Re: Domain Replication Problems
- From: Garry Starck <vjsparx@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Apr 2008 23:37:00 -0700
Hi tbarkdull
Can you please advise me of the process you followed when recovering the
backup DC. Also, the NTFRS is responsible for file replicating the actual GPT
folders that AD points to, so AD replication will work, the SYSVOL if not
replicated is a problem.
--
Garry Starck
MCSE 2003 Messaging
MCDBA
"tbarkdull" wrote:
.
I have a good one for you. Please keep in mind I am new at this so
please assume I just bought an AD for Dummies book (not really)
I work at a Public Library and this place is a mess. In short we had a
Mail server crash, I was able to recover it and I setup a software RAID
for some protection. At the time, I was unaware it was a backup DC
Not I am starting to implement Group Policies, but the are not
replicating. Our mail DC is a new install Win2003 and is ok. But some
clients are still authenticating to the mail server. However the NTFRS
service is missing. DCPROMO fails. Posted below is the DCDIAG results
DC Diagnosis
Performing initial setup:
* Verifing that the local machine mail, is a DC.
* Connecting to directory service on server mail.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial non skippeable tests
Testing server: APL-Main\MAIL
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MAIL passed test Connectivity
Doing primary tests
Testing server: APL-Main\MAIL
Starting test: Replications
* Replications Check
......................... MAIL passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
* Security Permissions Check for
CN=Configuration,DC=and,DC=lib,DC=in,DC=us
* Security Permissions Check for
DC=and,DC=lib,DC=in,DC=us
......................... MAIL passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
[MAIL] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... MAIL failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for
\\backup.and.lib.in.us, when we were trying to reach MAIL.
Server is not responding or is not considered suitable.
The DC MAIL is advertising itself as a DC and having a DS.
The DC MAIL is advertising as an LDAP server
The DC MAIL is advertising as having a writeable directory
The DC MAIL is advertising as a Key Distribution Center
The DC MAIL is advertising as a time server
......................... MAIL failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:b0d0c901-74ba-4c57-855c-2fccc4923ce2",CN="APL-ARIEL
DEL:9d5203d9-df05-4e71-9f5a-dd0e116538cf",CN=Servers,CN=APL-Main,CN=Sites,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
Warning: CN="NTDS Settings
DEL:b0d0c901-74ba-4c57-855c-2fccc4923ce2",CN="APL-ARIEL
DEL:9d5203d9-df05-4e71-9f5a-dd0e116538cf",CN=Servers,CN=APL-Main,CN=Sites,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
is the Schema Owner, but is deleted.
Role Domain Owner = CN="NTDS Settings
DEL:b0d0c901-74ba-4c57-855c-2fccc4923ce2",CN="APL-ARIEL
DEL:9d5203d9-df05-4e71-9f5a-dd0e116538cf",CN=Servers,CN=APL-Main,CN=Sites,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
Warning: CN="NTDS Settings
DEL:b0d0c901-74ba-4c57-855c-2fccc4923ce2",CN="APL-ARIEL
DEL:9d5203d9-df05-4e71-9f5a-dd0e116538cf",CN=Servers,CN=APL-Main,CN=Sites,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
is the Domain Owner, but is deleted.
Role PDC Owner = CN=NTDS
Settings,CN=BACKUP,CN=Servers,CN=APL-Main,CN=Sites,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
Role Rid Owner = CN=NTDS
Settings,CN=BACKUP,CN=Servers,CN=APL-Main,CN=Sites,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=BACKUP,CN=Servers,CN=APL-Main,CN=Sites,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
......................... MAIL failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 5517 to 1073741823
* backup.and.lib.in.us is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4017 to 4516
* rIDNextRID: 4064
* rIDPreviousAllocationPool is 4017 to 4516
......................... MAIL passed test RidManager
Starting test: MachineAccount
Could not open pipe with [MAIL]:failed with 67: The network
name cannot be found.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
* SPN found :LDAP/mail.and.lib.in.us/and.lib.in.us
* SPN found :LDAP/mail.and.lib.in.us
* SPN found :LDAP/MAIL
* Missing SPN :(null)
* SPN found
:LDAP/156335b5-ac26-4bd3-943a-5686a5d216bc._msdcs.and.lib.in.us
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/156335b5-ac26-4bd3-943a-5686a5d216bc/and.lib.in.us
* SPN found :HOST/mail.and.lib.in.us/and.lib.in.us
* SPN found :HOST/mail.and.lib.in.us
* SPN found :HOST/MAIL
* Missing SPN :(null)
* SPN found :GC/mail.and.lib.in.us/and.lib.in.us
......................... MAIL failed test MachineAccount
Starting test: Services
Could not open Remote ipc to [MAIL]:failed with 67: The
network name cannot be found.
......................... MAIL failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MAIL is in domain DC=and,DC=lib,DC=in,DC=us
Checking for CN=MAIL,OU=Domain
Controllers,DC=and,DC=lib,DC=in,DC=us in domain
DC=and,DC=lib,DC=in,DC=us on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=MAIL,CN=Servers,CN=APL-Main,CN=Sites,CN=Configuration,DC=and,DC=lib,DC=in,DC=us
in domain CN=Configuration,DC=and,DC=lib,DC=in,DC=us on 1 servers
Object is up-to-date on all servers.
......................... MAIL passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
[MAIL] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... MAIL failed test frssysvol
Starting test: kccevent
* The KCC Event log test
Failed to enumerate event log records, error The network name
cannot be found.
......................... MAIL failed test kccevent
Starting test: systemlog
* The System Event log test
Failed to enumerate event log records, error The network name
cannot be found.
......................... MAIL failed test systemlog
Running enterprise tests on : and.lib.in.us
Starting test: Intersite
Skipping site APL-Main, this site is outside the scope
provided by the
command line arguments provided.
......................... and.lib.in.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\backup.and.lib.in.us
Locator Flags: 0xe00001fd
PDC Name: \\backup.and.lib.in.us
Locator Flags: 0xe00001fd
Time Server Name: \\backup.and.lib.in.us
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\backup.and.lib.in.us
Locator Flags: 0xe00001fd
KDC Name: \\backup.and.lib.in.us
Locator Flags: 0xe00001fd
......................... and.lib.in.us passed test FsmoCheck
Please help if you can!
Tony
--
tbarkdull
------------------------------------------------------------------------
tbarkdull's Profile: http://forums.techarena.in/member.php?userid=22419
View this thread: http://forums.techarena.in/showthread.php?t=504101
http://forums.techarena.in
- References:
- Re: Domain Replication Problems
- From: tbarkdull
- Re: Domain Replication Problems
- Prev by Date: Re: Need to fix DNS name resolution issuse
- Next by Date: Re: Domain Replication Problems
- Previous by thread: Re: Domain Replication Problems
- Next by thread: Re: Domain Replication Problems
- Index(es):
Relevant Pages
|
