kbmccrory
asked on
Windows 2003 DC's not replicating, Access is denied
I have a small network with primarily Windows 2000 advanced servers providing web services with a back end MS SQL server cluster. I have two Domain Controllers with Active Directory installed. These two machines are Windows Server 2003 Enterprise Edition. AD is required for the SQL database cluster to work. The first DC machine has DNS services installed. When setting up this machine I just used the default wizard. The second DC was installed as the 2nd DC in the domain.
Machines are able to join the domain but then I keep seeing messages in security log of the DC Event ID 529: Unknown user name or bad password. This has primarily been from the 2nd DC server. I have not been able to reliably get the two machines to talk to each other. AD logon credentials for users work fine.
Using AD Sites and Services I have been able to force replication from the 2nd DC to the primary but not the other way. Right now I can't force a replication either way. I'm consitently getting 529 errors listing the 2nd DC IP address.
I was able to get the system working for about 4 hours today with no error messages. This afternoon the system started having problems again where replication wouldn't work. When I run repadmin /showreps I get the response"DSA operation failed because of a DNS lookup failure." The last successful replication was this morning at about 8am.
I have the 1st DC set up to receive the SQL backups from the server cluster. This has been working for about a week now but the process is now failing with the SQL service no longer able to use the drive. On the primary DC I'm now getting a 529 error Unknown user or Bad password listing the DB server IP address.
When the system failed I showed the DNS server having 4004,4015 errors.
One minute the services work fine, later everything just stops working. I'm at a loss on what to do to get the system stable. This is also on a production system where do to an older server failure we had to move the production DB over to the cluster sooner than I had planned.
Can someone point me in the right direction?
Please let me know if there are diagnostic tools that you need run to assist.
Thanks
Kevin
Machines are able to join the domain but then I keep seeing messages in security log of the DC Event ID 529: Unknown user name or bad password. This has primarily been from the 2nd DC server. I have not been able to reliably get the two machines to talk to each other. AD logon credentials for users work fine.
Using AD Sites and Services I have been able to force replication from the 2nd DC to the primary but not the other way. Right now I can't force a replication either way. I'm consitently getting 529 errors listing the 2nd DC IP address.
I was able to get the system working for about 4 hours today with no error messages. This afternoon the system started having problems again where replication wouldn't work. When I run repadmin /showreps I get the response"DSA operation failed because of a DNS lookup failure." The last successful replication was this morning at about 8am.
I have the 1st DC set up to receive the SQL backups from the server cluster. This has been working for about a week now but the process is now failing with the SQL service no longer able to use the drive. On the primary DC I'm now getting a 529 error Unknown user or Bad password listing the DB server IP address.
When the system failed I showed the DNS server having 4004,4015 errors.
One minute the services work fine, later everything just stops working. I'm at a loss on what to do to get the system stable. This is also on a production system where do to an older server failure we had to move the production DB over to the cluster sooner than I had planned.
Can someone point me in the right direction?
Please let me know if there are diagnostic tools that you need run to assist.
Thanks
Kevin
install support tools and run dcdiag and netdiag on both servers.
how is dns setup on the dc's? dns server properties?
also use dnscmd from support tools to see status of zones.
dnscmd /enum zones: please post
it sounds like your dns zones are being stored in ad and in a file. How are your zones setup?
you can also use replmon in support tools to view replication and check usn's and many other options.
also check all services on all servers and see if services are using any domain accounts other than local service and network service.
how is dns setup on the dc's? dns server properties?
also use dnscmd from support tools to see status of zones.
dnscmd /enum zones: please post
it sounds like your dns zones are being stored in ad and in a file. How are your zones setup?
you can also use replmon in support tools to view replication and check usn's and many other options.
also check all services on all servers and see if services are using any domain accounts other than local service and network service.
ASKER
Here's the results of running dnscmd /enumzones .
This is a local only domain that is used for the DB Server Cluster.
Enumerated zone list:
Zone count = 4
Zone name Type Storage Properties
. Cache AD-Legacy
_msdcs.mphqcops.opmg-eds.l
40.168.192.in-addr.arpa Primary AD-Domain Update Rev
mphqcops.opmg-eds.local Primary AD-Domain Update
Command completed successfully.
