Hi there, I have 2 dcs running 2012 and 2012 r2. Both are failing the recursive query test on the monitoring tab and I cant figure out why. nslookup, dcdiag and repadmin return clean results. I'm able to resolve ips to hosts at the command line.
*These are virtual machines running in hyper-v on an internal network. I disabled root hints and both machines are forwarding to each other on ip4 and ip6.
C:\Users\Administrator.CHILDOFLIGHT>nslookup
Default Server: dc2.childoflight.local
Address: fdc4:81c:a943:34d2::2
> set type=ptr
> 172.16.1.1
Server: dc2.childoflight.local
Address: fdc4:81c:a943:34d2::2
1.1.16.172.in-addr.arpa name = dc1.childoflight.local
> 172.16.1.2
Server: dc2.childoflight.local
Address: fdc4:81c:a943:34d2::2
2.1.16.172.in-addr.arpa name = dc2.childoflight.local
> set type=a
> dc1
Server: dc2.childoflight.local
Address: fdc4:81c:a943:34d2::2
Name: dc1.childoflight.local
Address: 172.16.1.1
> dc2
Server: dc2.childoflight.local
Address: fdc4:81c:a943:34d2::2
Name: dc2.childoflight.local
Address: 172.16.1.2
ping dc1
Reply from 172.16.1.1: bytes=32 time<1ms TTL=128
ping dc1 -6
Reply from fdc4:81c:a943:34d2::1: time<1ms
ping 172.16.1.1
Reply from 172.16.1.1: bytes=32 time<1ms TTL=128
ping fdc4:81c:a943:34d2::1
Reply from fdc4:81c:a943:34d2::1: time<1ms
ping dc2
Reply from fe80::d955:bc60:c06f:e987%13: time<1ms
ping dc2 -4
Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
ping 172.16.1.2
Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
ping fdc4:81c:a943:34d2::2
Reply from fdc4:81c:a943:34d2::2: time<1ms
DCDIAG /v:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DC2, is a Directory Server.
Home Server = DC2
* Connecting to directory service on server DC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=childoflight,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=childoflight,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Starting test: Advertising
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
The DS DC2 is advertising as a GC.
......................... DC2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... DC2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC2 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC2 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
Role Rid Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
......................... DC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC2 on DC DC2.
* SPN found :LDAP/DC2.childoflight.local/childoflight.local
* SPN found :LDAP/DC2.childoflight.local
* SPN found :LDAP/DC2
* SPN found :LDAP/DC2.childoflight.local/CHILDOFLIGHT
* SPN found :LDAP/fc1c6579-6d9c-4374-ac20-6f7e8e074edd._msdcs.childoflight.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fc1c6579-6d9c-4374-ac20-6f7e8e074edd/childoflight.local
* SPN found :HOST/DC2.childoflight.local/childoflight.local
* SPN found :HOST/DC2.childoflight.local
* SPN found :HOST/DC2
* SPN found :HOST/DC2.childoflight.local/CHILDOFLIGHT
* SPN found :GC/DC2.childoflight.local/childoflight.local
......................... DC2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC2.
* Security Permissions Check for
DC=ForestDnsZones,DC=childoflight,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=childoflight,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=childoflight,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=childoflight,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=childoflight,DC=local
(Domain,Version 3)
......................... DC2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC2\netlogon
Verified share \\DC2\sysvol
......................... DC2 passed test NetLogons
Starting test: ObjectsReplicated
DC2 is in domain DC=childoflight,DC=local
Checking for CN=DC2,OU=Domain Controllers,DC=childoflight,DC=local in domain DC=childoflight,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local in domain CN=Configuration,DC=childoflight,DC=local on 1 servers
Object is up-to-date on all servers.
......................... DC2 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... DC2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2101 to 1073741823
* DC2.childoflight.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1601 to 2100
* rIDPreviousAllocationPool is 1601 to 2100
* rIDNextRID: 1601
......................... DC2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC2 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... DC2 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC2,OU=Domain Controllers,DC=childoflight,DC=local and backlink on
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=childoflight,DC=local
and backlink on
CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=childoflight,DC=local
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=childoflight,DC=local
and backlink on CN=DC2,OU=Domain Controllers,DC=childoflight,DC=local
are correct.
......................... DC2 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : childoflight
Starting test: CheckSDRefDom
......................... childoflight passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... childoflight passed test CrossRefValidation
Running enterprise tests on : childoflight.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\DC2.childoflight.local
Locator Flags: 0xe000f1fc
PDC Name: \\DC1.childoflight.local
Locator Flags: 0xe00071fd
Time Server Name: \\DC2.childoflight.local
Locator Flags: 0xe000f1fc
Preferred Time Server Name: \\DC2.childoflight.local
Locator Flags: 0xe000f1fc
KDC Name: \\DC2.childoflight.local
Locator Flags: 0xe000f1fc
......................... childoflight.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... childoflight.local passed test Intersite