HSLC-INFOLAB
asked on
Windows 2003 Active Directory is not replicating.
Here is the situation. We have a Windows 2003 server (I'll refer to as WORKSVR) running active directory and DNS, containing about 1000 users. I recently aquired a new rackmount server ( i will refer to as RACK) in which I would like to promote as the server and then get rid of the WORKSVR. After some work I was able to add the RACK as a DC, but replication is not working.
When running a dcdiag on the WORKSVR, everything runs successfully except the following output:
Starting test: MachineAccount
* worksvr is not a server trust account
The corresponding flag bits are missing from the computer object's
User-Account-Control attribute. You can re-run this command and
include the /FixMachineAccount option to attempt a repair.
......................... worksvr failed test MachineAccount
WHEN I run dcdiag /FixMachineAccount as stated, I get the following error:
Starting test: MachineAccount
* worksvr is not a server trust account
Cannot repair the computer account flags. The error is 8341
......................... worksvr failed test MachineAccount
In the NTFRS log contains one error that stood out:
<ThSupWaitThread: 1880: 533: S1: 17:35:28> :S: ReplicaCs: normal wait
<FrsDsFindComputer: 1992: 8786: S2: 17:35:48> :DS: Computer FQDN is cn=worksvr,ou=domain controllers,dc=medlab,dc=m
<FrsDsFindComputer: 1992: 8792: S2: 17:35:48> :DS: Computer's dns name is worksvr.medlab.medadmin.me
<FrsDsFindComputer: 1992: 8806: S2: 17:35:48> :DS: Settings reference is cn=ntds settings,cn=worksvr,cn=ser
<FrsDsGetSubscriptions: 1992: 8426: S0: 17:35:48> :DS: No NTFRSSubscriptions object found under cn=worksvr,ou=domain controllers,dc=medlab,dc=m
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<LOCAL_FrsRpcVerifyPromoti
<LOCAL_FrsRpcVerifyPromoti
<LOCAL_FrsRpcVerifyPromoti
<FrsDsVerifyPromotionParen
<LOCAL_FrsRpcVerifyPromoti
<SERVER_FrsRpcStartPromoti
Any help would be greatly appreciated!
When running a dcdiag on the WORKSVR, everything runs successfully except the following output:
Starting test: MachineAccount
* worksvr is not a server trust account
The corresponding flag bits are missing from the computer object's
User-Account-Control attribute. You can re-run this command and
include the /FixMachineAccount option to attempt a repair.
......................... worksvr failed test MachineAccount
WHEN I run dcdiag /FixMachineAccount as stated, I get the following error:
Starting test: MachineAccount
* worksvr is not a server trust account
Cannot repair the computer account flags. The error is 8341
......................... worksvr failed test MachineAccount
In the NTFRS log contains one error that stood out:
<ThSupWaitThread: 1880: 533: S1: 17:35:28> :S: ReplicaCs: normal wait
<FrsDsFindComputer: 1992: 8786: S2: 17:35:48> :DS: Computer FQDN is cn=worksvr,ou=domain controllers,dc=medlab,dc=m
<FrsDsFindComputer: 1992: 8792: S2: 17:35:48> :DS: Computer's dns name is worksvr.medlab.medadmin.me
<FrsDsFindComputer: 1992: 8806: S2: 17:35:48> :DS: Settings reference is cn=ntds settings,cn=worksvr,cn=ser
<FrsDsGetSubscriptions: 1992: 8426: S0: 17:35:48> :DS: No NTFRSSubscriptions object found under cn=worksvr,ou=domain controllers,dc=medlab,dc=m
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<SERVER_FrsRpcStartPromoti
<LOCAL_FrsRpcVerifyPromoti
<LOCAL_FrsRpcVerifyPromoti
<LOCAL_FrsRpcVerifyPromoti
<FrsDsVerifyPromotionParen
<LOCAL_FrsRpcVerifyPromoti
<SERVER_FrsRpcStartPromoti
Any help would be greatly appreciated!
ASKER
** Here is the dump of the FSMOS roles from the tool run on WORKSVR:
ntdsutil: roles
fsmo maintenance: Connections
server connections: Connect to server worksvr
Binding to worksvr ...