This is from the repmon for the 1st DC:
Current Direct Replication Partner Status
--------------------------
Directory Partition: DC=mphqcops,DC=opmg-eds,DC
Partner Name: Default-First-Site-Name\MP
Partner GUID: 4EF78F2E-4BB7-4281-BE14-FB
Last Attempted Replication: 10/14/2004 8:58:04 AM (local)
Last Successful Replication: 10/13/2004 1:54:37 PM (local)
Number of Failures: 23
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 28789
USN of Last Object Updated: 28789
Transport: Intra-Site RPC
Directory Partition: CN=Configuration,DC=mphqco
Partner Name: Default-First-Site-Name\MP
Partner GUID: 4EF78F2E-4BB7-4281-BE14-FB
Last Attempted Replication: 10/14/2004 8:58:04 AM (local)
Last Successful Replication: 10/13/2004 1:54:37 PM (local)
Number of Failures: 20
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 28779
USN of Last Object Updated: 28779
Transport: Intra-Site RPC
Directory Partition: CN=Schema,CN=Configuration
Partner Name: Default-First-Site-Name\MP
Partner GUID: 4EF78F2E-4BB7-4281-BE14-FB
Last Attempted Replication: 10/14/2004 8:58:04 AM (local)
Last Successful Replication: 10/13/2004 1:54:37 PM (local)
Number of Failures: 20
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 28764
USN of Last Object Updated: 28764
Transport: Intra-Site RPC
Directory Partition: DC=DomainDnsZones,DC=mphqc
Directory Partition: DC=ForestDnsZones,DC=mphqc
This is from repmon from the 2nd DC:
Current Direct Replication Partner Status
--------------------------
Directory Partition: DC=mphqcops,DC=opmg-eds,DC
Partner Name: Default-First-Site-Name\MP
Partner GUID: 3DDB7F5F-263F-4543-9E4A-B6
Last Attempted Replication: 10/14/2004 8:49:03 AM (local)
Last Successful Replication: 10/13/2004 8:47:09 AM (local)
Number of Failures: 45
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 123834
USN of Last Object Updated: 123834
Transport: Intra-Site RPC
Directory Partition: CN=Configuration,DC=mphqco
Partner Name: Default-First-Site-Name\MP
Partner GUID: 3DDB7F5F-263F-4543-9E4A-B6
Last Attempted Replication: 10/14/2004 8:49:03 AM (local)
Last Successful Replication: 10/13/2004 8:47:06 AM (local)
Number of Failures: 27
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 123830
USN of Last Object Updated: 123830
Transport: Intra-Site RPC
Directory Partition: CN=Schema,CN=Configuration
Partner Name: Default-First-Site-Name\MP
Partner GUID: 3DDB7F5F-263F-4543-9E4A-B6
Last Attempted Replication: 10/14/2004 8:49:03 AM (local)
Last Successful Replication: 10/13/2004 8:47:06 AM (local)
Number of Failures: 27
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 123817
USN of Last Object Updated: 123817
Transport: Intra-Site RPC
Change Notifications for this Directory Partition
--------------------------
Server Name: Default-First-Site-Name\MP
Object GUID: 3DDB7F5F-263F-4543-9E4A-B6
Time Added: <no value>
Flags: DRS_WRIT_REP
Transport: RPC
Please let me know if you need additonal information...
Thanks
Kevin
This is a local only domain that is used for the DB Server Cluster.
Enumerated zone list:
Zone count = 4
Zone name Type Storage Properties
. Cache AD-Legacy
_msdcs.mphqcops.opmg-eds.l
40.168.192.in-addr.arpa Primary AD-Domain Update Rev
mphqcops.opmg-eds.local Primary AD-Domain Update
Command completed successfully.
