Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1261
  • Last Modified:

AD replication errors

I am seeing some interesting AD replication related errors on two of my servers.

I recently added a DC to this domain and AD replication seems to be working reasonable well (I can make changes to users in the new dc, and they show up in the other two older ones.)  However I am seeing the following two errors repeating on the original two DCs,
**********************************************************************************************
--------------------------------------------------
Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1061
Date:            14/11/2003
Time:            11:37:20 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      EUROPA
Description:
Internal error: The directory replication agent (DRA) call returned error 5.

-------------------------------------------
Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1265
Date:            14/11/2003
Time:            10:52:20 AM
User:            N/A
Computer:      EUROPA
Description:
The attempt to establish a replication link with parameters
 
 Partition: CN=Schema,CN=Configuration,DC=ourdomain,DC=com
 Source DSA DN: CN=NTDS Settings,CN=CALLISTO,CN=Servers,CN=Burloak,CN=Sites,CN=Configuration,DC=ourdomain,DC=com
 Source DSA Address: 5673215d-87e2-4c3b-8204-4ffeafe0c2f2._msdcs.ourdomain.com
 Inter-site Transport (if any):
 
 failed with the following status:
 
 Access is denied.
 
 The record data is the status code.  This operation will be retried.
Data:
0000: 05 00 00 00               ....    

************************************************************************

I have also noticed in Replmon that the original DC’s only show connections to each other in the main screen.  However when I open the properties for the old servers the inbound connections list the new server (Callisto) as Auto Created, but the reasons pane shows the following info:

************************************************************************
-----------------------------------
Connection Name: cb927d75-622b-4f5f-8132-19833a8515ac

     Replication Partner: Burloak\COCKATRICE
     Administrator Generated?: AUTO

     Reasons for this connection:
     ----------------------------
     Directory Partition (CN=Configuration,DC=ourdomain,DC=com)
          Replicated because the replication partner is a ring neighbor.
     Directory Partition (DC=ourdomain,DC=com)
          Replicated because the replication partner is a ring neighbor.
     Directory Partition (CN=Schema,CN=Configuration,DC=ourdomain,DC=com)
          Replicated because the replication partner is a ring neighbor.

Connection Name: e3e7f12a-17e2-4f39-8f87-8fc2e297d47d

     Replication Partner: Burloak\CALLISTO
     Administrator Generated?: AUTO

     Reasons for this connection:
     ----------------------------
     Directory Partition (CN=Configuration,DC=ourdomain,DC=com)
          This replication connection is created because another replication partner has surpassed the allowed failure limit.
     Directory Partition (DC=ourdomain,DC=com)
          This replication connection is created because another replication partner has surpassed the allowed failure limit.
     Directory Partition (CN=Schema,CN=Configuration,DC=ourdomain,DC=com)
          This replication connection is created because another replication partner has surpassed the allowed failure limit.


************************************************************************

I have been trying to find out what might be wrong, or how to troubleshoot this, and have not had much luck.

Any ideas would be greatly appreciated.

Thanks

0
twilightdirge
Asked:
twilightdirge
1 Solution
 
sunray_2003Commented:
0
 
twilightdirgeAuthor Commented:
I think I have looked at that but dissmissed it as these machines are all supposed to be the same domain....


0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
twilightdirgeAuthor Commented:
Thanks Nadir, (and a belated thanks to Sunray)

I have seen that one as well.  
I have manually triggered Replication using Replmon yesterday , but I have been unable to find out what error code 5 means in that 1061 error, as it is different from the 8438 code that Q-Doc shows.

Based on the other event I am hypothesizing that  it is a access denied error, but have no positive proof of this.
0
 
Milano_EH3Commented:
0
 
twilightdirgeAuthor Commented:
Thanks Milano

I checked this out, and both the new, and the old servers show the new server as a DC, and the new machine shows the proper note in it’s My Computer >Properties> Network Identification tab

I ran the repadmin /showreps on an old and new machine to see if that might help, the results are below:
Old machine:
****************************************************************************************************
Burloak\EUROPA
DSA Options : IS_GC
objectGuid  : 560e4319-f7b1-4319-8bc0-bf02c17cc09e
invocationID: c2d15ffc-c1a8-4ba1-a9f8-cdc0fbf6ce5c

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=ourdomain,DC=com
    Burloak\PEREGRINE
DEL:456c4e42-6be1-4a55-ab5f-40bbb38d00a0 (deleted DSA) via RPC
        objectGuid: b26be1e0-6d9f-48ad-a49f-a8d04c8dba63
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 13:46.02 was successful.

CN=Configuration,DC=ourdomain,DC=com
    Burloak\PEREGRINE
DEL:456c4e42-6be1-4a55-ab5f-40bbb38d00a0 (deleted DSA) via RPC
        objectGuid: b26be1e0-6d9f-48ad-a49f-a8d04c8dba63
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 14:30.44 was successful.

DC=ourdomain,DC=com
    Burloak\PEREGRINE
DEL:456c4e42-6be1-4a55-ab5f-40bbb38d00a0 (deleted DSA) via RPC
        objectGuid: b26be1e0-6d9f-48ad-a49f-a8d04c8dba63
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 14:31.44 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=ourdomain,DC=com
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
    Burloak\CALLISTO via RPC
        objectGuid: 5673215d-87e2-4c3b-8204-4ffeafe0c2f2

CN=Configuration,DC=ourdomain,DC=com
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
    Burloak\CALLISTO via RPC
        objectGuid: 5673215d-87e2-4c3b-8204-4ffeafe0c2f2

DC=ourdomain,DC=com
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
    Burloak\CALLISTO via RPC
        objectGuid: 5673215d-87e2-4c3b-8204-4ffeafe0c2f2

New machine:
****************************************************************************************************
Burloak\CALLISTO
DSA Options : (none)
objectGuid  : 5673215d-87e2-4c3b-8204-4ffeafe0c2f2
invocationID: eb169061-c695-4ce2-9cce-ea8781eae2e4

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=ourdomain,DC=com
    Burloak\EUROPA via RPC
        objectGuid: 560e4319-f7b1-4319-8bc0-bf02c17cc09e
        Last attempt @ 2003-11-14 13:49.56 was successful.
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 13:49.56 was successful.

CN=Configuration,DC=ourdomain,DC=com
    Burloak\EUROPA via RPC
        objectGuid: 560e4319-f7b1-4319-8bc0-bf02c17cc09e
        Last attempt @ 2003-11-14 13:49.55 was successful.
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 13:49.56 was successful.

DC=ourdomain,DC=com
    Burloak\EUROPA via RPC
        objectGuid: 560e4319-f7b1-4319-8bc0-bf02c17cc09e
        Last attempt @ 2003-11-14 13:49.55 was successful.
    Burloak\COCKATRICE via RPC
        objectGuid: 09faf22a-9932-4cea-9ec1-e3c63aedd2d5
        Last attempt @ 2003-11-14 13:49.55 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
0
 
twilightdirgeAuthor Commented:
Had to get MS Professional Service to help with this one.

Found out that the everyone group cannot be removed from the "Access this computer from Network" policy.  
Once it was added back in everything worked like a charm.
0
 
RomModCommented:
Asker resolved their own question; The 250 points have been refunded and the question PAQ'd.

RomMod
Community Support Moderator
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now