Re: AD replication not working
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Mon, 24 Aug 2009 19:00:09 +0000 (UTC)
Hello Jacques Latoison" Jacques Latoison at hotmail dot com,
Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from:
netdom query fsmo
When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
DCDIAG - DC1 (CLS21- the one we believe is working fine)
===============================================
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine cls21, is a Directory Server.
Home Server = cls21
* Connecting to directory service on server cls21.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDA
P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,
DC=uac
Getting ISTG and options for the site
* Identifying all servers.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDA
P_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CLS21
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... CLS21 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CLS21
Starting test: Advertising
The DC CLS21 is advertising itself as a DC and having a DS.
The DC CLS21 is advertising as an LDAP server
The DC CLS21 is advertising as having a writeable directory
The DC CLS21 is advertising as a Key Distribution Center
The DC CLS21 is advertising as a time server
The DS CLS21 is advertising as a GC.
......................... CLS21 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CLS21 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... CLS21 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CLS21 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the
last 15
minutes.
......................... CLS21 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
Role Domain Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
Role PDC Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
Role Rid Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
......................... CLS21 passed test
KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CLS21 on DC CLS21.
Warning: Attribute userAccountControl of CLS21 is:
0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT |
TRUSTED_FOR_DELEGATION )
Typical setting for a DC is
0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
This may be affecting replication?
* SPN found :LDAP/cls21.core.uac/core.uac
* SPN found :LDAP/cls21.core.uac
* SPN found :LDAP/CLS21
* SPN found :LDAP/cls21.core.uac/UAC
* SPN found
:LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298af3c2
bfdd/core.uac
* SPN found :HOST/cls21.core.uac/core.uac
* SPN found :HOST/cls21.core.uac
* SPN found :HOST/CLS21
* SPN found :HOST/cls21.core.uac/UAC
* SPN found :GC/cls21.core.uac/core.uac
......................... CLS21 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CLS21.
The forest is not ready for RODC. Will skip checking ERODC
ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=core,DC=uac
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=core,DC=uac
* Security Permissions Check for
DC=DomainDnsZones,DC=core,DC=uac
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=core,DC=uac
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=core,DC=uac
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=core,DC=uac
(Configuration,Version 3)
* Security Permissions Check for
DC=core,DC=uac
(Domain,Version 3)
......................... CLS21 failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CLS21\netlogon
Verified share \\CLS21\sysvol
......................... CLS21 passed test NetLogons
Starting test: ObjectsReplicated
CLS21 is in domain DC=core,DC=uac
Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in
domain DC=core,DC=uac on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
in domain CN=Configuration,DC=core,DC=uac on 1 servers
Object is up-to-date on all servers.
......................... CLS21 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,CLS21] A recent replication attempt
failed:
From CLS12 to CLS21
Naming Context: DC=ForestDnsZones,DC=core,DC=uac
The replication generated an error (8456):
The source server is currently rejecting replication
requests.
The failure occurred at 2009-08-24 13:50:34.
The last success occurred at 2009-07-10 20:23:42.
1081 failures have occurred since the last success.
Replication has been explicitly disabled through the
server
options.
[Replications Check,CLS21] A recent replication attempt
failed:
From CLS12 to CLS21
Naming Context: DC=DomainDnsZones,DC=core,DC=uac
The replication generated an error (8456):
The source server is currently rejecting replication
requests.
The failure occurred at 2009-08-24 13:50:34.
The last success occurred at 2009-07-10 21:09:53.
1275 failures have occurred since the last success.
Replication has been explicitly disabled through the
server
options.
[Replications Check,CLS21] A recent replication attempt
failed:
From CLS12 to CLS21
Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac
The replication generated an error (8456):
The source server is currently rejecting replication
requests.
The failure occurred at 2009-08-24 13:50:34.
The last success occurred at 2009-07-10 20:18:45.
1076 failures have occurred since the last success.
Replication has been explicitly disabled through the
server
options.
[Replications Check,CLS21] A recent replication attempt
failed:
From CLS12 to CLS21
Naming Context: CN=Configuration,DC=core,DC=uac
The replication generated an error (8456):
The source server is currently rejecting replication
requests.
The failure occurred at 2009-08-24 13:50:34.
The last success occurred at 2009-07-10 20:18:42.
1079 failures have occurred since the last success.
Replication has been explicitly disabled through the
server
options.
[Replications Check,CLS21] A recent replication attempt
failed:
From CLS12 to CLS21
Naming Context: DC=core,DC=uac
The replication generated an error (8456):
The source server is currently rejecting replication
requests.
The failure occurred at 2009-08-24 13:50:34.
The last success occurred at 2009-07-10 21:10:27.
2449 failures have occurred since the last success.
