Re: Replication event errors
- From: Adam <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Jun 2006 12:23:02 -0700
Ok now its really wierd.
Not sure when this started but...
It seems each of my DC's can only browse the network to each other.
If I try to browse to a computer from either DC I get a permission message.
"You may not have permissions to use this network source"
I also login with a different user name (domain admin rights too) same
problem.
Anythoughts?
"Adam" wrote:
Do I need to worry about the WINs errors?.
Im XP and 200 workstations with a w2k3 domain. I have Wins running but do I
really need it?
.......................................
Computer Name: CCSAD01
DNS Host Name: ccsad01.DOMAIN.org
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB883939
KB890046
KB891957
KB893756
KB896358
KB896422
KB896424
KB896428
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB903234
KB904706
KB905414
KB908519
KB908531
KB910437
KB911280
KB911562
KB911564
KB911567
KB911927
KB912812
KB912919
KB913446
KB914389
KB916281
KB917344
KB917734
KB917953
KB918439
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : ccsad01
IP Address . . . . . . . . : 192.168.2.200
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.2.1
Primary WINS Server. . . . : 192.168.2.200
Dns Servers. . . . . . . . : 192.168.2.200
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Failed
The test failed. We were unable to query the WINS servers.
Adapter : {2D0110AD-02A2-4817-9B3C-43DE27AB27AD}
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : ccsad01
IP Address . . . . . . . . : 192.168.2.81
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C223F469-07E7-4FE3-B6EA-93E97C156914}
NetBT_Tcpip_{2D0110AD-02A2-4817-9B3C-43DE27AB27AD}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.2.200' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{C223F469-07E7-4FE3-B6EA-93E97C156914}
NetBT_Tcpip_{2D0110AD-02A2-4817-9B3C-43DE27AB27AD}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C223F469-07E7-4FE3-B6EA-93E97C156914}
NetBT_Tcpip_{2D0110AD-02A2-4817-9B3C-43DE27AB27AD}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
"Paul Bergson" wrote:
If there is a dns issue with your dc a netdiag /fix should (Hopefully
correct it).
The error: Active Directory could not use DNS to resolve the IP address of
the source domain controller listed below.
I believe this is referring to the service record of the dc not the standard
host name (A record). The netdiag /fix should fix this if that is the case,
but doing a reboot of the dc does essentially the same thing for you. So i
don;t know if you have done either of those yet.
As far as a phnatom DC I didn't think that is what you had, I figured you
had a dc that had been shut off and hadn't been receiving replication from
the other dc, 60 days rolls by and any changes made on the up and running dc
(Objects tombstoned) go away and the re-established dc will never get those
changes, so your dc's are now out of sync. The easiest thing to do at that
point is just demote and promote the old dc and it will recieve a complete
new replica of AD.
--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Adam" <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:859260E7-E1A6-4B99-A04B-BD29907B35CB@xxxxxxxxxxxxxxxx
I dont think I have a phantom DC, as the metadata cleanup only shows my two
active DC's.
But as a test I manually added a dns alias for Domain controller:
bfad308c-dc3c-4dda-95b0-eed325c5dd4c._msdcs.DOMAIN.org
and the cleared up the error:
Active Directory failed to construct a mutual authentication service
principal name (SPN) for the following domain controller.
I know thats not really a fix but I also get this warning:
Active Directory could not use DNS to resolve the IP address of the source
domain controller listed below. To maintain the consistency of Security
groups, group policy, users and computers and their passwords, Active
Directory successfully replicated using the NetBIOS or fully qualified
computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operations on
member computers, domain controllers or application servers in this Active
Directory forest, including logon authentication or access to network
resources.
You should immediately resolve this DNS configuration error so that this
domain controller can resolve the IP address of the source domain
controller
using DNS.
Alternate server name:
ccsad02
Failing DNS host name:
e94435ac-23a1-4b80-a50e-521f4e6be6cc._msdcs.DOMAIN.org
NOTE: By default, only up to 10 DNS failures are shown for any given 12
hour
period, even if more than 10 failures occur. To log all individual
failure
events, set the following diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
User Action:
1) If the source domain controller is no longer functioning or its
operating system has been reinstalled with a different computer name or
NTDSDSA object GUID, remove the source domain controller's metadata with
ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active directory
and is accessible on the network by typing "net view \\<source DC name>"
or
"ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server
for
DNS services, and that the source domain controller's host record and
CNAME
record are correctly registered, using the DNS Enhanced version of
DCDIAG.EXE
available on http://www.microsoft.com/dns
dcdiag /test:dns
4) Verify that that this destination domain controller is using a valid
DNS
server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE
command on the console of the destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
http://support.microsoft.com/?kbid=824449
Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type was
found.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
- Follow-Ups:
- Re: Replication event errors
- From: Adam
- Re: Replication event errors
- References:
- Re: Replication event errors
- From: strongline
- Re: Replication event errors
- From: Adam
- Re: Replication event errors
- From: Paul Bergson
- Re: Replication event errors
- From: Adam
- Re: Replication event errors
- From: Paul Bergson
- Re: Replication event errors
- From: Adam
- Re: Replication event errors
- Prev by Date: How to make this apply to all users?
- Next by Date: Re: How to make this apply to all users?
- Previous by thread: Re: Replication event errors
- Next by thread: Re: Replication event errors
- Index(es):
Relevant Pages
|
