Re: Replication failure
- From: MikeH <MikeH@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 26 Jul 2007 14:26:03 -0700
The DC in question Arnelfs1 is a W2K server (PDC emulator Arneldc1 is a 2K3
server). The only failure for the netdiag is as follows:
DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to arneldc1.arnel.local (192.168.1.5).
[SEC_E_WRONG_PRINCIPAL]
List of DCs in Domain 'ARNEL':
arneldc1.arnel.local
arnelfs1.arnel.local
DCDiag follows:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine arnelfs1, is a DC.
* Connecting to directory service on server arnelfs1.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Corporate\ARNELFS1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ARNELFS1 passed test Connectivity
Doing primary tests
Testing server: Corporate\ARNELFS1
Starting test: Replications
* Replications Check
......................... ARNELFS1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=arnel,DC=local
* Security Permissions Check for
CN=Configuration,DC=arnel,DC=local
* Security Permissions Check for
DC=arnel,DC=local
......................... ARNELFS1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... ARNELFS1 passed test NetLogons
Starting test: Advertising
The DC ARNELFS1 is advertising itself as a DC and having a DS.
The DC ARNELFS1 is advertising as an LDAP server
The DC ARNELFS1 is advertising as having a writeable directory
The DC ARNELFS1 is advertising as a Key Distribution Center
The DC ARNELFS1 is advertising as a time server
The DS ARNELFS1 is advertising as a GC.
......................... ARNELFS1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=ARNELDC1,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=arnel,DC=local
[ARNELDC1] DsBind() failed with error -2146893022,
The target principal name is incorrect..
Warning: ARNELDC1 is the Schema Owner, but is not responding to DS
RPC Bind.
[ARNELDC1] LDAP bind failed with error 31,
A device attached to the system is not functioning..
Warning: ARNELDC1 is the Schema Owner, but is not responding to
LDAP Bind.
Role Domain Owner = CN=NTDS
Settings,CN=ARNELDC1,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=arnel,DC=local
Warning: ARNELDC1 is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: ARNELDC1 is the Domain Owner, but is not responding to
LDAP Bind.
Role PDC Owner = CN=NTDS
Settings,CN=ARNELDC1,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=arnel,DC=local
Warning: ARNELDC1 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: ARNELDC1 is the PDC Owner, but is not responding to LDAP
Bind.
Role Rid Owner = CN=NTDS
Settings,CN=ARNELDC1,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=arnel,DC=local
Warning: ARNELDC1 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: ARNELDC1 is the Rid Owner, but is not responding to LDAP
Bind.
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=ARNELDC1,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=arnel,DC=local
Warning: ARNELDC1 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: ARNELDC1 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... ARNELFS1 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2877 to 1073741823
* arneldc1.arnel.local is the RID Master
[ARNELFS1] DsBindWithCred() failed with error -2146893022. The
target principal name is incorrect.
......................... ARNELFS1 failed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/arnelfs1.arnel.local/arnel.local
* SPN found :LDAP/arnelfs1.arnel.local
* SPN found :LDAP/ARNELFS1
* SPN found :LDAP/arnelfs1.arnel.local/ARNEL
* SPN found
:LDAP/4f190e76-63ee-4f3f-b89b-7e53f93a2003._msdcs.arnel.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/4f190e76-63ee-4f3f-b89b-7e53f93a2003/arnel.local
* SPN found :HOST/arnelfs1.arnel.local/arnel.local
* SPN found :HOST/arnelfs1.arnel.local
* SPN found :HOST/ARNELFS1
* SPN found :HOST/arnelfs1.arnel.local/ARNEL
* SPN found :GC/arnelfs1.arnel.local/arnel.local
......................... ARNELFS1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
......................... ARNELFS1 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
ARNELFS1 is in domain DC=arnel,DC=local
Checking for CN=ARNELFS1,OU=Domain Controllers,DC=arnel,DC=local in
domain DC=arnel,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=ARNELFS1,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=arnel,DC=local in domain CN=Configuration,DC=arnel,DC=local on 1 servers
Object is up-to-date on all servers.
