question

yuemingxu-1081 avatar image
0 Votes"
yuemingxu-1081 asked SunnyQi-MSFT commented

dcdiag views some error, does anything wrong with our DC?

network can reachable and no error logs in DC, only having the time sync warning log, and dcdiag views below: Performing initial setup: * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SH-ABCD Starting test: Connectivity ......................... SH-ABCD passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SH-ABCD Starting test: Advertising Fatal Error:DsGetDcName (SH-ABCD) call failed, error 1722 The Locator could not find the server. ......................... SH-ABCD failed test Advertising Starting test: FrsEvent ......................... SH-ABCD passed test FrsEvent Starting test: DFSREvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... SH-ABCD failed test DFSREvent Starting test: SysVolCheck [SH-ABCD] An net use or LsaPolicy operation failed with error 53, The network path was not found.. ......................... SH-ABCD failed test SysVolCheck Starting test: KccEvent ......................... SH-ABCD passed test KccEvent Starting test: KnowsOfRoleHolders ......................... SH-ABCD passed test KnowsOfRoleHolders Starting test: MachineAccount Could not open pipe with [SH-ABCD]:failed with 53: The network path was not found. Could not get NetBIOSDomainName Failed can not test for HOST SPN Failed can not test for HOST SPN ......................... SH-ABCD passed test MachineAccount Starting test: NCSecDesc ......................... SH-ABCD passed test NCSecDesc Starting test: NetLogons [SH-ABCD] An net use or LsaPolicy operation failed with error 53, The network path was not found.. ......................... SH-ABCD failed test NetLogons Starting test: ObjectsReplicated ......................... SH-ABCD passed test ObjectsReplicated Starting test: Replications ......................... SH-ABCD passed test Replications Starting test: RidManager ......................... SH-ABCD passed test RidManager Starting test: Services ......................... SH-ABCD passed test Services Starting test: SystemLog A warning event occurred. EventID: 0x00000024 Time Generated: 03/22/2021 16:12:50 Event String: The time service has not synchronized the system time for the last 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients after 0 seconds. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization. You can control the frequency of the time source rediscovery using ClockHoldoverPeriod W32time config setting. Modify the EventLogFlags W32time config setting if you wish to disable this message. ......................... SH-ABCD passed test SystemLog Starting test: VerifyReferences ......................... SH-ABCD passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : ABCD Starting test: CheckSDRefDom ......................... ABCD passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ABCD passed test CrossRefValidation Running enterprise tests on : ABCD.com Starting test: LocatorCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722 A Primary Domain Controller could not be located. The server holding the PDC role is down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1722 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1722 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722 A KDC could not be located - All the KDCs are down. ......................... ABCD.com failed test LocatorCheck Starting test: Intersite ......................... ABCD.com passed test Intersite

windows-dhcp-dns
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

You could accept the useful reply as answer if you want to end this thread up. If there is anything else we can do for you, please feel free to post in the forum.

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thanks for posting in Q&A platform.

Based on provided information, I noticed there was an error 1722 occurred in dcdiag. Error 1722 is an Active directory replication error: The RPC server is unavailable.

RPC is an intermediate layer between the network transport and the application protocol. RPC itself has no special insight into failures but attempts to map lower layer protocol failures into an error at the RPC layer.

RPC error 1722 / 0x6ba / RPC_S_SERVER_UNAVAILABLE is logged when a lower layer protocol reports a connectivity failure. The common case is that the abstract TCP CONNECT operation failed. In the context of AD replication, the RPC client on the destination DC was not able to successfully connect to the RPC server on the source DC. Common causes for this are:

Link local failure
DHCP failure
DNS failure
WINS failure
Routing failure (including blocked ports on firewalls)
IPSec / Network authentication failures
Resource limitations
Higher layer protocol not running
Higher layer protocol is returning this error

For detailed steps of troubleshooting this error, please refer to methods in the following article:

Active Directory replication error 1722: The RPC server is unavailable

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yuemingxu-1081 avatar image
0 Votes"
yuemingxu-1081 answered yuemingxu-1081 edited

the result of dcdiag above is originated from exchange server in hongkong to DC serrver in shanghai china.
and there is no error result in dcdiag result, which is originated from exchange server in shanghai to DC server in shanghai china.
so, is it proved the problem is in the network from hongkong to shanghai china?

and i do not know your words :"In the context of AD replication, the RPC client on the destination DC was not able to successfully connect to the RPC server on the source DC"
"AD replication and RPC client and RPC server " means the secondary DC server replicate from the primary DC server? ---------my dcdiag test is from exchange server in hongkong to DC server in shanghai china

and we have ipsec vpn from hongkong to shanghai, and all the communication using the network path from exchange server in hongkong to other exchange server and dc servers in shanghai china

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thanks for your update.

my dcdiag test is from exchange server in hongkong to DC server in shanghai china

I'm a little confused about this scenario you mentioned above. As far as I know, the command dcdiag cannot be initiated in member server and it can only be initiated in DC.

May I know how many DCs in your environment and what's the relationship between them and PDC?

Please run the following command in the problematic DC to check if there is any issue of DC replication.

Repadmin /showrepl >C:\repl.txt
Repadmin /showreps *

Best Regards,
Sunny

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yuemingxu-1081 avatar image
0 Votes"
yuemingxu-1081 answered

ok .now I typed the dcdiag command in our secondary DC server(the command option point to the primary DC server) , and the result views anything passed ok.
so there is no problem in our DC environment?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thank you very much for your feedback.

so there is no problem in our DC environment?

No. According your original posting, there were errors occurred which indicated that PDC could not be located. The server holding the PDC role is down.

Please run the following commands in both your PDC and secondary DC and share the results to us for further troubleshooting.

netdom query fsmo
nltest /dclist:domain

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yuemingxu-1081 avatar image
0 Votes"
yuemingxu-1081 answered yuemingxu-1081 edited

I have runned the two command you gave in my PDC and BDC, and the result views ok. All the fsmo roles are in my PDC and the nltest command display the same correct site and PDC&BDC, each command runned in my PDC and BDC.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thanks for your prompt reply.

If results of running those commands were correct. I would suggest we could check if there is any issue regarding of time syncing on your DC or client.

Please kindly run the following command successively on the problematic DC or client:

w32tm /query /source

w32tm /query /status

If the result was incorrect when running above commands, please run the following command in the problematic client or DC and check the results.

net stop w32time

w32tm /unregister

w32tm /register

net start w32time

w32tm /query /status

Best Regards,
Sunny

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yuemingxu-1081 avatar image
0 Votes"
yuemingxu-1081 answered yuemingxu-1081 edited

I have runned "w32tm /query /source", and it displays the correct DC server, and runned "w32tm /query /status",the command's result displays below(originated from the exchange server in hongkong and in BDC shanghai china issuing the nearly result) :
Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference - syncd by (S)NTP)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0333837s
Root Dispersion: 10.2032984s
ReferenceId: 0xC0A80CE4 (source IP: The DC server IP)
Last Successful Sync Time: 2021/3/25 14:26:00
Source: The DC server's FQDN
Poll Interval: 10 (1024s)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thanks for your feedback.

If the results of running above commands were correct, other logs would be necessary for further troubleshooting. Please understand, analysis of logs is beyond our forum support level, I would suggest you could open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

Also, in this way ,they can have a clear picture about your issue and your environment by phone communication and live share session.

You may find phone number for your region accordingly from the link below:

https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.