Re: No replication
- From: Randy <Randy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 5 May 2006 18:17:02 -0700
Paul,
Thanks you are right it was the IM. I ran dcdiag on the domain controllers.
I'll paste the results of one below. I have raydc1, raydc2, and rayfsrv
(Win 2K server I promoted so I could demote and replace raydc2). Now I can't
do anything with rayfsrv. I'll be happy to get it cleanly off the domain. I
will be very greatfull for any advice on this one. rayfsrv will not run the
dcdiag. It errors right off the bat.
Our DNS is a newer version of bind. I can do nslookups for all these system.
C=gops,DC=npa,DC=ic,DC=gov
......................... RAYDC2 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 8614 to 1073741823
* raydc2.XXX.AAA.BBB.XXA.XAA.SS.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6614 to 7113
* rIDPreviousAllocationPool is 6614 to 7113
* rIDNextRID: 6631
......................... RAYDC2 passed test RidManager
Starting test: MachineAccount
* SPN found
:LDAP/raydc2.XXX.AAA.BBB.XXA.XAA.SS.com/XXX.AAA.BBB.XXA.XAA.SS.com
* SPN found :LDAP/raydc2.XXX.AAA.BBB.XXA.XAA.SS.com
* SPN found :LDAP/RAYDC2
* SPN found :LDAP/raydc2.XXX.AAA.BBB.XXA.XAA.SS.com/XXX
* SPN found
:LDAP/5afe4521-61df-47e6-94b6-8ee7a3b0495d._msdcs.raydc2.XXX.AAA.BBB.XXA.XAA.SS.
com
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5afe4521-61df-47e6-94
b6-8ee7a3b0495d/raydc2.XXX.AAA.BBB.XXA.XAA.SS.com
* SPN found
:HOST/raydc2.XXX.AAA.BBB.XXA.XAA.SS.com/XXX.AAA.BBB.XXA.XAA.SS.com
* SPN found :HOST/raydc2.XXX.AAA.BBB.XXA.XAA.SS.com
* SPN found :HOST/RAYDC2
* SPN found :HOST/raydc2.XXX.AAA.BBB.XXA.XAA.SS.com/XXX
* SPN found
:GC/raydc2.XXX.AAA.BBB.XXA.XAA.SS.com/XXX.AAA.BBB.XXA.XAA.SS.com
......................... RAYDC2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... RAYDC2 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... RAYDC2 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
Checking for CN=RAYDC2,OU=Domain
Controllers,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
in domain DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=RAYDC2,CN=Servers,CN=Default-First-Sit
e-Name,CN=Sites,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com in
domain
CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com on 1 servers
Object is up-to-date on all servers.
......................... RAYDC2 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... RAYDC2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... RAYDC2 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x80000785
Time Generated: 05/06/2006 08:29:04
(Event String could not be retrieved)
......................... RAYDC2 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... RAYDC2 passed test systemlog
Starting test: VerifyReplicas
For the partition
(DC=ForestDnsZones,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
we encountered the following error retrieving the cross-ref's
(CN=0581324b-2297-4fe5-a92b-afb2d545d68d,CN=Partitions,CN=Configurat
ion,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
For the partition
(DC=DomainDnsZones,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
we encountered the following error retrieving the cross-ref's
(CN=0c67792b-d1ec-4c6d-a943-9fc058ef20f8,CN=Partitions,CN=Configurat
ion,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
......................... RAYDC2 failed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=RAYDC2,OU=Domain
Controllers,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
and backlink on
CN=RAYDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati
on,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=RAYDC2,CN=Domain System Volume (SYSVOL share),CN=File Replication
Se
rvice,CN=System,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
and backlink on
CN=RAYDC2,OU=Domain
Controllers,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=RAYDC2,CN=Domain System Volume (SYSVOL share),CN=File Replication
Se
rvice,CN=System,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
and backlink on
CN=NTDS
Settings,CN=RAYDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sit
es,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
are correct.
......................... RAYDC2 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important
DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=RAYFSRV,OU=Domain
Controllers,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
Can't determine the age of the cross-ref
CN=0581324b-2297-4fe5-a92b-afb2d545d68d,CN=Partitions,CN=Configurati
on,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
for the partition
DC=ForestDnsZones,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com,
so following errors relating to this cross-ref/partition may
disappear after replication coalesces. Please ensure that
replication is working from the Domain Naming FSMO to this DC, and
retry this test to see if errors continue.
Can't determine the age of the cross-ref
CN=0c67792b-d1ec-4c6d-a943-9fc058ef20f8,CN=Partitions,CN=Configurati
on,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
for the partition
DC=DomainDnsZones,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com,
so following errors relating to this cross-ref/partition may
disappear after replication coalesces. Please ensure that
replication is working from the Domain Naming FSMO to this DC, and
retry this test to see if errors continue.
Can't determine the age of the cross-ref
CN=Enterprise
Configuration,CN=Partitions,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,
DC=XXA,DC=SS,DC=com
for the partition
CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
,
so following errors relating to this cross-ref/partition may
disappear after replication coalesces. Please ensure that
replication is working from the Domain Naming FSMO to this DC, and
retry this test to see if errors continue.
