Others


A Call To The Intersite Messaging Service That Specifies The Transport Failed

AIS Monitoring Platform has discovered that the a call to the Intersite Messaging service that specifies the transport failed. The Knowledge Consistency Checker (KCC) is a component of Active Directory Domain Services (AD DS) that is responsible for generating the replication topology between domain controllers. Generating an efficient and fault-tolerant replication topology is an integral part of achieving data consistency between domain controllers. This can be cause if the intersite Messaging service is in stopped state.

AD DS Directory Partition Has Not Been Backed Up

AIS Monitoring agent has discovered Active Directory database partition has not been backed up atleast since 30 days. Even if you are backing up this server is using any block level backups, we recommend you to configure system state backup once in a week. Impact : You should back up the directory database on a domain controller routinely so that if hardware fails or data becomes corrupt, you can quickly recover the information in the database.

AD DS Site Has No NTDS Site Settings Object

AIS Monitoring agent has discovered there is no NTDS Site Settings child object for the site. Impact : This is a miss configuration of the Active directory Sites and Services.

All Domain Controllers In The Following Site That Can Replicate The Directory Partition Over This Transport Are Currently Unavailable

AIS Monitoring Platform has discovered that all domain controllers in the site that can replicate the directory partition over this transport are currently unavailable. This can be caused if the TCP/IP properties of the network connections of the computer contain wrong IP address(es) of the preferred and alternate DNS servers or the Specified preferred and alternate DNS servers are not running.

Cannot Find Primary DNS Server

AIS Monitoring Platform has discovered that the NetDiag DNS test is failed with error Cannot find a primary authoritative DNS server. This can be caused if the DNS is not configured correctly on the server.

Cannot Send Mailslot To 'DC' Via Browser

AIS Monitoring Platform has discovered that the NetDiag Redir and Browser test failed with error [FATAL] Cannot send mailslot message to ‘DC Name’ via browser. A limitation on the UDP packet size may cause this error.

Could Not Get Machine NetBIOSDomain Name

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for MachineAccount check failed with error Could not get NetBIOSDomainName. This behavior can occur if the 1b (domain master browser) and 1c (domain controller) NetBIOS names for the DC in the trusted domain are not registered in the Windows Internet Naming Service (WINS). This can occur when the WINS servers in the two domains do not replicate to each other.

DC Holding GC Role Does Not Advertise As GC

AIS Monitoring Platform has discovered that the Domain controller diagnostic Advertising test failed with error DC holding GC role does not advertise as GC. A global catalog must replicate inbound copies of all objects from all domain partitions in the forest before the global catalog can advertise the global catalog role.

DC Is Not Registered On Any DNS Servers

AIS Monitoring Platform has discovered that the NetDiag DNS test failed with error No DNS servers have the DNS records for this DC registered. If DNS records are not registered in the DNS server, no other computer or user is able to locate the domain controller.

Default SPNs Not Registered On Any DCs

AIS Monitoring Platform has discovered that the NetDiag LDAP test failed with error [FATAL] The default SPNs are not properly registered on any DCs. This can be caused if DNS Zones are not configured properly. May be also caused if Dynamic updates is not configured.

Directory Service Client/Server Authentication Ratio Is Above Recommended Threshold

AIS Monitoring Platform has discovered that Directory Service Client/Server authentication ratio is above recommended threshold. DS Client Binds per second : The number of ntdsapi(dot)dll binds per second serviced by this domain controller. Note:-(ntdsapi.dll is a module that contains a set of COM interfaces used to access the capabilities of directory services from different network providers in a distributed computing environment. The file is used to present a single set of directory service interfaces for managing network resources.) DS Server Binds per second : This indicates a possible issue with the number of domain controller to domain controller binds per second that are serviced by this domain controller.

Directory Service Notify Queue Size Is Above Recommended Threshold

AIS Monitoring Platform has discovered the number of pending update notifications are queued and not yet transmitted to clients.

DNS Server Currently Has No DNS Domain Name

AIS Monitoring agent has deteected the DNS server machine currently has no DNS domain name. The DNS server must be configured with a fully qualified domain name (FQDN) to function properly. This computer is configured with a single-label name. Impact : This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.

DNS Record Is Not Updated

AIS Monitoring Platform has discovered that the DNS record is not updated. NetDiag DNS test is failed with error [FATAL] Could not open file *netlogon.dns for reading. This can be caused due to Security Permission issue on file level or file corruption.

DNS Registration Is Incorrect

AIS Monitoring Platform has discovered that the NetDiag DNS test failed with error DNS registration for DC is incorrect on all DNS servers. Improper DNS registration can lead to a wide variety of failures, because all Active Directory services depend on the ability of the devices to locate domain controllers, which is performed through DNS queries.

