Re: AD Replication errors
From: checchim (checchim_at_discussions.microsoft.com)
Date: 09/04/04
- Next message: Oli Restorick [MVP]: "Re: Changing User Logon Name"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: No GC - can a new one be created?"
- In reply to: Joe Richards [MVP]: "Re: AD Replication errors"
- Next in thread: Ace Fekay [MVP]: "Re: AD Replication errors"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 4 Sep 2004 13:41:01 -0700
Some background info about the network that I thought I should mention prior
to rebuilding dc2. AA-DS1 is a DC on the network. It in fact is the root DC
and is currently holding all FSMO roles. With that in mind, should I still
be concerned about the netlogon.dns file held on aa-dc2?
Michelle
"Joe Richards [MVP]" wrote:
> > Also the netlogon.dns file on aa-dc2 only references aa-dc1. Is this in
> > error?
>
> Yes and might I say a scary one. There is nothing inherent in a DC that would do
> that, someone had to do something on dc2. I would look that machine over very
> carefully and if I didn't find what was causing that, would demote it out of the
> forest and rebuild from scratch and then repromote. I wonder if someone tried to
> ghost a DC or something.
>
> joe
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
>
> checchim wrote:
> > I have attempted an ipconfig /registerdns from the DCs involved in inter-site
> > replication and all seemed fine until I get to the aa-ds2. When I attempt to
> > do an ipconfig /registerdns I receive the following error:
> >
> > Error: The system cannot find the specified file.
> > :Refreshing DNS names
> >
> > Also the netlogon.dns file on aa-dc2 only references aa-dc1. Is this in
> > error?
> >
> > I was able to succesfully do a net stop and net start netlogon however.
> > Should this suffice?
> >
> > Attempting to force replication via AD replication monitor is still
> > reporting the DSA error previously mentioned.
> >
> > Thanks for the speedy response!
> > Michelle
> > "Joe Richards [MVP]" wrote:
> >
> >
> >>You shouldn't need to restore the DNS Server, simply force registration from the
> >>DC's (ipconfig or restart netlogon) and look in DNS to see if the records get
> >>registered. You can tell what records should be registered by looking at the
> >>netlogon.dns file in the c:\windows\system32\config folder.
> >>
> >> joe
> >>
> >>--
> >>Joe Richards Microsoft MVP Windows Server Directory Services
> >>www.joeware.net
> >>
> >>
> >>
> >>checchim wrote:
> >>
> >>>I recently inherited a domain in which there was no documentation. In going
> >>>over the AD Replication Monitor, I noticed a problem with inter-site
> >>>replication. We have a single domain with 3 sites. It appears that
> >>>intra-site replication is functioning, however replication between sites is
> >>>failing with the following errors:
> >>>
> >>>------------------------------------------------------------------------------------------
> >>>
> >>>Event Type: Error
> >>>Event Source: NTDS KCC
> >>>Event Category: (1)
> >>>Event ID: 1311
> >>>Date: 9/4/2004
> >>>Time: 6:51:05 AM
> >>>User: N/A
> >>>Computer: DC-DS1
> >>>Description:
> >>>The Directory Service consistency checker has determined that either (a)
> >>>there is not enough physical connectivity published via the Active Directory
> >>>Sites and Services Manager to create a spanning tree connecting all the sites
> >>>containing the Partition CN=Configuration,DC=altarum,DC=pri, or (b)
> >>>replication cannot be performed with one or more critical servers in order
> >>>for changes to propagate across all sites (most often due to the servers
> >>>being unreachable).
> >>>
> >>>For (a), please use the Active Directory Sites and Services Manager to do
> >>>one of the following:
> >>>1. Publish sufficient site connectivity information such that the system can
> >>>infer a route by which this Partition can reach this site. This option is
> >>>preferred.
> >>>2. Add an ntdsConnection object to a Domain Controller that contains the
> >>>Partition CN=Configuration,DC=altarum,DC=pri in this site from a Domain
> >>>Controller that contains the same Partition in another site.
> >>>
> >>>For (b), please see previous events logged by the NTDS KCC source that
> >>>identify the servers that could not be contacted.
> >>>
> >>>----------------------------------------------------------------------------------------------
> >>>
> >>>Event Type: Warning
> >>>Event Source: NTDS KCC
> >>>Event Category: (1)
> >>>Event ID: 1265
> >>>Date: 9/4/2004
> >>>Time: 6:51:05 AM
> >>>User: N/A
> >>>Computer: DC-DS1
> >>>Description:
> >>>The attempt to establish a replication link with parameters
> >>>
> >>> Partition: DC=altarum,DC=pri
> >>> Source DSA DN: CN=NTDS
> >>>Settings,CN=AA-DS3,CN=Servers,CN=AnnArbor,CN=Sites,CN=Configuration,DC=altarum,DC=pri
> >>> Source DSA Address: 48b860a6-2891-4d95-a2ae-83f13bceb6fb._msdcs.altarum.pri
> >>> Inter-site Transport (if any): CN=IP,CN=Inter-Site
> >>>Transports,CN=Sites,CN=Configuration,DC=altarum,DC=pri
> >>>
> >>> failed with the following status:
> >>>
> >>> The DSA operation is unable to proceed because of a DNS lookup failure.
> >>>
> >>> The record data is the status code. This operation will be retried.
> >>>Data:
> >>>0000: 4c 21 00 00 L!..
> >>>
> >>>---------------------------------------------------------------------------------------
> >>>
> >>>When I attempt to force replication via the AD Replication Monitor, I
> >>>receive the following error:
> >>>
> >>>There was an error during queuing the synchronization. The error code was:
> >>>ERROR_REPLICA_SYNC_FAILED_THE DSA OPERATION IS UNABLE TO PROCEED BECAUSE OF A
> >>>DNS LOOKUP FAILURE.
> >>>
> >>>I have verified both DNS Forward and reverse lookup connectivity and can
> >>>reach the replicating domain controllers without any issue.
> >>>
> >>>We did test to see if changes were being replicated and were able to get 1
> >>>successful sync 2 days ago, but since then test changes made to the directory
> >>>do not appear to be synching.
> >>>
> >>>One side note, this problem may be due to a change made to the DNS server.
> >>>Our reverse lookup zones were had multiple stale records, and scavaging was
> >>>turned on briefly to test whether we could clean these up.
> >>>
> >>>I am debating doing a restore of the DNS server in effort to repair this
> >>>issue, but not being certain that this is really where the problem started, I
> >>>have been hesitant to do so.
> >>>
> >>>I need to get inter-site replication up and functional as soon as possible,
> >>>and would appreciate any assistance you can give me.
> >>>
> >>>Thanks,
> >>>Michelle
> >>
>
- Next message: Oli Restorick [MVP]: "Re: Changing User Logon Name"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: No GC - can a new one be created?"
- In reply to: Joe Richards [MVP]: "Re: AD Replication errors"
- Next in thread: Ace Fekay [MVP]: "Re: AD Replication errors"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
