AD Replication Problem

Posted on 2004-11-11
Last Modified: 2008-02-01
AD Environment
It’s a W2K AD.  There is a root and three domains.  Each domain has multiple domain controllers.  Each domain represents a business function/company.  All domain controllers within the AD have been patched will all current Microsoft patches.  

I have two problems.
1.  I changed my GPO to force account lockout after three invalid password attempts.  All of a sudden, users started having problems with being locked out of their accounts.  Only one of the three domains is having this problem.  Most of the users swear they never entered their password but one time.  This leads to my second problem.

2.  One on my domain controllers is having problems communicating to all servers in another domain.  When I do a repadmin /showreps I get the following issue for all servers associated with that domain, which is about seven servers.

    OUNAME\server1 via RPC
        objectGuid: 16fb0d39-bbe8-4cc3-a9b2-0a302b6a8405
        Last attempt @ 2004-11-11 20:14.16 failed, result 1908:
            Could not find the domain controller for this domain.
        Last success @ 2004-10-31 11:05.29.  

I am able to ping all of the servers that the domain controller says it is having problems communicating with.  I did notice that the administrator account kept getting locked out with the policy above when I forced replication.  I turned off the policy to stop the administrator account from getting locked out.

Any ideas on how to solve these problems?

Thanks for your help!
Question by:Sysdeath
    LVL 3

    Accepted Solution

    Have you run DCDIAG on the enterprise yet? If not, run it with the following switches:

    dcdiag /s:SERVERNAME /e /c /v > c:\dcdiag.txt

    SERVERNAME = the name of the server

    After that, go find c:\dcdiag.txt on the server and post up the text of the file here and we can try trouble shooting from there.

    Also, here are some questions:

    Are all the servers in a single site?

    Gone in to AD Sites & Services to make sure all the servers are in there and have replication partners listed?

    The forest or domain root servers haven't been decommishioned or anything have they? Anotherwords, are all the FSMO role holders still intact?
    LVL 3

    Expert Comment

    Just following up to see if you had forgotten about this question.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now