?
Solved

FRSDIAG errors, DCPROMO not successfull, removing old exchange 2000 domain controller

Posted on 2006-05-16
24
Medium Priority
?
3,403 Views
Last Modified: 2012-05-05
Friends,

Would try to expalin my problem in shortest way but bear with me if I am a not able to do so.

Scenario Introduction.

We had three windows 2000 server all domain controllers. Server BCSERVER1 having exchange 2000 (hosting all five FSMO roles) , server BCSERVER2 having  SQL 7.0 and server BCSERVER3 with Windows 2000. (file & print server). We decided to upgrade to Windows 2003 and Exchange 2003 environment. For this two new servers were purchased and all steps forest prep, FSMO role movement (to new 2003 servers) etc were done as per Microsoft instruction without any issue. Both of these new servers, BCNEWSERVER1 (having windows 2003 and excange 2003) and BCNEWSERVER2 (having windows 2003 and SQL 2000) are up and running. Every thing is working fine without any issue as far as users are concerned (email from EXChange 2003, user authentication etc) . Domain controller BCSERVER2 and BCSERVER3 were demoted running DCPROMO without any issue). Now we wanted to demote old exchange BCSERVER1. When we tried to run DCPROMO on BCSERVER1 it stopped inbetween stating could not continue popping up lot of errors in event viewer. When we tried to dig out further found lots of errors in File Replication service of BCSERVER1 (please see below in FRSDIAG error report). So we thought that before proceeding with DCPROMO first this issue should be resolved. Please note that BCSERVER1 is still shown as domain controller in active directory. We can create users etc from the active directory snap in on BCSERVER1 and the information is replicated on other two domain cotrollers. We ran FRSDIAG on all three domain controller. Server BCNEWSERVER1 and BCNEWSERVER2 passed everything. Server BCSERVER1's output is attached for info. Would like to share another info. that might help in understanding our issue is replication monitor's output. We added all three servers in monitored servers list and found that BCSERVER1 is missing some DNS related info.

Looking on following two outputs  could anybody help us in resolving the issue. We want to get rid of old exchange server ASAP but would go for forcefull demotion only as last option.

Thanks in advance.

------------------------------------------------------------
FRSDiag v1.7 on 5/15/2006 3:21:13 PM
.\BCSERVER1 on 2006-05-15 at 3.21.13 PM
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....       
NtFrs      5/15/2006 2:15:42 PM      Warning      13508      The File Replication Service is having trouble enabling replication  from BCSERVER1 to BCNEWSERVER2 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying.     Following are some of the reasons you would see this warning.         [1] FRS can not correctly resolve the DNS name (null) from this computer.     [2] FRS is not running on (null).     [3] The topology information in the Active Directory for this replica has not  yet replicated to all the Domain Controllers.         This event log message will appear once per connection, After the problem  is fixed you will see another event log message indicating that the connection  has been established.      
NtFrs      5/15/2006 2:15:42 PM      Warning      13508      The File Replication Service is having trouble enabling replication  from BCSERVER1 to BCNEWSERVER1 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying.     Following are some of the reasons you would see this warning.         [1] FRS can not correctly resolve the DNS name (null) from this computer.     [2] FRS is not running on (null).     [3] The topology information in the Active Directory for this replica has not  yet replicated to all the Domain Controllers.         This event log message will appear once per connection, After the problem  is fixed you will see another event log message indicating that the connection  has been established.      
NtFrs      5/15/2006 4:27:13 AM      Warning      13508      The File Replication Service is having trouble enabling replication  from BCSERVER1 to BCNEWSERVER2 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying.     Following are some of the reasons you would see this warning.         [1] FRS can not correctly resolve the DNS name (null) from this computer.     [2] FRS is not running on (null).     [3] The topology information in the Active Directory for this replica has not  yet replicated to all the Domain Controllers.         This event log message will appear once per connection, After the problem  is fixed you will see another event log message indicating that the connection  has been established.
      WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!

 ......... failed 1
Checking for errors in Directory Service Event Log .... passed
Checking for minimum FRS version requirement ...
      ERROR: FRS Engine Minimum Requirements are SP3 binaries or later!

