSecDesc Test omitted by user request: NetLogons Test omitted by user request: ObjectsReplicated Test omitted by user request: OutboundSecureChannels Test omitted by user request: Replications Test omitted by user request: RidManager Test omitted by user request: Services Test omitted by user request: SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: VerifyReferences Test omitted by user request: VerifyReplicas Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... See DNS test in enterprise tests section for results ......................... DC2 passed test DNS Running partition tests on : DomainDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : ForestDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : Schema Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : Configuration Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : holderness Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running enterprise tests on : my.domain Starting test: DNS Test results for domain controllers: DC: DC1.my.domain Domain: my.domain TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) The OS Microsoft Windows Server 2008 R2 Enterprise (Service Pack level: 1.0) is supported. NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000007] Intel(R) PRO/1000 MT Network Connection: MAC address is 00:50:56:A0:00:00 IP Address is static IP address: 192.168.1.129, fe80::f092:b918:def7:32f DNS servers: 192.168.1.128 (DC1) [Valid] 192.168.1.129 (DC2) [Valid] 127.0.0.1 (DC2) [Valid] The A host record(s) for this DC was found The SOA record for the Active Directory zone was found The Active Directory zone on this DC/DNS server was found primary Root zone on this DC/DNS server was not found TEST: Records registration (RReg) Network Adapter [00000007] Intel(R) PRO/1000 MT Network Connection: Matching CNAME record found at DNS server 192.168.1.128: 63116796-7089-41c4-a211-060b67a6cc5d._msdcs.my.domain Matching A record found at DNS server 192.168.1.128: DC1.my.domain Matching SRV record found at DNS server 192.168.1.128: _ldap._tcp.my.domain Matching SRV record found at DNS server 192.168.1.128: _ldap._tcp.97d8ddbd-2def-4acd-94a0-0ba28d1b0e6c.domains._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.128: _kerberos._tcp.dc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.128: _ldap._tcp.dc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.128: _kerberos._tcp.my.domain Matching SRV record found at DNS server 192.168.1.128: _kerberos._udp.my.domain Matching SRV record found at DNS server 192.168.1.128: _kpasswd._tcp.my.domain Matching SRV record found at DNS server 192.168.1.128: _ldap._tcp.Default-First-Site-Name._sites.my.domain Matching SRV record found at DNS server 192.168.1.128: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.128: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.128: _kerberos._tcp.Default-First-Site-Name._sites.my.domain Matching SRV record found at DNS server 192.168.1.128: _ldap._tcp.gc._msdcs.my.domain Matching A record found at DNS server 192.168.1.128: gc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.128: _gc._tcp.Default-First-Site-Name._sites.my.domain Matching SRV record found at DNS server 192.168.1.128: _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.128: _ldap._tcp.pdc._msdcs.my.domain Matching CNAME record found at DNS server 192.168.1.129: 63116796-7089-41c4-a211-060b67a6cc5d._msdcs.my.domain Matching A record found at DNS server 192.168.1.129: DC1.my.domain Matching SRV record found at DNS server 192.168.1.129: _ldap._tcp.my.domain Matching SRV record found at DNS server 192.168.1.129: _ldap._tcp.97d8ddbd-2def-4acd-94a0-0ba28d1b0e6c.domains._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.129: _kerberos._tcp.dc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.129: _ldap._tcp.dc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.129: _kerberos._tcp.my.domain Matching SRV record found at DNS server 192.168.1.129: _kerberos._udp.my.domain Matching SRV record found at DNS server 192.168.1.129: _kpasswd._tcp.my.domain Matching SRV record found at DNS server 192.168.1.129: _ldap._tcp.Default-First-Site-Name._sites.my.domain Matching SRV record found at DNS server 192.168.1.129: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.129: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.129: _kerberos._tcp.Default-First-Site-Name._sites.holderness.or g Matching SRV record found at DNS server 192.168.1.129: _ldap._tcp.gc._msdcs.my.domain Matching A record found at DNS server 192.168.1.129: gc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.129: _gc._tcp.Default-First-Site-Name._sites.my.domain Matching SRV record found at DNS server 192.168.1.129: _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.my.domain Matching SRV record found at DNS server 192.168.1.129: _ldap._tcp.pdc._msdcs.my.domain Warning: Missing CNAME record at DNS server 192.168.1.129: 63116796-7089-41c4-a211-060b67a6cc5d._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Warning: Missing A record at DNS server 192.168.1.129: DC1.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _ldap._tcp.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _ldap._tcp.97d8ddbd-2def-4acd-94a0-0ba28d1b0e6c.domains._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _kerberos._tcp.dc._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _ldap._tcp.dc._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _kerberos._tcp.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _kerberos._udp.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _kpasswd._tcp.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _ldap._tcp.Default-First-Site-Name._sites.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _kerberos._tcp.Default-First-Site-Name._sites.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _ldap._tcp.gc._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Warning: Missing A record at DNS server 192.168.1.129: gc._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _gc._tcp.Default-First-Site-Name._sites.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Missing SRV record at DNS server 192.168.1.129: _ldap._tcp.pdc._msdcs.my.domain [Error details: 10054 (Type: Win32 - Description: An existing connection was forcibly closed by the remote host.)] Error: Record registrations cannot be found for all the network adapters Summary of test results for DNS servers used by the above domain controllers: DNS server: 192.168.1.128 (DC1) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered DNS server: 192.168.1.129 (DC2) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: my.domain dc2 PASS PASS n/a n/a n/a FAIL n/a ......................... my.domain failed test DNS Test omitted by user request: LocatorCheck Test omitted by user request: Intersite -----<schnapp>----- Benutze ich DC1 als Ziel, so gibt's die gleichen 10054-Fehler, dann allerdings nur für DC1 (bzw. IP .128). Ich vermute, dass es sich hierbei nicht um eine AD-Fehlkonfiguration oder ähnliches handelt, sondern dass es irgendwas mit den Netzwerkverbindungen zu tun hat, die DCDIAG zur Laufzeit aufbaut/benötigt... Hat jemand eine Idee, oder vielleicht hat das ja schon mal jemand gesehen und eine Erklärung dafür? Eine intensive Google-Suche hat bisher noch nichts Vernünftiges gebracht. Grüße Matthias Matthias Mehrtens Dipl.-Phys. Solution Architect Dell | Global Infrastructure Consulting Services Dell GmbH, Geschäftsanschrift/business address: Unterschweinstiege 10, 60549 Frankfurt am Main, Germany Geschäftsführer: Mark Möbius, Barbara Wittmann, Jürgen Wilhelm Renz Sitz: Frankfurt am Main, eingetragen beim Amtsgericht Frankfurt am Main unter HRB 75453 USt.-ID: DE113541138, WEEE-Reg.Nr.: DE 49515708