Re: active directory replication
- From: "rodge" <rodge@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 23 Jan 2006 09:37:02 -0800
Herb,
yes, I saw those errors(missing dc names), and I have seen them before. I
opened a case with Micorsoft support for them before and We were able to
clear up that problem, but I will look into that again.
DFS and sysvol are definitely a weak spot for me, but I did notice that in
the sysvol directory, there were two extra folders that seemed to be copies
of the policies and scripts folders, but with slighly different names. I
moved them to another directory temporarily. The scripts folder was less than
200 KB, but the policy folder was 15MB, not sure if that is normal or not.
I did notice what you said about the dfs replication, I think. I had created
a script on friday and although I'm not sure how quickly that should
replicate, it did not, even with replmon(but maybe replmon does replicate
dfs, I am not sure).
There are no local firewalls that would prevent dfs replication, the only
firewall is for internet traffic and all internet traffic has to go through
one router at our main office. We have another router that sits under the isp
router that takes care of local traffic on our WAN.
Our DNS was a single primary zone when I arrived here and through use of
folks on this community I switched to AD integrated DNS. I am certain there
was plenty I missed on setup because of using a community board, so there are
more than likely issues there, but I did work with someone from Microsoft to
make sure that the network setting for each DC was correct. Each DC looks to
our main office dc(maindc) for DNS first and has itself second. I honestly
don't know what you mean by dynamic for the zone supporting AD? I think you
mean under the dns snapin, if I look at the domain properties, it should be
set to dynamic updates? Is that correct? We just have the one domain at this
point. I will look through your response more deeply now and work through
everything you mentioned. Is there anything else that I could post here
pertaining to our environment that could be helpful?
"Herb Martin" wrote:
> "rodge" <rodge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:8D8AB409-E88B-425B-91E9-C374A133F194@xxxxxxxxxxxxxxxx
> > netdiag:
>
> You have (at least) problems missing names for DCs
> and with FRS (file replication service) for SysVol and
> since you are also using DFS you may have other problems
> with DFS based on FRS.
>
> If you run DCDiag on each of the other (especially) problem
> DCs you should see further errors (due to their inability to
> register themselves.
>
> You might try, "DCDiag /fix" (or "NetDiag /fix") on each of
> those but likely you will first need to repair your DNS configuration.
> (see below for hints).
>
> [I am not quite sure why your DNS is not showing MORE errors
> in DCDiag though. ]
>
> Quick try on FRS: Do you have firewalls that might be preventing
> this replication? Otherwise this may clear up when the DNS problems
> are fixed.
>
> Most common reasons for DNS issue (which might also affect the
> FRS) are EITHER:
>
> 1) Zone (primary etc) is not DYNAMIC
> 2) DCs are NOT set STRICTLY to use INTERNAL DNS
> (on their NIC properties)
> 3) DCs cannot find or cannot contact the Primary/Master
> (routing, firewalls, etc) to perform the registration
> 4) Multiple Masters (AD Integrated) are NOT replicating,
> OR Secondaries cannot copy records from their Master
>
> Tell us about your DNS? AD Integrated? Single Primary?
> Dynamic for the zone that corresponds to your AD Domain?
> (See below for Hints.)
>
> Hints on DNS for AD
> 1) Dynamic for the zone supporting AD
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
> 3) DCs and even DNS servers are DNS clients too -- see #2
> 4) If you have more than one Domain, every DNS server must
> be able to resolve ALL domains (either directly or indirectly)
>
> netdiag /fix
>
> ....or maybe:
>
> dcdiag /fix
>
> (Win2003 can do this from Support tools):
> nltest /dsregdns /server:DC-ServerNameGoesHere
> http://support.microsoft.com/kb/q260371/
>
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
>
> Also useful may be running DCDiag on each DC, sending the
> output to a text file, and searching for FAIL, ERROR, WARN.
>
> --
> Herb Martin
>
> >
> >
> > Gathering IPX configuration information.
> > Opening \Device\NwlnkIpx failed
> > Querying status of the Netcard drivers... Passed
> > Testing IpConfig - pinging the Primary WINS server... Passed
> > Testing Domain membership... Passed
> > Gathering NetBT configuration information.
> > Testing for autoconfiguration... Passed
> > Testing IP loopback ping... Passed
> > Testing default gateways... Passed
> > Enumerating local and remote NetBT name cache... Passed
> > Testing the WINS server
> > Local Area Connection 2
> > Sending name query to primary WINS server 10.0.8.80 -
> > querying name MAINDC on server 10.0.8.80
> > bytes sent 50
> > Passed
> > There is no secondary WINS server defined for this adapter.
> > Gathering Winsock information.
> > Testing DNS
> > PASS - All the DNS entries for DC are registered on DNS server
> > '10.0.8.45' and other DCs also have some of the names registered.
> > Testing redirector and browser... Passed
> > Testing DC discovery.
> > Looking for a DC
> > Looking for a PDC emulator
> > Looking for a Windows 2000 DC
> > Gathering the list of Domain Controllers for domain 'FUNC'
> > DC list for domain FUNC:
> > hagerstown.func.com [DS] Site: Hagerstown
> > Cannot get information for DC hagerstown.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > FROSTBURG.FUNC.COM [DS] Site: Frostburg
> > Cannot get information for DC FROSTBURG.FUNC.COM.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > GRANTSVILLE.func.com [DS] Site: Grantsville
> > Cannot get information for DC GRANTSVILLE.func.com.
