Re: FRS and DNS not replicating properly should I be worried?
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Fri, 25 Jan 2008 07:38:31 -0600
I kind of figured that but wanted to be clear. But you still need to allow
transfer to your secondary's.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A7B1A850-8193-43A2-9DB5-DB0BBA357801@xxxxxxxxxxxxxxxx
Sorry maybe to clarify
Primary as in 1st dc in root domain :ellieshq.local
Primary for child/sub domain :elljhb.ellieshq.local
DNS runs as AD intigrated.
Does this seem more correct or is it still wrong as per your previous
answer?
"Paul Bergson [MVP-DS]" wrote:
Are you AD integrated for your primary? The reason I ask is you say you
have multiple primaries, you should have one and the rest are
secondary's.
The secondary's can transfer to other secondary's. The primary should
allow
zone transfers, just specify the ip addresses of the secondary's.
Zone transfer info
http://technet2.microsoft.com/windowsserver/en/library/940cdf9b-8e43-4b08-9a53-9fc2152644031033.mspx?mfr=true
Zone transfer configuration
http://technet2.microsoft.com/windowsserver/en/library/b71b20c6-9e72-43e3-86dc-d591dcd42c9b1033.mspx?mfr=true
Until you get this correctly setup you probably will continue to have
version issues.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0E1BC51B-D8CE-439A-B540-0EF9FAA7715B@xxxxxxxxxxxxxxxx
DNSLINT gives me the following error "Zone numbers were not identical
on
every dns server".
And I have noticed that on my secondary Dns servers ((both the second
dc's
in the domains) one in the root domain and one in the child domain.)
That
zone tranfers is disabled.
Whereas on both the my primary dc's Zone transfers are enabled for all
servers on the name server tab is enabled.
Could this be the reason that zones do not seem to be syncing properly
too?
For repadmin everything came back successfully no failures etc..
For DC DIAG everything passed except forwarders and root hints lookup
.
"Paul Bergson [MVP-DS]" wrote:
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"
**Note: Using the /E switch in dcdiag will run diagnostics against ALL
dc's
in the forest. If you have significant numbers of DC's this test
could
generate significant detail and take a long time. You also want to
take
into account slow links to dc's will also add to the testing time.
When complete search for fail, error and warning messages.
Description and download for dnslint
http://support.microsoft.com/kb/321045
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DFF2825B-9104-4472-BE6F-91C69001B1C3@xxxxxxxxxxxxxxxx
Hi I have the following config ROOT FOREST: win2k3 x64 DC1 win2k3
x64
DC2
Child Domain: win2k3 x64
DC1
win2k3 x64 DC2
All static ip addresses.
All DC's are setup as active directory integrated.
Forest level is 2000 and domain levels are 2000 too.
Tonight I uninstalled admin tools pack for sp1 and proceded to
install
admin
tools pack2 then rebooted the server.
The server took a long time to come up and when it finnaly did it
seemed
unable to connect to the rest of the machines on the network. I
disabled
and
re-inabled the NIC and everything seemed fine(I could ping and
browse
to
network shares).
I then checked the event log and there were FRS and DS errors.
I then ran nltest and dcdiag (dcdiag /test:netlogons and
replications)
which
returned as everything is alright.
Dcdiag picked up the event log entries at first run but susequently
said
everything is fine. I also got the event id indicating FRS has
started
successfully.ID 13509
However in DNS my dns zones are out of sync by 7 revisions between
some
of
the dc's.
DC1 root forest and DC1 child seem to be in sync and DC2 Root forest
and
DC2
child in sync.But not to each other completely.
I have gone to AD sites and services and forced a replication
between
the
dc's .No further errors have come for the last 2 hours in the event
log
but
the out of sync dns zones do trouble me.
Anyone please feel free to comment.Or suggest something.
Thanks.
.
- Follow-Ups:
- References:
- Re: FRS and DNS not replicating properly should I be worried?
- From: Paul Bergson [MVP-DS]
- Re: FRS and DNS not replicating properly should I be worried?
- From: Ricus
- Re: FRS and DNS not replicating properly should I be worried?
- From: Paul Bergson [MVP-DS]
- Re: FRS and DNS not replicating properly should I be worried?
- From: Ricus
- Re: FRS and DNS not replicating properly should I be worried?
- Prev by Date: Re: FRS errors 13508 and 13559
- Next by Date: Re: FRS errors 13508 and 13559
- Previous by thread: Re: FRS and DNS not replicating properly should I be worried?
- Next by thread: Re: FRS and DNS not replicating properly should I be worried?
- Index(es):
Relevant Pages
|
Loading
