Re: FRS and DNS not replicating properly should I be worried?

Only if one of the secondary's is transferring, which I doubt it is. I
thought you were saying the primary was not transferring. So something is
obviously wrong in transfers between one of the primaries and your
secondary. Can you force a transfer to see if this at least gets you up to
date? I believe you can right click on one of the secondary zones and
request a transfer. See if that updates things.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6D4B1491-624F-4A8C-97D5-D288209D168B@xxxxxxxxxxxxxxxx
Paul thanks for the replies .

Transfers are set to be allowed on my primary servers but on my
secondaries
this option is disabled this is why I asked if it should be enabled on my
secondaries ?


"Paul Bergson [MVP-DS]" wrote:

I kind of figured that but wanted to be clear. But you still need to
allow
transfer to your secondary's.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A7B1A850-8193-43A2-9DB5-DB0BBA357801@xxxxxxxxxxxxxxxx
Sorry maybe to clarify
Primary as in 1st dc in root domain :ellieshq.local

Primary for child/sub domain :elljhb.ellieshq.local

DNS runs as AD intigrated.

Does this seem more correct or is it still wrong as per your previous
answer?

"Paul Bergson [MVP-DS]" wrote:

Are you AD integrated for your primary? The reason I ask is you say
you
have multiple primaries, you should have one and the rest are
secondary's.
The secondary's can transfer to other secondary's. The primary should
allow
zone transfers, just specify the ip addresses of the secondary's.

Zone transfer info
http://technet2.microsoft.com/windowsserver/en/library/940cdf9b-8e43-4b08-9a53-9fc2152644031033.mspx?mfr=true

Zone transfer configuration
http://technet2.microsoft.com/windowsserver/en/library/b71b20c6-9e72-43e3-86dc-d591dcd42c9b1033.mspx?mfr=true

Until you get this correctly setup you probably will continue to have
version issues.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0E1BC51B-D8CE-439A-B540-0EF9FAA7715B@xxxxxxxxxxxxxxxx
DNSLINT gives me the following error "Zone numbers were not
identical
on
every dns server".

And I have noticed that on my secondary Dns servers ((both the
second
dc's
in the domains) one in the root domain and one in the child domain.)
That
zone tranfers is disabled.

Whereas on both the my primary dc's Zone transfers are enabled for
all
servers on the name server tab is enabled.
Could this be the reason that zones do not seem to be syncing
properly
too?


For repadmin everything came back successfully no failures etc..

For DC DIAG everything passed except forwarders and root hints
lookup
.









"Paul Bergson [MVP-DS]" wrote:

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite >
c:\repl.txt
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against
ALL
dc's
in the forest. If you have significant numbers of DC's this test
could
generate significant detail and take a long time. You also want to
take
into account slow links to dc's will also add to the testing time.

When complete search for fail, error and warning messages.

Description and download for dnslint
http://support.microsoft.com/kb/321045

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DFF2825B-9104-4472-BE6F-91C69001B1C3@xxxxxxxxxxxxxxxx
Hi I have the following config ROOT FOREST: win2k3 x64 DC1 win2k3
x64
DC2
Child Domain: win2k3 x64
DC1
win2k3 x64 DC2
All static ip addresses.

All DC's are setup as active directory integrated.
Forest level is 2000 and domain levels are 2000 too.

Tonight I uninstalled admin tools pack for sp1 and proceded to
install
admin
tools pack2 then rebooted the server.

The server took a long time to come up and when it finnaly did it
seemed
unable to connect to the rest of the machines on the network. I
disabled
and
re-inabled the NIC and everything seemed fine(I could ping and
browse
to
network shares).

I then checked the event log and there were FRS and DS errors.

I then ran nltest and dcdiag (dcdiag /test:netlogons and
replications)
which
returned as everything is alright.

Dcdiag picked up the event log entries at first run but
susequently
said
everything is fine. I also got the event id indicating FRS has
started
successfully.ID 13509

However in DNS my dns zones are out of sync by 7 revisions
between
some
of
the dc's.

DC1 root forest and DC1 child seem to be in sync and DC2 Root
forest
and
DC2
child in sync.But not to each other completely.

I have gone to AD sites and services and forced a replication
between
the
dc's .No further errors have come for the last 2 hours in the
event
log
but
the out of sync dns zones do trouble me.

Anyone please feel free to comment.Or suggest something.

Thanks.











.

Relevant Pages

  • Re: Changing Roles and DNS
    ... that depends on your requirements - if you want to configure replication ... secondary zones - only primaries can be written to and as you must not have ... all PCs would need to point to the DNS server hosting ...
    (microsoft.public.windows.server.active_directory)
  • Re: FRS and DNS not replicating properly should I be worried?
    ... DNS runs as AD intigrated. ... have multiple primaries, you should have one and the rest are secondary's. ... Whereas on both the my primary dc's Zone transfers are enabled for all ... servers on the name server tab is enabled. ...
    (microsoft.public.windows.server.active_directory)
  • Re: FRS and DNS not replicating properly should I be worried?
    ... DNS runs as AD integrated. ... have multiple primaries, you should have one and the rest are secondary's. ... Whereas on both the my primary dc's Zone transfers are enabled for all ... servers on the name server tab is enabled. ...
    (microsoft.public.windows.server.active_directory)
  • Re: FRS and DNS not replicating properly should I be worried?
    ... have multiple primaries, you should have one and the rest are secondary's. ... And I have noticed that on my secondary Dns servers ((both the second dc's ... Whereas on both the my primary dc's Zone transfers are enabled for all ... servers on the name server tab is enabled. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Add a subdomain?
    ... The box in question here is a web server. ... Under DNS, I have the windows server name. ... >name within a zone or address (in very picky traditional DNS ... >other DNS server so two primaries will never replicate. ...
    (microsoft.public.win2000.dns)