Re: Global Catalog %%5?

Thanks for your help.

"Jorge Silva" wrote:

Great, in that case can I assume that the logs were telling tyou that they
could replicate with the DC in question (because it was dead from the
orphaned domain)

--

===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"indelljo" <indelljo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2BC192C2-CA14-4EF5-99BB-75C546157885@xxxxxxxxxxxxxxxx
The server could not be promoted to a global catalog because there were
orphaned domains in our forest. once the orphaned domains were removed,
gc
promotion was successful.

"indelljo" wrote:

I have also noticed, running the 'dcdiag /v /s:servername| find "%"'
command
now produces:

%%5
%%5
%%5
%%5
%%5
%%5
%%5

instead of a single %%5.

"indelljo" wrote:

There are two errors that have appeared for the first time today. They
are:

NDTS General 1126
Active Directory was unable to establish a connection with the global
catalog.

Additional Data
Error value:
1460 This operation returned because the timeout period expired.
Internal ID:
3200cbb

User Action:
Make sure a global catalog is available in the forest, and is reachable
from
this domain controller. You may use the nltest utility to diagnose
this
problem.

and

NTDS Replication 2087
Active Directory could not resolve the following DNS host name of the
source
domain controller to an IP address. This error prevents additions,
deletions
and changes in Active Directory from replicating between one or more
domain
controllers in the forest. Security groups, group policy, users and
computers
and their passwords will be inconsistent between domain controllers
until
this error is resolved, potentially affecting logon authentication and
access
to network resources.

Source domain controller:
server1
Failing DNS host name:
xxx._msdcs.domain.com

NOTE: By default, only up to 10 DNS failures are shown for any given 12
hour
period, even if more than 10 failures occur. To log all individual
failure
events, set the following diagnostics registry value to 1:

Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC
Client

User Action:

1) If the source domain controller is no longer functioning or its
operating system has been reinstalled with a different computer name or
NTDSDSA object GUID, remove the source domain controller's metadata
with
ntdsutil.exe, using the steps outlined in MSKB article 216498.

2) Confirm that the source domain controller is running Active
directory
and is accessible on the network by typing "net view \\<source DC
name>" or
"ping <source DC name>".

3) Verify that the source domain controller is using a valid DNS
server for
DNS services, and that the source domain controller's host record and
CNAME
record are correctly registered, using the DNS Enhanced version of
DCDIAG.EXE
available on http://www.microsoft.com/dns

dcdiag /test:dns

4) Verify that that this destination domain controller is using a
valid DNS
server for DNS services, by running the DNS Enhanced version of
DCDIAG.EXE
command on the console of the destination domain controller, as
follows:

dcdiag /test:dns

5) For further analysis of DNS error failures see KB 824449:
http://support.microsoft.com/?kbid=824449

Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type
was
found.

after seeing the second error message, I ran both dcdiag /testdns and
net
view \\server. Both passed.



"Jorge Silva" wrote:

did you checked the logs and the reason why these changes were not
replicated?

--

===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"indelljo" <indelljo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EDC378D9-DBE5-404B-B459-4D3A262B91B8@xxxxxxxxxxxxxxxx
Events logs were clean, so was netdiag.

dcdiag had these errors:

Starting test: NCSecDesc
[SERVER1] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
......................... SERVER1 failed test NCSecDesc
Starting test: Advertising
Warning: SERVER1 has not finished promoting to be a GC.
Check the event log for domains that cannot be replicated.
Warning: SERVER1 is not advertising as a global catalog.
Check that server finished GC promotion.
Check the event log on server that enough source replicas for the
GC are
available.
......................... SERVER1 failed test Advertising

"Jorge Silva" wrote:

Run dcdiag and netdiag on the DC and check for errors.
Also have a look at eventlog.

--

===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"indelljo" <indelljo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F71A8E94-E96A-4552-AF3E-784B21C8DBC7@xxxxxxxxxxxxxxxx
The first issue is in regard to Outlook address books. There
are
issues
with
the retrieving address books; you often have to try several
times
before
it
can display addresses. Another issue was with Exchange 2007.
Installation
failed the prerequisite check because of a DC communication
issue. If
I
go
to the dc in question and remove its role as a global catalog
server,
the
issues go away.

"Jorge Silva" wrote:

Hi
Can you explain us what problems are you having with that GC?

--

===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"indelljo" <indelljo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:8C495069-34F2-43F9-974A-446553B7354F@xxxxxxxxxxxxxxxx
I am having global catalog issue so I ran this command:
dcdiag /v /s:servername| find "%"

One global catalog responds with
%%5

I assume it means the catalog is not replicating properly.
Does
anyone
know
what the issue is and how to fix it? Event logs are clean.
Thanks.












.

Relevant Pages

  • Re: Forworders or Root Hints?
    ... root hints and forwarders are methods of doing this. ... As long as it isn't my internal DNS I'm fine with that, ... "Jorge Silva" wrote: ... internal network)" You can have your own Cache only DNS server without ...
    (microsoft.public.windows.server.dns)
  • Re: Adding second DNS on second domain controller
    ... MCSE, MVP Directory Services ... "Jorge Silva" wrote: ... If you select the DNS server using DNS console snapin in the right ...
    (microsoft.public.windows.server.dns)
  • Re: Add a Remote Office to our Corporate Windows 2003 Domain Netwo
    ... "Jorge Silva" wrote: ... My corporate 2003 DC server i create a new site for the remote office. ... Make sure that this setup of DNS ...
    (microsoft.public.windows.server.active_directory)
  • Re: Event ID 5774 / DNS Registrations fail and AD does not replicate
    ... "Jorge Silva" wrote in message ... Is the DC in the child domain (assuming that is a DNS server) hosing the child domain zone? ... Make sure that each DC (assuming that is a DNS) point only to itself under Preferred DNS server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: DNS Question
    ... "Herb Martin" wrote: ... >> Controllers which are going to be DNS servers also ... > If it is the FIRST DNS server for that zone you MUST ... s and are not verifiably latent, or dc's no longer replicating this nc. ...
    (microsoft.public.windows.server.dns)
Loading