Announcement

Collapse
No announcement yet.

Active Directory Replication Issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Replication Issue

    We moved a new company into our building on Friday, they have 2 x Windows server 2003 servers both DC's and global catalogs. The last good replication was just before we shut them down on Friday according to dcdiag.

    They are on the same network and resolve each other by dns, they can ping each other.

    I think I need help deciphering the results of dcdiag


    Copy if dcdiag

    Doing primary tests
    Testing server: Default-First-Site-Name\PRINTSERVER01
    Starting test: Replications
    [Replications Check,PRINTSERVER01] A recent replication attempt failed:
    From PHONESYSTEM to PRINTSERVER01
    Naming Context: DC=ForestDnsZones,DC=dubbs,DC=local
    The replication generated an error (1256):
    Win32 Error 1256
    The failure occurred at 2012-02-21 12:52:36.
    The last success occurred at 2012-02-17 18:55:27.
    71 failures have occurred since the last success.
    [PHONESYSTEM] DsBindWithSpnEx() failed with error -2146893022,
    Win32 Error -2146893022.
    [Replications Check,PRINTSERVER01] A recent replication attempt failed:
    From PHONESYSTEM to PRINTSERVER01
    Naming Context: DC=DomainDnsZones,DC=dubbs,DC=local
    The replication generated an error (1256):
    Win32 Error 1256
    The failure occurred at 2012-02-21 12:52:36.
    The last success occurred at 2012-02-17 18:55:27.
    71 failures have occurred since the last success.
    [Replications Check,PRINTSERVER01] A recent replication attempt failed:
    From PHONESYSTEM to PRINTSERVER01
    Naming Context: CN=Schema,CN=Configuration,DC=dubbs,DC=local
    The replication generated an error (-2146893022):
    Win32 Error -2146893022
    The failure occurred at 2012-02-21 12:52:36.
    The last success occurred at 2012-02-17 18:55:27.
    71 failures have occurred since the last success.
    [Replications Check,PRINTSERVER01] A recent replication attempt failed:
    From PHONESYSTEM to PRINTSERVER01
    Naming Context: CN=Configuration,DC=dubbs,DC=local
    The replication generated an error (-2146893022):
    Win32 Error -2146893022
    The failure occurred at 2012-02-21 12:57:29.
    The last success occurred at 2012-02-17 18:55:27.
    76 failures have occurred since the last success.
    [Replications Check,PRINTSERVER01] A recent replication attempt failed:
    From PHONESYSTEM to PRINTSERVER01
    Naming Context: DC=dubbs,DC=local
    The replication generated an error (-2146893022):
    Win32 Error -2146893022
    The failure occurred at 2012-02-21 13:11:56.
    The last success occurred at 2012-02-17 19:12:48.
    1989 failures have occurred since the last success.
    REPLICATION-RECEIVED LATENCY WARNING
    PRINTSERVER01: Current time is 2012-02-21 13:13:23.
    DC=ForestDnsZones,DC=dubbs,DC=local
    Last replication recieved from PHONESYSTEM at 2012-02-17 18:55:27
    .
    DC=DomainDnsZones,DC=dubbs,DC=local
    Last replication recieved from PHONESYSTEM at 2012-02-17 18:55:27
    .
    CN=Schema,CN=Configuration,DC=dubbs,DC=local
    Last replication recieved from PHONESYSTEM at 2012-02-17 18:55:27
    .
    CN=Configuration,DC=dubbs,DC=local
    Last replication recieved from PHONESYSTEM at 2012-02-17 18:55:27
    .
    DC=dubbs,DC=local
    Last replication recieved from PHONESYSTEM at 2012-02-17 19:12:48
    .
    ......................... PRINTSERVER01 passed test Replications
    Starting test: NCSecDesc
    ......................... PRINTSERVER01 passed test NCSecDesc
    Starting test: NetLogons
    ......................... PRINTSERVER01 passed test NetLogons
    Starting test: Advertising
    ......................... PRINTSERVER01 passed test Advertising
    Starting test: KnowsOfRoleHolders
    Warning: PHONESYSTEM is the Schema Owner, but is not responding to DS R
    PC Bind.
    [PHONESYSTEM] LDAP bind failed with error 8341,
    Win32 Error 8341.
    Warning: PHONESYSTEM is the Schema Owner, but is not responding to LDAP
    Bind.
    Warning: PHONESYSTEM is the Domain Owner, but is not responding to DS R
    PC Bind.
    Warning: PHONESYSTEM is the Domain Owner, but is not responding to LDAP
    Bind.
    Warning: PHONESYSTEM is the PDC Owner, but is not responding to DS RPC
    Bind.
    Warning: PHONESYSTEM is the PDC Owner, but is not responding to LDAP Bi
    nd.
    Warning: PHONESYSTEM is the Rid Owner, but is not responding to DS RPC
    Bind.
    Warning: PHONESYSTEM is the Rid Owner, but is not responding to LDAP Bi
    nd.
    Warning: PHONESYSTEM is the Infrastructure Update Owner, but is not res
    ponding to DS RPC Bind.
    Warning: PHONESYSTEM is the Infrastructure Update Owner, but is not res
    ponding to LDAP Bind.
    ......................... PRINTSERVER01 failed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... PRINTSERVER01 failed test RidManager
    Starting test: MachineAccount
    ......................... PRINTSERVER01 passed test MachineAccount
    Starting test: Services
    ......................... PRINTSERVER01 passed test Services
    Starting test: ObjectsReplicated
    ......................... PRINTSERVER01 passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... PRINTSERVER01 passed test frssysvol
    Starting test: frsevent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... PRINTSERVER01 failed test frsevent
    Starting test: kccevent
    An Warning Event occured. EventID: 0x8000072D
    Time Generated: 02/21/2012 12:59:56
    (Event String could not be retrieved)
    ......................... PRINTSERVER01 failed test kccevent
    Starting test: systemlog
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 12:17:38
    Event String: The kerberos client received a
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 12:29:40
    Event String: The kerberos client received a
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 12:30:44
    Event String: The kerberos client received a
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 12:31:18
    Event String: The kerberos client received a
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 12:33:15
    Event String: The kerberos client received a
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 12:42:37
    Event String: The kerberos client received a
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 12:56:35
    Event String: The kerberos client received a
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 13:13:24
    Event String: The kerberos client received a
    An Error Event occured. EventID: 0x40000004
    Time Generated: 02/21/2012 13:13:25
    Event String: The kerberos client received a
    ......................... PRINTSERVER01 failed test systemlog
    Starting test: VerifyReferences
    ......................... PRINTSERVER01 passed test VerifyReferences
    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Running partition tests on : dubbs
    Starting test: CrossRefValidation
    ......................... dubbs passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... dubbs passed test CheckSDRefDom
    Running enterprise tests on : dubbs.local
    Starting test: Intersite
    ......................... dubbs.local passed test Intersite
    Starting test: FsmoCheck
    ......................... dubbs.local passed test FsmoCheck

