DCDIAG.EXE /E or /A or /C expected errors

Article ID: 2512643 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenario:

You administer an AD environment. There may be a mixture of Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 DCs.

When running DCDIAG.EXE /E (or /A or /C) on Windows Server 2008 or Windows Server 2008 R2 (included with the operating systems), you see the following errors against all Windows Server 2003 DCs:

  •       Starting test: Services
                Invalid service type: RpcSs on DCDIAG-2003, current value
                WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
             ......................... DCDIAG-2003 failed test Services

When running DCDIAG.EXE /E (or /A or /C) on Windows Server 2008 or Windows Server 2008 R2 (included with the operating systems), you see the following errors against all Win2008 and Win2008 R2 DCs:

  •       Starting test: FrsEvent

             The event log File Replication Service on server
             dcdiag-2008.margiestravel.com could not be queried, error 0x6ba
             "The RPC server is unavailable."
             ......................... dcdiag-2008 failed test FrsEvent

  •       Starting test: DFSREvent

             The event log DFS Replication on server
             dcdiag-2008r2.margiestravel.com could not be queried, error 0x6ba
             "The RPC server is unavailable."
             ......................... dcdiag-2008r2 failed test DFSREvent

  •       Starting test: KccEvent

             The event log Directory Service on server
             dcdiag-2008.margiestravel.com could not be queried, error 0x6ba
             "The RPC server is unavailable."
             ......................... dcdiag-2008 failed test KccEvent

  •       Starting test: SystemLog

             The event log System on server dcdiag-2008.margiestravel.com could not
             be queried, error 0x6ba "The RPC server is unavailable."
             ......................... dcdiag-2008 failed test SystemLog

When running DCDIAG.EXE /E (or /A or /C) on Windows Server 2003 (included with the Support Tools out-of-band install):

  • No errors are logged for any of the DCs, regardless of OS.

When running DCDIAG.EXE /C (which includes /test:verifyenterprisereferences) on Windows Server 2008 or Windows Server 2008 R2 and the Domain Functional Mode is Windows Server 2008 or higher and FRS is still being used to replicate SYSVOL you see the following errors:

 Starting test: VerifyEnterpriseReferences
    The following problems were found while verifying various important DN references.  Note, that  these problems
    can be reported because of latency in replication.  So follow up to resolve the following problems, only if
    the same problem is reported on all DCs for a given domain or if  the problem persists after replication has
    had reasonable time to replicate changes.
       [1] Problem: Missing Expected Value
        Base Object: CN=SRV-01,OU=Domain Controllers,DC=margiestravel,DC=com
        Base Object Description: "DC Account Object"
        Value Object Attribute Name: msDFSR-ComputerReferenceBL
        Value Object Description: "SYSVOL FRS Member Object"
        Recommended Action: See Knowledge Base Article: Q312862

       [2] Problem: Missing Expected Value
        Base Object: CN=SRV-02,OU=Domain Controllers,DC=margiestravel,DC=com
        Base Object Description: "DC Account Object"
        Value Object Attribute Name: msDFSR-ComputerReferenceBL
        Value Object Description: "SYSVOL FRS Member Object"
        Recommended Action: See Knowledge Base Article: Q312862

       LDAP Error 0x20 (32) - No Such Object.
    ......................... SRV-01 failed test VerifyEnterpriseReferences

When running DCDIAG.EXE /C (which includes /test:outboundsecurechannels) and you specify /testdomain:<your trusted domain> on Windows Server 2008 or Windows Server 2008 R2 you see the following errors:

   Testing server: Default-First-Site-Name\SRV-01
      Starting test: OutboundSecureChannels
         [SRV-01] Does not have downlevel trust object for [contoso.com]
         [SRV-01] Does not have uplevel trust object for [contoso.com]
         [SRV-02] Does not have downlevel trust object for [contoso.com]
         [SRV-02] Does not have uplevel trust object for [contoso.com]
         ......................... SRV-01 failed test OutboundSecureChannels

Back to the top | Give Feedback

Cause

All of these behaviors are expected.

