Question

Locked

Dcdiag /test:Checksecurityerror is failed

By raju_pitchuka ·
Hi All,

I have a 2003 DC and an ADC and facing some issues with replication.

when I run DCDIAG /test:Checksecurityerror, the application is getting failed by logging event id 1000.

Description:
Faulting application dcdiag.exe, version 5.2.3790.1830, faulting module msvcrt.dll, version 7.0.3790.2825, fault address 0x000376b4.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The same command is working fine on ADC and the result is here:

Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ERIC-ADC1
Starting test: Connectivity
......................... ERIC-ADC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ERIC-ADC1
Starting test: CheckSecurityError
* Missing SPN :LDAP/ERIC-ADC1.ERICDOM/ERICDOM
* Missing SPN :LDAP/ERIC-ADC1.ERICDOM
* Missing SPN :LDAP/ERIC-ADC1
* Missing SPN :LDAP/ERIC-ADC1.ERICDOM/ERICDOM
* Missing SPN :LDAP/d11d040b-b7f0-457f-bcee-8d091157c8a7._msdcs.ERICDOM
* Missing SPN :HOST/ERIC-ADC1.ERICDOM/ERICDOM
* Missing SPN :HOST/ERIC-ADC1.ERICDOM/ERICDOM
* Missing SPN :GC/ERIC-ADC1.ERICDOM/ERICDOM
Unable to verify the machine account (CN=ERIC-ADC1,OU=Domain Controller
s,DC=ERICDOM) for ERIC-ADC1 on ERIC-PDC.
[ERIC-ADC1] No security related replication errors were found on this D
C! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... ERIC-ADC1 passed test CheckSecurityError
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : ERICDOM
Running enterprise tests on : ERICDOM

When I run dcdiag /test:CheckSecurityError /s:ERIC-PDC (it is my Primary DC) command on ADC, The same event id 1000 is logged with 4097 id.

As I have issues with replication from DC to ADC, I want to troubleshoot it. I request you to help.

I think it is not the problem either with dcdiag.exe or with
msvcrt.dll, because I am able to execute dcdiag with other parameters successfully except /test:Checksecurityerror.

I feel some security related stuff in DC is stopping to replicate with ADC.

When I checked repadmin /showrepl on ADC, I am getting successful information like below

repadmin running command /showrepl against server localhost
Default-First-Site-Name\ERIC-ADC1
DC Options: IS_GC
Site Options: (none)
DC object GUI d11d040b-b7f0-457f-bcee-8d091157c8a7
DC invocationI a2693b56-6caf-4124-951d-ec73a7b8efaf
==== INBOUND NEIGHBORS ======================================
DC=ERICDOM
Default-First-Site-Name\ERIC-PDC via RPC
DC object GUI d74afdf7-4971-4995-a20e-ce3973c22c91
Last attempt @ 2009-02-05 12:44:52 was successful.
Default-First-Site-Name\ERIC-DC via RPC
DC object GUI b3dfc45c-71ce-4fae-9c3c-cbda9a6e572d
Last attempt @ 2009-02-05 12:45:22 was successful.
CN=Configuration,DC=ERICDOM
Default-First-Site-Name\ERIC-PDC via RPC
DC object GUI d74afdf7-4971-4995-a20e-ce3973c22c91
Last attempt @ 2009-02-05 12:44:52 was successful.
Default-First-Site-Name\ERIC-DC via RPC
DC object GUI b3dfc45c-71ce-4fae-9c3c-cbda9a6e572d
Last attempt @ 2009-02-05 12:44:52 was successful.
CN=Schema,CN=Configuration,DC=ERICDOM
Default-First-Site-Name\ERIC-DC via RPC
DC object GUI b3dfc45c-71ce-4fae-9c3c-cbda9a6e572d
Last attempt @ 2009-02-05 12:44:52 was successful.
Default-First-Site-Name\ERIC-PDC via RPC
DC object GUI d74afdf7-4971-4995-a20e-ce3973c22c91
Last attempt @ 2009-02-05 12:44:52 was successful.

When I run the same command on DC (eric-pdc), I am getting the below result.

repadmin running command /showrepl against server localhost
Default-First-Site-Name\ERIC-PDC
DC Options: IS_GC
Site Options: (none)
DC object GUI d74afdf7-4971-4995-a20e-ce3973c22c91
DC invocationI 17c9d65c-64c6-48cf-bf1b-0594ea5292db

Source: Default-First-Site-Name\ERIC-ADC1
******* 92 CONSECUTIVE FAILURES since 2009-02-04 14:07:04
Last error: 5 (0x5):
Access is denied.
Naming Context: CN=Configuration,DC=ERICDOM
Source: Default-First-Site-Name\ERIC-ADC1
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: DC=ERICDOM
Source: Default-First-Site-Name\ERIC-ADC1
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: CN=Schema,CN=Configuration,DC=ERICDOM
Source: Default-First-Site-Name\ERIC-ADC1
******* WARNING: KCC could not add this REPLICA LINK due to error.
Source: Default-First-Site-Name\ERIC-DC
******* 92 CONSECUTIVE FAILURES since 2009-02-04 14:07:04
Last error: 5 (0x5):
Access is denied.
Naming Context: CN=Configuration,DC=ERICDOM
Source: Default-First-Site-Name\ERIC-DC
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: DC=ERICDOM
Source: Default-First-Site-Name\ERIC-DC
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: CN=Schema,CN=Configuration,DC=ERICDOM
Source: Default-First-Site-Name\ERIC-DC
******* WARNING: KCC could not add this REPLICA LINK due to error.

Please ask me if you need more information..

Thanks in advance and apprecite your help and time..

Thanks,
Raju P

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums