Re: Active directory replication problems

So, they are currently on the same network and not presently connected by
VPN?

You've done the Metadata cleanup of Server3 and Server4?

Next,

on server1 type;
netdiag>server1.txt

on server2 type;
netdiag>server2.txt

Then post a reply with both server1.txt and server2.txt files

--
/kj
"J" <jk_50@xxxxxxxxxxx> wrote in message
news:OC5gw3sxGHA.5068@xxxxxxxxxxxxxxxxxxxxxxx
I've done everythinf in the list. Regarding #1 I put the server2 on the
same
network as server1. I don't believe I seized any of the FSMO roles to

"kj" <kj@xxxxxxxxxxx> wrote in message
news:OJvPTfsxGHA.4972@xxxxxxxxxxxxxxxxxxxxxxx
OK, well a couple of things;

1) Both sides of the VPN are the same subnet? (192.168.12.x) What is
creating and maintaining your VPN, separate routers perhaps? You sites
should have different subnets to facilitate routing and AD Site
configuration and Intersite replication.

2) Your Active Directory still has two (apparently orphaned) Domain
Controllers (server3, server4) that must be manually cleaned up. See MS
KB#216498 (http://support.microsoft.com/kb/216498/en-us ) , but frankly
this
is a risky process unless you've done this before or really know what
you're
doing. You might want to consider a Microsoft Support call for help on
this
or try locating a qualified local resource.

3) Configure each DC's DNS settings for;
DNS#1 (IP of Self)
DNS#2 (IP of the Other DC)
...then restart the server(s).

4) Is Server 2 the SBS2003 Server? Have you SEIZED any of the FSMO roles
to
Server1?


--
/kj
"J" <jk_50@xxxxxxxxxxx> wrote in message
news:egprrJsxGHA.4960@xxxxxxxxxxxxxxxxxxxxxxx
I'm connected via VPN.
ipconfig:

SERVER1:
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : SERVER1
Primary DNS Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-11-43-59-6F-92
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.12.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.12.1
DNS Servers . . . . . . . . . . . : 192.168.12.201
192.168.12.3
SERVER 2:
Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVER2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-0C-F1-9D-6E-B0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.12.201
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.12.1
DNS Servers . . . . . . . . . . . : 192.168.12.201
Primary WINS Server . . . . . . . : 192.168.12.201

dcdiag SERVER1
Domain Controller Diagnosis

Performing initial setup:

* Verifying that the local machine SERVER1, is a DC.

* Connecting to directory service on server SERVER1.

* Collecting site info.

* Identifying all servers.

* Found 4 DC(s). Testing 4 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER2

Starting test: Connectivity

* Active Directory LDAP Services Check

[SERVER2] LDAP bind failed with error 31,

A device attached to the system is not functioning..

......................... SERVER2 failed test Connectivity

Testing server: Default-First-Site-Name\SERVER3

Starting test: Connectivity

* Active Directory LDAP Services Check

926b7371-0e07-4df2-a040-c13c013a3d40._msdcs.domain.com's server GUID
DNS

name could not be resolved to an

IP address. Check the DNS server, DHCP, server name, etc

......................... SERVER3 failed test Connectivity

Testing server: Default-First-Site-Name\SERVER4

Starting test: Connectivity

* Active Directory LDAP Services Check

cd82ea43-93ed-41a2-8169-82818179eba3._msdcs.domain.com's server GUID
DNS

name could not be resolved to an

IP address. Check the DNS server, DHCP, server name, etc

......................... SERVER4 failed test Connectivity

Testing server: Default-First-Site-Name\SERVER1

Starting test: Connectivity

* Active Directory LDAP Services Check

* Active Directory RPC Services Check

......................... SERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER2

