Curious about some failures with DCDIAG
I don't see much value in opening the firewall in order to pass the test other than eliminating those errors from the DCDIAG results. Reading the event logs isn't a fundamental operation of AD and the sole purpose of reading them during DCDIAG is to discover and illuminate AD related errors that may be in the logs.
If you've manually reviewed the logs and are confident that there are no issues that might have been discovered by the DCDIAG inspection of the logs then I'd probably suggest ignoring that particular error.
EDIT
I should add that I don't recommend nor do I advocate turning off the Windows Firewall. The Windows Firewall is an important part of a layered security approach.
Related videos on Youtube
![Daniel](https://i.stack.imgur.com/NNmnT.png?s=256&g=1)
Daniel
Updated on September 18, 2022Comments
-
Daniel almost 2 years
I ran a
c:\dcidag /v /c /e
test (/v = verbose, /c = comprehensive, /e = every DC) on all of my (currently) 5 Domain Controllers, and received this summary of results at the end:Aut. B s. Reenv. Del. Din. RReg. Ext. _________________________________________________________________ Domain: mydomain.com dc-serv-1 PASS PASS PASS PASS PASS PASS n/a dc-serv-2 PASS PASS PASS PASS PASS PASS n/a dc-serv-3 PASS PASS PASS PASS PASS PASS n/a dc-serv-4 PASS PASS PASS PASS PASS PASS n/a dc-serv-5 PASS PASS PASS PASS PASS PASS n/a
So, that’s a good thing, obviously. But when I read through the results in detail, I found that every server, except the server from which the test was run, was failing three tests:
Starting test: DFSREvent The event log DFS Replication on server dc-serv-2.mydomain.com could not be queried, error 0x6ba "The RPC server is unavailable." ......................... dc-serv-2 failed test DFSREvent Starting test: KccEvent The event log Directory Service on server dc-serv-2.mydomain.com could not be queried, error 0x6ba "The RPC server is unavailable." ......................... dc-serv-2 failed test KccEvent Starting test: SystemLog The event log System on server dc-serv-2.mydomain.com could not be queried, error 0x6ba "The RPC server is unavailable." ......................... dc-serv-2 failed test SystemLog
If I ran the test from
dc-serv-1
, thendc-serv-1
(the local server) would pass everything, butdc-serv-2
through-5
would fail those same three tests, and pass everything else.I found this support page https://support.microsoft.com/en-us/kb/2512643 which seems to indicate that this is normal for Windows Server 2008+. I am running Windows Server 2012 R2 on all DCs.
The support page says that the cause is a firewall issue, which makes sense since the local server passes without issues. The support page says that I can just ignore these errors (which also makes sense considering the final status is listed as
PASS
) or I can open the firewall to allow the logs to be read.Are there any advantages/disadvantages to fixing these errors by opening the firewall?