......................... ARNELFS1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034FC
Time Generated: 06/19/2007 09:52:29
Event String: The File Replication Service has detected that
the volume holding the FRS debug logs is running
out of disk space. This will not affect
replication unless this volume hosts database,
staging, or replica root paths as well.
Path to the logs directory = C:\WINNT\debug
You can change the number and size of logs by
adjusting the following registry values. Sample
values are shown below. These values are under
the registry key
"HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/
Services/NtFrs/Parameters
Debug Log Files REG_DWORD 0x5
Debug Log Severity REG_DWORD 0x2
Debug Maximum Log Messages REG_DWORD 0x2710
You can also change the path to the logs
directory by changing the following value at the
same location.
Debug Log File REG_SZ windir\debug
Changes to the registry values will take affect
at the next polling cycle.
An Warning Event occured. EventID: 0x800034FA
Time Generated: 07/25/2007 10:19:59
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
arnelfs1.arnel.local for FRS replica set
configuration information.
The nTDSConnection object cn=305e54b7-9f56-4ba2-aba2-7cffd1596444,cn=ntds
settings,cn=arnelfs1,cn=servers,cn=corporate,cn=sites,cn=configuration,dc=arnel,dc=local
is conflicting with cn=arnelfs1,cn=ntds
settings,cn=arnelfs1,cn=servers,cn=corporate,cn=sites,cn=configuration,dc=arnel,dc=local.
Using cn=305e54b7-9f56-4ba2-aba2-7cffd1596444,cn=ntds
settings,cn=arnelfs1,cn=servers,cn=corporate,cn=sites,cn=configuration,dc=arnel,dc=local
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/26/2007 12:25:41
Event String: The File Replication Service is having trouble
enabling replication from ARNELDC1 to ARNELFS1
for c:\winnt\sysvol\domain using the DNS name
arneldc1.arnel.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
arneldc1.arnel.local from this computer.
[2] FRS is not running on arneldc1.arnel.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... ARNELFS1 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:48:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:48:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:48:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:47:40
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:47:40
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:47:40
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:48:02
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:48:02
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 07/26/2007 13:48:02
(Event String could not be retrieved)
......................... ARNELFS1 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... ARNELFS1 passed test systemlog
Running enterprise tests on : arnel.local
Starting test: Intersite
Skipping site Corporate, this site is outside the scope provided by
the command line arguments provided.
......................... arnel.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\arnelfs1.arnel.local
Locator Flags: 0xe00001fc
PDC Name: \\arneldc1.arnel.local
Locator Flags: 0xe00003fd
Time Server Name: \\arnelfs1.arnel.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\arneldc1.arnel.local
Locator Flags: 0xe00003fd
KDC Name: \\arnelfs1.arnel.local
Locator Flags: 0xe00001fc
......................... arnel.local passed test FsmoCheck
"Bob Smith" wrote:
Mike,.
Can you run DCDIAG and NETDIAG and post the results, also are you able to
get to anyother DC's (start, run, \\servername) have you tried to restart
the file replication servers or the netlogon service. While pulling a DC out
and rejoining would help, you need to make sure you in a site with good
connectivity, I would gater more info first.
Bob
"MikeH" <MikeH@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4DEABC80-BED2-45AE-9AA2-5E38E9337885@xxxxxxxxxxxxxxxx
We were having replication issues (1586 access denied) and one of our
techs
(infinite wisdom) created a new NTDS connection under sites, corporate,
servers, <server name> and then deleted the "<automatically generated>"
connection. Needless to say were having bigger issues now. One bit of
advice I was given was to demote the DC with the issue then promote it, is
this sound advice? When I try to force replication I get "The target
priciple name is incorrect" as an error.
Thanks,
Mike
- Prev by Date: can't login to AD Restore Mode
- Next by Date: Re: Win 2K member srv-in 2003
- Previous by thread: can't login to AD Restore Mode
- Next by thread: Re: Replication failure
- Index(es):
Relevant Pages
|
