AD / DNS Problems

[webdavuser]

Hi,

I recently replaced our only DC & DNS server with a completely new server. First of all, I added the new machine to the domain, installed AD onto it, and did a fresh build of DNS, too. I made the new server the Global Catalog, then some time later removed global catalog from the old server. I also transferred the 5 roles across to the new server (RID Master, PDC, Infrastructure Master, Domain Naming Master & Scheming Master). (At least, I believe I did this correctly.) I then did a forced uninstall of AD on the old server. The old server is now switched off completely.

Since then, I’ve had no end of problems with AD on the new server. It appears that it can’t see the global catalog anymore. I ran the netdiag tool & got the following output:

Computer Name: NEWYORK
DNS Host Name: newyork.(Domain Name)
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 8, GenuineIntel
List of installed hotfixes :
Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : newyork
IP Address . . . . . . . . : 10.0.0.10
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . : 10.0.0.1
Dns Servers. . . . . . . . : 212.159.11.150
212.159.13.150

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{E0E22C6F-8731-4617-B460-43C981771EED}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry (Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.0ebd97ed-c26e-4c66-953c-04ad7df4e9be.domains._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry gc._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry 20278901-38f0-4a2f-9a08-c89de689fd36._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _gc._tcp.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry ForestDnsZones.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry DomainDnsZones.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.(Domain Name). re-registeration on DNS server '212.159.11.150' failed.
DNS Error code: DNS_ERROR_RCODE_NOTAUTH
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server '212.159.11.150'.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{E0E22C6F-8731-4617-B460-43C981771EED}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{E0E22C6F-8731-4617-B460-43C981771EED}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain '(Domain Name)'. [ERROR_NO_SUCH_DOMAIN]

DC list test . . . . . . . . . . . : Failed
'(Domain Name)': Cannot find DC to get DC list from [test skipped].

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Skipped
'(Domain Name)': Cannot find DC to get DC list from [test skipped].

LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified domain either does not exist or could not be contacted.

[WARNING] Cannot find DC in domain '(Domain Name)'. [ERROR_NO_SUCH_DOMAIN]

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

-----

Can anyone see where I’m going wrong?

Regards,

Keith

 

[Hondy]

your DNS server entries on your NIC are wrong i think.

they should be 10.0.0.10

the external IPs you have should be the forwarders in the DNS zone

DC's DNS server settings should point to itself

 

[webdavuser]

Hondy,

Thanks for that. I tried it before, but that was before I cleaned up DNS. It certainly looks better. Hopefully that's the problem sorted, now, thanks.

Keith

 

[Hondy]

no worries, it just looked like it couldn't resolve anything at all. Basically the everything would be looking to the DC for an answer but your DC was set to find the answer out from an external network. Obviously that network will not know anything about your domain. Pointing the DNS to itself means it can check its own records for the resolution and being that the DC is the central point of reference for the domain then this is fairly fundamental.

Good, hope its fixed

 

[webdavuser]

I've had a chance to look at this again. Unfortunately, it didn't fix the problem. I've been looking through various errors in the event log on the DC& one specifically says:

Active Directory was unable to establish a connection with the global catalog server.

(Event ID: 1126)

Active Directory is working fine. I think there is a small config error somewhere, but can't find it yet.

Any suggestions?

Keith

 

[pagy]

It should have fixed some of the DNS errors you were getting, so leaving you with 'just' the problem of the GC.

You say you did a forced uninstall of AD off of the old DC, why a forced uninstall?? Did you have any errors when doing this?

Have you been through these;

http://kbalertz.com/910204/Troubles...-domain-controller-global-catalog-server.aspx

http://support.microsoft.com/kb/842208

You could try taking the GC role of the DC and then making it a GC again - open AD sites and services - drill down to ntds settings and then uncheck - click ok - and recheck the global catlog option.



Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams

 

[LiverpoolFan]

When you created the new DC did you give it enough time to replicate after telling it it was no longer a GC?

The possible problem is that your AD still thinks that that DC still exists as thats what happens with a forced uninstall. The info for that DC still exists within AD.

Now this is when it gets messy, because this means you need to perform a metadata cleanup of AD.

You can use ADSIEdit to check.

I could be wrong, of course, but this is one possible issue with a forced removal from a DC. Here is the MS article on how to perform a metadata cleanup:

http://support.microsoft.com/kb/216498/en-us

 

[webdavuser]

Yes, I did wonder whether it was left long enough, as it can't find the GC. Having said that, I thought I left it for at least a week to switch over, but I could be wrong.

The reason for changing the AD server, was that we needed to convert the physical machine into a virtual one. I tried several times to use VMWare converter, but it kept on failing. So instead, I went for a complete rebuild.

I did a metadata cleanup to remove the last remnants of the previous server from the domain, but I'm still having problems.

