Announcement

Collapse
No announcement yet.

AD replication and DNS issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD replication and DNS issues

    Hi,

    Problems facing:
    1. Replication not working from DC to ADCs
    2. Group policies are not applying on client machines or on ADC. But successfully applying on DC.
    3. \\Domain\sysvol\domain path is not accessible from clients or from ADC. But can be accessible from DC.

    Background Info:
    Recently upgraded our DC from 2000 to 2003. After upgrading to 2003, configured ADC, but it is not fully replicated with DC (SYSVOL and NETLOGIN are not automatically shared in ADC after DCPROMO). Situation is same till now.
    So due to this above scenario, I dont have the option to transfer/seize roles from old DC as I dont have fully functioning DC.
    IMP: DC was upgraded 2 months back and Group policies were working till 15th JAN. Ofcource replication from DC to ADC never worked.
    I suspect at two points..One is with DNS, becaues ForestDNSzones and DomainDnsZones are not appearing in DNS after 15th.
    Second is with Security database, bacause event IDs 1925, 1126 and 1104 are frequently coming in DC.

    Things done till now under troubleshooting:
    1. Reset machine account password
    2. checked SMB siging related issues. (No issues)
    3. DNS completely reconfigured.(DomainDnszones and ForestDnsZones still not appearing in DNS console. But they are present in CN=partitons. Checked with ADSIedit.
    4. Checked for SYSVOL permissions and found no issues.
    To remind you again GPO are applying on DC but not on ADC and other client machines.
    5. Reconfigured secedit.sdb

    Events frequently getting:
    On Domain Controller:
    4000,4013,1925,1126,1104,40960,1053
    On ADC and on other clients:
    1030 and 1058

    I appreciate your help in this regard.

    Thanks,
    Raju P.

  • #2
    Re: AD replication and DNS issues

    a couple months back a ran into a synchronization error with my two DC's they weren't replicating and they were causing authorization errors for the domain

    how i fixed it

    download netdiag and dcdiag

    run them both starting with netdiag and resolve any issues that arise
    run dcdiag and resolve any issues that arise with that one

    after u have both these diag tools ran and fixed all the issues present restart your machine and you should have a functioning domain again

    goodluck

    Comment


    • #3
      Re: AD replication and DNS issues

      Thanks for the reply.

      Hi have run the netdiag and dcdiag on DC as well as ADC. I have tried with all possibilties using google. But no luck.

      Could you please check the attached dcdiag and netdiag logs and suggest any.

      Request you all the experts to help me in solving the issue.

      Thanks
      Raju P.
      Attached Files

      Comment


      • #4
        Re: AD replication and DNS issues

        Hi,

        I also found some issues through "ntfrsutl ds" command. it is successfully ran on ADC machine and given some output which is attached in this thread. But when I ran this command on DC, the output is as below...

        C:\temp>ntfrsutl ds
        NTFRS CONFIGURATION IN THE DS
        SUBSTITUTE DCINFO FOR DC
        FRS DomainControllerName: (null)
        Computer Name : ERIC-PDC
        Computer DNS Name : eric-pdc.ERICDOM
        BINDING TO THE DS:
        ldap_connect : eric-pdc.ERICDOM
        ERROR - ldap_bind_s(ERIC-PDC); (ldap error 00000052 = Local Error)

        what may the issue with this?

        for clarity, server names are given below:

        Domain: ERICDOM
        Primary domain controller: eric-pdc.ERICDOM
        Addition Domain COntroller: eric-dc.ERICDOM

        Thanks,
        Raju P.
        Attached Files

        Comment


        • #5
          Re: AD replication and DNS issues

          Domain membership test . . . . . . : Failed
          [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.

          Comment


          • #6
            Re: AD replication and DNS issues

            Good find. I am sure you got it from netdiag log of Additional domain controller. But if you can see netdiag log of primary domain controller, this test is passed.

            This is what my first message described about...Additional domain controller is never replicated with DC. SYSVOL and netlogon folders are not shared after it promoted as ADC. request you to look into the logs of primary DC. i.e netdiag-pdc.txt and dcdiag-dc.txt

            Have any idea why I am not able to open \\<domain>\Sysvol\<domain> path from ADC and client machines. I am able to open this path from DC. That may be the reason I am able to apply group policies in DC but not apllying on clients and ADC.

            Even that may be the root cause for replication issues. what do you say.

            By observing ntfrsutl ds and events 1058 and 1030 in cleint machines, I feel there are some access restrictions from AD database or sysvol. But I am not able to find the reason for the behaviro of GPOs which are successfully applying on DC, but not on clients.

            I think i should be able to open \\<domain>\sysvol\<domain> path from client machines also as happening from DC.

            Thanks for your valuable time and patience. Please help me in rectifying this issue. Please feel free if you need more input.

            Thanks,
            Raju P.

            Comment


            • #7
              Re: AD replication and DNS issues

              Hi,

              Anybody have some time to look into my issue. Requet you to provide me some possible solution to rectify this issue.

              Can anyone tell me if it is an issue with security. Because from client machine when i try to apply GPs, it is clearly saying "access has been denied". I dont have any other GPOs than default.

              Appreciate your help!

              Thanks,
              Raju P.

              Comment


              • #8
                Re: AD replication and DNS issues

                Please note all staff and members here give up their free time to help others here. If you want a response immediately, phone Microsoft and have your credit card ready. If you would like further free advice, please show some patience
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: AD replication and DNS issues

                  Hi

                  May I request somebody to help me for the below problem. (pls go thru thread)

                  when i run the command on DC, its throwing below error...

                  C:\temp>ntfrsutl ds
                  NTFRS CONFIGURATION IN THE DS
                  SUBSTITUTE DCINFO FOR DC
                  FRS DomainControllerName: (null)
                  Computer Name : ERIC-PDC
                  Computer DNS Name : eric-pdc.ERICDOM
                  BINDING TO THE DS:
                  ldap_connect : eric-pdc.ERICDOM
                  ERROR - ldap_bind_s(ERIC-PDC); (ldap error 00000052 = Local Error)

                  Thanks a lot,
                  Raju P

                  Comment

                  Working...
                  X