Re: Replication Problem
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 01/22/05
- Next message: Cary Shultz [A.D. MVP]: "Re: Domain membership across a firewall"
- Previous message: Ido Ran: "Replication Problem"
- In reply to: Ido Ran: "Replication Problem"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 22 Jan 2005 12:49:57 -0000
Two months is looking like the tombstone period has expired (60 days by
default). This is probably the problem.
Out of your possible solutions, I'd say number one is a no-go -it won't
work. Number two is the best solution.
The question here, is if both DCs in the site are up-to-date or not.
You could try resetting the secure channel with the DCs in the other site.
However, if 60 days have passed, the best thing to do is demote both DCs in
this site (using /forceremoval if necessary), running a metadata cleanup and
then re-promoting the DCs.
Perhaps you will learn some good lessons here:
-- Fix replication problems ASAP.
-- Don't configure the bridgehead servers manually. Let the ISTG do it.
This way, the KCCs can fail-over.
-- Paul Williams http://www.msresource.net http://forums.msresource.net "Ido Ran" <ido.ran@gmail.com> wrote in message news:ejjLV4HAFHA.3592@TK2MSFTNGP09.phx.gbl... Hello, I have a Windows 2000 domain scatered over several sites. In is a single domain in the forest. Each site has two DCs in it. We have setup the iner-site replication topology in Sites and Services snap-in and everything works fine. About two mounth ago on of the servers has been shout-down, that server was the bridge-head server in it site. The KDC has not moved the bridge-head to the second DC in that site. Now, two mounth later I have restarted the server. The problem: The DC does not replicate with other DCs in the domain. The ReplMon tool show an "Access Denied" problem. I have searched in the MSDN and google for that problem and found a few articles but none of them solved the problem. I have tried the following solutions: * Disable the KDC service, restart the server and use netdom to reset the DC secure-channel with other DC. This did not solve the problem but it solved the intra-site replication. So now the two DCs replicate between them-selves but not with over DCs. * run RepAdmin tool with /SyncAll switch and /Sync switch Other sympthoms: When I use "net time \\otherDC" the result is "Access Denied", when I use "net time \\X.X.X.X" (The IP of OtherDC) the command complete successfully. Possible Solutions: * Backup the Active Directory database in other site and restore only the Domain Controllers OU. I hope this will resync the computer account passwords and the replication will restart to work * Demote the bridge-head server in the problematic site (possible with /force_removal), remove any leftover objects in the domain and promote the DC again. Please help me to understand what went wrong and how can I reinitiate the repliation to that site. Thank you very much, Ido.
- Next message: Cary Shultz [A.D. MVP]: "Re: Domain membership across a firewall"
- Previous message: Ido Ran: "Replication Problem"
- In reply to: Ido Ran: "Replication Problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