This is from the repmon for the 1st DC:
Current Direct Replication Partner Status
--------------------------
Directory Partition: DC=mphqcops,DC=opmg-eds,DC
Partner Name: Default-First-Site-Name\MP
Partner GUID: 4EF78F2E-4BB7-4281-BE14-FB
Last Attempted Replication: 10/14/2004 8:58:04 AM (local)
Last Successful Replication: 10/13/2004 1:54:37 PM (local)
Number of Failures: 23
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 28789
USN of Last Object Updated: 28789
Transport: Intra-Site RPC
Directory Partition: CN=Configuration,DC=mphqco
Partner Name: Default-First-Site-Name\MP
Partner GUID: 4EF78F2E-4BB7-4281-BE14-FB
Last Attempted Replication: 10/14/2004 8:58:04 AM (local)
Last Successful Replication: 10/13/2004 1:54:37 PM (local)
Number of Failures: 20
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 28779
USN of Last Object Updated: 28779
Transport: Intra-Site RPC
Directory Partition: CN=Schema,CN=Configuration
Partner Name: Default-First-Site-Name\MP
Partner GUID: 4EF78F2E-4BB7-4281-BE14-FB
Last Attempted Replication: 10/14/2004 8:58:04 AM (local)
Last Successful Replication: 10/13/2004 1:54:37 PM (local)
Number of Failures: 20
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 28764
USN of Last Object Updated: 28764
Transport: Intra-Site RPC
Directory Partition: DC=DomainDnsZones,DC=mphqc
Directory Partition: DC=ForestDnsZones,DC=mphqc
This is from repmon from the 2nd DC:
Current Direct Replication Partner Status
--------------------------
Directory Partition: DC=mphqcops,DC=opmg-eds,DC
Partner Name: Default-First-Site-Name\MP
Partner GUID: 3DDB7F5F-263F-4543-9E4A-B6
Last Attempted Replication: 10/14/2004 8:49:03 AM (local)
Last Successful Replication: 10/13/2004 8:47:09 AM (local)
Number of Failures: 45
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 123834
USN of Last Object Updated: 123834
Transport: Intra-Site RPC
Directory Partition: CN=Configuration,DC=mphqco
Partner Name: Default-First-Site-Name\MP
Partner GUID: 3DDB7F5F-263F-4543-9E4A-B6
Last Attempted Replication: 10/14/2004 8:49:03 AM (local)
Last Successful Replication: 10/13/2004 8:47:06 AM (local)
Number of Failures: 27
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 123830
USN of Last Object Updated: 123830
Transport: Intra-Site RPC
Directory Partition: CN=Schema,CN=Configuration
Partner Name: Default-First-Site-Name\MP
Partner GUID: 3DDB7F5F-263F-4543-9E4A-B6
Last Attempted Replication: 10/14/2004 8:49:03 AM (local)
Last Successful Replication: 10/13/2004 8:47:06 AM (local)
Number of Failures: 27
Failure Reason Error Code: 5
Failure Description: Access is denied.
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC
USN of Last Property Updated: 123817
USN of Last Object Updated: 123817
Transport: Intra-Site RPC
Change Notifications for this Directory Partition
--------------------------
Server Name: Default-First-Site-Name\MP
Object GUID: 3DDB7F5F-263F-4543-9E4A-B6
Time Added: <no value>
Flags: DRS_WRIT_REP
Transport: RPC
Please let me know if you need additonal information...
Thanks
Kevin
ASKER
Would a flakey connection to a sntp time server cause some of these problems?
In comparing the event logs from the DB server and the DC I noticed that the DC reported problems with synchronizing with the SNTP servers. The DB server tried to sync with the DC and was refused. This was also reported by the DC. Right after that the security audit showed failed logon attempts fro the DB server. Prior to this the DB server had no issues with logging into the DC server.
Thanks.
Kevin
In comparing the event logs from the DB server and the DC I noticed that the DC reported problems with synchronizing with the SNTP servers. The DB server tried to sync with the DC and was refused. This was also reported by the DC. Right after that the security audit showed failed logon attempts fro the DB server. Prior to this the DB server had no issues with logging into the DC server.
Thanks.
Kevin
ASKER
Here are the results of the dcdiag for both DC's. The most noticable problem seems to be the "Access is Denied" errors being generated by both servers when trying to replicate. Again this appears to be an intermittent problem.
mphq-n01-spt
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine mphq-n01-spt, is a DC.
* Connecting to directory service on server mphq-n01-spt.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MP
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MPHQ-N01-SPT passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MP
Starting test: Replications
* Replications Check
[Replications Check,MPHQ-N01-SPT] A recent replication attempt failed:
From MPHQ-N02-SPT to MPHQ-N01-SPT
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:58:04.
The last success occurred at 2004-10-13 13:54:37.
20 failures have occurred since the last success.