 ......... failed
Checking for errors/warnings in ntfrsutl ds ...
      ERROR: This server's "Member Ref" property for the SYSVOL volume does NOT seem to be correct !!!
            To fix this, use ADSIEdit and edit the "fRSMemberReference" Property of the nTFRSSubscriber object named "CN=Domain System Volume (SYSVOL share)" located under this Server's Computer Object.
            This value should match the FQDN of this Server. Current Values are:
                  Current Value   = "CN=BCSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Servic..."
                  Suggested Value = "CN=BCSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=backercop,DC=co,DC=ae"
                       Please note there is a small chance the above Suggested Value may not be correct - See below for more info on what the Proper Value should be!
            For more Info See KB Article : 312862 Recovering Missing FRS Objects and FRS Attributes in Active Directory - Search for the step about Updating the "fRSMemberReference" object (Step 8 on the "Recovering from Deleted FRS Objects" section
 ......... failed with 1 error(s)
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size...
      ERROR : File Backlog TO server "BC_EAU\BCNEWSERVER1$" is : 5917  :: Unless this is due to your schedule, this is a problem!
      ERROR : File Backlog TO server "BC_EAU\BCNEWSERVER2$" is : 13118  :: Unless this is due to your schedule, this is a problem!
failed with 2 error(s) and 0 warning(s)

Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
      ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker:             2856: 11585: S4: 15:21:34> State                   | Len/Ad/Er:    4/ 10ac524/ 0, 00000008  CO STATE:  IBCO_FETCH_RETRY      
      ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker:             2856: 11585: S4: 15:21:34> State                   | Len/Ad/Er:    4/ 10ac524/ 0, 00000008  CO STATE:  IBCO_FETCH_RETRY      
      ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker:             2856: 11585: S4: 15:21:34> State                   | Len/Ad/Er:    4/ 10ac524/ 0, 00000008  CO STATE:  IBCO_FETCH_RETRY      

      Found 2659 IBCO_FETCH_RETRY error(s)! Latest ones (up to 3) listed above

 ......... failed with 2659 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...passed



------------------------------------------------------------
Active DIrectory Replication Monitor
------------------------------------------------------------


Monitored Servers
Default-first-site-name
BCSERVER1
CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae
CN=Configuration,DC=backercop,DC=co,DC=ae
DC=backercop,DC=co,DC=ae
BCNEWSERVER1
DC=backercop,DC=co,DC=ae
CN=Configuration,DC=backercop,DC=co,DC=ae
CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae
DC=DomainDnszones,DC=backercop,DC=co,DC=ae
DC=ForestDnszones,DC=backercop,DC=co,DC=ae
BCNEWSERVER2
DC=backercop,DC=co,DC=ae
CN=Configuration,DC=backercop,DC=co,DC=ae
CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae
DC=DomainDnszones,DC=backercop,DC=co,DC=ae
DC=ForestDnszones,DC=backercop,DC=co,DC=ae
0
Comment
Question by:skylife19
  • 14
  • 7
22 Comments
 
LVL 5

Expert Comment

by:dutchclan
ID: 16689678
It looks like its trying to set up the file replication on the SYSVOL share but is unable to resolve the remote host to do the replication with. Have you checked the DNS on the machine you try to promote?

Ntfrs = New Technology File Replication Services. And is responsible to "replicate" all file based policies and scripts using the "SYSVOL" share. Using a timestamp as que. Time should be sinked domain wide...

DC1 = 10.252.252.10 (example)
DC2 = 10.252.252.11 (promoting to..)

Cmd >nslookup DC1.company.local

Server : DC1.company.local << The current active dns server
Address : 10.252.252.10

Name : DC1.company.local << The awnser on the lookup
Address : 10.252.252.10

The authorised awnser should be from the "local domain" Name server.. And must be configured on the machine you are trying to promo..

Can you check that ?
0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16689697
demote that is.. (typo)
0
 

Author Comment

by:skylife19
ID: 16690003

Hi Dutchclan,

Firstly, we are not trying to promote a machine rather it is the case otherwise. We have DNS configured on all three domain controllers. BCSERVER1, BCNEWSERVER1 and BCNEWSERVER2

typing just nslookup returns

PDC emulator domain controller name and address which is bcnewserver2

Regards

0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:skylife19
ID: 16690037
sorry I missed your second comment

regards.
0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16690200
Can you check if the FRS service is running on all the machines needed (DC`s / Exchange) ?

