Re: DSAccess sees multiple servers but only uses two in a child domain
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Sat, 15 Jul 2006 13:22:55 -0400
Looking at that info, that is exactly what I would expect it do be doing.
From the 2080 event output it appears that the only domain that has had Exchange Domain Prep successfully run against is zzz.yyy.xxx.org.
Check out
http://support.microsoft.com/kb/316300
and focus on the column SACL right
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================
rcgepcttthp@xxxxxxxxxx wrote:
This is a repost here as the other post on Microsoft.Public.Exchange.
didn't yield any responses.
I have a problem whereby DSAccess is discovering the following:
Process STORE.EXE (PID=3620). DSAccess has discovered the following
servers with the following characteristics:
(Server name | Roles | Reachability | Synchronized | GC capable | PDC
| SACL right | Critical Data | Netlogon)
In-site:
srv1.xxx.org CDG 7 7 1 0 0 1 7
srv2.xxx.org CD- 6 6 0 0 0 1 6
srv3.zzz.yyy.xxx.org CDG 7 7 1 0 1 1 7
srv4.yyy.xxx.org CDG 7 7 1 0 0 1 7
srv5.yyy.xxx.org CD- 6 6 0 0 0 1 6
srv6.yyy.xxx.org CDG 7 7 1 0 0 1 7
srv7.xxx.org CDG 7 7 1 0 0 1 7
srv8.yyy.xxx.org CDG 7 7 1 0 0 1 7
srv9.yyy.xxx.org CDG 7 7 1 0 0 1 7
srv10.yyy.xxx.org CD- 6 6 0 0 0 1 6
srv11.zzz.yyy.xxx.org CDG 7 7 1 0 1 1 7
However, the only servers that the Exchange boxes (I have multiple) are
using for Directory Access are the srv3.zzz.yyy.xxx.org and the
srv11.zzz.yyy.xxx.org servers and all the other servers do not show up
in the list. Also, if srv11 is taken offline then only srv3 is found
so DSAccess is not load balancing properly.
All servers are in the same site and physical location and the forest
topology looks like this:
xxx.org (Native Mode Parent)
- yyy.xxx.org (Mixed Mode Child Domain)
- zzz.yyy.xxx.org (Native Mode Child Domain) - Used for
Distribution Lists
I have tried a number of things including netdiag & dcdiag and the only
thing I'm coming up with as a "failure" is that the Service Principal
Names during an LDAP lookup on the yyy.xxx.org servers is failing.
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC
'srv4.xxx.yyy.org'.
[WARNING] Failed to query SPN registration on DC
'srv5.xxx.yyy.org'.
[WARNING] Failed to query SPN registration on DC
'srv6.xxx.yyy.org'.
[WARNING] Failed to query SPN registration on DC
'srv8.xxx.yyy.org'.
[WARNING] Failed to query SPN registration on DC
'srv9.xxx.yyy.org'.
[WARNING] Failed to query SPN registration on DC
'srv10.xxx.yyy.org'.
This may be due to the fact that I'm not an Enterprise Admin but rather
a domain admin but I doubt it - and I have no idea whether this is
related to the exchange issue. My guess is no because the yyy.org
servers in the parent domain don't have this SPN issue and they are not
being used by Exchange either.
Please help. Thanks
Paul
- References:
- DSAccess sees multiple servers but only uses two in a child domain
- From: rcgepcttthp
- DSAccess sees multiple servers but only uses two in a child domain
- Prev by Date: DSAccess sees multiple servers but only uses two in a child domain
- Next by Date: Re: Enabling Assistant Filed in GAL
- Previous by thread: DSAccess sees multiple servers but only uses two in a child domain
- Next by thread: Re: Enabling Assistant Filed in GAL
- Index(es):
Relevant Pages
|