Domain Controller Can Not Replicate

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with error Warning: Attribute userAccountControl of is:0x82020. This can be caused if Domain Controller might be using wrong UserAccountControl value.

Domain Controller Cannot Replicate

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for MachineAccount check failed with error The account SERVER is not a DC account. Warning: 0x81000. This problem occurs when a file ID for data in the FRS database does not match the file ID for the data in the update sequence number (USN) journal database.

Kerberos Fail To Generate Ticket For DC

AIS Monitoring Platform has discovered that the NetDiag Kerberos test failed with error Kerberos does not have a ticket for DC. This can be caused due to DNS problems. Can also be caused if the time is not synchronized between the two computers.

LDAP Test Failed

AIS Monitoring Platform has discovered that the NetDiag LDAP test failed with error Failed to query SPN registration on DC. The domain controller that accepts the conflicting SPN value cannot replicate with the domain controller for which the SPN attribute is written. Because the domain controller cannot replicate, the domain controller never receives the correct updated SPN through replication.

LsaPolicy Operation Failed Due To Access Is Denied

AIS Monitoring Platform has discovered that the LsaPolicy operation failed due to Access is denied. This behavior occurs if the SMB signing settings for the Workstation service and for the Server service contradict each other.

LsaPolicy Operation Failed Due To Network Provider Error

AIS Monitoring Platform has discovered that the LsaPolicy operation failed due to network provider error.

Machine Account Test Failed With Access Denied

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for MachineAccount check failed with error Machine account test failed with access denied. This can be caused if the client uses a Lightweight Directory Access Protocol (LDAP) server or domain controller that has not yet replicated the account deletion, but does not have correct permissions to modify the account that still exists.

Missing SPN Record Of DC

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for MachineAccount check failed with error Missing SPN :(null). The servicePrincipalName attribute is a multiple-valued, non-linked attribute. In some Dcpromo.exe update situations, the replication SPN may be lost because of a conflict with another write process on this attribute.

NetBIOS Name Is Not Registered Properly

AIS Monitoring Platform has discovered that the NetDiag NetBT name test failed with error This issue can be caused by duplicate NetBIOS names on the network make sure that the offending computer does not have the same NETBIOS name as the computer that is experiencing the problem. NetBIOS Name is not registered properly. The DNS servers that the domain controllers in one forest use may not be able to resolve the DNS names for domain controllers in another forest, and the other way around. If the DNS names for trusting domains are not registered with an Internet Register, then the DNS Servers used by DCs in the trusted domain cannot use forwarders to resolve the DNS queries needed to support the trust.

NetBT Transports Test Failed

AIS Monitoring Platform has discovered that the NetDiag NetBT transports test failed with error [FATAL] No NetBt transports are configured. This can be caused if the Preferred or alternate DNS servers are configured with wrong root hints. Parent DNS zone contains incorrect delegation to the child zone. Authoritative for the DNS records that failed registration.

Netlogon Dns Contains Invalid DNS Entries

AIS Monitoring Platform has discovered that the NetDiag DNS test failed with error Netlogon.dns contains invalid DNS entries.

Network Issues Cause Ldap Search Failed

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with Ldap search failed. This problem may occur if the value of the MaxReceiveBuffer attribute in the LDAP policy is greater than 10737418.

Not Able To Bind To Schema Owner Via LDAP

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with Schema Owner, but is not responding to LDAP Bind. This issue can occur because even though the domain controller is the schema owner, by default you cannot edit the schema. You must enable The Schema may be modified on this Domain Controller option in the Active Directory Schema MMC snap-in to modify the schema.

Not Able To Bind To Schema Owner Via RPC

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with Not able to bind to Schema Owner via RPC. This problem occurs because the Strict Replication Consistency functionality is being enforced on the inbound domain controller. Typically, this problem occurs because the domain controller that has the extra (or lingering) object has been out of replication for more than one tombstone lifetime.

Possible Issue On Domain Controller With LDAP Protocol

AIS Monitoring Platform has discovered LDAP problems on the server. This indicates a possible issue with the LDAP (Lightweight Directory Access Protocol). Applications that use LDAP typically retrieve or manage user and computer-resource information stored in a directory service such as the Active Directory directory service. Because Exchange uses Active Directory to store user and configuration information, LDAP is used to communicate with the directory in applications that manage users and server configuration.

Read/Write Operation Is Taking Long Time For Directory Service

AIS Monitoring Platform has discovered that the Read/Write operation is taking long time for Directory service. This indicates that the number of Directory read or write per second has increased this may cause Server Performance issue.