Are you getting JRNL_WRAP_ERRORS from the ntfrs when commensing the demote?

if so :

Is the FRS service set to atuomaticly handle JRNL errors ?
1.Stop the FRS service
2. Start Registry Editor (Regedt32.exe).
3. Locate and click the following key in the registry:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters
4.and then add the following registry value:
   Value name: Enable Journal Wrap Automatic Restore
   Data type: REG_DWORD
   Radix: Hexadecimal
   Value data: 1 (Default 0)
5. Quit Registry Editor.
6. Start the FRS Service

0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16690240
btw have you removed any of the "old" machines before the demote? This because its almost like a security update roleback meaning :

Installing :
Install Update1,   Install Update2,   Install Update3.

Deleting:
Delete Update3, Delete Update2, Delete Update1 etc.

Removing in the wrong order might cause inconsitancies in the child objects of the domain. Where records still point to Domain controllers that might have been deleted / Removed might also cause a number of errors...
0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16690258
This might also be helpfull in your quest : http://support.microsoft.com/default.aspx?scid=kb;en-us;315457

Well am off for a while now, Good luck :D
0
 
LVL 26

Expert Comment

by:jar3817
ID: 16690725
I've heard that you cannot change the role of a server while exchange is installed on it. This means promoting or demoting. Try uninstalling exchange from the server and then demoting it. I've never run into this personally, but I've read it on a few websites.
0
 

Author Comment

by:skylife19
ID: 16699518

Thanks for trying to help.

FRS service is running on all domain controllers & there are no errors, warning on other two domain controllers.
There are no JRNL_WRAP_ERRORS.
Two old domain controllers were demoted gracefully running DCPROMO with out any error. They are still thers in the active directory as member servers and active directory domain controller container shows only three domain controller now.

Any idea why bcserve1 is not showing following two lines in replication monitor, has it anything to do with our issue.

DC=DomainDnszones,DC=backercop,DC=co,DC=ae
DC=ForestDnszones,DC=backercop,DC=co,DC=ae

I am pasting selected directory sercices events from the bcserver1 this might help you in understanding our issue.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1404
Date:            4/6/2006
Time:            8:09:56 PM
User:            N/A
Computer:      BCSERVER1
Description:
The local Directory Service has assumed the responsibility of generating and maintaining inter-site replication topologies for its site.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1104
Date:            2/13/2006
Time:            3:54:46 PM
User:            N/A
Computer:      BCSERVER1
Description:
The consistency checker has terminated change notifications for the following:
Partition: CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae
Destination DSA DN (if available): CN="NTDS Settings
DEL:4c5426e2-4924-4fc5-af65-ad99759ceb00",CN=BCSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae
Destination DSA Address: 4c5426e2-4924-4fc5-af65-ad99759ceb00._msdcs.backercop.co.ae

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1104
Date:            2/13/2006
Time:            3:54:46 PM
User:            N/A
Computer:      BCSERVER1
Description:
The consistency checker has terminated change notifications for the following:
Partition: CN=Configuration,DC=backercop,DC=co,DC=ae
Destination DSA DN (if available): CN="NTDS Settings
DEL:4c5426e2-4924-4fc5-af65-ad99759ceb00",CN=BCSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae
Destination DSA Address: 4c5426e2-4924-4fc5-af65-ad99759ceb00._msdcs.backercop.co.ae

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1104
Date:            2/13/2006
Time:            3:54:46 PM
User:            N/A
Computer:      BCSERVER1
Description:
The consistency checker has terminated change notifications for the following:
Partition: DC=backercop,DC=co,DC=ae
Destination DSA DN (if available): CN="NTDS Settings
DEL:4c5426e2-4924-4fc5-af65-ad99759ceb00",CN=BCSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae
 Destination DSA Address: 4c5426e2-4924-4fc5-af65-ad99759ceb00._msdcs.backercop.co.ae

