No announcement yet.

replication problem

  • Filter
  • Time
  • Show
Clear All
new posts

  • replication problem

    I need a help. I've some problems with servers (2xW2K=DC, W2K3=PDC). The replication of AD doesn't work (and cause of that I can't remove via dcpromo AD from both of W2K servers - on the 1st I've got an error that "DC for that domain can not be found"; on he 2nd - "it was impossible to replicate local changes"). When I look for the problem (used AD replication monitor), on the 1st server I've got an error "Operation DSA can not continue, cause of getting error during DNS search" and on the 2nd I've got an error "unknown username or wrong password " (it's translated from czech version).
    Anybody know, how to solve it?

    thx 4 help


  • #2

    By the lack of information, it seems like it has something to do with mis-configured DNS.
    Can you please list more details about your environment? Like who points to who to get DNS queries? Relevent event's about Directory Service and DNS Service...


    • #3
      There is just one DNS, so all requests should be send to this one (it's PDC - there are also set DNS of provider, which should DNS requests, which are not able to resolve PDC).

      In Attachements are text files with results of NetDiag test of both DC (not the PDC)

      Attached Files


      • #4
        Re: replication problem


        from your logs a see 3 errors

        1-- This machine is not working properly as a DC.

        2-- Trust relationship test. . . . . . : Failed
        'KPNET': No DCs are up (Cannot run test).
        [FATAL] Secure channel to domain 'KPNET' is broken. [ERROR_NO_LOGON_SERVERS]

        3-- Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for OBELIX$.

        i think you need to check if server is working corectly like DC
        ==> check sysvol and event 13516 on eventlogs for file replication services
        see if the servers is present in OU domain controllers using adsiedit.msc

        and check the attribut useraccountcontrol for the impacted DC.

        ==> How to use the UserAccountControl flags to manipulate user account/machine properties
        Typical user : 0x200 (512)
        Domain controller : 0x82000 (532480)
        Workstation/server: 0x1000 (4096)

        are they all 352480??