Re: Active Directory Replication Monitor can't open domaincontroller

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Move this dc back to the subnet where you aren't getting errors and re-run
the tests. the local configuration you have has nothing to do with your
router definitions. Check with your network person.

If you do a route print on the failing machine it will tell you his defined
route paths but this may have no difference if it is your router that is
causing the problem.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Joris Kemperman" <jkemperman@xxxxxxxxxxxxxxxx> wrote in message
news:f2f0gf$176$1@xxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Paul,

Pretty strange... gateway's are okay, subnetmasks are okay aswell. Hosts
can ping eachother, no ports are closed on the firewall.

I've tried your DCDIAG command on my domaincontroller, this is only the
last part of it (summary):
Test results for domain controllers:

DC: fserver.za.domain.local
Domain: za.domain.local


TEST: Authentication (Auth)
Error: Authentication failed with specified credentials
[Error details: 1203 (Type: Win32 - Description: No
network provider accepted the given network path.) - Add connection
failed]

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 1.0) is supported
Error: Open Service Control Manager failed
[Error details: 1722 (Type: Win32 - Description: The RPC
server is unavailable.) - Could not open Service Control Manager]
Total query time:0 min. 0 sec.. Total RPC connection time:0
min. 0 sec.
Total WMI connection time:0 min. 1 sec. Total Netuse
connection time:0 min. 0 sec.

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg
Ext

________________________________________________________________
Domain: za.domain.local
fserver FAIL FAIL n/a n/a n/a n/a n/a

Total Time taken to test all the DCs:0 min. 1 sec.
......................... domain.local failed test DNS

As far as i can see it seems to be an authentication problem?

Thanks for your help, i really appiciate it!

Joris

"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uwfx3r7lHHA.208@xxxxxxxxxxxxxxxxxxxxxxx
If everything works fine as long as they are in the same subnet and then
you change the subnets, it points to routing issues, which has nothing to
do with AD.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Joris Kemperman" <jkemperman@xxxxxxxxxxxxxxxx> wrote in message
news:f2eulj$3j1$1@xxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Paul,

First of all thanks for your help.

I looked at the Event Log in the Childdomains and no errors/warnings are
found in Directory Service and System log!

I have to say:

All the Childdomains are in different subnets. When i place the
domaincontrollers in the subnet where the root domaincontrollers operate
(192.168.8.0/24), i receive no errors! Once i set up sites for these
childdomains and place them in the proper subnets where they should
belong (192.168.9.x/29) i run into these problems. (proper subnets have
been assigned to each site in AD Sites and Services)

Regards,
Joris

"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23nSInZ7lHHA.4188@xxxxxxxxxxxxxxxxxxxxxxx
Do you have any errors in the event logs of any of your child domain
controllers?

Are there any firewalls between the domains?

DNS issues?
From child and root dc's, from a command prompt try running dnslint /ad
/s "ip address of your dc"

Description and download of DNSLint
http://support.microsoft.com/kb/321045


Run diagnostics against your Active Directory domains.

If you don't have the tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

**Note: Using the /E switch in dcdiag will run diagnostics against ALL
dc's in the forest. If you have significant numbers of DC's this test
could generate significant detail and take a long time. You also want
to take into account slow links to dc's will also add to the testing
time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be
output in notepad text files that pop up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave
the default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.



--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Joris Kemperman" <jkemperman@xxxxxxxxxxxxxxxx> wrote in message
news:f2elt4$kh5$1@xxxxxxxxxxxxxxxxxxxxxxxxxx
Hi everyone,

Hope someone knows what's going on...

Our setup:
1 root domain with 2 DC's incl. Global Catalog
4 Subdomains with every one of them one single DC+Global Catalog.
Forestlevel : 2003 navtive
Domanilevel: 2003 native

The thing is, once i open the Replication Monitor Tool and open one of
my root domaincontrollers, everything looks okay. Once i open a
domaincontroller in one of my subdomains, i receive an error message
indicating that "the server could not be found or your have
insufficient rights to read the status of that server".

I do have transitive trusts between the root domain and the
subdomains, for example: i can login with my root domain administrator
account on all subdomain servers.

Anyone here that can tell me what my problem is?

Many Regards,
Joris Kemperman











.

Relevant Pages

  • Re: Active Directory Replication Monitor cant open domaincontroller
    ... MicrosoftWindowsServer 2003, Standard Edition ... All the Childdomains are in different subnets. ... Run dcdiag, netdiag and repadmin in verbose mode. ... I do have transitive trusts between the root domain and the subdomains, ...
    (microsoft.public.win2000.active_directory)
  • Re: DCs on subnets
    ... right way (site with its subnets) ... Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to add a site ?
    ... > Do I need to first make the ca server a dc in the company domain, ... create the necessary subnets and sites and move server ... Microsoft MVP - Windows Server - Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • RE: Anonymizing Packets yet ensuring 0 % packet loss
    ... IBM, SUN SOLARIS, CISCO & MICROSOFT ... Tor is an open network you can use for this - this is frowned upon by Tor ... exit server traffic and block them the minute they see probes/attacks from ... enumerate the services, administration subnets, department subnets, ...
    (Pen-Test)
  • RE: Anonymizing Packets yet ensuring 0 % packet loss
    ... IBM, SUN SOLARIS, CISCO & MICROSOFT ... Tor is an open network you can use for this - this is frowned upon by Tor ... exit server traffic and block them the minute they see probes/attacks from ... enumerate the services, administration subnets, department subnets, ...
    (Security-Basics)