Announcement

Collapse
No announcement yet.

2003 DC1 & 2008 DC2 - Replication Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2003 DC1 & 2008 DC2 - Replication Issues

    Hello I hope this forum can help with my situation. I am a beginner with this stuff and cannot quite grasp what i need to do to fix these problems.

    I have replication problems between 2 DC's. I got a second server "2008" and decided to promote it to a second DC because I know my 2003 machine is a little old.

    I did the dc promo and the active directory integration but I think the problem is in the DNS and with the forest.

    It has never accepted any new members from the 2003 AD. so it has never worked correctly, recently I deleted a few records in the 2003 DNS I thought were redundant (trying to fix it) and now a few users are having problems connecting to DC2. Any help would be greatly appreciated.


    I have 2 DC's on mydomain.local

    DC1 is 2003 R2 setup with AD & DNS & DHCP

    DC2 is 2008 R2 setup with AD integration only
    (there was also a DNS on this server but it was removed)

    I also have some group policy stuff on there

    I guess I will start with the DCDIAG run from DC2 ?

    If you need another test run let me know I will do it immediately.

    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server...
    Home Server = DC2
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\DC2
    Starting test: Connectivity
    ......................... DC2 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\DC2
    Starting test: Advertising
    Warning: DsGetDcName returned information for
    \\DC1.mydomain.local, when we were trying to reach DC2.
    SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
    ......................... DC2 failed test Advertising
    Starting test: FrsEvent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... DC2 passed test FrsEvent
    Starting test: DFSREvent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... DC2 failed test DFSREvent
    Starting test: SysVolCheck
    ......................... DC2 passed test SysVolCheck
    Starting test: KccEvent
    ......................... DC2 passed test KccEvent
    Starting test: KnowsOfRoleHolders
    ......................... DC2 passed test KnowsOfRoleHolders
    Starting test: MachineAccount
    Warning: Attribute userAccountControl of DC2 is:
    0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
    Typical setting for a DC is
    0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
    This may be affecting replication?
    ......................... DC2 passed test MachineAccount
    Starting test: NCSecDesc
    ......................... DC2 passed test NCSecDesc
    Starting test: NetLogons
    Unable to connect to the NETLOGON share! (\\DC2\netlogon)
    [DC2] An net use or LsaPolicy operation failed with error 67,
    The network name cannot be found..
    ......................... DC2 failed test NetLogons
    Starting test: ObjectsReplicated
    ......................... DC2 passed test ObjectsReplicated
    Starting test: Replications
    [Replications Check,DC2] A recent replication attempt failed:
    From DC1 to DC2
    Naming Context: CN=Schema,CN=Configuration,DC=mydomain,DC=local
    The replication generated an error (5):
    Access is denied.
    The failure occurred at 2013-06-05 11:55:47.
    The last success occurred at 2011-07-13 17:51:28.
    15549 failures have occurred since the last success.
    [Replications Check,DC2] A recent replication attempt failed:
    From DC1 to DC2
    Naming Context: CN=Configuration,DC=mydomain,DC=local
    The replication generated an error (5):
    Access is denied.
    The failure occurred at 2013-06-05 11:55:47.
    The last success occurred at 2011-07-13 17:51:31.
    15549 failures have occurred since the last success.
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source DC1
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    [Replications Check,DC2] A recent replication attempt failed:
    From DC1 to DC2
    Naming Context: DC=mydomain,DC=local
    The replication generated an error (5):
    Access is denied.
    The failure occurred at 2013-06-05 11:55:47.
    The last success occurred at 2011-07-13 17:51:50.
    15549 failures have occurred since the last success.
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source DC1
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    ......................... DC2 failed test Replications
    Starting test: RidManager
    Warning: attribute rIdSetReferences missing from
    CN=DC2,OU=Domain Controllers,DC=mydomain,DC=local
    Could not get Rid set Reference :failed with 8481:
    The search failed to retrieve attributes from the database.
    ......................... DC2 failed test RidManager
    Starting test: Services
    ......................... DC2 passed test Services
    Starting test: SystemLog
    An Error Event occurred. EventID: 0x0000168E
    Time Generated: 06/05/2013 12:06:31
    Event String:
    The dynamic registration of the DNS record '_ldap._tcp.763c8494-b62a-4c96-a7bb-20761dcfad9e.domains._msdcs.mydomain.local. 600 IN SRV 0 100 389 DC2.mydomain.local.' failed on the following DNS server:
    An Error Event occurred. EventID: 0x0000168E
    Time Generated: 06/05/2013 12:06:32
    Event String:
    The dynamic registration of the DNS record '_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.local. 600 IN SRV 0 100 88 DC2.mydomain.local.' failed on the following DNS server:
    An Error Event occurred. EventID: 0x0000168E
    Time Generated: 06/05/2013 12:06:32
    Event String:
    The dynamic registration of the DNS record '_ldap._tcp.dc._msdcs.mydomain.local. 600 IN SRV 0 100 389 DC2.mydomain.local.' failed on the following DNS server:
    An Error Event occurred. EventID: 0x0000168E
    Time Generated: 06/05/2013 12:06:32
    Event String:
    The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.local. 600 IN SRV 0 100 389 DC2.mydomain.local.' failed on the following DNS server:
    ......................... DC2 failed test SystemLog
    Starting test: VerifyReferences
    Some objects relating to the DC DC2 have problems:
    [1] Problem: Missing Expected Value
    Base Object:
    CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=loca l
    Base Object Description: "DSA Object"
    Value Object Attribute Name: serverReferenceBL
    Value Object Description: "SYSVOL FRS Member Object"
    Recommended Action: See Knowledge Base Article: Q312862

    ......................... DC2 failed test VerifyReferences


    Running partition tests on : Schema
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation

    Running partition tests on : Configuration
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation

    Running partition tests on : mydomain
    Starting test: CheckSDRefDom
    ......................... mydomain passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... mydomain passed test CrossRefValidation

    Running enterprise tests on : mydomain.local
    Starting test: LocatorCheck
    ......................... mydomain.local passed test LocatorCheck
    Starting test: Intersite
    ......................... mydomain.local passed test Intersite

    I don't even know where to start,

    thank you if you can help

  • #2
    Re: 2003 DC1 & 2008 DC2 - Replication Issues

    Did you run 'forestprep' and 'domainprep' before promoting the 2008 server to a DC? The Active Directory of 2008 isn't identical to 2003's version, so you're expected to use the 2008's '...prep' tools to get the domain ready to add a 2008-based DC to your 2003 system. Was that done? If not, do some research on how best to recover from it.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment

    Working...
    X