Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

Active Directory Replication issue.

Hi

I have worked with Active Directory for a few years and all though I have seen the issue I am about to descibe I hold my hands up this time as I can not seem to find the solution.

All machines are Windows 2000SP4 with Hot fixes applied. (windows update)

My topology 3 sites.

Site 1, 2 x DC's (First site to be installed)
Site 2, 1 x DC (Recently added with no problems)
Site 3, 1 x DC (My site that I have the problem with)

There are two site links.
site link 1 site 1 to site 2
site link 2 site 1 to site 3

The connection objects are created manuly all though I have tried letting the AD generate the links.  This does not seem to have an effect.

The DNS is integrated AD and is working well.  I can ping/nslookup of each DC to the others.

The repadmin /showreps looks good on the DC's at site 1 and 2 i.e they show the DC's that I would expect.  On site 3 (my DC) I have only one inbound rep partner showing.  All so repadmin /failcache shows my site and DC's name with a GUID.  

I have gone back to Site 1 moved my DC back to that site and deleted site 3 allowed the replication to take place between site 1 and 2 then recreated the site 3.  Again allowed replication to take place this info is transfered but still back to square one.

It would seem that no change i make on my DC is sent to the other DC's at either site.  However I receive there changes as proved when I recreated site 3.  

Any thoughts?      


0
benjamin
Asked:
benjamin
  • 9
  • 4
  • 4
1 Solution
 
Debsyl99Commented:
Hi benjamin,

Feel free to kick me or throw something heavy at me but:

1) Anything in the event logs on the dc's?
2) Assuming this is a site to site vpn - is your firewall allowing the necessary inbound and outbound connections to the problem site and anything amiss in AD sites and services?

Deb :))
0
 
SalehdCommented:
Check Global catalog and operation master roles setting, I can't remember exatly but if your global catalog server is holding one of the operation master role (Can't remeber which role) unless all DCs are also global catalog.
I will look for it further and send it.
0
 
benjaminAuthor Commented:
ok

To answer you both.

Deb the event logs are clean except my server showing the event id 1311.  The VPn runs through PIX and the access list allows all UDP/IP tarfiic between the servers, I have not got round to tying the ports down yet:) I opened it to check it was nto that.

Salehd the DC's on site 2 and 3 are GC only and the Master roles are held on a DC on site 1.

Thanks

p.s. the real worry i think is the repadmin /failcachase showing the object for my site 3 and the dc there.
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
SalehdCommented:
please read the following paragraph:

Unless there is only one domain controller in the domain, the infrastructure master role should not be assigned to the domain controller that is hosting the global catalog. However, you should assign the infrastructure master role to any domain controller that is well connected to a global catalog (from any domain) in the same site. If the operations master domain controller meets these requirements, use it unless the load justifies the extra management burden of separating the roles.

If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not function. The infrastructure master will never find data that is out of date, so it will never replicate any changes to the other domain controllers in the domain. If all of the domain controllers in a domain are also hosting the global catalog, all of the domain controllers will have the current data and it does not matter which domain controller holds the infrastructure master role.

0
 
benjaminAuthor Commented:
Ok

I understand what you are syaing, to confirm:

Site 3 1 DC that is a GC

Site 2 1 DC that is a GC

Site 1 2 DC's  Both Global catalogue

I see what the paragraph is saying but if that was the case the the DC at site 2 would not be working correctly either and that one seems fine, I will however test the replication on that one.  To sum up your suggesting that on Site 1 there should be 1 GC and 1 infrastructure master?  
0
 
SalehdCommented:
I would suggest making all DC also a GC to see if this solve it, or make sure that the DC that hold the infrastructure master role is not a GC, you can try both to see it this help :-)
0
 
benjaminAuthor Commented:
Hi

I have checked and Site 2 and 3 are just GC and the rplication works fine if amending on site 2 so again only my site that does not work.

Site 1 contains the operations master which is all so a GC but if the above theory is right why would site 2 work ok??

As a thought on the Operations master it knwos about my DC on site 3 but when trying to query it I often get the message that the object is not in the cache or words to tha effect which ties on with the repadmin /failcache output as that too lists my DC.
0
 
benjaminAuthor Commented:
I have just tried moving the DC back to a working Site i.e. site 1 and it still does not replicate? Pherhaps my problems are not just replication no changes are sent out from the server.
0
 
SalehdCommented:
Please see http://support.microsoft.com/default.aspx?scid=kb;en-us;262561
Also, I would suggest that you use repadmin or any other tool to check the replication topology.
0
 
benjaminAuthor Commented:
just an update i got caught up on other stuff I will be looking at this tomorrow so will let you know, if all else fails I may remove the DC and rebuild it then add it back in   :)
0
 
Debsyl99Commented:
Hi
I'd review the following thoroughyl as it would seem to tie in with your issue. Check the time sync first,
Event Id 1311
http://www.eventid.net/display.asp?eventid=1311&eventno=524&source=NTDS%20KCC&phase=1

Deb :))
0
 
benjaminAuthor Commented:
Update :)

I have worked through all the articles suggested and have come to the conclusion it may actualy be a DNS issue.  When useing netdiag on the DC with the problems its shows that its SPN record is missing.  When i go to the working DC it says that the rpc is unavalible when I selct to replicate noe on the NTDS connection again warning that a DNS error may be causing this.

My NIC point at my DC for its DNS the zones are AD integrated.  Any thoughts on the SPN registration problem as I think the replication ftothe other server is due to this.
0
 
Debsyl99Commented:
Hmm

A couple of thoughts - this could be a possibility, and perhaps the spn is a symptom rather than a cause? I'd point the problem site's nics preferred dns server at your main dc, run ipconfig /registerdns and restart netlogon - let's see what happens. DNS Server Becomes an Island When a Domain Controller Points to Itself for the _Msdcs.ForestDnsName Domain
http://support.microsoft.com/default.aspx?scid=kb;EN-US;275278
Other than confirming that firewall has the necessary ports open, maybe recheck your site-links. I know it's not a large network but it's worth a look at anyway,
How to Optimize Active Directory Replication in a Large Network
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q244368

Deb :))
0
 
benjaminAuthor Commented:
Hi Deb

I have been working on this and found that to point the Primary DNS of the Nic to the working Site has resolved the replication problem.  The event log is now clean apart from the event id 1311 that occurs every 15 minutes.

i am bringing another domain contoller in to the equation in the next day or so as I need two at this site.  I hope this one will go in place ok :)!

Please give me a few days to look at this and I will be back with my findings.  As a thought if pointing to another DNS server cured the issue then surely it is a DNS issue with the problem DC?

Thanks Benjamin
0
 
benjaminAuthor Commented:
Hi

OK if I point my servers primary to the main sites DC all is well and the secondary to themslves.  The event logs have a few bits to tidy but stuff that I have seen before so not worries about tidying up.  As a last point to clarify before closing, does any one have info on the correct setup of DNS over serverl sites in terms of where the NICS should point?  Or is this just an issue with my install at the time ?:)
0
 
Debsyl99Commented:
Hi
It's been difficult finding out much on this, however the following article may prove useful, from the great Mark Minasi,
Solving DNS Problems
http://www.winnetmag.com/Windows/Articles/ArticleID/39771/pg/2/2.html

Glad things have moved on,

Deb :))
0
 
benjaminAuthor Commented:
Thank you both for your help I will award the points to Deb as she hit the nail on the head with the last article that she posted form Mark Minasi.

Thanks Benjamin
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now