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1264
Date:            2/13/2006
Time:            3:54:46 PM
User:            N/A
Computer:      BCSERVER1
Description:
A replication link for the partition CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae has been added.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1264
Date:            2/13/2006
Time:            3:54:45 PM
User:            N/A
Computer:      BCSERVER1
Description:
A replication link for the partition CN=Configuration,DC=backercop,DC=co,DC=ae from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae has been added.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1264
Date:            2/13/2006
Time:            3:54:45 PM
User:            N/A
Computer:      BCSERVER1
Description:
A replication link for the partition DC=backercop,DC=co,DC=ae from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae has been added.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1123
Date:            2/13/2006
Time:            3:54:45 PM
User:            N/A
Computer:      BCSERVER1
Description:
The consistency checker deleted connection object CN=3796c1e9-ce4e-4943-84be-b0f09b25d175,CN=NTDS Settings,CN=BCSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae as the source server to which it referred has been deleted.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1272
Date:            1/31/2006
Time:            8:36:20 AM
User:            N/A
Computer:      BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN="NTDS Settings
DEL:17986fe3-b0f0-483e-b343-5a664219d7dc",CN=BCSERVER3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae at address 17986fe3-b0f0-483e-b343-5a664219d7dc._msdcs.backercop.co.ae.  The partition CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae is no longer replicated from it.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1272
Date:            1/31/2006
Time:            8:36:20 AM
User:            N/A
Computer:      BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN="NTDS Settings
DEL:17986fe3-b0f0-483e-b343-5a664219d7dc",CN=BCSERVER3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae at address 17986fe3-b0f0-483e-b343-5a664219d7dc._msdcs.backercop.co.ae.  The partition CN=Configuration,DC=backercop,DC=co,DC=ae is no longer replicated from it.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1272
Date:            1/31/2006
Time:            8:36:20 AM
User:            N/A
Computer:      BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN="NTDS Settings
DEL:17986fe3-b0f0-483e-b343-5a664219d7dc",CN=BCSERVER3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae at address 17986fe3-b0f0-483e-b343-5a664219d7dc._msdcs.backercop.co.ae.  The partition DC=backercop,DC=co,DC=ae is no longer replicated from it.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1272
Date:            1/20/2006
Time:            10:55:51 AM
User:            N/A
Computer:      BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae at address 1b6d13fb-d180-4ce5-8539-9c3aaada3ad7._msdcs.backercop.co.ae.  The partition CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae is no longer replicated from it.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1272
Date:            1/20/2006
Time:            10:55:50 AM
User:            N/A
Computer:      BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae at address 1b6d13fb-d180-4ce5-8539-9c3aaada3ad7._msdcs.backercop.co.ae.  The partition CN=Configuration,DC=backercop,DC=co,DC=ae is no longer replicated from it.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1272
Date:            1/20/2006
Time:            10:55:50 AM
User:            N/A
Computer:      BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae at address 1b6d13fb-d180-4ce5-8539-9c3aaada3ad7._msdcs.backercop.co.ae.  The partition DC=backercop,DC=co,DC=ae is no longer replicated from it.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1264
Date:            1/20/2006
Time:            10:10:49 AM
User:            N/A
Computer:      BCSERVER1
Description:
A replication link for the partition CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae has been added.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1264
Date:            1/20/2006
Time:            10:10:47 AM
User:            N/A
Computer:      BCSERVER1
Description:
A replication link for the partition CN=Configuration,DC=backercop,DC=co,DC=ae from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae has been added.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1264
Date:            1/20/2006
Time:            10:10:47 AM
User:            N/A
Computer:      BCSERVER1
Description:
A replication link for the partition DC=backercop,DC=co,DC=ae from server CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae has been added.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1308
Date:            1/20/2006
Time:            10:10:46 AM
User:            N/A
Computer:      BCSERVER1
Description:
The Directory Service consistency checker has noticed that 19 successive replication attempts with CN=NTDS Settings,CN=BCSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae have failed over a period of 1005 minutes.  The connection object for this server will be kept in place, and new temporary connections will established to ensure that replication continues. The Directory Service will continue to retry replication with CN=NTDS Settings,CN=BCSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae; once successful the temporary connection will be removed.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1308
Date:            1/20/2006
Time:            10:10:46 AM
User:            N/A
Computer:      BCSERVER1
Description:
The Directory Service consistency checker has noticed that 19 successive replication attempts with CN=NTDS Settings,CN=BCNEWSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae have failed over a period of 1009 minutes.  The connection object for this server will be kept in place, and new temporary connections will established to ensure that replication continues. The Directory Service will continue to retry replication with CN=NTDS Settings,CN=BCNEWSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae; once successful the temporary connection will be removed.

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1265
Date:            1/20/2006
Time:            9:51:06 AM
User:            N/A
Computer:      BCSERVER1
Description:
The attempt to establish a replication link with parameters
 
Partition: CN=Schema,CN=Configuration,DC=backercop,DC=co,DC=ae
Source DSA DN: CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae
Source DSA Address: 1b6d13fb-d180-4ce5-8539-9c3aaada3ad7._msdcs.backercop.co.ae
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code.  This operation will be retried.
Data:
0000: 4c 21 00 00               L!..    