[Replications Check,MPHQ-N01-SPT] A recent replication attempt failed:
From MPHQ-N02-SPT to MPHQ-N01-SPT
Naming Context: CN=Configuration,DC=mphqco
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:58:04.
The last success occurred at 2004-10-13 13:54:37.
20 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source MPHQ-N02-SPT
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,MPHQ-N01-SPT] A recent replication attempt failed:
From MPHQ-N02-SPT to MPHQ-N01-SPT
Naming Context: DC=mphqcops,DC=opmg-eds,DC
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:58:04.
The last success occurred at 2004-10-13 13:54:37.
23 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source MPHQ-N02-SPT
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
MPHQ-N01-SPT: Current time is 2004-10-14 09:13:12.
CN=Schema,CN=Configuration
Last replication recieved from MPHQ-N02-SPT at 2004-10-13 13:54:37.
CN=Configuration,DC=mphqco
Last replication recieved from MPHQ-N02-SPT at 2004-10-13 13:54:37.
DC=mphqcops,DC=opmg-eds,DC
Last replication recieved from MPHQ-N02-SPT at 2004-10-13 13:54:37.
* Replication Site Latency Check
......................... MPHQ-N01-SPT passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=mphqc
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=mphqc
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mphqco
(Configuration,Version 2)
* Security Permissions Check for
DC=mphqcops,DC=opmg-eds,DC
(Domain,Version 2)
......................... MPHQ-N01-SPT passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... MPHQ-N01-SPT passed test NetLogons
Starting test: Advertising
The DC MPHQ-N01-SPT is advertising itself as a DC and having a DS.
The DC MPHQ-N01-SPT is advertising as an LDAP server
The DC MPHQ-N01-SPT is advertising as having a writeable directory
The DC MPHQ-N01-SPT is advertising as a Key Distribution Center
The DC MPHQ-N01-SPT is advertising as a time server
The DS MPHQ-N01-SPT is advertising as a GC.
......................... MPHQ-N01-SPT passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Domain Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role PDC Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Rid Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
......................... MPHQ-N01-SPT passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* mphq-n01-spt.mphqcops.opmg
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1134
......................... MPHQ-N01-SPT passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/mphq-n01-spt.mphqcop
* SPN found :LDAP/mphq-n01-spt.mphqcop
* SPN found :LDAP/MPHQ-N01-SPT
* SPN found :LDAP/mphq-n01-spt.mphqcop
* SPN found :LDAP/3ddb7f5f-263f-4543-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/mphq-n01-spt.mphqcop
* SPN found :HOST/mphq-n01-spt.mphqcop
* SPN found :HOST/MPHQ-N01-SPT
* SPN found :HOST/mphq-n01-spt.mphqcop
* SPN found :GC/mphq-n01-spt.mphqcops.
......................... MPHQ-N01-SPT passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MPHQ-N01-SPT passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MPHQ-N01-SPT is in domain DC=mphqcops,DC=opmg-eds,DC
Checking for CN=MPHQ-N01-SPT,OU=Domain Controllers,DC=mphqcops,DC
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Object is up-to-date on all servers.
......................... MPHQ-N01-SPT passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MPHQ-N01-SPT passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 10/13/2004 18:00:59
Event String: The File Replication Service is having troubleenabling replication from MPHQ-N02-SPT toMPHQ-N01-SPT for e:\sysvol\domain using the DNSname mphq-n02-spt.mphqcops.opmg
......................... MPHQ-N01-SPT failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... MPHQ-N01-SPT passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MPHQ-N01-SPT passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=MPHQ-N01-SPT,OU=Domain Controllers,DC=mphqcops,DC
The system object reference (frsComputerReferenceBL) CN=MPHQ-N01-SPT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mphqc
The system object reference (serverReferenceBL) CN=MPHQ-N01-SPT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mphqc
......................... MPHQ-N01-SPT passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mphqcops
Starting test: CrossRefValidation
......................... mphqcops passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mphqcops passed test CheckSDRefDom
Running enterprise tests on : mphqcops.opmg-eds.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided.
......................... mphqcops.opmg-eds.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
PDC Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
Time Server Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
KDC Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
......................... mphqcops.opmg-eds.local passed test FsmoCheck
**************************
2nd DC Results:
mphq-n02-spt
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine mphq-n02-spt, is a DC.
