Announcement

Collapse
No announcement yet.

Inter-Site Replication Issue in win 2003 AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Inter-Site Replication Issue in win 2003 AD

    hi!
    we are using windows 2003 server Active Directory environment. we have 4 sites and each site has a single DC whereas our main site have two DC's, Exchange server 2003 is also installed on one ADC at centarl site. Also at our (central) main site our primary DC is holding all FSMO roles. All DCs are Global catalog servers as well. The problem we are currently facing is that, all my other three sites are unable to replicate with my main (Central) site whereas Intra-Site replication at central site is working fine.

    Event logs shown at one of dc not getting replication are:

    Event ID 4 Kerbros

    The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/lhr-ex.dwp.com.pk. The target name used was . This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DWP.COM.PK), and the client realm. Please contact your system administrator.

    Event ID 1311 Knowledge Consistancy Cheker

    he Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

    Directory partition:
    CN=Configuration,DC=dwp,DC=com,DC=pk

    There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers.

    User Action
    Use Active Directory Sites and Services to perform one of the following actions:
    - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
    - Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site.

    If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers.

    Event ID 1925

    The attempt to establish a replication link for the following writable directory partition failed.

    Directory partition:
    DC=ForestDnsZones,DC=dwp,DC=com,DC=pk
    Source domain controller:
    CN=NTDS Settings,CN=LHR-DC01,CN=Servers,CN=DWP-TECH-HO,CN=Sites,CN=Configuration,DC=dwp,DC=com,DC=pk
    Source domain controller address:
    5770fcca-37d3-4265-ba3b-25413eefc1aa._msdcs.dwp.com.pk
    Intersite transport (if any):
    CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=dwp,DC=com ,DC=pk

    This domain controller will be unable to replicate with the source domain controller until this problem is corrected.

    User Action
    Verify if the source domain controller is accessible or network connectivity is available.

    Additional Data
    Error value:
    2148074274 The target principal name is incorrect.


    Event ID 1566


    All domain controllers in the following site that can replicate the directory partition over this transport are currently unavailable.

    Site:
    CN=DWP-TECH-HO,CN=Sites,CN=Configuration,DC=dwp,DC=com,DC=pk
    Directory partition:
    DC=ForestDnsZones,DC=dwp,DC=com,DC=pk
    Transport:
    CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=dwp,DC=com ,DC=pk







    one more thing, i want to mention is:
    i am also unable to access shared folders shated on server at my central location from remote site DC by netbios and fqdn. ever Sysvol is not accessable by remote sever by name, where as by ip everything is accessable.


    need your urgent support in this regard.

    thanks in advance for your support.

  • #2
    Re: Inter-Site Replication Issue in win 2003 AD

    when did the problem start?
    What changed prior to the problem starting ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Inter-Site Replication Issue in win 2003 AD

      dcdiag and netdiag at reomte DC is also as:

