Chat now with support
Chat with Support

Active Administrator 8.4 - Web Console User Guide

Active Administrator Web Console Overview Active Directory Health Alerts Notifications Active Directory Health Check
Using the Health Check landing page Creating a Health Check Setting options for Health Check tests Health check tests
Forest tests Domain tests Domain controller tests Site tests
Active Directory Topology Reports Network Operations Center

Invalid secondary DNS domain controller IP address

Indicates that the secondary DNS service is reporting one or more invalid IP addresses for domain controllers in the domain in which the DNS server is located. An invalid IP address can cause the domain controller to be unreachable by some or all clients.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally and remotely, only domain user privilege is required. When monitored remotely, the target server must have WMI remote access enabled and the user must be a member of the Distributed COM Users group.

This test queries DNS for the Service Locator (SRV) records and compares the results to the IP address reported by the Active Directory Health Analyzer agent hosted on the domain controller. This test indicates if the address retrieved in the DNS query is malformed, does not exist, or does not match the address reported by the agent.

This test is accompanied by a list of aberrant DNS SRV entries. Each entry consists of an IP address and a DNS name delimited by a single space. For example:

This situation may also occur if a domain controller is configured to obtain its IP address dynamically (via DHCP). Note that it is strongly recommended that the IP addresses of all domain controllers be statically assigned.

Reconcile the DNS SRV entries with the IP address reported by the network adapter (or by DHCP, if applicable). The SRV entries appear under _ldap._tcp.dc._msdcs.<zone-name> in the DNS Management Console.

Kerberos Key Distribution Center service

Indicates the Kerberos Key Distribution Center (KDC) service is not currently running on the domain controller.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally, only domain user privilege is required. When monitored remotely, domain administrator privilege is required.

This test checks if KDC service is running.

Use the Services MCC snap-in or another SCP application to restart the KDC service.

LDAP response time

Indicates that the response time of the domain controller to a Lightweight Directory Access Protocol (LDAP) request equals or exceeds the configured threshold.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally and remotely, only domain user privilege is required.

Active Directory® clients use LDAP to communicate with the Directory Service Agent (DSA). A high response time value indicates that the domain controller is not satisfying directory requests quickly, which can result in poor client response times and, if bad enough, login and authentication failures.

Anything that could cause a reduction in overall system performance can increase LDAP response time. For instance, running too many processes, or running processes that use too much memory or CPU can reduce system performance and increase LDAP response times.

A poorly configured server can also increase LDAP response times. For instance, if the paging file is not large enough or if the disks are badly fragmented, poor disk performance can increase LDAP response time.

In some cases faulty hardware can also cause an increase in LDAP response time. For instance, a marginal Network Interface Card (NIC) can reduce network performance on the server, and a failing disk can make directory queries take a long time.

It is possible that the DSA on the domain controller is overloaded by incoming directory requests, by excessive Access Control List (ACL) propagation, or by too many complex directory queries.

Logic disk details

Information only. Lists the disk name, total disk size, amount of free space, percentage of used space, and whether or not the disk is compressed.

Related Documents