I’d not seen this one before, so figured it was worth noting for the future.
When performing an AD healthcheck, I tend to run the DcDiag tool like so:
dcdiag /e /c /v /f:dcdiag.log
This tests all servers in the enterprise (e), does comprehensive tests (c), produces verbose output (v), and logs to a file.
However, my dcdiag.log was getting cut off before it even got to the DNS tests – they ended up 21k in size where 100k+ is normal. Running it without logging to file showed it was crashing and events were getting logged. Doing a plain “dcdiag” it would run OK. This was on a pretty plain Windows Server 2003 domain controller.
The events logged were fairly generic 1000 ones, along the lines of:
Faulting application dcdiag.exe, version 5.2.3790.1830,
faulting module msvcrt.dll, version 7.0.3790.3959,
fault address 0x00038efa.
Thankfully I had internet access and with some googling, I came across this blog post from Tim Bolton, which described the issue.
The culprit is a SP1 version of DcDiag, on a server upgraded to SP2. Once the correct version of the Support Tools was downloaded and installed, it ran just fine.