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1265
Date:            1/20/2006
Time:            9:21:06 AM
User:            N/A
Computer:      BCSERVER1
Description:
The attempt to establish a replication link with parameters
Partition: CN=Configuration,DC=backercop,DC=co,DC=ae
Source DSA DN: CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae
Source DSA Address: 1b6d13fb-d180-4ce5-8539-9c3aaada3ad7._msdcs.backercop.co.ae
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code.  This operation will be retried.
Data:
0000: 4c 21 00 00               L!..    Event Type:      Warning

Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1265
Date:            1/20/2006
Time:            6:21:03 AM
User:            N/A
Computer:      BCSERVER1
Description:
The attempt to establish a replication link with parameters
Partition: CN=Configuration,DC=backercop,DC=co,DC=ae
Source DSA DN: CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae
Source DSA Address: 1b6d13fb-d180-4ce5-8539-9c3aaada3ad7._msdcs.backercop.co.ae
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code.  This operation will be retried.
Data:
0000: 4c 21 00 00               L!..    

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1307
Date:            1/19/2006
Time:            9:35:53 PM
User:            N/A
Computer:      BCSERVER1
Description:
The Directory Service consistency checker has noticed that 8 attempts to establish a replication link with CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae have failed over a period of 120 minutes. The connection object for this server will be kept in place, and new a temporary connection will be established to ensure that replication continues. Once a connection with CN=NTDS Settings,CN=BCNEWSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae is established the temporary connection will be removed.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1308
Date:            1/19/2006
Time:            7:35:28 PM
User:            N/A
Computer:      BCSERVER1
Description:
The Directory Service consistency checker has noticed that 2 successive replication attempts with CN=NTDS Settings,CN=BCSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae have failed over a period of 130 minutes.  The connection object for this server will be kept in place, and new temporary connections will established to ensure that replication continues. The Directory Service will continue to retry replication with CN=NTDS Settings,CN=BCSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae; once successful the temporary connection will be removed.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1308
Date:            1/19/2006
Time:            7:35:28 PM
User:            N/A
Computer:      BCSERVER1
Description:
The Directory Service consistency checker has noticed that 2 successive replication attempts with CN=NTDS Settings,CN=BCNEWSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae have failed over a period of 127 minutes.  The connection object for this server will be kept in place, and new temporary connections will established to ensure that replication continues. The Directory Service will continue to retry replication with CN=NTDS Settings,CN=BCNEWSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=backercop,DC=co,DC=ae; once successful the temporary connection will be removed.

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1404
Date:            1/19/2006
Time:            5:50:27 PM
User:            N/A
Computer:      BCSERVER1
Description:
The local Directory Service has assumed the responsibility of generating and maintaining inter-site replication topologies for its site.


Microsoft article -- I would apply only as the last option
Jar3817, thanks for tip


Regards.
0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16702419
Oke for my clarification.

You started in this situation :

BCSERVER1 (DC)
           FSMO - Schemamaster, DN master, IF Master, RID Master, PDC Emulator
           Exchange First Information Store
           Global Catalog
           DNS ?
           WINS ?
BCSERVER2 (DC)
           msSQL Server
           DNS ?
           WINS ?
BCSERVER3 (DC)
           File & Printer Server
           DNS ?
           WINS ?

I take they where configured as a Single Master moddel. Where BCSERVER1 was / is holding the PDC Emulator Role.

Two new domain controllers where installed with windows 2K3 / Exchange 2K3?
Then the servers BCSERVER2, BCSERVER3 where demoted and added as member in the new domain?

Leaving this image

BCNEWSERVER1 (DC)
           FSMO ??
           Exchange ??
           Global Catalog ??
           DNS ?
           WINS ?
           Same Domain name????
BCNEWSERVER1 (DC)
           FSMO ??
           Exchange ??
           Global Catalog ??
           DNS ?
           WINS ?
           Same Domain name????
BCSERVER1 (DC)  
           << Member DC or still master in the new domain or a trust and FSMO roles??
           FSMO - Schemamaster, DN master, IF Master, RID Master, PDC Emulator
           Exchange First Information Store
           Global Catalog
           DNS ?
           WINS ?
BCSERVER2
           msSQL Server
BCSERVER3
           File & Printer Server

And now you are trying to demote the final BCSERVER1 so it too can become member server of the new domain? Now let us first clarify you infrastructure cause im losing track here :) And dont see where you like to go with all this wich is rather important to find a cause you are experiancing these errors.. And if one loses track draw it out like above. If im not correct pease name the servers and their respective roles / relations in the domain. And please do so with "old" situation and "current" situation. When we mirror these two will give us more insites than any event will ;)

-Regards Chris Gralike,

Thx for your patience :)





           
0
 

Author Comment

by:skylife19
ID: 16706515
Dear Chris,

It goes like this.