      C:\Documents and Settings>dcdiag

      Domain Controller Diagnosis
      Performing initial setup:
      Done gathering initial info.
      Doing initial required tests
      Testing server: DWP-TECH-KHI\DC-KHI01
      Starting test: Connectivity
      ......................... DC-KHI01 passed test Connectivity
      Doing primary tests
      Testing server: DWP-TECH-KHI\DC-KHI01
      Starting test: Replications
      REPLICATION-RECEIVED LATENCY WARNING
      DC-KHI01: Current time is 2011-05-19 12:26:38.
      DC=ForestDnsZones,DC=dwp,DC=com,DC=pk
      Last replication recieved from LHR-DC01 at 2011-04-16 19:53:04.
      Last replication recieved from LHR-EX at 2011-05-07 09:27:51.
      Last replication recieved from ISB-DC1 at 2011-05-18 18:58:14.
      Last replication recieved from LHR-FC-DC1 at 2011-05-07 09:23:11.
      DC=DomainDnsZones,DC=dwp,DC=com,DC=pk
      Last replication recieved from LHR-DC01 at 2011-04-16 19:53:04.
      Last replication recieved from LHR-EX at 2011-05-07 09:27:51.
      Last replication recieved from ISB-DC1 at 2011-05-18 18:58:14.
      Last replication recieved from LHR-FC-DC1 at 2011-05-07 09:23:09.
      CN=Schema,CN=Configuration,DC=dwp,DC=com,DC=pk
      Last replication recieved from LHR-DC01 at 2011-04-16 19:53:04.
      Last replication recieved from LHR-EX at 2011-05-07 09:27:51.
      Last replication recieved from ISB-DC1 at 2011-05-18 18:58:14.
      Last replication recieved from LHR-FC-DC1 at 2011-05-07 09:23:08.
      CN=Configuration,DC=dwp,DC=com,DC=pk
      Last replication recieved from LHR-DC01 at 2011-04-16 19:53:04.
      Last replication recieved from LHR-EX at 2011-05-07 09:27:51.
      Last replication recieved from ISB-DC1 at 2011-05-18 18:58:14.
      Last replication recieved from LHR-FC-DC1 at 2011-05-07 09:23:07.
      DC=dwp,DC=com,DC=pk
      Last replication recieved from LHR-DC01 at 2011-04-16 20:30:44.
      Last replication recieved from LHR-EX at 2011-05-07 09:27:51.
      Last replication recieved from ISB-DC1 at 2011-05-18 18:58:14.
      Last replication recieved from LHR-FC-DC1 at 2011-05-07 09:23:04.
      ......................... DC-KHI01 passed test Replications
      Starting test: NCSecDesc
      ......................... DC-KHI01 passed test NCSecDesc
      Starting test: NetLogons
      ......................... DC-KHI01 passed test NetLogons
      Starting test: Advertising
      ......................... DC-KHI01 passed test Advertising
      Starting test: KnowsOfRoleHolders
      [LHR-DC01] DsBindWithSpnEx() failed with error -2146893022,
      The target principal name is incorrect..
      Warning: LHR-DC01 is the Schema Owner, but is not responding to DS RPC
      Bind.
      [LHR-DC01] LDAP bind failed with error 8341,
      A directory service error has occurred..
      Warning: LHR-DC01 is the Schema Owner, but is not responding to LDAP Bi
      nd.
      Warning: LHR-DC01 is the Domain Owner, but is not responding to DS RPC
      Bind.
      Warning: LHR-DC01 is the Domain Owner, but is not responding to LDAP Bi
      nd.
      Warning: LHR-DC01 is the PDC Owner, but is not responding to DS RPC Bin
      d.
      Warning: LHR-DC01 is the PDC Owner, but is not responding to LDAP Bind.
      Warning: LHR-DC01 is the Rid Owner, but is not responding to DS RPC Bin
      d.
      Warning: LHR-DC01 is the Rid Owner, but is not responding to LDAP Bind.
      Warning: LHR-DC01 is the Infrastructure Update Owner, but is not respon
      ding to DS RPC Bind.
      Warning: LHR-DC01 is the Infrastructure Update Owner, but is not respon
      ding to LDAP Bind.
      ......................... DC-KHI01 failed test KnowsOfRoleHolders
      Starting test: RidManager
      ......................... DC-KHI01 failed test RidManager
      Starting test: MachineAccount
      ......................... DC-KHI01 passed test MachineAccount
      Starting test: Services
      ......................... DC-KHI01 passed test Services
      Starting test: ObjectsReplicated
      ......................... DC-KHI01 passed test ObjectsReplicated
      Starting test: frssysvol
      ......................... DC-KHI01 passed test frssysvol
      Starting test: frsevent
      There are warning or error events within the last 24 hours after the
      SYSVOL has been shared. Failing SYSVOL replication problems may cause
      Group Policy problems.
      ......................... DC-KHI01 failed test frsevent
      Starting test: kccevent
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:50
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:50
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:50
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:53
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:54
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:54
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:54
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:54
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:54
      Event String: The attempt to establish a replication link for
      An Warning Event occured. EventID: 0x80000785
      Time Generated: 05/19/2011 12:18:54
      Event String: The attempt to establish a replication link for
      ......................... DC-KHI01 failed test kccevent
      Starting test: systemlog
      An Error Event occured. EventID: 0x40000004
      Time Generated: 05/19/2011 12:03:49
      Event String: The kerberos client received a
      An Error Event occured. EventID: 0x40000004
      Time Generated: 05/19/2011 12:03:49
      Event String: The kerberos client received a
      An Error Event occured. EventID: 0x40000004
      Time Generated: 05/19/2011 12:18:50
      Event String: The kerberos client received a
      An Error Event occured. EventID: 0x40000004
      Time Generated: 05/19/2011 12:18:50
      Event String: The kerberos client received a
      An Error Event occured. EventID: 0x00000457
      Time Generated: 05/19/2011 12:19:49
      (Event String could not be retrieved)
      An Error Event occured. EventID: 0x00000457
      Time Generated: 05/19/2011 12:19:50
      (Event String could not be retrieved)
      An Error Event occured. EventID: 0x00000457
      Time Generated: 05/19/2011 12:19:50
      (Event String could not be retrieved)
      An Error Event occured. EventID: 0x40000004
      Time Generated: 05/19/2011 12:26:38
      Event String: The kerberos client received a
      ......................... DC-KHI01 failed test systemlog
      Starting test: VerifyReferences
      ......................... DC-KHI01 passed test VerifyReferences
      Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
      ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... ForestDnsZones passed test CheckSDRefDom
      Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
      ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... DomainDnsZones passed test CheckSDRefDom
      Running partition tests on : Schema
      Starting test: CrossRefValidation
      ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... Schema passed test CheckSDRefDom
      Running partition tests on : Configuration
      Starting test: CrossRefValidation
      ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... Configuration passed test CheckSDRefDom
      Running partition tests on : dwp
      Starting test: CrossRefValidation
      ......................... dwp passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... dwp passed test CheckSDRefDom
      Running enterprise tests on : dwp.com.pk
      Starting test: Intersite
      ......................... dwp.com.pk passed test Intersite
      Starting test: FsmoCheck
      Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
      A Primary Domain Controller could not be located.
      The server holding the PDC role is down.
      ......................... dwp.com.pk failed test FsmoCheck