Skipping all tests, because server SERVER2 is

not responding to directory service requests

Test omitted by user request: Topology

Test omitted by user request: CutoffServers

Test omitted by user request: OutboundSecureChannels

Testing server: Default-First-Site-Name\SERVER3

Skipping all tests, because server SERVER3 is

not responding to directory service requests

Test omitted by user request: Topology

Test omitted by user request: CutoffServers

Test omitted by user request: OutboundSecureChannels

Testing server: Default-First-Site-Name\SERVER4

Skipping all tests, because server SERVER4 is

not responding to directory service requests

Test omitted by user request: Topology

Test omitted by user request: CutoffServers

Test omitted by user request: OutboundSecureChannels

Testing server: Default-First-Site-Name\SERVER1

Starting test: Replications

* Replications Check

......................... SERVER1 passed test Replications

Test omitted by user request: Topology

Test omitted by user request: CutoffServers

Starting test: NCSecDesc

* Security Permissions Check for

CN=Schema,CN=Configuration,DC=domain,DC=com

* Security Permissions Check for

CN=Configuration,DC=domain,DC=com

* Security Permissions Check for

DC=domain,DC=com

......................... SERVER1 passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check

......................... SERVER1 passed test NetLogons

Starting test: Advertising

The DC SERVER1 is advertising itself as a DC and having a DS.

The DC SERVER1 is advertising as an LDAP server

The DC SERVER1 is advertising as having a writeable directory

The DC SERVER1 is advertising as a Key Distribution Center

The DC SERVER1 is advertising as a time server

The DS SERVER1 is advertising as a GC.

......................... SERVER1 passed test Advertising

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-F

irst-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

[SERVER2] DsBind() failed with error -2146893022,

The target principal name is incorrect..

Warning: SERVER2 is the Schema Owner, but is not responding to DS RPC B

ind.

Warning: SERVER2 is the Schema Owner, but is not responding to LDAP Bin

d.

Role Domain Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-F

irst-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

Warning: SERVER2 is the Domain Owner, but is not responding to DS RPC B

ind.

Warning: SERVER2 is the Domain Owner, but is not responding to LDAP Bin

d.

Role PDC Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-Firs

t-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

Warning: SERVER2 is the PDC Owner, but is not responding to DS RPC Bind

.

Warning: SERVER2 is the PDC Owner, but is not responding to LDAP Bind.

Role Rid Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-Firs

t-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

Warning: SERVER2 is the Rid Owner, but is not responding to DS RPC Bind

.

Warning: SERVER2 is the Rid Owner, but is not responding to LDAP Bind.

Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER2,CN=Serve

rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

Warning: SERVER2 is the Infrastructure Update Owner, but is not respond

ing to DS RPC Bind.

Warning: SERVER2 is the Infrastructure Update Owner, but is not respond

ing to LDAP Bind.

......................... SERVER1 failed test KnowsOfRoleHolders

Starting test: RidManager

* Available RID Pool for the Domain is 3109 to 1073741823

* SERVER2.domain.com is the RID Master

[SERVER1] DsBindWithCred() failed with error -2146893022. The target pr

incipal name is incorrect.

......................... SERVER1 failed test RidManager

Starting test: MachineAccount

* SPN found :LDAP/SERVER1.domain.com/domain.com

* SPN found :LDAP/SERVER1.domain.com

* SPN found :LDAP/SERVER1

* SPN found :LDAP/SERVER1.domain.com/domain

* SPN found
:LDAP/d8055eba-fec9-4050-b114-38f977a2022e._msdcs.domain.com

* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d8055eba-fec9-4050-b1

14-38f977a2022e/domain.com

* SPN found :HOST/SERVER1.domain.com/domain.com

* SPN found :HOST/SERVER1.domain.com

* SPN found :HOST/SERVER1

* SPN found :HOST/SERVER1.domain.com/domain

* SPN found :GC/SERVER1.domain.com/domain.com

......................... SERVER1 passed test MachineAccount

Starting test: Services

* Checking Service: Dnscache

* Checking Service: NtFrs

* Checking Service: IsmServ

* Checking Service: kdc

* Checking Service: SamSs

* Checking Service: LanmanServer

* Checking Service: LanmanWorkstation

* Checking Service: RpcSs

* Checking Service: RPCLOCATOR

* Checking Service: w32time

* Checking Service: TrkWks

* Checking Service: TrkSvr

* Checking Service: NETLOGON

* Checking Service: Dnscache

* Checking Service: NtFrs

......................... SERVER1 passed test Services

Test omitted by user request: OutboundSecureChannels

Starting test: ObjectsReplicated

SERVER1 is in domain DC=domain,DC=com

Checking for CN=SERVER1,OU=Domain Controllers,DC=domain,DC=com in
domain

DC=domain,DC=com on 1 servers

Object is up-to-date on all servers.