Connected to worksvr using credentials of locally logged on user.
server connections: Quit
fsmo maintenance: select Operation Target
select operation target: List roles for connected server
Server "worksvr" knows about 5 roles
Schema - CN=NTDS Settings,CN=worksvr,CN=Ser
tes,CN=Configuration,DC=me
Domain - CN=NTDS Settings,CN=worksvr,CN=Ser
tes,CN=Configuration,DC=me
PDC - CN=NTDS Settings,CN=worksvr,CN=Ser
,CN=Configuration,DC=medla
RID - CN=NTDS Settings,CN=worksvr,CN=Ser
,CN=Configuration,DC=medla
Infrastructure - CN=NTDS Settings,CN=worksvr,CN=Ser
me,CN=Sites,CN=Configurati
select operation target: Quit
fsmo maintenance: Quit
ntdsutil: Quit
Disconnecting from worksvr...
** IPCONFIG /ALL from WORKSVR
Windows IP Configuration
Host Name . . . . . . . . . . . . : worksvr
Primary Dns Suffix . . . . . . . : medlab.medadmin.med.wisc.e
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : medlab.medadmin.med.wisc.e
medadmin.med.wisc.edu
med.wisc.edu
wisc.edu
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0D-56-95-81-4F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 144.92.47.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 144.92.47.1
DNS Servers . . . . . . . . . . . : 144.92.47.14
144.92.47.15
** IPCONFIG /ALL from BACKUPSVR
Windows IP Configuration
Host Name . . . . . . . . . . . . : backupsvr
Primary Dns Suffix . . . . . . . : medlab.medadmin.med.wisc.e
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : medlab.medadmin.med.wisc.e
medadmin.med.wisc.edu
med.wisc.edu
wisc.edu
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0F-20-D0-D4-B9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 144.92.47.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 144.92.47.14
144.92.47.15
** NETDIAG from WORKSVR
..........................
Computer Name: WORKSVR
DNS Host Name: worksvr.medlab.medadmin.me
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB819696
KB823182
KB823353
KB823559
KB823980
KB824105
KB824141
KB825119
KB828035
KB828741
KB835732
KB837001
KB839643
KB839645
KB840315
KB840374
KB867801
Q147222
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : worksvr
IP Address . . . . . . . . : 144.92.47.14
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 144.92.47.1
Dns Servers. . . . . . . . : 144.92.47.14
144.92.47.15
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messeng
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{DB66616E-8C16
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Serv
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '144.92.47.1
' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '144.92.47.1
' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{DB66616E-8C16
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{DB66616E-8C16
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
As it comes to SYSVOL, i'm not too familiar with what to do pertaining to the questions you have asked.
ntdsutil: roles
fsmo maintenance: Connections
server connections: Connect to server worksvr
Binding to worksvr ...
Connected to worksvr using credentials of locally logged on user.
server connections: Quit
fsmo maintenance: select Operation Target
select operation target: List roles for connected server
Server "worksvr" knows about 5 roles
Schema - CN=NTDS Settings,CN=worksvr,CN=Ser
tes,CN=Configuration,DC=me
Domain - CN=NTDS Settings,CN=worksvr,CN=Ser
tes,CN=Configuration,DC=me
PDC - CN=NTDS Settings,CN=worksvr,CN=Ser
,CN=Configuration,DC=medla
RID - CN=NTDS Settings,CN=worksvr,CN=Ser
,CN=Configuration,DC=medla
Infrastructure - CN=NTDS Settings,CN=worksvr,CN=Ser
me,CN=Sites,CN=Configurati
select operation target: Quit
fsmo maintenance: Quit
ntdsutil: Quit
Disconnecting from worksvr...
** IPCONFIG /ALL from WORKSVR
Windows IP Configuration
Host Name . . . . . . . . . . . . : worksvr
Primary Dns Suffix . . . . . . . : medlab.medadmin.med.wisc.e
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : medlab.medadmin.med.wisc.e
medadmin.med.wisc.edu
med.wisc.edu
wisc.edu
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0D-56-95-81-4F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 144.92.47.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 144.92.47.1
DNS Servers . . . . . . . . . . . : 144.92.47.14
144.92.47.15
** IPCONFIG /ALL from BACKUPSVR
Windows IP Configuration
Host Name . . . . . . . . . . . . : backupsvr
Primary Dns Suffix . . . . . . . : medlab.medadmin.med.wisc.e
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : medlab.medadmin.med.wisc.e
medadmin.med.wisc.edu
med.wisc.edu
wisc.edu
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0F-20-D0-D4-B9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 144.92.47.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 144.92.47.14
144.92.47.15
** NETDIAG from WORKSVR
..........................
