Solved

Active Directory Replication issue.

Posted on 2004-10-15
17
193 Views
Last Modified: 2010-08-05
Hi

I have worked with Active Directory for a few years and all though I have seen the issue I am about to descibe I hold my hands up this time as I can not seem to find the solution.

All machines are Windows 2000SP4 with Hot fixes applied. (windows update)

My topology 3 sites.

Site 1, 2 x DC's (First site to be installed)
Site 2, 1 x DC (Recently added with no problems)
Site 3, 1 x DC (My site that I have the problem with)

There are two site links.
site link 1 site 1 to site 2
site link 2 site 1 to site 3

The connection objects are created manuly all though I have tried letting the AD generate the links.  This does not seem to have an effect.

The DNS is integrated AD and is working well.  I can ping/nslookup of each DC to the others.

The repadmin /showreps looks good on the DC's at site 1 and 2 i.e they show the DC's that I would expect.  On site 3 (my DC) I have only one inbound rep partner showing.  All so repadmin /failcache shows my site and DC's name with a GUID.  

I have gone back to Site 1 moved my DC back to that site and deleted site 3 allowed the replication to take place between site 1 and 2 then recreated the site 3.  Again allowed replication to take place this info is transfered but still back to square one.

It would seem that no change i make on my DC is sent to the other DC's at either site.  However I receive there changes as proved when I recreated site 3.  

Any thoughts?      


0
Comment
Question by:benjamin
  • 9
  • 4
  • 4
17 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12324411
Hi benjamin,

Feel free to kick me or throw something heavy at me but:

1) Anything in the event logs on the dc's?
2) Assuming this is a site to site vpn - is your firewall allowing the necessary inbound and outbound connections to the problem site and anything amiss in AD sites and services?

Deb :))
0
 
LVL 2

Expert Comment

by:Salehd
ID: 12326634
Check Global catalog and operation master roles setting, I can't remember exatly but if your global catalog server is holding one of the operation master role (Can't remeber which role) unless all DCs are also global catalog.
I will look for it further and send it.
0
 
LVL 2

Author Comment

by:benjamin
ID: 12326656
ok

To answer you both.

Deb the event logs are clean except my server showing the event id 1311.  The VPn runs through PIX and the access list allows all UDP/IP tarfiic between the servers, I have not got round to tying the ports down yet:) I opened it to check it was nto that.

Salehd the DC's on site 2 and 3 are GC only and the Master roles are held on a DC on site 1.

Thanks

p.s. the real worry i think is the repadmin /failcachase showing the object for my site 3 and the dc there.
0
 
LVL 2

Expert Comment

by:Salehd
ID: 12326689
please read the following paragraph:

Unless there is only one domain controller in the domain, the infrastructure master role should not be assigned to the domain controller that is hosting the global catalog. However, you should assign the infrastructure master role to any domain controller that is well connected to a global catalog (from any domain) in the same site. If the operations master domain controller meets these requirements, use it unless the load justifies the extra management burden of separating the roles.

If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not function. The infrastructure master will never find data that is out of date, so it will never replicate any changes to the other domain controllers in the domain. If all of the domain controllers in a domain are also hosting the global catalog, all of the domain controllers will have the current data and it does not matter which domain controller holds the infrastructure master role.

0
 
LVL 2

Author Comment

by:benjamin
ID: 12328953
Ok

I understand what you are syaing, to confirm:

Site 3 1 DC that is a GC

Site 2 1 DC that is a GC

Site 1 2 DC's  Both Global catalogue

I see what the paragraph is saying but if that was the case the the DC at site 2 would not be working correctly either and that one seems fine, I will however test the replication on that one.  To sum up your suggesting that on Site 1 there should be 1 GC and 1 infrastructure master?  
0
 
LVL 2

Expert Comment

by:Salehd
ID: 12329444
I would suggest making all DC also a GC to see if this solve it, or make sure that the DC that hold the infrastructure master role is not a GC, you can try both to see it this help :-)
0
 
LVL 2

Author Comment

by:benjamin
ID: 12329473
Hi

I have checked and Site 2 and 3 are just GC and the rplication works fine if amending on site 2 so again only my site that does not work.