You have understood our old setup correctly. The only thing I would like to add in old setup is that DNS and WINS were configured on all three DCs. It was (and still is) single master model. BCSERVER1 WAS holding PDC Emulator role.

A new server BCNEWSERVER1 (windows 2003) was installed and JOINED to the EXISTING (windows 2000) DOMAIN. Domain was prepared for windows 2003 domain controller. (adprep /forestprep, adprep /domainprep). Dcpromo was executed on BCNEWSERVER1. Exchange 2003 setup /forestprep and /domainprep was executed. Exchange was installed selecting existing forest option and in the exiting exchange administrative group, organization. All mailboxes were moved to the new exchange server. (All email/ exchange related activities are now done by BCNEWSERVER1, shutting down exchange services on BCSERVER1 does not have any impact for users)

Server BCNEWSERVER2 was installed. Joined to existing domain. SQL server 2000 installed and server promoted to domain controller.

Schema Master, DN and GC roles were moved to BCNEWSERVER1, in addition it is also DNS and WINS server
PDC emulator, RID master and IF master roles were moved to BCNEWSERVER2 , in addition it is also DNS and DHCP server

BCSERVER1 does not hold any FSMO role in new setup. It is still DC in the same domain, running exchange 2000 and DNS.
BCSERVER2 and BCSERVER3 were demoted. DNS, WINS was removed. They are present in the domain as the member server. Still having SQL 7.0 and File and Print running on them respectively


As a final configuration we would like to remove all three old servers from our domain.

Have are Exchange running on BCNEWSERVER1
Have database running on BCNEWSERVER2
Would install another server BCNEWSERVER3 as File and Print Server

Once the problem we are facing now is resolved, we would proceed like this.

1) Uninstall exchange from BCSERVER1 (as somebody suggested it should be uninstalled before demoting)
2) Demote BCSERVER1 as member server
3) Remove the BCSERVER1 from the AD (by taking out of domain)
3) Move Database applications to BCNEWSERVER2 and remove BCSERVER2
4) Install BCNEWSERVER3, make it File and Print and move data.
5) Remove BCSERVER3

Hope I answered all your questions


Regards
0
 

Author Comment

by:skylife19
ID: 16707762

Hi chris,

I have found another thing, I do not know has it got any relation with our issue.

The DNS servrs on all three domain controllers  are showing only two host names as BCNEWSERVER1
BCNEWSERVER2
under

Forward lookup zone and
DomainDNSZone


Is it a issue? Do you think it should also show BCSERVER1 under the same

I am confused as it might have something to do with DNS as few errors are saying DNS lookup faliare???????

Regards
0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16718322
>The DNS servrs on all three domain controllers ....

dont quite understand what your meaning?

The "domainDNSZone that is" the scema on our domain looks like :

DNS
   - Server
           - EVT viewer
           - Cashed Lookups
           - Forward Lookup zones
           - Reverse Lookup Zones (in-addr-arpa)
   - Server
           - EVT viewer
           - Cashed Lookups
           - Forward Lookup zones
           - Reverse Lookup Zones (in-addr-arpa)
   - Server
           - EVT viewer
           - Cashed Lookups
           - Forward Lookup zones
           - Reverse Lookup Zones (in-addr-arpa)
 etc.

What im more concerned about is the this :

Start >Administrative tools > Sites and Services.

    In the Default-First-Site, Are all servers configured with NTDS (replication) and do look at the "from - to" construction in the domain. Make sure that the "old" DC on wich the 2K3 machines where extended is not still leading in the domain. They should all replicate to / from the last least significant. of all to the DC holding the PDC emulator.

server: NBCServer1 < NBCServer2 < BCServer1 (to)
server: NBCServer1 > NBCServer2 > BCServer1 (from)

or

server NBCServer1 > NBCServer2 (to)
server NBCServer1 > BCServer1 (to)
etc.