Computer Name: WORKSVR
DNS Host Name: worksvr.medlab.medadmin.me
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB819696
KB823182
KB823353
KB823559
KB823980
KB824105
KB824141
KB825119
KB828035
KB828741
KB835732
KB837001
KB839643
KB839645
KB840315
KB840374
KB867801
Q147222
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : worksvr
IP Address . . . . . . . . : 144.92.47.14
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 144.92.47.1
Dns Servers. . . . . . . . : 144.92.47.14
144.92.47.15
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messeng
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{DB66616E-8C16
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Serv
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '144.92.47.1
' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '144.92.47.1
' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{DB66616E-8C16
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{DB66616E-8C16
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
As it comes to SYSVOL, i'm not too familiar with what to do pertaining to the questions you have asked.
HSLC-INFOLAB
It is very odd that you IPCONFIG show the DNS for worksvr as 144.92.47.14, yet the NETDIAG output shows it as 144.92.47.1. I suspect this is because you missed the last digit off the copy from the dos window, but please confirm.
SYSVOL is a file share located by default on each domain controller at \windows\sysvol\sysvol.
The directory structure starting from \windows\sysvol\ (ie the previous level up) should contain these other directories:
domain
staging
staging areas
sysvol
\windows\sysvol\sysvol should contain a directory with the same name as your AD domain ie medlab.medadmin.med.wisc.e
This is where your GPOs live.
Look in the File Replication Service Event Log and post a recent example of one of the many errors you will have there.
Cheers
JamesDS
It is very odd that you IPCONFIG show the DNS for worksvr as 144.92.47.14, yet the NETDIAG output shows it as 144.92.47.1. I suspect this is because you missed the last digit off the copy from the dos window, but please confirm.
SYSVOL is a file share located by default on each domain controller at \windows\sysvol\sysvol.
The directory structure starting from \windows\sysvol\ (ie the previous level up) should contain these other directories:
domain
staging
staging areas
sysvol
\windows\sysvol\sysvol should contain a directory with the same name as your AD domain ie medlab.medadmin.med.wisc.e
This is where your GPOs live.
Look in the File Replication Service Event Log and post a recent example of one of the many errors you will have there.
Cheers
JamesDS
ASKER
Hey JamesDS.
I apologize, the DNS was correct, I missed the last digit on the post.
On 9\1 this event exists
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller testwss.medlab.medadmin.me
Could not bind to a Domain Controller. Will try again at next polling cycle.
Under directory service
On 9\24 this exists
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Configuration,DC=medlab
Source domain controller:
CN=NTDS Settings,CN=BACKUPSVR,CN=S
Source domain controller address:
c11609f3-78fe-4f35-93d3-ea
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
8453 Replication access was denied.
For more information, see Help and Support Center at
AND
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Configuration,DC=medlab
Source domain controller:
CN=NTDS Settings,CN=BACKUPSVR,CN=S
Source domain controller address:
c11609f3-78fe-4f35-93d3-ea
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
8453 Replication access was denied.
shank
I apologize, the DNS was correct, I missed the last digit on the post.
On 9\1 this event exists
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller testwss.medlab.medadmin.me
Could not bind to a Domain Controller. Will try again at next polling cycle.
Under directory service
On 9\24 this exists
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Configuration,DC=medlab
Source domain controller:
CN=NTDS Settings,CN=BACKUPSVR,CN=S
Source domain controller address:
c11609f3-78fe-4f35-93d3-ea
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
8453 Replication access was denied.
For more information, see Help and Support Center at
AND
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Configuration,DC=medlab
Source domain controller:
CN=NTDS Settings,CN=BACKUPSVR,CN=S
Source domain controller address:
c11609f3-78fe-4f35-93d3-ea
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
8453 Replication access was denied.
shank
ASKER
Might I add, my whole goal is to get my AD functional, then rebuild my rack server (backupsvr) as INFOLABSVR with a new IP, and permanently have AD on that server, leaving worksvr behind.
