No announcement yet.

ad, dns replication problems

  • Filter
  • Time
  • Show
Clear All
new posts

  • ad, dns replication problems

    I have a very important and serious problem.
    It's going to be long.
    I have a 2003 forest with four sites and two domains. In israel we have the parent domain which include two sites. In europe we have the second domain- child domain which include one site in Belgium and the second one in France.

    all servers are 2003 + sp1


    dc1: runs dns,wins,dhcp is also the first dc of the domain. keeps the global catalog and has the fsmo roles.

    ex1: dc, 2003 runs dns, and wins.

    second site:



    dc4 runs wins, dns,dhcp also runs gc . it is also the first dc in the child domain.
    ex3: 2003


    the sites are connected through vpn.

    There is seems to be replication problems in the dns system which is ad- integrated. the wins also doesn't replicate. dc1 which has a replica of the eu domain has only few hosts', instead of much more.
    From europe there is no problem to send emails; wheras from Israel to europe it doesn't work. there are 60 messages in the queue the public folders doesn't replicate. There is a time skew between the sites. the time doesn't synchronize. and I think all of this affect the ad replication. because it looks that the child domain doesn't recognize its parent and even the other way around.(an assumption)

    some examples:

    when I try to map a folder of one of the european servers "\\servername\folder" I get the next error: "dc4 is not accessible ; the server's clock is not synchronized with the primary domain controller's clock".

    when I enter the ad mmc and try to connect to the europe domain
    I get the following error " windows cannot connect to the new domain because: the clocks on the client and the server machines are skewed"
    when I try to connect to the european dcs i get access denied

    when I try to logon to the european dc's i get an error about
    time differences.

    I used the w32tm command to make dc1(reference above) a reliable time server and told it so use its internal clock

    In dc 4(reference above) I configured it to use dc1 as a peer from which he can synchronize time
    In all the other servers i configured to use default domain hierarchy.
    I've checkd and it looks fine.

    in dc1(in the site and services console), when i check the tepology and do a test to the europe site i get access denied.

    In the european dc's exept from dc4 when i map "\\parentdomain\sysvol" i get an error "no network provider accepted the given network path"

    when I check tepology from europe to Israel i get "rpc is unavailable"

    Ive attached dc1 logs and dc4 logs because they are the the primary dc+gc each in its own domain.

    The problem is too wide and I don't know where to start. I checked the clocks, for now I prefer not to reconfigure the dns. wins I didn't start is seems less importent now.

    Attached Files