Re: machine account password replication not working
- From: "Cary Shultz [A.D. MVP]" <cwshultz@xxxxxxxx>
- Date: Fri, 29 Apr 2005 09:10:49 -0400
Sorry,
Forgot a few things.
Let's do the most basic of troubleshooting. Checking for replication
issues.
Do the following on one Domain Controller. Open up the sysvol shared folder
( by default it is located at c:\winnt\SYSVOL\sysvol ) and place a simple
..txt file in there. You can do this in NotePad. Simply call it
DC0120050429.txt and in the body simply put something like...."This is
created on DC01 on April 29, 2005 at around 9:08 EDT". Then, go look at the
other Domain Controllers in that Domain and see when ( if ) that .txt file
shows up in the sysvol folder. This is checking FRS replication.
To check AD replication simply create a non-mail enabled user account
object. Does it show up within five minutes if you open up the ADUC MMC on
the other Domain Controllers in that Domain?
--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"Cary Shultz [A.D. MVP]" <cwshultz@xxxxxxxx> wrote in message
news:OqXRYrLTFHA.544@xxxxxxxxxxxxxxxxxxxxxxx
> Brandon,
>
> Not really familiar with WIN2003 ( well, not enough to be giving out any
> reasonable advice ) so this may or may not apply.
>
> Install the Support Tools on each Domain Controller and on each Member
> Server. Or, on the workstation on which you do your Admin-type work. Run
> dcdiag /v on each Domain Controller. Run netdiag /v on all servers. I
> would even redirect the output of each to a text file so that you can
> search for 'fail', 'warn' and 'error'. You do this by entering dcdiag /v
> >c:\dcdiagdc01.txt ( you can name the file whatever you like ).
>
> Not sure if repadmin is available on WIN2003. Also not sure if replmon is
> available on WIN2003. If they are take a look at them. They can be of
> great assistance ( well, in WIN2000!!! ).
>
> I am confused by the 'sometimes it works and sometimes it doesn't'. Are
> there any event ids in the appropriate logs? If so, what are they? You
> can use those log ids to find some possible solutions by going to
> http://www.eventid.net. This is a very helpful web site.
>
> Is everything okay with DNS?
>
> Is the time correct? Meaning, if you look at the clock on DC01 is the
> time the same as on DC02 and as on MEMSRVR01 and MEMSRVR02? And on the
> workstations? Or, if not, how much difference in time is there? 5
> minutes is the maximum - by default - before things start getting nasty.
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Brandon McCombs" <bmccombs@xxxxxxxxx> wrote in message
> news:42718995.E25A6B2@xxxxxxxxxxxx
>> Hello,
>>
>> I have 2 domains with 4 servers each. 2 servers are DCs and 2 servers
>> are designated file/print servers. All 8 servers are using windows
>> server 2003. For the last few weeks off and on the servers have all
>> been reporting file replication errors but seemingly overnight they go
>> away. The file/print servers were reporting that they couldn't find
>> their computer objcet in AD even though I looked and saw them plain as
>> day in the same OU they had always been in. That error showed up a
>> couple days before errors about not being able to bind to AD started
>> showing up. I found out that resetting the machine account password on
>> the file/print servers wasn't a good idea as now they can't connect to
>> AD at all, even to let a domain user authenticate to them thru Remote
>> Desktop although file share access is still possible (thank goodness).
>>
>> It sounds like that somewhere along the line when the machine account
>> password is due for a reset that the member server adn the domain
>> controllers get out of sync. The member servers reported access denied
>> errors indicating that their machine password is no longer in sync with
>> AD and AD won't let anything happen between the DCs adn the member
>> servers. Can anyone tell me as to how this might happen?
>>
>> We were also having replication issues even between 2 domain controllers
>> in the same domain (the domains involved are not in a trust
>> relationship) and it is working today between those 2 machines and I
>> didnt find out until after everyone left so I don't know if it fixed
>> itself or if someone ran the netdom command to reset their machine
>> passwords. The last time i did that it fixed replication because the
>> secure channel could be established again between the DCs but doing that
>> for the member servers today totally broke them off from the domain and
>> they will need to be rejoined from what I've read about the issue on MS
>> technet.
>>
>> thanks for any input
>>
>
>
.
- Follow-Ups:
- Re: machine account password replication not working
- From: Brandon McCombs
- Re: machine account password replication not working
- References:
- machine account password replication not working
- From: Brandon McCombs
- Re: machine account password replication not working
- From: Cary Shultz [A.D. MVP]
- machine account password replication not working
- Prev by Date: Re: Password to be changed
- Next by Date: Re: demote DC + kill domain, question
- Previous by thread: Re: machine account password replication not working
- Next by thread: Re: machine account password replication not working
- Index(es):
Relevant Pages
|