Also dubblecheck if all the "FSMO" roles are indeed moved. and if the new machines are also GC.

(Just in case)

Do check the versions on the DNS servers and their compatability. Dont think this is a problem but might be (W2K) vs (W2K3). also guess you run native 2K domain?

-Regards Chris










0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16718450
ps on some of the "messages" you get.

The DSA operation is unable to proceed because of a DNS lookup failure.
Symptoms: 1. When trying to DCPROMO, ,you receive: "The operation failed because: The directory service failed to replicate off changes made locally. The DSA operation is unable to proceed because of a DNS lookup failure."
2. The Event Viewer may list Event ID: 1265 - The DSA operation is unable to proceed because of a DNS lookup failure.
3.  DCDiag test display this message: "The DSA operation is unable to proceed because of a DNS lookup failure".

Causes:
1. Incorrect TCP/IP configuration.
2. Incorrect DNS configuration
3. Bad information in DNS Manager.

Got it of some site i seem to be part of :S (didnt even knew that)

But analysing :)
   
BCSERVER1.backercop.co.ae

to :

BCNEWSERVER2.backercop.co.ae

using AD pointer / attributes :

Backercop.co.ae > Configuration > Sites > Default-First-Site-Name > Servers > BCNEWSERVER2 > NTDS Settings.

Wich either suggest that the "dns" zone isnt correct or the configuration aint adding up (above text) or it has something to do with the NTDS settings (previous post)...

Plz Look into that ;)

Regards, Chris
0
 

Author Comment

by:skylife19
ID: 16723601
Dear Chris,

When I said DNS on all three domain controller What I meant was that DNS is installed on three computers for fault tolerance. (It looks like I need lot of reading on DNS concepts) and when I mentioned DomainDnsZone I was quoting from a DNS server's MMC console under Forward lookup zone > backercop.co.ae > DomainDnsZone or ForestDnsZone.

When you mentioned "domainDNSZone that is the scema on our domain looks like" ---  could you please guide where could I get this info. I mean to say which console and under what setting.


Default-first-site-name shows me five names (bcserver1, bcserver2, bcserver3, bcnewserver1 & bcnewserver2) under servers but only BCserver1, bcnewserver1 and bcnewserver2 have NTDS settings. (which are also domain cotrollers in our case)  And if you click NTDS settings of any domain controller, each shows two connections from balance two domain controllers with names as 'automatically generated'. Also if you select properties of NTDS setting and then click connection (for any domain controller).
Under replicate from and replicate to it shows names of other two domain controllers. For example if you check for bcnewserver1

Replicate from
Name            Site
bcnewserver2      default-first-site-name
bcserver1                      default-first-site-name

Replicate To
Name            Site
bcnewserver2      default-first-site-name
bcserver1                      default-first-site-name

And same is the case for other two.

FSMO roles.. have rechecked and all are moved.


Also could you please explain what you mean by "using AD pointer / attributes :" ????

Backercop.co.ae ..........?????

Appreciate your patience in helping me


Regards
0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16725697
Uhm how do i explain proper. For its quite a theory (the AD book is just as thick as the 2k3 lol).

AD intro.

AD is actually MS`s awnser to the novel X500 Directory. This is a database of sort holding a hynarchic design and is fully Ldap enabled. This directory / database hold all, and i mean all the data needed by the domain to find any object or property of anything it needs. Using the MMC you only see parts of the AD with the attributes of those object configured in the forms they present for alteration. For instance you have an user (object) in your AD. when it comes to a user there are loads of properties (attributes) you can configure / log. Example. FirstName, LastName, FullName, DisplayName, Password, Password Type, Last Logged in, Last Logged Out, Account availablitity time, Path to Mailbox, Company name, Office, Department, Phonenumbers, Street-Addres-City info, Etc etc etc.

Impact on Domain.

Almost all the domain services rely on the AD to find the needed information about that domain to "serve" it. Same goes with the "NTDS" Service. Apparently there is an entry in the AD that tells it should replicate with the "BCNEWSERVER2.backercop.co.ae" Server. And next to that that its not able to "resolve" that given name with the local dns server. You can check this like :
Start>Execute>CMD.exe
nslookup BCNEWSERVER2.backercop.co.ae [enter]

And it should be resolved. Later i guessed that this domain was to be demoted anyway and to succesfully uninstall exchange (wich requires the installer to remove the exchange server from the AD as Default-first-site member) you thus need the NTDS service to be workin properly to update the AD change to the leading DC. I also thought to trick this to working you might also add all the FQDN names to your local host file (thus NTDS might be able to resolve the DNS name (not tried before though) ). You can alter likt :
Start>Execute>CMD.exe[enter]
Cd %WINDIR%\system32\drivers\etc\
edit hosts
add > BCNEWSERVER2.backercop.co.ae         [ip.ip.ip.ip] (see localhost entry)
etc.