Can't determine the age of the cross-ref
CN=Enterprise
Schema,CN=Partitions,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
for the partition
CN=Schema,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
=ic,DC=gov,
so following errors relating to this cross-ref/partition may
disappear after replication coalesces. Please ensure that
replication is working from the Domain Naming FSMO to this DC, and
retry this test to see if errors continue.
Can't determine the age of the cross-ref
CN=RAMIS,CN=Partitions,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com
for the partition
DC=ramis,DC=bad,DC=pnet,DC=gops,DC=npa,DC=ic,DC=gov, so following
errors relating to this cross-ref/partition may disappear after
replication coalesces. Please ensure that replication is working
from the Domain Naming FSMO to this DC, and retry this test to see
if errors continue.
......................... RAYDC2 failed test
VerifyEnterpriseReferences
Testing server: Default-First-Site-Name\RAYFSRV
Skipping all tests, because server RAYFSRV is
not responding to directory service requests
Testing server: Default-First-Site-Name\RAYDC1
Skipping all tests, because server RAYDC1 is
not responding to directory service requests
Running partition tests on : Schema
Starting test: CrossRefValidation
For the partition
(CN=Schema,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
we encountered the following error retrieving the cross-ref's
(CN=Enterprise
Schema,CN=Partitions,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
......................... Schema failed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
For the partition
(CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
we encountered the following error retrieving the cross-ref's
(CN=Enterprise
Configuration,CN=Partitions,CN=Configuration,DC=XXX,DC=AAA,
DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
......................... Configuration failed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : XXXX
Starting test: CrossRefValidation
For the partition
(DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com) we
encountered the following error retrieving the cross-ref's
(CN=XXX,CN=Partitions,CN=Configuration,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
......................... XXX failed test CrossRefValidation
Starting test: CheckSDRefDom
......................... XXX passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
For the partition
(DC=ForestDnsZones,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
we encountered the following error retrieving the cross-ref's
(CN=0581324b-2297-4fe5-a92b-afb2d545d68d,CN=Partitions,CN=Configurat
ion,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
......................... ForestDnsZones failed test
CrossRefValidation
Starting test: CheckSDRefDom
For the partition
(DC=ForestDnsZones,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
we encountered the following error retrieving the cross-ref's
(CN=0581324b-2297-4fe5-a92b-afb2d545d68d,CN=Partitions,CN=Configurat
ion,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
......................... ForestDnsZones failed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
For the partition
(DC=DomainDnsZones,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
we encountered the following error retrieving the cross-ref's
(CN=0c67792b-d1ec-4c6d-a943-9fc058ef20f8,CN=Partitions,CN=Configurat
ion,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
......................... DomainDnsZones failed test
CrossRefValidation
Starting test: CheckSDRefDom
For the partition
(DC=DomainDnsZones,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
we encountered the following error retrieving the cross-ref's
(CN=0c67792b-d1ec-4c6d-a943-9fc058ef20f8,CN=Partitions,CN=Configurat
ion,DC=XXX,DC=AAA,DC=BBB,DC=XXA,DC=SS,DC=com)
information:
LDAP Error 0x3a (58).
......................... DomainDnsZones failed test CheckSDRefDom
Running enterprise tests on : XXX.AAA.BBB.XXA.XAA.SS.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... XXX.AAA.BBB.XXA.XAA.SS.com passed test In
tersite
Starting test: FsmoCheck
GC Name: \\raydc1.XXX.AAA.BBB.XXA.XAA.SS.com
Locator Flags: 0xe00001fc
PDC Name: \\raydc2.XXX.AAA.BBB.XXA.XAA.SS.com
Locator Flags: 0xe00003fd
Time Server Name: \\raydc1.XXX.AAA.BBB.XXA.XAA.SS.com
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\raydc2.XXX.AAA.BBB.XXA.XAA.SS.com
Locator Flags: 0xe00003fd
KDC Name: \\raydc1.XXX.AAA.BBB.XXA.XAA.SS.com
Locator Flags: 0xe00001fc
......................... XXX.AAA.BBB.XXA.XAA.SS.com passed test Fs
moCheck
"Paul Williams [MVP]" wrote:
It was more than likely the IM, not the RID, that caused that pop-up. The.
problem it mentioned is only an issue in specific circumstances. I've
detailed this here:
-- http://www.msresource.net/content/view/14/46/
If you have actually demoted the DC in question, the problem could be that
your clients are pointing to it for DNS, and DNS was AD-Integrated DNS. You
need to ensure DNS is up and running on another DC and that clients are
pointing to this DC for DNS as well. The process of replacing a DC is
detailed here:
-- http://www.msresource.net/content/view/24/47/
For your specific problems, run DCDIAG /V /C /E on one of your DCs and post
any errors here. Also look at the Directory Service, System and FRS event
logs on your other DCs and cross-ref that info. with the info. available on
www.eventid.net.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
- Follow-Ups:
- Re: No replication
- From: Paul Williams [MVP]
- Re: No replication
- References:
- Re: No replication
- From: Paul Williams [MVP]
- Re: No replication
- Prev by Date: Re: GPO/AD NULL SID problems
- Next by Date: Re: ADAM access fails when authenticating w/ credentials from user within ADAM
- Previous by thread: Re: No replication
- Next by thread: Re: No replication
- Index(es):
Relevant Pages
|