I hope this can be done!
I hope this can be done!
HSLC-INFOLAB
Strange one this, there is something I am not seeing.
was worksvr the original DC, or was there another one that got removed a while ago?
Take a look at this KB article and tell me if it applies:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329860
Also, you didn't tell me about your sysvol
Cheers
JamesDS
Strange one this, there is something I am not seeing.
was worksvr the original DC, or was there another one that got removed a while ago?
Take a look at this KB article and tell me if it applies:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329860
Also, you didn't tell me about your sysvol
Cheers
JamesDS
ASKER
Hey James.
There was another server. And I promoted this one (worksvr) and it was working, but when it came time to put AD On my new rack server, here were my problems.
Heres the output from readmin.
C:\PROGRA~1\Resource Kit>repadmin /showreps
Default-First-Site-Name\wo
DC Options: IS_GC
Site Options: (none)
DC object GUID: 24952dbc-927d-451f-a745-6b
DC invocationID: c46ed2ad-21f3-4985-8068-ba
Source: Default-First-Site-Name\BA
******* 382 CONSECUTIVE FAILURES since 2004-09-20 10:54:05
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
Naming Context: CN=Schema,CN=Configuration
DC=edu
Source: Default-First-Site-Name\BA
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: CN=Configuration,DC=medlab
Source: Default-First-Site-Name\BA
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: DC=medlab,DC=medadmin,DC=m
Source: Default-First-Site-Name\BA
******* WARNING: KCC could not add this REPLICA LINK due to error.
As far as SYSVOL goes, the directories seem to be there on worksvr. The errors I posted are from event viewer.
There was another server. And I promoted this one (worksvr) and it was working, but when it came time to put AD On my new rack server, here were my problems.
Heres the output from readmin.
C:\PROGRA~1\Resource Kit>repadmin /showreps
Default-First-Site-Name\wo
DC Options: IS_GC
Site Options: (none)
DC object GUID: 24952dbc-927d-451f-a745-6b
DC invocationID: c46ed2ad-21f3-4985-8068-ba
Source: Default-First-Site-Name\BA
******* 382 CONSECUTIVE FAILURES since 2004-09-20 10:54:05
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
Naming Context: CN=Schema,CN=Configuration
DC=edu
Source: Default-First-Site-Name\BA
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: CN=Configuration,DC=medlab
Source: Default-First-Site-Name\BA
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: DC=medlab,DC=medadmin,DC=m
Source: Default-First-Site-Name\BA
******* WARNING: KCC could not add this REPLICA LINK due to error.
As far as SYSVOL goes, the directories seem to be there on worksvr. The errors I posted are from event viewer.
HSLC-INFOLAB
It looks like something might have gone a bit wrong when the original server was removed and worksvr was put in - but it wasn't bad enough to stop it working then.
ok, what about the link I posted, does this help you any more?
On worksvr AND backupsvr, run these commands:
net stop netlogon
net start netlogon
wait 10 minutes and then re-run repadmin and tell me if the output changes
I have to sign off now (it is after 8pm here), but i'll take a look back in the morning. See my profile if you want to get in touch some other way.
Cheers
JamesDS
It looks like something might have gone a bit wrong when the original server was removed and worksvr was put in - but it wasn't bad enough to stop it working then.
ok, what about the link I posted, does this help you any more?
On worksvr AND backupsvr, run these commands:
net stop netlogon
net start netlogon
wait 10 minutes and then re-run repadmin and tell me if the output changes
I have to sign off now (it is after 8pm here), but i'll take a look back in the morning. See my profile if you want to get in touch some other way.
Cheers
JamesDS
ASKER
Hey James, I appreciate the help. I followed your steps involving the net stop start commands.
After running repadmin again I recevied the same errors, errors pertaining to the replica Link.
shank
After running repadmin again I recevied the same errors, errors pertaining to the replica Link.
shank
HSLC-INFOLAB
£$%^&*!!
worth a try tho, sometime AD is capable of repairing itself.