Replication has been explicitly disabled through the
server
options.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source CLS12
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
......................... CLS21 failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 3603 to 1073741823
* cls21.core.uac is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2288
......................... CLS21 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CLS21 passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:16
Event String:
Driver RICOH Aficio 3035 PCL 6 required for printer
!!CLS12!CLC02 is unknown. Contact the administrator to install the
driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:17
Event String:
Driver HP Universal Printing PCL 6 required for printer HP
Universal Printing PCL 6 is unknown. Contact the administrator to
install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:18
Event String:
Driver RICOH Aficio 3025 PCL 6 required for printer
!!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to
install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:21
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF
is unknown. Contact the administrator to install the driver before you
log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:24
Event String:
Driver RICOH Aficio MP C3000 PCL 6 required for printer
RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to
install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:24
Event String:
Driver PCL6 Driver for Universal Print required for
printer Ricoh Aficio SP C410DN is unknown. Contact the administrator
to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:25
Event String:
Driver Send To Microsoft OneNote Driver required for
printer Send To OneNote 2007 is unknown. Contact the administrator to
install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:26
Event String:
Driver Samsung CLP-510 Series required for printer Samsung
CLP-510 Series is unknown. Contact the administrator to install the
driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 13:52:27
Event String:
Driver Snagit 9 Printer required for printer Snagit 9 is
unknown. Contact the administrator to install the driver before you
log in again.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/24/2009 14:22:38
Event String:
The jobs in the print queue for printer HP LaserJet 4050
Series PCL 5 (redirected 5) were deleted. No user action is required.
To stop logging warning events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window,
click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/24/2009 14:22:38
Event String:
Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will
be deleted. No user action is required.
To stop logging warning events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window,
click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/24/2009 14:22:38
Event String:
Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was
deleted, and users will no longer be able to print to this printer. No
user action is required.
To stop logging information events for the print spooler,
in Control Panel, open Printers, right-click a blank area of the
window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler information events check
box.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/24/2009 14:22:38
Event String:
The jobs in the print queue for printer Microsoft XPS
Document Writer (redirected 5) were deleted. No user action is
required.
To stop logging warning events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window,
click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/24/2009 14:22:38
Event String:
Printer Microsoft XPS Document Writer (redirected 5) will
be deleted. No user action is required.
To stop logging warning events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window,
click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/24/2009 14:22:38
Event String:
Printer Microsoft XPS Document Writer (redirected 5) was
deleted, and users will no longer be able to print to this printer. No
user action is required.
To stop logging information events for the print spooler,
in Control Panel, open Printers, right-click a blank area of the
window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler information events check
box.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 14:22:41
Event String:
Driver Microsoft Office Document Image Writer Driver
required for printer Microsoft Office Document Image Writer is
unknown. Contact the administrator to install the driver before you
log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 14:22:44
Event String:
Driver RICOH Aficio 3035 PCL 6 required for printer
!!CLS12!CLC02 is unknown. Contact the administrator to install the
driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 14:22:45
Event String:
Driver Send To Microsoft OneNote Driver required for
printer Send To OneNote 2007 is unknown. Contact the administrator to
install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/24/2009 14:22:46
Event String:
Driver RICOH Aficio SP C410DN PCL 6 required for printer
RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to
install the driver before you log in again.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/24/2009 14:24:37
Event String:
The jobs in the print queue for printer HP LaserJet 4050
Series PCL 5 (redirected 5) were deleted. No user action is required.
To stop logging warning events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window,
click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/24/2009 14:24:37
Event String:
Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will
be deleted. No user action is required.
To stop logging warning events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window,
click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/24/2009 14:24:37
Event String:
Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was
deleted, and users will no longer be able to print to this printer. No
user action is required.
To stop logging information events for the print spooler,
in Control Panel, open Printers, right-click a blank area of the
window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler information events check
box.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/24/2009 14:24:37
Event String:
The jobs in the print queue for printer Microsoft XPS
Document Writer (redirected 5) were deleted. No user action is
required.
To stop logging warning events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window,
click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/24/2009 14:24:37
Event String:
Printer Microsoft XPS Document Writer (redirected 5) will
be deleted. No user action is required.
To stop logging warning events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window,
click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/24/2009 14:24:37
Event String:
Printer Microsoft XPS Document Writer (redirected 5) was
deleted, and users will no longer be able to print to this printer. No
user action is required.
To stop logging information events for the print spooler,
in Control Panel, open Printers, right-click a blank area of the
window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler information events check
box.
......................... CLS21 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on
CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati
on,DC=core,DC=uac
are correct.
The system object reference (serverReferenceBL)
CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=core,DC=uac
and backlink on
CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=core,DC=uac
are correct.
......................... CLS21 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Running partition tests on : core
Starting test: CheckSDRefDom
......................... core passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... core passed test CrossRefValidation
Running enterprise tests on : core.uac
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
PDC Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
Time Server Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
Preferred Time Server Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
KDC Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
......................... core.uac passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope
provided by the command line arguments provided.
......................... core.uac passed test Intersite
.
- Follow-Ups:
- Re: AD replication not working
- From: Jacques Latoison
- Re: AD replication not working
- From: Jacques Latoison
- Re: AD replication not working
- References:
- Re: AD replication not working
- From: Jacques Latoison
- Re: AD replication not working
- Prev by Date: Re: AD replication not working
- Next by Date: Re: Change Domain Name
- Previous by thread: Re: AD replication not working
- Next by thread: Re: AD replication not working
- Index(es):
Relevant Pages
|