  • The Windows Server 2008/200R2 versions of DCDIAG are designed to test RPCSS for the Windows Server 2008 shared process setting - not the previous isolated process setting used in Windows Server 2003 and older operating systems. The tool does not distinguish between OSs for this service.
  • The Windows Server 2008/200R2 versions of DCDIAG assume that a Windows Server 2008 domain functional level means the DCs are replicating SYSVOL with DFSR.
  • The Windows Server 2008/200R2 versions of DCDIAG does not correctly test trust health
  • Windows Server 2008/2008 R2 does not allow remote connectivity to the event log based on default firewall rules.
  • The Windows Server 2003 version of DCDIAG does not report back an error if it cannot connect to the event log; it only reports if it connects and finds errors.
  • The Windows Server 2003 version of DCDIAG does not test the RPCSS service configuration.
Back to the top | Give Feedback

Resolution

There are multiple workarounds to these issues:

  • Ignore all these errors when running DCDIAG.
  • To stop the event log-related errors, enable the built-in incoming firewall rules on DCs so that the event logs can be accessed remotely:

Remote Event Log Management (NP-In)
Remote Event Log Management (RPC)
Remote Event Log Management (RPC-EPMAP)

This can be done through the "Windows Firewall with Advanced Security" snap-in (WF.MSC), using the firewall group policy (Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Windows Firewall with Advanced Security), or by using NETSH.EXE ADVFIREWALL

  • To stop the RPCSS service error, you can opt out of the test with /SKIP:SERVICES. There are caveats to this, see More Information. It is better to simply ignore this specific error altogether when it is returned from Win2003 DCs.

    It’s expected and normal for this service’s behavior type to be 0x10 (isolated) on Windows Server 2003 and 0x20 (shared) on Windows Server 2008 and later. Do not change it based on what DCDIAG says unless you are running the version of DCDIAG that goes with that OS. Between Windows Server 2003 and Windows Server 2008, the behavior changed for the RPC service, but there was nothing yet to share in that svchost.exe process. In Windows Server 2008 R2, the new RPCEptMapper service was added to that shared svchost process. You can see who would launch in that same process by looking for this value in the service registry keys:

%systemroot%\system32\svchost.exe –k RPCSS.  

Do not change the service type on Windows Server 2003 to stop the error. There may be unexpected issues long-term as this is not a tested  configuration. These issues would be extremely difficult to identify or trace back to this root cause.

Long term solution to the RPCSS service issue: replace the remaining Windows Server 2003 servers with a later operating system.

  • To stop the OutboundSecureChannels errors, use /skip:outboundsecurechannels. The tests are not valid and can be instead tested with NETDOM.EXE and NLTEST.EXE.
  • To stop the VerifyEnterpriseReferences errors, migrate your SYSVOL from FRS to DFSR. Since you are using a native Windows Server 2008 or later domain, FRS is no longer recommended for SYSVOL replication and nothing is preventing you from replacing the deprecated FRS system. See http://technet.microsoft.com/en-us/library/dd640019.aspx.
Back to the top | Give Feedback

More Information

The Windows Server 2008/2008 R2 DCDIAG Services test checks for the following services to be running, configured with default start options, and configured with default process types:

(Note: these are the true service names in the registry under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services)

RPCSS - Start Automatically - Shared Process
EVENTSYSTEM - Start Automatically - Shared Process
DNSCACHE - Start Automatically - Shared Process
NTFRS - Start Automatically - Own Process
ISMSERV - Start Automatically - Shared Process
KDC - Start Automatically - Shared Process
SAMSS - Start Automatically - Shared Process
SERVER - Start Automatically - Shared Process
WORKSTATION - Start Automatically - Shared Process
W32TIME - Start Manually or Automatically - Shared Process
NETLOGON - Start Automatically - Shared Process

(If domain functional level is Windows Server 2008 or later)
DFSR - Start Automatically - Own Process

(If target is Windows Server 2008 or later)
NTDS - Start Automatically - Shared Process

(If using SMTP-based AD replication)
IISADMIN - Start Automatically - Shared Process
SMTPSVC - Start Automatically - Shared Process

Back to the top | Give Feedback
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use
(http://go.microsoft.com/fwlink/?LinkId=151500)
for other considerations.
Back to the top | Give Feedback

Properties

Article ID: 2512643 - Last Review: March 17, 2011 - Revision: 4.0
APPLIES TO
  • Microsoft Windows Server 2003 Service Pack 2
  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2008 Service Pack 2
Keywords: 
KB2512643
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top

Article Translations