Checking for CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Si

te-Name,CN=Sites,CN=Configuration,DC=domain,DC=com in domain
CN=Configuration,DC=

domain,DC=com on 1 servers

Object is up-to-date on all servers.

......................... SERVER1 passed test ObjectsReplicated

Starting test: frssysvol

* The File Replication Service Event log test

The SYSVOL has been shared, and the AD is no longer

prevented from starting by the File Replication Service.

There are errors after the SYSVOL has been shared.

The SYSVOL can prevent the AD from starting.

An Warning Event occured. EventID: 0x800034C4

Time Generated: 08/21/2006 17:43:22

Event String: The File Replication Service is having trouble

enabling replication from SERVER2 to SERVER1 for

c:\winnt1\sysvol\domain using the DNS name

SERVER2.domain.com. FRS will keep retrying.

Following are some of the reasons you would see

this warning.

[1] FRS can not correctly resolve the DNS name

SERVER2.domain.com from this computer.

[2] FRS is not running on SERVER2.domain.com.

[3] The topology information in the Active

Directory for this replica has not yet replicated

to all the Domain Controllers.

This event log message will appear once per

connection, After the problem is fixed you will

see another event log message indicating that the

connection has been established.

An Warning Event occured. EventID: 0x800034C4

Time Generated: 08/21/2006 17:47:14

Event String: The File Replication Service is having trouble

enabling replication from SERVER3 to SERVER1 for

c:\winnt1\sysvol\domain using the DNS name

SERVER3.domain.com. FRS will keep retrying.

Following are some of the reasons you would see

this warning.

[1] FRS can not correctly resolve the DNS name

SERVER3.domain.com from this computer.

[2] FRS is not running on SERVER3.domain.com.

[3] The topology information in the Active

Directory for this replica has not yet replicated

to all the Domain Controllers.

This event log message will appear once per

connection, After the problem is fixed you will

see another event log message indicating that the

connection has been established.

An Warning Event occured. EventID: 0x800034C4

Time Generated: 08/22/2006 18:29:39

Event String: The File Replication Service is having trouble

enabling replication from SERVER2 to SERVER1 for

c:\winnt1\sysvol\domain using the DNS name

SERVER2.domain.com. FRS will keep retrying.

Following are some of the reasons you would see

this warning.

[1] FRS can not correctly resolve the DNS name

SERVER2.domain.com from this computer.

[2] FRS is not running on SERVER2.domain.com.

[3] The topology information in the Active

Directory for this replica has not yet replicated

to all the Domain Controllers.

This event log message will appear once per

connection, After the problem is fixed you will

see another event log message indicating that the

connection has been established.

......................... SERVER1 passed test frssysvol

Starting test: kccevent

* The KCC Event log test

An Warning Event occured. EventID: 0x800004F1

Time Generated: 08/23/2006 08:18:15

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800004F1

Time Generated: 08/23/2006 08:18:15

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800004F1

Time Generated: 08/23/2006 08:18:15

(Event String could not be retrieved)

......................... SERVER1 failed test kccevent

Starting test: systemlog

* The System Event log test

Found no errors in System Event log in the last 60 minutes.

......................... SERVER1 passed test systemlog

Running enterprise tests on : domain.com

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.

