Applies to: All versions of Centrify DirectControl.

Problem:

adcheck reports "marginal" when checking DNS servers.

For example in the output below,  it is noticed the first DNS server is reported as "marginal". What does "marginal" mean ?

dhcp1 # ./adcheck-sol8-sparc.datseas.yourcompany.com -t net -V
adcheck (CentrifyDC 4.4.0-362)

Host Diagnostics
    uname: SunOS dhcp1 5.10 Generic_141444-09 sun4v
      OS: SunOS
      Version: 5.10
      Number of CPUs: 24
Inspecting DNS configuration
    Configured DNS servers are: -
        138.164.141.12 (ns2.yourcompany.com )
            UDP OK, response time = 0.1063
            UDP OK, response time = 0.0017
            UDP OK, response time = 0.0017
            UDP OK, response time = 0.0017
            UDP OK, response time = 0.0016
            TCP OK, response time = 0.0007
        171.253.152.50 (ns3.yourcompany.com )
            UDP OK, response time = 0.0029
            UDP OK, response time = 0.0029
            UDP OK, response time = 0.0029
            UDP OK, response time = 0.0029
            UDP OK, response time = 0.0028
            TCP OK, response time = 0.0019
IP Diagnostics
Local host name: dhcp1
Local IP Address: 118.164.144.162
Not found in DNS!Make sure it is in Reverse Lookup Zone.
FQDN host name:
FQDN host name:dhcp1 (domain missing?)
    look for local ssh server - found  SSH-2.0-Sun_SSH_1.1.3
NSHOSTS  : Check hosts line in /etc/nsswitch.conf  : Pass
DNSPROBE : Probe DNS  server 138.164.141.12                             : Pass
DNSPROBE : Probe DNS  server 171.253.152.50                             : Pass
DNSCHECK : Analyze basic health of DNS  servers                         : Warning
         : One or more DNS server are dead or marginal
         : You might be able to continue but it is very likely that  you will have problems
         : Check the following IP addresses in /etc/resolv.conf
         :
         : The following table lists the state of all configured DNS  servers
         :  138.164.141.12 (ns2.yourcompany.com ): marginal
         :  171.253.152.50 (ns3.yourcompany.com): OK

1 warnings were encountered during check. We recommend checking these  before proceeding.

Cause:

adcheck checks the readiness of machine to join an Active Directory domain. The adcheck command performs operating system, network, and  Active Directory tests to verify that a machine is ready to join the specfied Active Directory domain. 

In the command "adcheck-sol8-sparc.datseas.yourcompany.com -t net -V"

The flag  -t means "Run only one of the tests", -V means verbose and -net means "Run the network check" to check for response time.

adcheck reports "marginal" if the response time from any of the DNS servers is greater than 0.1 sec ( > 1/10 of a sec).

"UDP OK, response time = 0.1063".

Workaround:

You can check why the DNS server is taking time (> 0.1 sec) to respond or simply ignore the message and proceed with the install or join.

Resolution:

Future releases of DirectControl will do some fine tuning or improve the verbiage "marginal".