Re: One way AD replication problem (Continued)
- From: "Jorge de Almeida Pinto" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Thu, 22 Dec 2005 23:18:01 +0100
http://www.microsoft.com/technet/prodtechnol/exchange/Analyzer/9a94d369-36f9-4bf3-b253-45a2d1955a26.mspx
accessing the GC in a secure is by using port 3269.
>From here it is a bit difficult to say if your issue has been solved.
--
Cheers,
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"Pete Persing" <Peter@xxxxxxxxxxx> wrote in message
news:1ielq1tsimg08vrnsqq8o0hkbi9pgvvsvv@xxxxxxxxxx
> Jorge, I reposted this to get your attention since you didn't notice
> my last updates.
>
> I think I'm out of the woods. Here is what I did. I decided I
> would try the easy ones first. The first thing I did was to backup
> both domain controllers. Then I:
>
> 1. Ran an offline defragmentation. Didn't help.
> 2. Then I ran a semantic check of the data base. It showed some errors
> in the log but not the error I expected to see.
> 3. Ran a semantic check of the data base with "fix". Didn't see any
> messages of correcting any errors or failures to correct any errors
> Output was identical to the output of #2.
> 4. Ran another off line defragmentation.
> 5. Ran another check of the database without fix and the same errors
> were still there. Don't understand this. Is that an indication that
> the errors were not serious?
> 6. Brought both DC's back up, cleared the Global Catalog check box on
> the primary DC and rebooted. Primary DC said "No longer a global
> catalog".
> 7. Used ldap to look at the GC through port 3269. Showed the bad
> record was still there on the primary DC. Obvious that I don't
> understand the active directory structure. I thought that I would be
> unable to get to that port on the primarydc.
> 8. Set the primarydc to be a global catalog server again. Waited until
> replication was complete and the event log said "Now a catalog
> server".
> 9. I went to the Users computer that had the bad printer entry. I
> removed it from the domain and made it a member of a workgroup and
> rebooted it.
> 10. I went back into Users and computers on the domain controllers and
> that computer name was now shown with a red X through it.
> 11. Using active directory Users and computers I deleted the computer
> with the bad record from the domain.
> 12. Using ldp I checked the deleted items on both domain controllers
> and the computer record was now in the deleted items branch on both
> computers.
> 13. I went back to the users computer and attempted to rejoin it to
> the domain. I got an error message that said the action could not be
> completed because there was a duplicate name in the sam data base. I
> tried it again and it worked. Going back to the domain controller I
> looked in the event log and saw that duplicate entries had been
> deleted from the sam data base followed by the successful join of the
> computer to the domain.
> 14. Checking both DC's I saw that the entries in the active directory
> for the computer were identical after replication completed.
> 15. I went back to the User computer that was the source of all the
> problems in the first place and checked "List in directory" for the
> laserjet printer.
> 16. The entry was successfully updated and replicated to both DC's
> without any error messages.
> 17. After that I made sure that replication worked both directions,
> online reorganization of the active directory data base worked, and I
> could search the global catalog from machines logged on to both the
> DC's.
> 18. I then took a full backup of both DC's.
> 19. They both seem to be running fine, although I don't know what will
> happen in 90 days when the deleted objects tombstone out and the
> system tries to delete them.
>
> Now, just a couple of questions. I thought that ldap port 389 accessed
> the active directory. I thought that port 3268 accessed the GC, and
> that port 3269 accessed the GCSSL because that is what is displayed in
> ldp when I open those ports. What is the real story? What is the GCSSL
> anyhow? I thought port 3269 was used for secure access to the global
> catalog, but I thought the same data being accessed as when I went
> through port 3268. However, I got the bad record when using port 3269
> and it was missing if I used port 3268 so that must not be true. Why
> didn't recreating the global catalog fix my problem? Do you think I
> have fixed the problem now?
>
> Any words of wisdom appreciated.
>
>
> On Sun, 11 Dec 2005 23:24:12 +0100, "Jorge de Almeida Pinto"
> <SubstituteThisWithMyFullNameSeperatedByDots@xxxxxxxxx> wrote:
>
>>Make sure you have a full backup of the server.
>>
>>Well as the repadmin tool will not work, you "un-GC" the DC, wait until it
>>says it is no GC anymore, and make it a GC again
.
- References:
- One way AD replication problem (Continued)
- From: Pete Persing
- One way AD replication problem (Continued)
- Prev by Date: Re: ADUC - Default CN Format
- Next by Date: Re: Distribution List issue
- Previous by thread: One way AD replication problem (Continued)
- Next by thread: Name Translation
- Index(es):
Relevant Pages
|