RPC Issue Due To Secure Channel Broken OR LDAP Bind Failed

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with Domain Owner, but is not responding to LDAP Bind. This indicates RPC issue due to secure channel broken OR LDAP Bind failed.

Secure Channel To 'DC' Is Broken

AIS Monitoring Platform has discovered that the NetDiag Domain membership test failed with error [WARNING] Ths system volume has not been completely replicated. This indicates that the secure channel to the Domain Controller is broken. These problems may occur if any of the following conditions is true: 1. The name of the domain member was recently changed. 2. The Emergency Repair Disk was used, but it contained old information. 3. The domain member computer account was removed.

Server Not Advertising As A Time Server

AIS Monitoring Platform has discovered that the Domain controller diagnostic Advertising test failed with error Server Not advertising as a time server. This can be caused if there is no authoritative time server in Windows Server.

SPN Registration Is Missing

AIS Monitoring Platform has discovered that the NetDiag LDAP test failed with error [WARNING] The default SPN registration for ‘HOST/SERVER’ is missing on DC SERVER. The servicePrincipalName attribute is a multiple-valued, non-linked attribute. In some Dcpromo.exe update situations, the replication SPN may be lost because of a conflict with another write process on this attribute.

The Current DC Is Not In The Domain Controller's OU

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for MachineAccount check failed with error local machine account is missing. This indicates that the current DC is not in the domain controller’s OU. These issues may occur if the computer account is not updated correctly during the domain controller promotion procedure (Dcpromo). The problem may occur if domain controllers were moved from their original organizational unit to a child organizational unit of the Domain Controllers organizational unit. The machineaccount test of the Dcdiag tool performs a Lightweight Directory Access Protocol (LDAP) query with a scope that is set to LDAP_SCOPE_ONELEVEL to verify that the computer account of the domain controller is present in the Domain Controller organizational unit. If the domain controller is moved to a child organizational unit, the test fails.

The Intersite Messaging Service Using The SMTP, An Warning Event Occurred

AIS Monitoring Platform has discovered that the Domain Controller Diagnosic test for KCC failed with SMTP error, while Intersite Messaging service is using the SMTP. This might cause mail delivery problems.

The Knowledge Consistency Checker (KCC) Has Detected Generic Error

AIS Monitoring Platform has discovered that the Knowledge Consistency Checker (KCC) has detected Generic error. This can occur if the domain controllers that host the identified directory partition are not accessible. This can also occur if adequate site connectivity doesnt exists.

The Knowledge Consistency Checker (KCC) Has Detected Problems With The Following Directory Partition

AIS Monitoring Platform has discovered that the Knowledge Consistency Checker (KCC) has detected problems with the directory partition. This problem can have the following causes: 1. Site link bridging is enabled on a network that does not support physical network connectivity between two domain controllers in different sites that are connected by a site link. 2. Bridge all site links is enabled in Active Directory Sites and Services, but the network does not allow network connectivity between any two domain controllers in the forest. 3. One or more sites are not contained in a site link. 4. Site links contain all sites, but the site links are not interconnected. This condition is known as disjointed site links. 5. One or more domain controllers are offline. 6. Bridgehead domain controllers are online, but errors occur when they try to replicate a required directory partition between Active Directory sites. 7. Administrator-defined preferred bridgehead servers are online, but they do not host the required directory partition. The most common misconfiguration is to define non-global catalog servers as bridgehead servers. 8. Preferred bridgeheads are defined correctly by the administrator, but they are currently offline. 9. The bridgehead server is overloaded because the server is undersized, too many branch sites are trying to replicate changes from the same hub domain controller, or the replication schedules on site links or connection objects are too fr

The Knowledge Consistency Checker (KCC) Was Unable To Form A Complete Spanning Tree Network Topology

AIS Monitoring Platform has discovered that the Domain controller diagnostic Knowledge Consistency Checker (KCC) test failed with error, Unable to form a complete spanning tree network topology. This can be caused if there is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology.

The Query For Messages For Service NTDS Replication Via Transport SMTP Failed

AIS Monitoring Platform has discovered that the Domain Controller Diagnosic test for KCC failed with error, NTDS Replication via transport SMTP failed. Possible errors can be problems with the KCC in constructing the topology, problems from the SMTP service (SMTPSVC) in delivering the mail, problems from the ISM service in reading the messages, or problems from the NTDS in decoding and applying the mail.

The Server Holding The PDC Role Is Down

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with error The server holding the PDC role is down.

Time Sever Test Failed With Error

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with error DcGetDcName(TIME_SERVER) call failed, error 1355. This issue can occur because either the Windows Time service has stopped or in the Windows Time service on the domain controller, Startup Type is set to Disabled.

Last modified April 17, 2020