Site 1 contains the operations master which is all so a GC but if the above theory is right why would site 2 work ok??

As a thought on the Operations master it knwos about my DC on site 3 but when trying to query it I often get the message that the object is not in the cache or words to tha effect which ties on with the repadmin /failcache output as that too lists my DC.
0
 
LVL 2

Author Comment

by:benjamin
ID: 12329977
I have just tried moving the DC back to a working Site i.e. site 1 and it still does not replicate? Pherhaps my problems are not just replication no changes are sent out from the server.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Expert Comment

by:Salehd
ID: 12331382
Please see http://support.microsoft.com/default.aspx?scid=kb;en-us;262561
Also, I would suggest that you use repadmin or any other tool to check the replication topology.
0
 
LVL 2

Author Comment

by:benjamin
ID: 12351297
just an update i got caught up on other stuff I will be looking at this tomorrow so will let you know, if all else fails I may remove the DC and rebuild it then add it back in   :)
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12351436
Hi
I'd review the following thoroughyl as it would seem to tie in with your issue. Check the time sync first,
Event Id 1311
http://www.eventid.net/display.asp?eventid=1311&eventno=524&source=NTDS%20KCC&phase=1

Deb :))
0
 
LVL 2

Author Comment

by:benjamin
ID: 12371636
Update :)

I have worked through all the articles suggested and have come to the conclusion it may actualy be a DNS issue.  When useing netdiag on the DC with the problems its shows that its SPN record is missing.  When i go to the working DC it says that the rpc is unavalible when I selct to replicate noe on the NTDS connection again warning that a DNS error may be causing this.

My NIC point at my DC for its DNS the zones are AD integrated.  Any thoughts on the SPN registration problem as I think the replication ftothe other server is due to this.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12372450
Hmm

A couple of thoughts - this could be a possibility, and perhaps the spn is a symptom rather than a cause? I'd point the problem site's nics preferred dns server at your main dc, run ipconfig /registerdns and restart netlogon - let's see what happens. DNS Server Becomes an Island When a Domain Controller Points to Itself for the _Msdcs.ForestDnsName Domain
http://support.microsoft.com/default.aspx?scid=kb;EN-US;275278
Other than confirming that firewall has the necessary ports open, maybe recheck your site-links. I know it's not a large network but it's worth a look at anyway,
How to Optimize Active Directory Replication in a Large Network
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q244368

Deb :))
0
 
LVL 2

Author Comment

by:benjamin
ID: 12404452
Hi Deb

I have been working on this and found that to point the Primary DNS of the Nic to the working Site has resolved the replication problem.  The event log is now clean apart from the event id 1311 that occurs every 15 minutes.

i am bringing another domain contoller in to the equation in the next day or so as I need two at this site.  I hope this one will go in place ok :)!

Please give me a few days to look at this and I will be back with my findings.  As a thought if pointing to another DNS server cured the issue then surely it is a DNS issue with the problem DC?

Thanks Benjamin
0
 
LVL 2

Author Comment

by:benjamin
ID: 12461738
Hi

OK if I point my servers primary to the main sites DC all is well and the secondary to themslves.  The event logs have a few bits to tidy but stuff that I have seen before so not worries about tidying up.  As a last point to clarify before closing, does any one have info on the correct setup of DNS over serverl sites in terms of where the NICS should point?  Or is this just an issue with my install at the time ?:)
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12461966
Hi
It's been difficult finding out much on this, however the following article may prove useful, from the great Mark Minasi,
Solving DNS Problems
http://www.winnetmag.com/Windows/Articles/ArticleID/39771/pg/2/2.html

Glad things have moved on,

Deb :))
0
 
LVL 2

Author Comment

by:benjamin
ID: 12523241
Thank you both for your help I will award the points to Deb as she hit the nail on the head with the last article that she posted form Mark Minasi.

Thanks Benjamin
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A Short Story about the Best File Recovery Software – Acronis True Image 2017
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now