* Connecting to directory service on server mphq-n02-spt.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MP
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MPHQ-N02-SPT passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MP
Starting test: Replications
* Replications Check
[Replications Check,MPHQ-N02-SPT] A recent replication attempt failed:
From MPHQ-N01-SPT to MPHQ-N02-SPT
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:49:03.
The last success occurred at 2004-10-13 08:47:06.
27 failures have occurred since the last success.
[Replications Check,MPHQ-N02-SPT] A recent replication attempt failed:
From MPHQ-N01-SPT to MPHQ-N02-SPT
Naming Context: CN=Configuration,DC=mphqco
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:49:03.
The last success occurred at 2004-10-13 08:47:06.
27 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source MPHQ-N01-SPT
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,MPHQ-N02-SPT] A recent replication attempt failed:
From MPHQ-N01-SPT to MPHQ-N02-SPT
Naming Context: DC=mphqcops,DC=opmg-eds,DC
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:49:03.
The last success occurred at 2004-10-13 08:47:09.
45 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source MPHQ-N01-SPT
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
MPHQ-N02-SPT: Current time is 2004-10-14 09:15:51.
CN=Schema,CN=Configuration
Last replication recieved from MPHQ-N01-SPT at 2004-10-13 08:47:06.
CN=Configuration,DC=mphqco
Last replication recieved from MPHQ-N01-SPT at 2004-10-13 08:47:06.
DC=mphqcops,DC=opmg-eds,DC
Last replication recieved from MPHQ-N01-SPT at 2004-10-13 08:47:09.
* Replication Site Latency Check
......................... MPHQ-N02-SPT passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mphqco
(Configuration,Version 2)
* Security Permissions Check for
DC=mphqcops,DC=opmg-eds,DC
(Domain,Version 2)
......................... MPHQ-N02-SPT passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... MPHQ-N02-SPT passed test NetLogons
Starting test: Advertising
The DC MPHQ-N02-SPT is advertising itself as a DC and having a DS.
The DC MPHQ-N02-SPT is advertising as an LDAP server
The DC MPHQ-N02-SPT is advertising as having a writeable directory
The DC MPHQ-N02-SPT is advertising as a Key Distribution Center
The DC MPHQ-N02-SPT is advertising as a time server
The DS MPHQ-N02-SPT is advertising as a GC.
......................... MPHQ-N02-SPT passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Domain Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role PDC Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Rid Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
......................... MPHQ-N02-SPT passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* mphq-n01-spt.mphqcops.opmg
* DsBind with RID Master was successful
* rIDAllocationPool is 1603 to 2102
* rIDPreviousAllocationPool is 1603 to 2102
* rIDNextRID: 1607
......................... MPHQ-N02-SPT passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/mphq-n02-spt.mphqcop
* SPN found :LDAP/mphq-n02-spt.mphqcop
* SPN found :LDAP/MPHQ-N02-SPT
* SPN found :LDAP/mphq-n02-spt.mphqcop
* SPN found :LDAP/20519221-4a6f-481b-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/mphq-n02-spt.mphqcop
* SPN found :HOST/mphq-n02-spt.mphqcop
* SPN found :HOST/MPHQ-N02-SPT
* SPN found :HOST/mphq-n02-spt.mphqcop
* SPN found :GC/mphq-n02-spt.mphqcops.
......................... MPHQ-N02-SPT passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MPHQ-N02-SPT passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MPHQ-N02-SPT is in domain DC=mphqcops,DC=opmg-eds,DC
Checking for CN=MPHQ-N02-SPT,OU=Domain Controllers,DC=mphqcops,DC
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MPHQ-N02-SPT,C
Object is up-to-date on all servers.
......................... MPHQ-N02-SPT passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MPHQ-N02-SPT passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 10/13/2004 16:36:52
Event String: The File Replication Service is having troubleenabling replication from MPHQ-N01-SPT toMPHQ-N02-SPT for e:\sysvol\domain using the DNSname mphq-n01-spt.mphqcops.opmg
......................... MPHQ-N02-SPT failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... MPHQ-N02-SPT passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MPHQ-N02-SPT passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=MPHQ-N02-SPT,OU=Domain Controllers,DC=mphqcops,DC
The system object reference (frsComputerReferenceBL) CN=MPHQ-N02-SPT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mphqc
The system object reference (serverReferenceBL) CN=MPHQ-N02-SPT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mphqc
......................... MPHQ-N02-SPT passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mphqcops
Starting test: CrossRefValidation
......................... mphqcops passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mphqcops passed test CheckSDRefDom
Running enterprise tests on : mphqcops.opmg-eds.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided.