      Comment


      • #4
        Re: Inter-Site Replication Issue in win 2003 AD

        now NEtdiag at same remote server


        C:\Documents and Settings>netdiag
        ..............................

        Computer Name: DC-KHI01
        DNS Host Name: DC-Khi01.dwp.com.pk
        System info : Microsoft Windows Server 2003 R2 (Build 3790)
        Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
        List of installed hotfixes :
        KB2079403
        KB2115168
        KB2121546
        KB2124261
        KB2160329
        KB2207559
        KB2229593
        KB2259922
        KB2279986
        KB2286198
        KB2296011
        KB2296199
        KB2347290
        KB2360937
        KB2378111
        KB2387149
        KB2393802
        KB2416400-IE7
        KB2416451
        KB2419635
        KB2423089
        KB2436673
        KB2440591
        KB2443105
        KB2467659
        KB2476687
        KB2478953
        KB2478960
        KB2478971
        KB2479628
        KB2481109
        KB2482017-IE7
        KB2483185
        KB2485376
        KB923561
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902-v2
        KB927891
        KB929123
        KB930178
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936357
        KB938127
        KB938127-IE7
        KB938464
        KB941569
        KB942830
        KB942831
        KB943055
        KB943460
        KB943485
        KB943729
        KB944338-v2
        KB944653
        KB945553
        KB946026
        KB948496
        KB949014
        KB950762
        KB950974
        KB951066
        KB951698
        KB951746
        KB951748
        KB952004
        KB952069
        KB952954
        KB953298
        KB953838-IE7
        KB954155
        KB954211
        KB954600
        KB955069
        KB955759
        KB955839
        KB956390-IE7
        KB956391
        KB956572
        KB956744
        KB956802
        KB956803
        KB956841
        KB956844
        KB957095
        KB957097
        KB958215
        KB958215-IE7
        KB958469
        KB958644
        KB958869
        KB959426
        KB960225
        KB960714
        KB960714-IE7
        KB960803
        KB960859
        KB961063
        KB961501
        KB967715
        KB967723
        KB968389
        KB969059
        KB969947
        KB970238
        KB970430
        KB970483
        KB971032
        KB971468
        KB971513
        KB971557
        KB971633
        KB971657
        KB971737
        KB971961
        KB972260-IE7
        KB972270
        KB973037
        KB973346
        KB973354
        KB973507
        KB973540
        KB973687
        KB973815
        KB973869
        KB973904
        KB974112
        KB974318
        KB974392
        KB974571
        KB975025
        KB975467
        KB975558_WM8
        KB975560
        KB975562
        KB975713
        KB977165
        KB977290
        KB977816
        KB977914
        KB978037
        KB978207-IE7
        KB978251
        KB978262
        KB978338
        KB978542
        KB978601
        KB978695
        KB978706
        KB979309
        KB979482
        KB979559
        KB979683
        KB979687
        KB979907
        KB980195
        KB980218
        KB980232
        KB980436
        KB981322
        KB981349
        KB981550
        KB981793
        KB981957
        KB982132
        KB982214
        KB982381-IE7
        KB982802
        Q147222