I think you need to get someone to dial in and see it for themselves. I am not allowed to tout for business on EE, but I do rather lot of these :)
Now I really am signing off, I haven't had any dinner yet and there's a distinct danger of getting thin!
Cheers
JamesDS
£$%^&*!!
worth a try tho, sometime AD is capable of repairing itself.
I think you need to get someone to dial in and see it for themselves. I am not allowed to tout for business on EE, but I do rather lot of these :)
Now I really am signing off, I haven't had any dinner yet and there's a distinct danger of getting thin!
Cheers
JamesDS
ASKER
JamesDS.
EE is my only option really for help. So do you think I am basically out of luck on this issue unless someone comes and see for their self this problem? We do have the ability to remote control through the 2003 server.
shank
EE is my only option really for help. So do you think I am basically out of luck on this issue unless someone comes and see for their self this problem? We do have the ability to remote control through the 2003 server.
shank
HSLC-INFOLAB
I would first call microsoft PSS support, it is likely to be the cheaper option. But after that, yes your best best is to get someone to take a look in person either on site or remotely over terminal services.
Cheers
JamesDS
I would first call microsoft PSS support, it is likely to be the cheaper option. But after that, yes your best best is to get someone to take a look in person either on site or remotely over terminal services.
Cheers
JamesDS
ASKER
Ah microsoft PSS support isn't really an option we go choose. So there is no other way to just copy users and bring them to a new domain without replication?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I had a similar problem. I turned out that the secure channel between the two domain controllers (mine happened to be in different sites) had been corrupted. Try the following steps to see if this is your issue and then how to fix.
If you have 2 Active Directory Servers that are not replicating, ServerA & ServerB, try the following:
From ServerA, go to Start -> Run and type: \\ServerB
From ServerB, go to Start -> Run and type: \\ServerA
If from ServerA you get and error message indicating that the target name is incorrent, then the the secure channel has been corrupted. Same Vice-Versa. You will also see error messages in replmon and repadmin debug indicating that the target is invalid as well.
In My case, I could not get to \\ServerB from ServerA. The Secure channel on ServerA for ServerB had been corrupted and I had to reset it. I had to perform the following steps to fix the problem:
a. Stop the Kerberos Key Distribution Center (KDC) service, and then set it to Manual startup.
b. Run the netdom command:
resetpwd /server:replication_partne
c. Restart the computer, start the KDC, and then set it back to Automatic startup.
These commands can be found in the following Microsoft KB:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329721
Hope this helps some one!
If you have 2 Active Directory Servers that are not replicating, ServerA & ServerB, try the following:
From ServerA, go to Start -> Run and type: \\ServerB
From ServerB, go to Start -> Run and type: \\ServerA
If from ServerA you get and error message indicating that the target name is incorrent, then the the secure channel has been corrupted. Same Vice-Versa. You will also see error messages in replmon and repadmin debug indicating that the target is invalid as well.
In My case, I could not get to \\ServerB from ServerA. The Secure channel on ServerA for ServerB had been corrupted and I had to reset it. I had to perform the following steps to fix the problem:
a. Stop the Kerberos Key Distribution Center (KDC) service, and then set it to Manual startup.
b. Run the netdom command:
resetpwd /server:replication_partne
c. Restart the computer, start the KDC, and then set it back to Automatic startup.
These commands can be found in the following Microsoft KB:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329721
Hope this helps some one!
This is almost certainly DNS related but there are other issues here too.
Please provide an IPCONFIG /ALL output from each DC and the output from netdiag from the support tools pack.
Download DUMPFSMOS from here and post the output: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/dumpfsmos-o.asp
This is the Windows 2000 version of the tool, but it will work on Windows 2000, and 2003
If SYSVOL is missing off the existing DC and there is no copy on the newly promoted DC then you will have to restore it from backup. SYSVOL can be recovered from scratch, but it's painful and takes a while to do and each GPO will have to be rebuilt by hand as text files. I did one of these recently and it took almost 6 hours from start to finish using Terminal Services. Let's hope you have a copy somewhere!
Until you have a fully working copy of the AD database, including sysvol you will not be able to successfully promote and replicate a new DC.
Cheers
JamesDS