Here's a dcdiag I just ran:

C:\>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine newyork, is a DC.
* Connecting to directory service on server newyork.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NEWYORK
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... NEWYORK passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NEWYORK
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=DomainDnsZones,DC=(Domain Name),DC=xcomm,DC=co,DC=uk
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=ForestDnsZones,DC=(Domain Name),DC=xcomm,DC=co,DC=uk
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=(Domain Name),DC=xcomm,DC=co,DC=uk
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=(Domain Name),DC=xcomm,DC=co,DC=uk
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=(Domain Name),DC=xcomm,DC=co,DC=uk
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
* Replication Site Latency Check
......................... NEWYORK passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC NEWYORK.
* Security Permissions Check for
DC=DomainDnsZones,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
(NDNC,Version 2)
* Security Permissions Check for
DC=ForestDnsZones,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
(Configuration,Version 2)
* Security Permissions Check for
DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
(Domain,Version 2)
......................... NEWYORK passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\NEWYORK\netlogon)
[NEWYORK] An net use or LsaPolicy operation failed with error 1203, Win
32 Error 1203.
......................... NEWYORK failed test NetLogons
Starting test: Advertising
Fatal ErrorsGetDcName (NEWYORK) call failed, error 1355
The Locator could not find the server.
......................... NEWYORK failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=NEWYORK,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
Role Domain Owner = CN=NTDS Settings,CN=NEWYORK,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
Role PDC Owner = CN=NTDS Settings,CN=NEWYORK,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
Role Rid Owner = CN=NTDS Settings,CN=NEWYORK,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
Role Infrastructure Update Owner = CN=NTDS Settings,CN=NEWYORK,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=
co,DC=uk
......................... NEWYORK passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* newyork.(Domain Name).(Domain Name).co.uk is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2112
......................... NEWYORK passed test RidManager
Starting test: MachineAccount
Checking machine account for DC NEWYORK on DC NEWYORK.
* SPN found :LDAP/newyork.(Domain Name).(Domain Name).co.uk/(Domain Name).(Domain Name).co.uk
* SPN found :LDAP/newyork.(Domain Name).(Domain Name).co.uk
* SPN found :LDAP/NEWYORK
* SPN found :LDAP/newyork.(Domain Name).(Domain Name).co.uk/(Domain Name)
* SPN found :LDAP/20278901-38f0-4a2f-9a08-c89de689fd36._msdcs.(Domain Name).
xcomm.co.uk
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/20278901-38f0-4a2f-9a
08-c89de689fd36/(Domain Name).(Domain Name).co.uk
* SPN found :HOST/newyork.(Domain Name).(Domain Name).co.uk/(Domain Name).(Domain Name).co.uk
* SPN found :HOST/newyork.(Domain Name).(Domain Name).co.uk
* SPN found :HOST/NEWYORK
* SPN found :HOST/newyork.(Domain Name).(Domain Name).co.uk/(Domain Name)
* SPN found :GC/newyork.(Domain Name).(Domain Name).co.uk/(Domain Name).(Domain Name).co.uk
......................... NEWYORK passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... NEWYORK passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
NEWYORK is in domain DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
Checking for CN=NEWYORK,OU=Domain Controllers,DC=(Domain Name),DC=(Domain Name),DC=c
o,DC=uk in domain DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=NEWYORK,CN=Servers,CN=Default-First-Si
te-Name,CN=Sites,CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk in domain CN=
Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk on 1 servers
Object is up-to-date on all servers.
......................... NEWYORK passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The
error returned was 0 (Win32 Error 0). Check the FRS event log to see
if the SYSVOL has successfully been shared.
......................... NEWYORK passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... NEWYORK passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... NEWYORK passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... NEWYORK passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=NEWYORK,OU=Domain Controllers,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk and
backlink on
CN=NEWYORK,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat
ion,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
are correct.
The system object reference (frsComputerReferenceBL)
CN=NEWYORK,CN=Domain System Volume (SYSVOL share),CN=File Replication S
ervice,CN=System,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
and backlink on
CN=NEWYORK,OU=Domain Controllers,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk are
correct.
The system object reference (serverReferenceBL)
CN=NEWYORK,CN=Domain System Volume (SYSVOL share),CN=File Replication S
ervice,CN=System,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
and backlink on
CN=NTDS Settings,CN=NEWYORK,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=(Domain Name),DC=(Domain Name),DC=co,DC=uk
are correct.
......................... NEWYORK passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : (Domain Name)
Starting test: CrossRefValidation
......................... (Domain Name) passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... (Domain Name) passed test CheckSDRefDom

Running enterprise tests on : (Domain Name).(Domain Name).co.uk
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... (Domain Name).(Domain Name).co.uk passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
PDC Name: \\newyork.(Domain Name).(Domain Name).co.uk
Locator Flags: 0xe00003fd
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... (Domain Name).(Domain Name).co.uk failed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS

Any help or advice would be appreciated. Pagy - unfortunately neither of the links you posted contained any event log errors that I'm seeing.

Thanks,

Keith