Solved

AD replication errors

Posted on 2003-11-14
9
1,256 Views
Last Modified: 2010-04-14
I am seeing some interesting AD replication related errors on two of my servers.

I recently added a DC to this domain and AD replication seems to be working reasonable well (I can make changes to users in the new dc, and they show up in the other two older ones.)  However I am seeing the following two errors repeating on the original two DCs,
**********************************************************************************************
--------------------------------------------------
Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1061
Date:            14/11/2003
Time:            11:37:20 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      EUROPA
Description:
Internal error: The directory replication agent (DRA) call returned error 5.

-------------------------------------------
Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1265
Date:            14/11/2003
Time:            10:52:20 AM
User:            N/A
Computer:      EUROPA
Description:
The attempt to establish a replication link with parameters
 
 Partition: CN=Schema,CN=Configuration,DC=ourdomain,DC=com
 Source DSA DN: CN=NTDS Settings,CN=CALLISTO,CN=Servers,CN=Burloak,CN=Sites,CN=Configuration,DC=ourdomain,DC=com
 Source DSA Address: 5673215d-87e2-4c3b-8204-4ffeafe0c2f2._msdcs.ourdomain.com
 Inter-site Transport (if any):
 
 failed with the following status:
 
 Access is denied.
 
 The record data is the status code.  This operation will be retried.
Data:
0000: 05 00 00 00               ....    

************************************************************************

I have also noticed in Replmon that the original DC’s only show connections to each other in the main screen.  However when I open the properties for the old servers the inbound connections list the new server (Callisto) as Auto Created, but the reasons pane shows the following info:

************************************************************************
-----------------------------------
Connection Name: cb927d75-622b-4f5f-8132-19833a8515ac

     Replication Partner: Burloak\COCKATRICE
     Administrator Generated?: AUTO

     Reasons for this connection:
     ----------------------------
     Directory Partition (CN=Configuration,DC=ourdomain,DC=com)
          Replicated because the replication partner is a ring neighbor.
     Directory Partition (DC=ourdomain,DC=com)
          Replicated because the replication partner is a ring neighbor.
     Directory Partition (CN=Schema,CN=Configuration,DC=ourdomain,DC=com)
          Replicated because the replication partner is a ring neighbor.

Connection Name: e3e7f12a-17e2-4f39-8f87-8fc2e297d47d

     Replication Partner: Burloak\CALLISTO
     Administrator Generated?: AUTO

     Reasons for this connection:
     ----------------------------
     Directory Partition (CN=Configuration,DC=ourdomain,DC=com)
          This replication connection is created because another replication partner has surpassed the allowed failure limit.
     Directory Partition (DC=ourdomain,DC=com)
          This replication connection is created because another replication partner has surpassed the allowed failure limit.
     Directory Partition (CN=Schema,CN=Configuration,DC=ourdomain,DC=com)
          This replication connection is created because another replication partner has surpassed the allowed failure limit.


************************************************************************

I have been trying to find out what might be wrong, or how to troubleshoot this, and have not had much luck.

Any ideas would be greatly appreciated.

Thanks

0
Comment
Question by:twilightdirge
9 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9749347
0
 

Author Comment

by:twilightdirge
ID: 9749388
I think I have looked at that but dissmissed it as these machines are all supposed to be the same domain....


0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 9749437
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:twilightdirge
ID: 9749659
Thanks Nadir, (and a belated thanks to Sunray)

I have seen that one as well.  
I have manually triggered Replication using Replmon yesterday , but I have been unable to find out what error code 5 means in that 1061 error, as it is different from the 8438 code that Q-Doc shows.

Based on the other event I am hypothesizing that  it is a access denied error, but have no positive proof of this.
0
 

Expert Comment

by:Milano_EH3
ID: 9749982
0
 

Author Comment

by:twilightdirge
ID: 9750415
Thanks Milano

I checked this out, and both the new, and the old servers show the new server as a DC, and the new machine shows the proper note in it’s My Computer >Properties> Network Identification tab

I ran the repadmin /showreps on an old and new machine to see if that might help, the results are below:
Old machine:
****************************************************************************************************
Burloak\EUROPA
DSA Options : IS_GC
objectGuid  : 560e4319-f7b1-4319-8bc0-bf02c17cc09e
invocationID: c2d15ffc-c1a8-4ba1-a9f8-cdc0fbf6ce5c

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=ourdomain,DC=com
    Burloak\PEREGRINE
DEL:456c4e42-6be1-4a55-ab5f-40bbb38d00a0 (deleted DSA) via RPC
        objectGuid: b26be1e0-6d9f-48ad-a49f-a8d04c8dba63
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 13:46.02 was successful.

CN=Configuration,DC=ourdomain,DC=com
    Burloak\PEREGRINE
DEL:456c4e42-6be1-4a55-ab5f-40bbb38d00a0 (deleted DSA) via RPC
        objectGuid: b26be1e0-6d9f-48ad-a49f-a8d04c8dba63
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 14:30.44 was successful.

DC=ourdomain,DC=com
    Burloak\PEREGRINE
DEL:456c4e42-6be1-4a55-ab5f-40bbb38d00a0 (deleted DSA) via RPC
        objectGuid: b26be1e0-6d9f-48ad-a49f-a8d04c8dba63
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 14:31.44 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=ourdomain,DC=com
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
    Burloak\CALLISTO via RPC
        objectGuid: 5673215d-87e2-4c3b-8204-4ffeafe0c2f2

CN=Configuration,DC=ourdomain,DC=com
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
    Burloak\CALLISTO via RPC
        objectGuid: 5673215d-87e2-4c3b-8204-4ffeafe0c2f2

DC=ourdomain,DC=com
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
    Burloak\CALLISTO via RPC
        objectGuid: 5673215d-87e2-4c3b-8204-4ffeafe0c2f2

New machine:
****************************************************************************************************
Burloak\CALLISTO
DSA Options : (none)
objectGuid  : 5673215d-87e2-4c3b-8204-4ffeafe0c2f2
invocationID: eb169061-c695-4ce2-9cce-ea8781eae2e4

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=ourdomain,DC=com
    Burloak\EUROPA via RPC
        objectGuid: 560e4319-f7b1-4319-8bc0-bf02c17cc09e
        Last attempt @ 2003-11-14 13:49.56 was successful.
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 13:49.56 was successful.

CN=Configuration,DC=ourdomain,DC=com
    Burloak\EUROPA via RPC
        objectGuid: 560e4319-f7b1-4319-8bc0-bf02c17cc09e
        Last attempt @ 2003-11-14 13:49.55 was successful.
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 13:49.56 was successful.

DC=ourdomain,DC=com
    Burloak\EUROPA via RPC
        objectGuid: 560e4319-f7b1-4319-8bc0-bf02c17cc09e
        Last attempt @ 2003-11-14 13:49.55 was successful.
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 13:49.55 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
0
 

Accepted Solution

by:
twilightdirge earned 0 total points
ID: 10044561
Had to get MS Professional Service to help with this one.

Found out that the everyone group cannot be removed from the "Access this computer from Network" policy.  
Once it was added back in everything worked like a charm.
0
 

Expert Comment

by:RomMod
ID: 10044693
Asker resolved their own question; The 250 points have been refunded and the question PAQ'd.

RomMod
Community Support Moderator
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question