Re: FRS and DNS not replicating properly should I be worried?

Are you AD integrated for your primary? The reason I ask is you say you
have multiple primaries, you should have one and the rest are secondary's.
The secondary's can transfer to other secondary's. The primary should allow
zone transfers, just specify the ip addresses of the secondary's.

Zone transfer info
http://technet2.microsoft.com/windowsserver/en/library/940cdf9b-8e43-4b08-9a53-9fc2152644031033.mspx?mfr=true

Zone transfer configuration
http://technet2.microsoft.com/windowsserver/en/library/b71b20c6-9e72-43e3-86dc-d591dcd42c9b1033.mspx?mfr=true

Until you get this correctly setup you probably will continue to have
version issues.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0E1BC51B-D8CE-439A-B540-0EF9FAA7715B@xxxxxxxxxxxxxxxx
DNSLINT gives me the following error "Zone numbers were not identical on
every dns server".

And I have noticed that on my secondary Dns servers ((both the second dc's
in the domains) one in the root domain and one in the child domain.) That
zone tranfers is disabled.

Whereas on both the my primary dc's Zone transfers are enabled for all
servers on the name server tab is enabled.
Could this be the reason that zones do not seem to be syncing properly
too?


For repadmin everything came back successfully no failures etc..

For DC DIAG everything passed except forwarders and root hints lookup .









"Paul Bergson [MVP-DS]" wrote:

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against ALL
dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

When complete search for fail, error and warning messages.

Description and download for dnslint
http://support.microsoft.com/kb/321045

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DFF2825B-9104-4472-BE6F-91C69001B1C3@xxxxxxxxxxxxxxxx
Hi I have the following config ROOT FOREST: win2k3 x64 DC1 win2k3 x64
DC2
Child Domain: win2k3 x64 DC1
win2k3 x64 DC2
All static ip addresses.

All DC's are setup as active directory integrated.
Forest level is 2000 and domain levels are 2000 too.

Tonight I uninstalled admin tools pack for sp1 and proceded to install
admin
tools pack2 then rebooted the server.

The server took a long time to come up and when it finnaly did it
seemed
unable to connect to the rest of the machines on the network. I
disabled
and
re-inabled the NIC and everything seemed fine(I could ping and browse
to
network shares).

I then checked the event log and there were FRS and DS errors.

I then ran nltest and dcdiag (dcdiag /test:netlogons and replications)
which
returned as everything is alright.

Dcdiag picked up the event log entries at first run but susequently
said
everything is fine. I also got the event id indicating FRS has started
successfully.ID 13509

However in DNS my dns zones are out of sync by 7 revisions between some
of
the dc's.

DC1 root forest and DC1 child seem to be in sync and DC2 Root forest
and
DC2
child in sync.But not to each other completely.

I have gone to AD sites and services and forced a replication between
the
dc's .No further errors have come for the last 2 hours in the event log
but
the out of sync dns zones do trouble me.

Anyone please feel free to comment.Or suggest something.

Thanks.





.

Relevant Pages

  • Re: Changing Roles and DNS
    ... that depends on your requirements - if you want to configure replication ... secondary zones - only primaries can be written to and as you must not have ... all PCs would need to point to the DNS server hosting ...
    (microsoft.public.windows.server.active_directory)
  • Re: FRS and DNS not replicating properly should I be worried?
    ... Transfers are set to be allowed on my primary servers but on my secondaries ... have multiple primaries, you should have one and the rest are ... Whereas on both the my primary dc's Zone transfers are enabled for all ... servers on the name server tab is enabled. ...
    (microsoft.public.windows.server.active_directory)
  • Re: FRS and DNS not replicating properly should I be worried?
    ... MVP - Directory Services ... DNS runs as AD intigrated. ... Whereas on both the my primary dc's Zone transfers are enabled for all ... servers on the name server tab is enabled. ...
    (microsoft.public.windows.server.active_directory)
  • Re: FRS and DNS not replicating properly should I be worried?
    ... DNS runs as AD intigrated. ... have multiple primaries, you should have one and the rest are secondary's. ... Whereas on both the my primary dc's Zone transfers are enabled for all ... servers on the name server tab is enabled. ...
    (microsoft.public.windows.server.active_directory)
  • Re: FRS and DNS not replicating properly should I be worried?
    ... DNS runs as AD integrated. ... have multiple primaries, you should have one and the rest are secondary's. ... Whereas on both the my primary dc's Zone transfers are enabled for all ... servers on the name server tab is enabled. ...
    (microsoft.public.windows.server.active_directory)
Loading