Announcement

Collapse
No announcement yet.

New Domain Controller - One Way Replication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Domain Controller - One Way Replication

    We have two Windows 2003 domain controllers name ASOK and MORDAC.

    Yesterday, I promoted a new server, ASOK-NEW (Windows 2003 R2), to a domain controller. We plan to decommission ASOK, and have ASOK-NEW replace it (including renaming it to asok and changing the I.P. address).

    Replication works from ASOK and MORDAC to ASOK-NEW, but not from ASOK-NEW to ASOK and MORDAC, even though the NTDS Settings Properties indicate that it should be working the other way around.

    What is it that I'm overlooking?

    Thanks.
    From ASOK-NEW --> Active Directory Sites and Services --> NTDS Settings Properties:

    ASOK
    • Replicate From: ASOK-NEW, MORDAC
    • Replicate To: ASOK-NEW, MORDAC


    ASOK-NEW
    • Replicate From: ASOK, MORDAC
    • Replicate To: ASOK, MORDAC


    MORDAC
    • Replicate From: ASOK, ASOK-NEW
    • Replicate To: ASOK, ASOK-NEW




    From ASOK --> Active Directory Sites and Services --> NTDS Settings Properties:

    ASOK
    • Replicate From: ASOK-NEW, MORDAC
    • Replicate To: MORDAC


    ASOK-NEW
    • Replicate From:
    • Replicate To: ASOK, MORDAC


    MORDAC
    • Replicate From: ASOK, ASOK-NEW
    • Replicate To: ASOK



    From MORDAC --> Active Directory Sites and Services --> NTDS Settings Properties:

    ASOK
    • Replicate From: ASOK-NEW, MORDAC
    • Replicate To: MORDAC


    ASOK-NEW
    • Replicate From:
    • Replicate To: ASOK, MORDAC


    MORDAC
    • Replicate From: ASOK, ASOK-NEW
    • Replicate To: ASOK



    Below are screen shots from Active Directory Sites and Services --> NTDS Settings Properties for ASOK-NEW:
    Attached Files
    Last edited by Robert R.; 15th April 2009, 16:43.

  • #2
    Re: New Domain Controller - One Way Replication

    From ASOK:
    Attached Files

    Comment


    • #3
      Re: New Domain Controller - One Way Replication

      from MORDAC:
      Attached Files

      Comment


      • #4
        Re: New Domain Controller - One Way Replication

        Anything in the Directory Service Event Logs on any/all of the DCs? It looks like the topology isn't complete, it could be that some error is preventing that.

        To force a manual refresh of this, right click on 'NTDS Settings' for the domain controller in Sites and Services and select 'Check Replication Topology'. If there are errors they should appear in the log.

        A 'DCDiag /v' on AMOK-NEW might also yeild some more information.
        I nerd therefore I am!

        Comment


        • #5
          Re: New Domain Controller - One Way Replication

          UPDATE: The Access Control List for the named.conf file on the DNS server was not allowing ASOK-NEW to update its DNS records.

          Once the change was made, and named restarted, the SRV records related to our Active Directory in named.ad on the DNS servers were updated. I'm not going to pretend to completely understand what that means.

          After re-booting ASOK-NEW, replication appears to be working properly now, and the replication topology in Active Directory Sites and Services --> NTDS Settings Properties looks correct for all servers.

          The only other issue we're aware of is e-mail related. ASOK-NEW was not automatically showing up as a directory server in Exchange, so we manually added it to resolve the e-mail issues. I'm sure if we had waited another 15 minutes or so, that problem would have been automatically resolved.

          PS - There were several errors in the event log similar to this:

          Event Type: Error
          Event Source: NETLOGON
          Event Category: None
          Event ID: 5774
          Date: 4/15/2009
          Time: 1:06:57 AM
          User: N/A
          Computer: ASOK-NEW
          Description:
          The dynamic registration of the DNS record '_kpasswd._udp..
          600 IN SRV 0 100 464 ASOK-NEW.' failed on the following DNS
          server:

          DNS server IP address: 10.50.2.59
          Returned Response Code (RCODE): 5
          Returned Status Code: 9017

          For computers and users to locate this domain controller, this record
          must be registered in DNS.

          USER ACTION
          Determine what might have caused this failure, resolve the problem, and
          initiate registration of the DNS records by the domain controller. To
          determine what might have caused this failure, run DCDiag.exe. You can
          find this program on the Windows Server 2003 installation CD in
          Support\Tools\support.cab. To learn more about DCDiag.exe, see Help and
          Support Center. To initiate registration of the DNS records by this
          domain controller, run 'nltest.exe /dsregdns' from the command prompt on
          the domain controller or restart Net Logon service. Nltest.exe is
          available in the Microsoft Windows Server Resource Kit CD.
          Or, you can manually add this record to DNS, but it is not recommended.

          ADDITIONAL DATA
          Error Value: DNS bad key.

          For more information, see Help and Support
          Center at http://go.microsoft.com/fwlink/events.asp.
          Data:
          0000: 05 00
          ..
          Last edited by Robert R.; 15th April 2009, 18:46.

          Comment

          Working...
          X