  • #2
    Re: Active Directory Replication Issue

    Can you post an IPconfig /all from both servers?
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Active Directory Replication Issue

      Frm phonesystem to printserver01 I can do start run \\printserver01\c$
      From printserver01 to phonesystem I get Login failure: The target account name is incorrect

      Both ping each other and both perform an NSLOOKUP correctly

      Ipconfigs

      Windows IP Configuration
      Host Name . . . . . . . . . . . . : phonesystem
      Primary Dns Suffix . . . . . . . : dubbs.local
      Node Type . . . . . . . . . . . . : Hybrid
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : dubbs.local
      Ethernet adapter Local Area Connection:
      Connection-specific DNS Suffix . :
      Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
      Physical Address. . . . . . . . . : 00-14-22-B1-28-A7
      DHCP Enabled. . . . . . . . . . . : No
      IP Address. . . . . . . . . . . . : 193.1.1.53
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . : 193.1.1.251
      DNS Servers . . . . . . . . . . . : 193.1.1.53
      Primary WINS Server . . . . . . . : 193.1.1.53
      Secondary WINS Server . . . . . . : 193.1.1.252


      Windows IP Configuration
      Host Name . . . . . . . . . . . . : PRINTSERVER01
      Primary Dns Suffix . . . . . . . : dubbs.local
      Node Type . . . . . . . . . . . . : Hybrid
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : dubbs.local
      Ethernet adapter Local Area Connection:
      Connection-specific DNS Suffix . :
      Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
      Physical Address. . . . . . . . . : 00-14-22-B1-05-58
      DHCP Enabled. . . . . . . . . . . : No
      IP Address. . . . . . . . . . . . : 193.1.1.252
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . : 193.1.1.251
      DNS Servers . . . . . . . . . . . : 193.1.1.252
      192.1.1.53
      Primary WINS Server . . . . . . . : 193.1.1.252
      Secondary WINS Server . . . . . . : 193.1.1.53

      Comment


      • #4
        Re: Active Directory Replication Issue

        Best practice is both DCs point to a single DC for their primary DNS, and to themselves for secondary
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Active Directory Replication Issue

          I think this is my problem.

          "This event can occur if either this domain controller or the destination domain controller has been moved to another site"

          Neither server has been moved though, however when we first started the PDC "Phonesystem" after the move the date reset itself to Aug 2005. I wonder if this is causing any issues, I'll reboot tonight as it also has SP1 whilst the other server has SP2.

          Event Type: Information
          Event Source: NTDS KCC
          Event Category: Knowledge Consistency Checker
          Event ID: 1104
          Date: 21/02/2012
          Time: 17:12:38
          User: NT AUTHORITY\ANONYMOUS LOGON
          Computer: PRINTSERVER01
          Description:
          The Knowledge Consistency Checker (KCC) successfully terminated the following change notifications.

          Directory partition:
          DC=dubbs,DC=local
          Destination network address:
          e0b92e1e-676e-49de-b704-dfe8e8f03ad5._msdcs.dubbs.local
          Destination domain controller (if available):
          CN=NTDS Settings,CN=PHONESYSTEM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dubbs,DC=local

          This event can occur if either this domain controller or the destination domain controller has been moved to another site.
          For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

          Comment


          • #6
            Re: Active Directory Replication Issue

            Originally posted by Eiehler View Post
            Neither server has been moved though, however when we first started the PDC "Phonesystem" after the move the date reset itself to Aug 2005. I wonder if this is causing any issues, I'll reboot tonight as it also has SP1 whilst the other server has SP2.
            this is your problem. Kerberos time skew. You need the time within 15 minutes on each server.
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: Active Directory Replication Issue

              Couldn't resolve the replication issue so demoted one DC and removed all trace of the server from the AD. Took a few restarts to get the Exchange Server to bind to the other DC but once it did all was well.

              Comment

              Working...
              X