......................... domain.com passed test Intersite

Starting test: FsmoCheck

GC Name: \\SERVER1.domain.com

Locator Flags: 0xe00001fc

PDC Name: \\SERVER2.domain.com

Locator Flags: 0xe00001bd

Time Server Name: \\SERVER1.domain.com

Locator Flags: 0xe00001fc

Preferred Time Server Name: \\SERVER1.domain.com

Locator Flags: 0xe00001fc

KDC Name: \\SERVER1.domain.com

Locator Flags: 0xe00001fc

......................... domain.com passed test FsmoCheck

dcdiag SERVER2


"kj" <kj@xxxxxxxxxxx> wrote in message
news:%23pWcsvlxGHA.4336@xxxxxxxxxxxxxxxxxxxxxxx
OK, so your not in the "tombstone danger zone". Apologies if you've
already
posted this, but please describe how the two sites are connected to
each
other (VPN). Also post the results of each of the following run from
EACH
DC;

Ipconfig/all

dcdiag /e /v

--
/kj
"J" <jk_50@xxxxxxxxxxx> wrote in message
news:OFgyRplxGHA.4092@xxxxxxxxxxxxxxxxxxxxxxx
8-22-2006 was the last successful replication.


"kj" <kj@xxxxxxxxxxx> wrote in message
news:upfGnZjxGHA.4416@xxxxxxxxxxxxxxxxxxxxxxx
"J", I would doubt that, even if it was possible. PDC is an NT4 and
earlier thing.

OP, what is the network connection type to the other site and how
long
has the replication problem been going on?

--
/kj
"J" <jk_50@xxxxxxxxxxx> wrote in message
news:uEmsagixGHA.4968@xxxxxxxxxxxxxxxxxxxxxxx
Would it be beneficial to run dcpromo to upgrade the Windows 2000
BDC
to
PDC and downgrade the SBS 2003 from PDC to BDC then reverse the
process?

J


"Cris Hanna (SBS-MVP)"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:%23L%23YFlgxGHA.4764@xxxxxxxxxxxxxxxxxxxxxxx
have you run DCdiag on your sbsserver?

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the
newsgroup
so
all can take advantage
"J" <jk_50@xxxxxxxxxxx> wrote in message
news:efBOCQgxGHA.4876@xxxxxxxxxxxxxxxxxxxxxxx
By the way...AD replication problems started when I reinstalled
the
server
tools and Exchange.

J


"J" <jk_50@xxxxxxxxxxx> wrote in message
news:OSQFIIgxGHA.4764@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have SBS 2003 as the PDC and 2000 as a domain controller in
another
site. I've been having AD replication problems. I checked DNS
and
it
seems to be configured properly. I used DNSLint and didn't find
any
problems with name resolution. Is there a way can repair AD
without
havin
to reinstall SBS 2003? Is there a utility that I can run to do
more
troublshooting.

In the event log, there are some entries...

1722 The RPC server is unavailable - I can telnet on port 135...I
can
do a
net view \\<servername> successfully

Internal event: Active Directory could not synchronize the
following
directory partition with the domain controller at the following
network
address.
Directory partition:
DC=mbiri,DC=com
Network address:
d8055eba-fec9-4050-b114-38f977a2022e._msdcs.<domain>.com

Any ideas will be great

Thanks in advance

J
















.

Relevant Pages

  • Re: Windows 2003 Help
    ... Connecting to directory service on server tgcs001. ... The replication generated an error: ... Error Record 1, ProcessID is 1588 (DcDiag) ... established connection failed because connected host has failed to respond. ...
    (microsoft.public.windows.server.general)
  • Re: Global Catalog Server Not Found
    ... The File Replication Service Event log test ... An Warning Event occured. ... Base Object Description: "SYSVOL FRS Member Object" ... Check if this server is deleted, ...
    (microsoft.public.windows.server.active_directory)
  • Re: windows cannot determine user or computer name - refers to windows 2000 server
    ... Did you run the commands to correct replication? ... Please post also an unedited ipconfig /all from the 2003 server. ... Warning: mywindows2003server is the Schema Owner, ...
    (microsoft.public.windows.server.general)
  • Re: event id:13552
    ... It wasnt on any other server we had ... DC2 cant replicate to DC1. ... Go to Sites/Services and delete the connection objects from both ... all tasks and click Check Replication ...
    (microsoft.public.win2000.active_directory)
  • File Replication issue with DCs
    ... I did the domain and forest prep and got the 2003 server into AD. ... I am having problems with replication. ... REPLICATION LATENCY WARNING ... The local domain controller will not be advertised to clients by the domain controller locator service until this task is completed. ...
    (microsoft.public.windows.server.active_directory)