Announcement

Collapse
No announcement yet.

W2K8 R2 AD/DNS issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • W2K8 R2 AD/DNS issues

    Iím having an issue with our AD server and DNS. The initial problem was that the time and date on several of our servers got changed due to an oversight and wasnít corrected for 20-30 minutes. Now some of our users are unable to map drives using our DFS path, mycompany.com\data. However, they can map to that path if they directly map to the server instead. I also get the error ďNaming information cannot be located because: The target principal name is incorrect.Ē when I try to open ADUC from my machine. Any ideas? Iím including a dcdiag with this post. (I left the partition tests off since they all passed and I needed to make room so that this question would post) Thanks!


    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server...
    Home Server = OurServer
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: City\OurServer
    Starting test: Connectivity
    ......................... OurServer passed test Connectivity

    Doing primary tests

    Testing server: City\OurServer
    Starting test: Advertising
    ......................... OurServer passed test Advertising
    Starting test: FrsEvent
    ......................... OurServer passed test FrsEvent
    Starting test: DFSREvent
    ......................... OurServer passed test DFSREvent
    Starting test: SysVolCheck
    ......................... OurServer passed test SysVolCheck
    Starting test: KccEvent
    An error event occurred. EventID: 0xC00007FA
    Time Generated: 10/22/2013 09:45:20
    Event String:
    It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

    An error event occurred. EventID: 0xC00007FA
    Time Generated: 10/22/2013 09:45:20
    Event String:
    It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

    An error event occurred. EventID: 0xC00007FA
    Time Generated: 10/22/2013 09:45:20
    Event String:
    It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

    An error event occurred. EventID: 0xC00007FA
    Time Generated: 10/22/2013 09:45:20
    Event String:
    It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

    An error event occurred. EventID: 0xC00007FA
    Time Generated: 10/22/2013 09:45:31
    Event String:
    It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

    An error event occurred. EventID: 0xC00007FA
    Time Generated: 10/22/2013 09:50:27
    Event String:
    It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

    An error event occurred. EventID: 0xC00007FA
    Time Generated: 10/22/2013 09:50:47
    Event String:
    It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

    ......................... OurServer failed test KccEvent
    Starting test: KnowsOfRoleHolders
    ......................... OurServer passed test KnowsOfRoleHolders
    Starting test: MachineAccount
    ......................... OurServer passed test MachineAccount
    Starting test: NCSecDesc
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
    Replicating Directory Changes In Filtered Set
    access rights for the naming context:
    DC=ForestDnsZones,DC=OurDomain,DC=com
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
    Replicating Directory Changes In Filtered Set
    access rights for the naming context:
    DC=DomainDnsZones,DC=OurDomain,DC=com
    ......................... OurServer failed test NCSecDesc
    Starting test: NetLogons
    ......................... OurServer passed test NetLogons
    Starting test: ObjectsReplicated
    ......................... OurServer passed test ObjectsReplicated
    Starting test: Replications
    [Replications Check,OurServer] A recent replication attempt failed:
    From OurServer2 to OurServer
    Naming Context: DC=ForestDnsZones,DC=OurDomain,DC=com
    The replication generated an error (8614):
    The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

    The failure occurred at 2013-10-22 09:45:20.
    The last success occurred at 2013-01-22 14:10:07.
    93 failures have occurred since the last success.
    [Replications Check,OurServer] A recent replication attempt failed:
    From OurServer2 to OurServer
    Naming Context: DC=DomainDnsZones,DC=OurDomain,DC=com
    The replication generated an error (8614):
    The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

    The failure occurred at 2013-10-22 09:45:20.
    The last success occurred at 2013-01-22 14:10:07.
    93 failures have occurred since the last success.
    [Replications Check,OurServer] A recent replication attempt failed:
    From OurServer2 to OurServer
    Naming Context: CN=Schema,CN=Configuration,DC=OurDomain,DC=com
    The replication generated an error (8614):
    The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

    The failure occurred at 2013-10-22 09:45:20.
    The last success occurred at 2013-01-22 14:10:07.
    93 failures have occurred since the last success.
    [Replications Check,OurServer] A recent replication attempt failed:
    From OurServer2 to OurServer
    Naming Context: CN=Configuration,DC=OurDomain,DC=com
    The replication generated an error (8614):
    The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

    The failure occurred at 2013-10-22 09:50:27.
    The last success occurred at 2013-01-22 14:15:13.
    477 failures have occurred since the last success.
    [Replications Check,OurServer] A recent replication attempt failed:
    From OurServer2 to OurServer
    Naming Context: DC=OurDomain,DC=com
    The replication generated an error (8614):
    The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

    The failure occurred at 2013-10-22 09:52:05.
    The last success occurred at 2013-01-22 14:28:34.
    5557 failures have occurred since the last success.
    ......................... OurServer failed test Replications
    Starting test: RidManager
    ......................... OurServer passed test RidManager
    Starting test: Services
    ......................... OurServer passed test Services
    Starting test: SystemLog
    A warning event occurred. EventID: 0x00001695
    Time Generated: 10/22/2013 09:35:04
    Event String:
    Dynamic registration or deletion of one or more DNS records associated with DNS domain 'OurDomain.com.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

    ......................... OurServer failed test SystemLog
    Starting test: VerifyReferences
    ......................... OurServer passed test VerifyReferences

  • #2
    Re: W2K8 R2 AD/DNS issues

    Your domain appears to have lost time sync between DCs, so your domain replication has stopped working.

    The PDC role holder is the source of time for your domain. Ideally you should reference it to some standard, on-line even. Any other DCs will, by default in a domain, get their times from the PDC. Every other client machine in the domain, server and workstation, will get it's time from whatever DC answers those requests. The settings for this normally work by default without any changes on your part when a domain is set up. The only thing you need to adjust yourself is the source you want the PDC role holder to sync with.

    If you read this MS article, you can verify/setup your PDC role holder correctly:
    http://support.microsoft.com/kb/816042. Once the system event logs on that DC show entries which confirm time sync with whatever source you choose, then confirm that every other machine in your domain is set to use the default time settings. If you have Group Policy settings enforcing anything, disable/remove them and issue commands on the client, as called out at this MS site:
    http://technet.microsoft.com/en-us/l...=ws.10%29.aspx

    Once your other DCs are set like this, restart them one at a time and make sure the system logs show time sync with the PDC at startup, then check the AD logs for replication, etc. Once the DCs are talking again, restart your servers and clients.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: W2K8 R2 AD/DNS issues

      HI,

      This is a problem with you win32 time service in the server. the server acting as a NTP server if so run the following command for any errors

      w32tm/monitor

      and resync your clients with the the following command

      w32tm/resync

      good luck

      Comment

      Working...
      X