......................... mphqcops.opmg-eds.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\mphq-n02-spt.mphqcops.op
Locator Flags: 0xe00001fc
PDC Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
Time Server Name: \\mphq-n02-spt.mphqcops.op
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\mphq-n02-spt.mphqcops.op
Locator Flags: 0xe00001fc
KDC Name: \\mphq-n02-spt.mphqcops.op
Locator Flags: 0xe00001fc
......................... mphqcops.opmg-eds.local passed test FsmoCheck
mphq-n01-spt
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine mphq-n01-spt, is a DC.
* Connecting to directory service on server mphq-n01-spt.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MP
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MPHQ-N01-SPT passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MP
Starting test: Replications
* Replications Check
[Replications Check,MPHQ-N01-SPT] A recent replication attempt failed:
From MPHQ-N02-SPT to MPHQ-N01-SPT
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:58:04.
The last success occurred at 2004-10-13 13:54:37.
20 failures have occurred since the last success.
[Replications Check,MPHQ-N01-SPT] A recent replication attempt failed:
From MPHQ-N02-SPT to MPHQ-N01-SPT
Naming Context: CN=Configuration,DC=mphqco
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:58:04.
The last success occurred at 2004-10-13 13:54:37.
20 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source MPHQ-N02-SPT
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,MPHQ-N01-SPT] A recent replication attempt failed:
From MPHQ-N02-SPT to MPHQ-N01-SPT
Naming Context: DC=mphqcops,DC=opmg-eds,DC
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:58:04.
The last success occurred at 2004-10-13 13:54:37.
23 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source MPHQ-N02-SPT
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
MPHQ-N01-SPT: Current time is 2004-10-14 09:13:12.
CN=Schema,CN=Configuration
Last replication recieved from MPHQ-N02-SPT at 2004-10-13 13:54:37.
CN=Configuration,DC=mphqco
Last replication recieved from MPHQ-N02-SPT at 2004-10-13 13:54:37.
DC=mphqcops,DC=opmg-eds,DC
Last replication recieved from MPHQ-N02-SPT at 2004-10-13 13:54:37.
* Replication Site Latency Check
......................... MPHQ-N01-SPT passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=mphqc
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=mphqc
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mphqco
(Configuration,Version 2)
* Security Permissions Check for
DC=mphqcops,DC=opmg-eds,DC
(Domain,Version 2)
......................... MPHQ-N01-SPT passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... MPHQ-N01-SPT passed test NetLogons
Starting test: Advertising
The DC MPHQ-N01-SPT is advertising itself as a DC and having a DS.
The DC MPHQ-N01-SPT is advertising as an LDAP server
The DC MPHQ-N01-SPT is advertising as having a writeable directory
The DC MPHQ-N01-SPT is advertising as a Key Distribution Center
The DC MPHQ-N01-SPT is advertising as a time server
The DS MPHQ-N01-SPT is advertising as a GC.
......................... MPHQ-N01-SPT passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Domain Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role PDC Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Rid Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
......................... MPHQ-N01-SPT passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* mphq-n01-spt.mphqcops.opmg
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1134
......................... MPHQ-N01-SPT passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/mphq-n01-spt.mphqcop
* SPN found :LDAP/mphq-n01-spt.mphqcop
* SPN found :LDAP/MPHQ-N01-SPT
* SPN found :LDAP/mphq-n01-spt.mphqcop
* SPN found :LDAP/3ddb7f5f-263f-4543-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/mphq-n01-spt.mphqcop
* SPN found :HOST/mphq-n01-spt.mphqcop
* SPN found :HOST/MPHQ-N01-SPT
* SPN found :HOST/mphq-n01-spt.mphqcop
* SPN found :GC/mphq-n01-spt.mphqcops.
......................... MPHQ-N01-SPT passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MPHQ-N01-SPT passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MPHQ-N01-SPT is in domain DC=mphqcops,DC=opmg-eds,DC
Checking for CN=MPHQ-N01-SPT,OU=Domain Controllers,DC=mphqcops,DC
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Object is up-to-date on all servers.