> > [NERR_ServerNotStarted] Assume it is down.
> > FRIENDSVILLE.func.com [DS] Site: Friendsville
> > Cannot get information for DC FRIENDSVILLE.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > RIVERSIDE.func.com [DS] Site: Riverside
> > Cannot get information for DC RIVERSIDE.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > BALLENGER.func.com [DS] Site: Ballenger
> > Cannot get information for DC BALLENGER.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > smithsburg.func.com [DS] Site: Smithsburg
> > Lake.func.com [DS] Site: Lake
> > whiteoaks.func.com [DS] Site: Whiteoaks
> > Cannot get information for DC whiteoaks.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > centercity.func.com [DS] Site: Centercity
> > Cannot get information for DC centercity.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > Moorefield.func.com [DS] Site: Moorefield
> > Cannot get information for DC Moorefield.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > Tritowns.func.com [DS] Site: Tritowns
> > Cannot get information for DC Tritowns.func.com.
> > [ERROR_NETNAME_DELETED]
> > Assume it is down.
> > Belair.func.com [DS] Site: Belair
> > BARTON.func.com [DS] Site: Barton
> > martinsburg.func.com [DS] Site: Martinsburg
> > Cannot get information for DC martinsburg.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > sberkeley.func.com [DS] Site: SBerkeley
> > Cannot get information for DC sberkeley.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > sfoxcroft.func.com [DS] Site: SFoxcroft
> > Cannot get information for DC sfoxcroft.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > EdwinMiller.func.com [DS] Site: EdwinMiller
> > Cannot get information for DC EdwinMiller.func.com.
> > [NERR_ServerNotStarted] Assume it is down.
> > midtowns.func.com [DS] Site: Main
> > sabraton.func.com [DS] Site: Sabraton
> > Cannot get information for DC sabraton.func.com.
> > [ERROR_NETNAME_DELETED]
> > Assume it is down.
> > mburgoakfirst.func.com [DS] Site: MBurgOakFirst
> > Cannot get information for DC mburgoakfirst.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > hagoakfirst.func.com [DS] Site: Hagoakfirst
> > Cannot get information for DC hagoakfirst.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > starcity.func.com [DS] Site: Starcity
> > Cannot get information for DC starcity.func.com.
> > [ERROR_NETNAME_DELETED]
> > Assume it is down.
> > myersvilledc.func.com [DS] Site: Myersville
> > Cannot get information for DC myersvilledc.func.com.
> > [ERROR_NETNAME_DELETED] Assume it is down.
> > tsdc.func.com [DS] Site: Main
> > keyserdc.func.com [DS] Site: Keyser
> > Cannot get information for DC keyserdc.func.com.
> > [NERR_ServerNotStarted]
> > Assume it is down.
> > lattmandc.func.com [DS] Site: Littman
> > maindc.func.com [PDC emulator] [DS] Site: Main
> > potomacdc.func.com [DS] Site: Potomac
> > Cannot get information for DC potomacdc.func.com.
> > [NERR_ServerNotStarted] Assume it is down.
> > Cannot get information for DC BARTON.func.com. [ERROR_NETNAME_DELETED]
> > Assume it is down.
> > Cannot get information for DC Belair.func.com. [ERROR_NETNAME_DELETED]
> > Assume it is down.
> > Cannot get information for DC Lake.func.com. [ERROR_NETNAME_DELETED]
> > Assume it is down.
> > Testing trust relationships... Skipped
> > Testing Kerberos authentication... Passed
> > Testing LDAP servers in Domain FUNC ...
> > Gathering routing information
> > Gathering configuration of bindings.
> > Gathering RAS connection information
> > Gathering Modem information
> > Gathering Netware information
> > Gathering IP Security information
> >
> > Tests complete.
> >
> >
> > Computer Name: MAINDC
> > DNS Host Name: maindc.func.com
> > DNS Domain Name: func.com
> > System info : Windows 2000 Server (Build 3790)
> > Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
> > Hotfixes :
> > Installed? Name
> > Yes KB890046
> > Yes KB893756
> > Yes KB896358
> > Yes KB896422
> > Yes KB896424
> > Yes KB896428
> > Yes KB896688
> > Yes KB898715
> > Yes KB899587
> > Yes KB899588
> > Yes KB899589
> > Yes KB899591
> > Yes KB900725
> > Yes KB901017
> > Yes KB901214
> > Yes KB902400
> > Yes KB904706
> > Yes KB905414
> > Yes KB905915
> > Yes KB908519
> > Yes KB910437
> > Yes KB912919
> > Yes Q147222
> >
> >
> > Netcard queries test . . . . . . . : Passed
> >
> >
>
>
>
.
- Follow-Ups:
- Re: active directory replication
- From: Herb Martin
- Re: active directory replication
- References:
- Re: active directory replication
- From: Herb Martin
- Re: active directory replication
- From: rodge
- Re: active directory replication
- From: Herb Martin
- Re: active directory replication
- From: rodge
- Re: active directory replication
- From: Herb Martin
- Re: active directory replication
- Prev by Date: Re: Restricting 'Password Never Expires' setting for Account Operators
- Next by Date: OU Permissions for GPO
- Previous by thread: Re: active directory replication
- Next by thread: Re: active directory replication
- Index(es):
Relevant Pages
|
Loading