        Netcard queries test . . . . . . . : Passed

        Per interface results:
        Adapter : Local Area Connection
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : DC-Khi01
        IP Address . . . . . . . . : 10.50.1.9
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.50.1.2
        Dns Servers. . . . . . . . : 10.50.1.9
        10.30.1.7

        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
        r Service', <20> 'WINS' names is missing.
        WINS service test. . . . . : Skipped
        There are no WINS servers configured for this interface.

        Global results:

        Domain membership test . . . . . . : Passed

        NetBT transports test. . . . . . . : Passed
        List of NetBt transports currently configured:
        NetBT_Tcpip_{33FC0764-4604-432C-8952-AFCDCB9BF6FD}
        1 NetBt transport currently configured.

        Autonet address test . . . . . . . : Passed

        IP loopback ping test. . . . . . . : Passed

        Default gateway test . . . . . . . : Passed

        NetBT name test. . . . . . . . . . : Passed
        [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
        ce', <03> 'Messenger Service', <20> 'WINS' names defined.

        Winsock test . . . . . . . . . . . : Passed

        DNS test . . . . . . . . . . . . . : Passed
        PASS - All the DNS entries for DC are registered on DNS server '10.50.1.9' a
        nd other DCs also have some of the names registered.
        [WARNING] The DNS entries for this DC are not registered correctly on DNS se
        rver '10.30.1.7'. Please wait for 30 minutes for DNS server replication.

        Redir and Browser test . . . . . . : Passed
        List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{33FC0764-4604-432C-8952-AFCDCB9BF6FD}
        The redir is bound to 1 NetBt transport.
        List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{33FC0764-4604-432C-8952-AFCDCB9BF6FD}
        The browser is bound to 1 NetBt transport.

        DC discovery test. . . . . . . . . : Passed

        DC list test . . . . . . . . . . . : Passed

        Trust relationship test. . . . . . : Failed
        Secure channel for domain 'DWP' is to '\\LHR-DC01.dwp.com.pk'.
        [FATAL] Cannot set secure channel for domain 'DWP' to PDC emulator. [ERROR_N
        O_LOGON_SERVERS]

        Kerberos test. . . . . . . . . . . : Passed

        LDAP test. . . . . . . . . . . . . : Passed
        [WARNING] Failed to query SPN registration on DC 'lhr-ex.dwp.com.pk'.
        [FATAL] Cannot do NTLM authenticated ldap_bind to 'isb-dc1.dwp.com.pk': Inva
        lid Credentials.
        [FATAL] Cannot do Negotiate authenticated ldap_bind to 'isb-dc1.dwp.com.pk':
        Invalid Credentials.
        [WARNING] Failed to query SPN registration on DC 'LHR-DC01.dwp.com.pk'.
        [WARNING] Failed to query SPN registration on DC 'lhr-fc-dc1.dwp.com.pk'.

        Bindings test. . . . . . . . . . . : Passed

        WAN configuration test . . . . . . : Skipped
        No active remote access connections.

        Modem diagnostics test . . . . . . : Passed
        IP Security test . . . . . . . . . : Skipped
        Note: run "netsh ipsec dynamic show /?" for more detailed information

        The command completed successfully

        Comment


        • #5
          Re: Inter-Site Replication Issue in win 2003 AD

          @ tehcamel! thanks 4 ur prompt response.

          we didnt make any change in anything. just a sever reboot at our central site is happend due to a PM activity (both DCs.).

          Comment


          • #6
            Re: Inter-Site Replication Issue in win 2003 AD

            Trust relationship test. . . . . . : Failed
            Secure channel for domain 'DWP' is to '\\LHR-DC01.dwp.com.pk'.
            [FATAL] Cannot set secure channel for domain 'DWP' to PDC emulator. [ERROR_N
            O_LOGON_SERVERS]

            ???

            Comment


            • #7
              Re: Inter-Site Replication Issue in win 2003 AD

              http://support.microsoft.com/kb/158148

              Comment

              Working...
              X