......................... MPHQ-N01-SPT passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MPHQ-N01-SPT passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 10/13/2004 18:00:59
Event String: The File Replication Service is having troubleenabling replication from MPHQ-N02-SPT toMPHQ-N01-SPT for e:\sysvol\domain using the DNSname mphq-n02-spt.mphqcops.opmg
......................... MPHQ-N01-SPT failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... MPHQ-N01-SPT passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MPHQ-N01-SPT passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=MPHQ-N01-SPT,OU=Domain Controllers,DC=mphqcops,DC
The system object reference (frsComputerReferenceBL) CN=MPHQ-N01-SPT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mphqc
The system object reference (serverReferenceBL) CN=MPHQ-N01-SPT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mphqc
......................... MPHQ-N01-SPT passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mphqcops
Starting test: CrossRefValidation
......................... mphqcops passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mphqcops passed test CheckSDRefDom
Running enterprise tests on : mphqcops.opmg-eds.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided.
......................... mphqcops.opmg-eds.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
PDC Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
Time Server Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
KDC Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
......................... mphqcops.opmg-eds.local passed test FsmoCheck
**************************
2nd DC Results:
mphq-n02-spt
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine mphq-n02-spt, is a DC.
* Connecting to directory service on server mphq-n02-spt.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MP
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MPHQ-N02-SPT passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MP
Starting test: Replications
* Replications Check
[Replications Check,MPHQ-N02-SPT] A recent replication attempt failed:
From MPHQ-N01-SPT to MPHQ-N02-SPT
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:49:03.
The last success occurred at 2004-10-13 08:47:06.
27 failures have occurred since the last success.
[Replications Check,MPHQ-N02-SPT] A recent replication attempt failed:
From MPHQ-N01-SPT to MPHQ-N02-SPT
Naming Context: CN=Configuration,DC=mphqco
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:49:03.
The last success occurred at 2004-10-13 08:47:06.
27 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source MPHQ-N01-SPT
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,MPHQ-N02-SPT] A recent replication attempt failed:
From MPHQ-N01-SPT to MPHQ-N02-SPT
Naming Context: DC=mphqcops,DC=opmg-eds,DC
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-10-14 08:49:03.
The last success occurred at 2004-10-13 08:47:09.
45 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source MPHQ-N01-SPT
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
MPHQ-N02-SPT: Current time is 2004-10-14 09:15:51.
CN=Schema,CN=Configuration
Last replication recieved from MPHQ-N01-SPT at 2004-10-13 08:47:06.
CN=Configuration,DC=mphqco
Last replication recieved from MPHQ-N01-SPT at 2004-10-13 08:47:06.
DC=mphqcops,DC=opmg-eds,DC
Last replication recieved from MPHQ-N01-SPT at 2004-10-13 08:47:09.
* Replication Site Latency Check
......................... MPHQ-N02-SPT passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mphqco
(Configuration,Version 2)
* Security Permissions Check for
DC=mphqcops,DC=opmg-eds,DC
(Domain,Version 2)
......................... MPHQ-N02-SPT passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... MPHQ-N02-SPT passed test NetLogons
Starting test: Advertising
The DC MPHQ-N02-SPT is advertising itself as a DC and having a DS.
The DC MPHQ-N02-SPT is advertising as an LDAP server
The DC MPHQ-N02-SPT is advertising as having a writeable directory
The DC MPHQ-N02-SPT is advertising as a Key Distribution Center
The DC MPHQ-N02-SPT is advertising as a time server
The DS MPHQ-N02-SPT is advertising as a GC.
......................... MPHQ-N02-SPT passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Domain Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role PDC Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Rid Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=MPHQ-N01-SPT,C
......................... MPHQ-N02-SPT passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* mphq-n01-spt.mphqcops.opmg
* DsBind with RID Master was successful
* rIDAllocationPool is 1603 to 2102
* rIDPreviousAllocationPool is 1603 to 2102
* rIDNextRID: 1607
......................... MPHQ-N02-SPT passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/mphq-n02-spt.mphqcop
* SPN found :LDAP/mphq-n02-spt.mphqcop
* SPN found :LDAP/MPHQ-N02-SPT
* SPN found :LDAP/mphq-n02-spt.mphqcop
* SPN found :LDAP/20519221-4a6f-481b-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/mphq-n02-spt.mphqcop
* SPN found :HOST/mphq-n02-spt.mphqcop
* SPN found :HOST/MPHQ-N02-SPT
* SPN found :HOST/mphq-n02-spt.mphqcop
* SPN found :GC/mphq-n02-spt.mphqcops.
