Announcement

Collapse
No announcement yet.

Active Directory Replication Access Denied

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Replication Access Denied

    I have a situation with 3 servers. All are running active directory. 2 also act as DNS servers (dc1 and dc2). 1 is an exchange server (ex1). I have inherited this network and all the errors that go along with it. It was obviously not configured correctly and that is what I am trying to get done. One error I am running into that I cannot resolve is replication between the active directory accounts/machines. The 2 DNS servers, dc1 and dc2 replicate fine. The third machine, ex1 will not play well with replication. I have run various commands and get the same conclusion....access is denied. What I am trying to do is change that so access is not denied...and replication can take place. I believe this is a major player in all the other errors I have. So, where do I go to change the Replication Synchronization permissions? The server manager gives me "Event ID 1925. I am looking for where to start.
    Regards,
    Mike

    PS: All machines are running server 2008 r2

  • #2
    Re: Active Directory Replication Access Denied

    with 2008, even though you're using an adminsitrsative account, sometimes you still need to "runas" administrator for some things.

    However, also try dcdiag and netdiag - dcdiag /fix (I think)
    At the very least, give us the output of a dcdiag so we can review
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Active Directory Replication Access Denied

      Here is the output from running dcdiag on the machine that cannot be accessed by replication/dns.

      Microsoft Windows [Version 6.1.7600]
      Copyright (c) 2009 Microsoft Corporation. All rights reserved.
      C:\Windows\system32>dcdiag
      Directory Server Diagnosis
      Performing initial setup:
      Trying to find home server...
      Home Server = DPAO-EX01
      Message 0x621 not found.
      * Identified AD Forest.
      Done gathering initial info.
      Doing initial required tests
      Testing server: Default-First-Site-Name\DPAO-EX01
      Starting test: Connectivity
      Message 0x621 not found.
      Got error while checking LDAP and RPC connectivity. Please check your
      firewall settings.
      ......................... DPAO-EX01 failed test Connectivity
      Doing primary tests
      Testing server: Default-First-Site-Name\DPAO-EX01
      Skipping all tests, because server DPAO-EX01 is not responding to
      directory service requests.

      Running partition tests on : Schema
      Starting test: CheckSDRefDom
      ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... Schema passed test CrossRefValidation
      Running partition tests on : Configuration
      Starting test: CheckSDRefDom
      ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... Configuration passed test CrossRefValidation
      Running partition tests on : DPAO
      Starting test: CheckSDRefDom
      ......................... DPAO passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... DPAO passed test CrossRefValidation

      Running enterprise tests on : DPAO.MIL
      Starting test: LocatorCheck
      [DPAO-EX01] DsBindWithSpnEx() failed with error 5,
      Access is denied..
      ......................... DPAO.MIL passed test LocatorCheck
      Starting test: Intersite
      ......................... DPAO.MIL passed test Intersite
      C:\Windows\system32>


      From everything I am finding out....I am thinking that the DNS configuration is not correct. Would this give me this kind of error (access denied)? I can log onto the server and I can ping the machine from other servers and clients. If it is DNS configuration, I would really like to find a step by step tutorial to set up the DNS.

      Thanks for any and all assistance with this.

      Regards,
      Mike

      Comment


      • #4
        Re: Active Directory Replication Access Denied

        Here are the results from dcdiag /fix

        Microsoft Windows [Version 6.1.7600]
        Copyright (c) 2009 Microsoft Corporation. All rights reserved.
        C:\Windows\system32>dcdiag /fix
        Directory Server Diagnosis
        Performing initial setup:
        Trying to find home server...
        Home Server = DPAO-EX01
        Message 0x621 not found.
        * Identified AD Forest.
        Done gathering initial info.
        Doing initial required tests
        Testing server: Default-First-Site-Name\DPAO-EX01
        Starting test: Connectivity
        Message 0x621 not found.
        Got error while checking LDAP and RPC connectivity. Please check your
        firewall settings.
        ......................... DPAO-EX01 failed test Connectivity
        Doing primary tests
        Testing server: Default-First-Site-Name\DPAO-EX01
        Skipping all tests, because server DPAO-EX01 is not responding to
        directory service requests.

        Running partition tests on : Schema
        Starting test: CheckSDRefDom
        ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
        ......................... Schema passed test CrossRefValidation
        Running partition tests on : Configuration
        Starting test: CheckSDRefDom
        ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
        ......................... Configuration passed test CrossRefValidation
        Running partition tests on : DPAO
        Starting test: CheckSDRefDom
        ......................... DPAO passed test CheckSDRefDom
        Starting test: CrossRefValidation
        ......................... DPAO passed test CrossRefValidation

        Running enterprise tests on : DPAO.MIL
        Starting test: LocatorCheck
        [DPAO-EX01] DsBindWithSpnEx() failed with error 5,
        Access is denied..
        ......................... DPAO.MIL passed test LocatorCheck
        Starting test: Intersite
        ......................... DPAO.MIL passed test Intersite
        C:\Windows\system32>


        I keep seeing the the messages: DsBindWithCred to localhost failed with status 5 Access Denied AND DsBindWithSpnEx() failed with error 5, Access is denied.

        Regards,
        Mike

        Comment


        • #5
          Re: Active Directory Replication Access Denied

          What OS are the DCs?

          Comment


          • #6
            Re: Active Directory Replication Access Denied

            Both DCs are running Windows Server 2008 r2

            Comment


            • #7
              Re: Active Directory Replication Access Denied

              make sure you run DCDiag from an elevated command prompt.
              Yes, even if you are a DA or EA.
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment

              Working...
              X