Re: AD Problems with one DC

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Ryan Hanisco (rhanisco_at_flagshipis.com)
Date: 02/07/05 

Date: Mon, 7 Feb 2005 15:28:30 -0600

Well... start with any of the tests that the DCs failed and anything that
didn't come back as expected. It will take some time and you'll have to
read those carefully.

Did you try those with the /fix switch? 

-- 
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services
"jessem" <jessem@discussions.microsoft.com> wrote in message
news:896F1A13-2D46-44B9-8C86-08E98306381E@microsoft.com...
> ok, I've got a lot of info but am not sure what I should be looking for or
> what to post?
>
> "Ryan Hanisco" wrote:
>
> > Jessem,
> >
> > It looks as though you are having connectivity problems between the
sites.
> > This can happen for a number of reasons and we'd need more information
to
> > troubleshoot this.
> >
> > Here are some things to try
> > 1. Make sure that you have a stable connection that is not
oversubscribed
> > between these sites.
> > 2. Install the support tools and run replmon to force replication..
then
> > have it give you a diagnostic
> >    Select: Action | Server | Generate Status Report
> > 3. Use DCDIAG to give a general status of the server
> >      DCDIAG /s:<ServerName> /v /c <enter>
> > 4.Use NETDIAG /v  to get your network statistics
> >
> > These should give you enough information to continue troubleshooting...
and
> > remember that there is a /fix switch on these that can resolve minor
> > problems.
> >
> > From there, post again and we can help with more specific problems.
> > -- 
> > Ryan Hanisco
> > MCSE, MCDBA
> > Flagship Integration Services
> >
> > "jessem" <jessem@discussions.microsoft.com> wrote in message
> > news:1C32FB09-A638-46C8-864C-1290647E8FCC@microsoft.com...
> > > Hello, I have 5 DC's on my Windows 2000 AD Domain.  Everything was
working
> > > fine till I noticed some errors on one of the DC's and only one of
them.
> > > Please see error below:
> > >
> > > The attempt to establish a replication link with parameters
> > > Partition: CN=Schema,CN=Configuration,DC=mydomain,DC=com
> > > Source DSA DN: CN=NTDS
> > >
> >
Settings,CN=DC2,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=mydomain,DC
> > =com
> > > Source DSA Address:
> > 155ec0d0-681f-4cb8-b0a7-5b046f3fe6c4._msdcs.mydomain.com
> > > Inter-site Transport (if any): CN=IP,CN=Inter-Site
> > > Transports,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> > > failed with the following status:
> > > Access is denied.
> > > The record data is the status code.  This operation will be retried.
> > >
> > > Then I get this error,
> > >
> > > The Directory Service consistency checker has determined that either
(a)
> > there
> > > is not enough physical connectivity published via the Active Directory
> > Sites
> > > and
> > > Services Manager to create a spanning tree connecting all the sites
> > containing
> > > the Partition CN=Configuration,DC=mydomain,DC=com, or (b) replication
> > cannot
> > > be performed with one or more
> > > critical servers in order for changes to propagate across all sites
(most
> > > often
> > > due to the servers being unreachable).
> > > For (a), please use the Active Directory Sites and Services Manager to
do
> > one
> > > of the following:
> > > 1. Publish sufficient site connectivity information such that the
system
> > can
> > > infer a route by which this Partition can reach this site.  This
option is
> > > preferred.
> > > 2. Add an ntdsConnection object to a Domain Controller that contains
the
> > > Partition CN=Configuration,DC=mydomain,DC=com in this site from a
Domain
> > > Controller that contains the same
> > > Partition in another site.
> > > For (b), please see previous events logged by the NTDS KCC source that
> > > identify the servers that could not be contacted.
> > >
> > > I don't understand where this is getting denied?? Can someone help me
with
> > > the ACCESS IS DENIED error?  Everything was working fine and I didn't
> > change
> > > anything???
> > >
> >
> >
> >

Relevant Pages

  • Re: AD Problems with one DC
    ... "Ryan Hanisco" wrote: ... > It looks as though you are having connectivity problems between the sites. ... >> infer a route by which this Partition can reach this site. ... >> identify the servers that could not be contacted. ...
    (microsoft.public.win2000.active_directory)
  • Re: terminal server config
    ... > Ryan Hanisco formulated the question: ... >> FlagShip Integration Services ... >>> what is the best way to apply a GPO for terminal servers so users get a ... > it makes the GPO troubleshooting a bit harder ...
    (microsoft.public.win2000.group_policy)
  • Re: Very Strange Network Problem HELP!!!
    ... 'zero connectivity' and worries about 'touching' the old network seem odd. ... First, a single user, with the servers on just ... > switch, and we do have the problem again. ...
    (microsoft.public.win2000.networking)
  • Re: AD Sites and Services Replication
    ... > that either there is not enough physical connectivity ... > often due to the servers being unreachable). ... This can be either indicative of a DNS lookup problem (ISP's DNS server ... I've seen this problem also come up between two partners in different sites ...
    (microsoft.public.windows.server.active_directory)
  • Re: Dcidag errors
    ... Port blockage between servers ... Other sorts of networking issues (lack of connectivity between the points ... These errors are typically a result of a network connectivity issue of some ... > replicating this nc. ...
    (microsoft.public.windows.server.active_directory)