......................... MPHQ-N02-SPT passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MPHQ-N02-SPT passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MPHQ-N02-SPT is in domain DC=mphqcops,DC=opmg-eds,DC
Checking for CN=MPHQ-N02-SPT,OU=Domain Controllers,DC=mphqcops,DC
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MPHQ-N02-SPT,C
Object is up-to-date on all servers.
......................... MPHQ-N02-SPT passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MPHQ-N02-SPT passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 10/13/2004 16:36:52
Event String: The File Replication Service is having troubleenabling replication from MPHQ-N01-SPT toMPHQ-N02-SPT for e:\sysvol\domain using the DNSname mphq-n01-spt.mphqcops.opmg
......................... MPHQ-N02-SPT failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... MPHQ-N02-SPT passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MPHQ-N02-SPT passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=MPHQ-N02-SPT,OU=Domain Controllers,DC=mphqcops,DC
The system object reference (frsComputerReferenceBL) CN=MPHQ-N02-SPT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mphqc
The system object reference (serverReferenceBL) CN=MPHQ-N02-SPT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mphqc
......................... MPHQ-N02-SPT passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mphqcops
Starting test: CrossRefValidation
......................... mphqcops passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mphqcops passed test CheckSDRefDom
Running enterprise tests on : mphqcops.opmg-eds.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided.
......................... mphqcops.opmg-eds.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\mphq-n02-spt.mphqcops.op
Locator Flags: 0xe00001fc
PDC Name: \\mphq-n01-spt.mphqcops.op
Locator Flags: 0xe00001fd
Time Server Name: \\mphq-n02-spt.mphqcops.op
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\mphq-n02-spt.mphqcops.op
Locator Flags: 0xe00001fc
KDC Name: \\mphq-n02-spt.mphqcops.op
Locator Flags: 0xe00001fc
......................... mphqcops.opmg-eds.local passed test FsmoCheck
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have the time services set up as dc1 shown to an outside source and DC2 pointing to DC1.
I have 1 site set up in AD Sites and Services. There are connectors linking the 2 DCs as well. These are the default links set up automatically.
I have 1 site set up in AD Sites and Services. There are connectors linking the 2 DCs as well. These are the default links set up automatically.
ASKER
I've got this issue resolved.
COmpleted the following steps:
1. Installed DNS server tied to active directory to DC2.
2. Reapplied the security profile to DC1 and rebooted.
This cleared up the problems of the servers not being able to access DC1. Replication from DC1 to DC2 now works.
3. Reapplied the security profile to DC2 and rebooted.
Checked replmon for both servers. Replication is now working in both directions.
In addition, I've corrected a sntp time server problem. No longer getting intermittent w32time errors in the event logs.
Thanks for the help....
COmpleted the following steps:
1. Installed DNS server tied to active directory to DC2.
2. Reapplied the security profile to DC1 and rebooted.
This cleared up the problems of the servers not being able to access DC1. Replication from DC1 to DC2 now works.
3. Reapplied the security profile to DC2 and rebooted.
Checked replmon for both servers. Replication is now working in both directions.
In addition, I've corrected a sntp time server problem. No longer getting intermittent w32time errors in the event logs.
Thanks for the help....
Running ipconfig /registerdns from the 2nd DC. This will properly register the DNS entries for the server. Also, check the msds records for the server, you may have to create them manually.
I would also run dcdiag from both DCs and compare the results.
I'm sure you have rebooted many times, but I would also stop and restart the server service and netlogon service.
Another thing to try is stopping the KCC service and setting it to disabled on the 2nd DC. Reboot the DC and restart the service and change it back to startup.
I don't have all my tools with me now since I'm at home, but I'm sure the experts from this site will get you up and running in no time. I can help some more first thing in the morning.
Thanks,
cfairley