Solved

The DSA operation is unable to proceed because of a DNS lookup failure.

Posted on 2004-09-07
5
1,445 Views
Last Modified: 2008-01-09
We have a Win2k Domain with 3 sites.  Each site has a DC that acts as an inter-site replication partner.  Replication had been working with both intersite and intrasite replication partners. Recently we started to have intersite replication problems that I am not sure how to resolve.  Here are some of the event errors we are receiving:

------------------------------------------------------------------------------------------

Event Type:      Error
Event Source:      NTDS KCC
Event Category:      (1)
Event ID:      1311
Date:            9/4/2004
Time:            6:51:05 AM
User:            N/A
Computer:      DC-DS1
Description:
The Directory Service consistency checker has determined that either (a)
there is not enough physical connectivity published via the Active Directory
Sites and Services Manager to create a spanning tree connecting all the sites
containing the Partition CN=Configuration,DC=altarum,DC=pri, or (b)
replication cannot be performed with one or more critical servers in order
for changes to propagate across all sites (most often due to the servers
being unreachable).  

For (a), please use the Active Directory Sites and Services Manager to do
one of the following:
1. Publish sufficient site connectivity information such that the system can
infer a route by which this Partition can reach this site.  This option is
preferred.
2. Add an ntdsConnection object to a Domain Controller that contains the
Partition CN=Configuration,DC=altarum,DC=pri in this site from a Domain
Controller that contains the same Partition in another site.  

For (b), please see previous events logged by the NTDS KCC source that
identify the servers that could not be contacted.

----------------------------------------------------------------------------------------------

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      (1)
Event ID:      1265
Date:            9/4/2004
Time:            6:51:05 AM
User:            N/A
Computer:      DC-DS1
Description:
The attempt to establish a replication link with parameters
 
 Partition: DC=altarum,DC=pri
 Source DSA DN: CN=NTDS
Settings,CN=AA-DS3,CN=Servers,CN=AnnArbor,CN=Sites,CN=Configuration,DC=altarum,DC=pri
 Source DSA Address: 48b860a6-2891-4d95-a2ae-83f13bceb6fb._msdcs.altarum.pri
 Inter-site Transport (if any): CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=altarum,DC=pri
 
 failed with the following status:
 
 The DSA operation is unable to proceed because of a DNS lookup failure.
 
 The record data is the status code.  This operation will be retried.
Data:
0000: 4c 21 00 00               L!..    

---------------------------------------------------------------------------------------



In running netdiag /v on the servers:
---------------------------------------------------------------------------------
TX-DC1:
Testing trust relationships... Failed
PASS - All the DNS entries for DC are registered on DNS server
'204.106.25.15'.
Trust relationship test. . . . . . : Failed
    Test to ensure DomainSid of domain 'ALTARUM' is correct.
    Secure channel for domain 'ALTARUM' is to '\\aa-ds1.altarum.pri'.
    [FATAL] Cannot set secure channel for domain 'ALTARUM' to PDC emulator.
[ERROR_NO_LOGON_SERVERS]
    Find PDC emulator in domain 'ALTARUM':
        [WARNING] Cannot find PDC emulator in domain 'ALTARUM'.
[ERROR_NO_SUCH_DOMAIN]

DC-DS1:
Testing trust relationships... Failed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'.
Trust relationship test. . . . . . : Failed
    Test to ensure DomainSid of domain 'ALTARUM' is correct.
    Secure channel for domain 'ALTARUM' is to '\\aa-ds1.altarum.pri'.
    [FATAL] Cannot set secure channel for domain 'ALTARUM' to PDC emulator.
[ERROR_NO_LOGON_SERVERS]
    Find PDC emulator in domain 'ALTARUM':
        [WARNING] Cannot find PDC emulator in domain 'ALTARUM'.
[ERROR_NO_SUCH_DOMAIN]

AA-DS2:
Testing trust relationships... Passed
PASS - All the DNS entries for DC are registered on DNS server '198.108.7.9'
and other DCs also have some of the names registered.
Trust relationship test. . . . . . : Passed
    Test to ensure DomainSid of domain 'ALTARUM' is correct.
    Secure channel for domain 'ALTARUM' is to '\\aa-ds1.altarum.pri'.
    Secure channel for domain 'ALTARUM' was successfully set to PDC emulator
'\\aa-ds1.altarum.pri'.
Find PDC emulator in domain 'ALTARUM':
    Found this PDC emulator in domain 'ALTARUM':
        DC. . . . . . . . . . . : \\aa-ds1.altarum.pri
        Address . . . . . . . . : \\198.108.7.9
        Domain Guid . . . . . . : {2F33C2A8-5E95-493A-A035-1C095E3167EA}
        Domain Name . . . . . . : altarum.pri
        Forest Name . . . . . . : altarum.pri
        DC Site Name. . . . . . : AnnArbor
        Our Site Name . . . . . : AnnArbor
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE
DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
------------------------------------------------------------------------------------------------


I have verified that all pertinent DNS records are present on all DNS servers.  I have also run ipconfig /flushdns and /registerdns to be sure.  Replication between sites is still down and I'm at a loss as to what to try next.  I have considered deleting all sites from AD Sites and Services and setting them up again to see if this gets replication going, but I wasn't sure if there might be a better approach to take.  I need to get intersite replication up and running as quickly as possible.

Any help you can give would be greatly appreciated!
0
Comment
Question by:Altarum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 15

Assisted Solution

by:Yan_west
Yan_west earned 350 total points
ID: 11996470
Q307593 provides an approach in troubleshooting Event ID 1311 Messages on a Windows 2000 Domain

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307593
0
 
LVL 15

Assisted Solution

by:Yan_west
Yan_west earned 350 total points
ID: 11996483
0
 
LVL 9

Accepted Solution

by:
jdeclue earned 150 total points
ID: 11996739
Here is a KB, on using the Repadmin.exe. This is the Replication Administrator tool. It can be very helpful. As is suggests at the bottom, using the tool to determine the last time each server updated, can usually point you to the root of a problem.

J


http://support.microsoft.com/?kbid=229896
0
 

Author Comment

by:Altarum
ID: 11999097
Thanks for the quick responses!  I'm splitting the points between you all because all suggestions were required for me to come up with the answer.  In order to resolve this, I ran repadmin /showreps and ran dcdiag /test:intersite /e /q.  It then came to me that what I've been seeing in a lot of my tests is that there were missing _msdcs guids.  The solution was found on the eventid.net site Yan recommended.

In the end, I remoted into all intersite replication partner DCs and recreated the _msdcs guid CNAME records for all DCs.  Upon doing this, replication kicked right in.

After resolving this, I have a healthy suspicion as to where our replicating problems started and was wondering if you might have some ideas as to why this happened.  Last week we were testing out some config changes and had tested enabling scavaging of stale resource records.  Would this have for some reason viewed these CNAME records as stale and removed them?

Thanks,
Michelle
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11999420
It is possible, although I have never seen that happen before. I imagine it might be possible if the DNS was not configured properly to begin with. Glad you got it figured out, that was pretty quick. Good Job!

J
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question