Next see if the NTDS service is able to replicate to the leading AD (PDC Emu).

If so you can again try te uninstall exchange, then try the demote...

On the DNS part, its quite extensive to explain actually. Prop the BCNEWSERVER2.backercop.co.ae
DNS MMC shows somewhat the same "dns zones" like defined at us. We added a zone for the old HPUX machines and the application servers running on it because its nearly impossible to alter their hostnames, and the Application Server uses the FQDN in its config..

I also use the DNS MMC. Only our sceme is replicated domain wide, wich doesnt seem to be the case on your end because the NTDS isnt functioning properly. Also try adding the new servers manually to the old DC as an anchor record (A).

Hope this functions...

Regards, and time well spend for that matter.. was getting rusty ;-) so thx for that...
0
 

Author Comment

by:skylife19
ID: 16751772
Hi chris,

Could not write, was stuck in something. From your comments it looked to me that you got  frustrated from few of my last mail's questions.

I could accept that I am not an expert but not as novice as you guessed in your mail.

Just for your info. I know active directory, NTDS setting etc etc, have worked on novell NDS (even now we have one novell 4.1 server running). I am managing a network of 120+ computers in mix windows and novell environment, along with SQL sever, excchange server. Know to use windows administraiotn tools "AD U and C" etc, ADSIedit tool. (but have not changed anything in my live environment)

The reason I am confused is that the things you mentioned are all there but still it was not replicating. Like

I am able to do nslookup to any server from any server and name is always resolved.

NTDS settings are correct and I think I mentioned in my last mail also. (so I do not feel like adding as it is already there)

Replmon tool in windows support tools does not show any replication error for any server

I checked RPC connectivity (mentioned by some site) that is also working

Although I am not expert in DNS but there is no DNS error in event viewers of servers and to my lnowledge they are also working fine.

I would like to ask one question here do you know what is the purpose/ advantage of "creating default application directory partition" option in DNS console. Is it good to have it?

The way I installed DNS servers was that I configured server as per default setting (where ever possible) and DNS zones as primary Acitve directory integrated.

The new servers are already there in old DC as record A (so there is no need to add as you mentioned in your mail)

Dear Chris I have written all this not to boast about myself rather to reduce your frustration if there was any from my questions.

But it does not mean I am going to leave you here. I have something for you to think?

After my last mail I noticed some 13509 event in my bcserver1 (that says enable replication  after repeated tries) and this was related to both new servers. So I thought the problem is resovled now. (although i did not do anything). So I uninstalled exchange server from the bcserver1. It finished uninstall process and cbserver1 is automatically removed from default-first-site. Once this thing was finished I tried again DCPROMO to remove acitve directory form bcserver1. It could not finished that with a new error now and this is

"The operation failed because:
 An ldap read of operational attributes form server bcnewserver1.backercop.co.ae failed.

 An error occured while installing the directory service. For information, see the  evnt log."

But event log does not mention any error. BCNEWSERVER1 is our domain naming master.

Do you have any idea what it could be now.

Actually I have started thinking now that if I could not resolve it I would force demotion & do meta data cleanup. The only fear I have is if that meta data cleanup got stuck in between than what I would do as those (bcnewserver1 and bcnewserver2) are my production servers now.

Any suggestion??????

Regards,










0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16783054
First, Im not realy frustrated on anything :) And also didnt guess you as a novice.. But as i look at my own knowledge, one cant know everything ;-)

On the application directories i think this article will explain allot more then i could write out here. http://www.windowsnetworking.com/articles_tutorials/Managing-Application-Directory-Partitions.html

And on the "advantage" part it heavly depends on the "application" as you might figure while reading that arti.

On your account, i will post this error on the Microsoft Partner site, for it looks like a permissions issue, where i just dont think that "perseption" is right, will come back to you when we receive an awnser ;)

0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16783122
You gotta love partner support :S

An LDAP read of operational attributes failed.
-The domain naming master for the forest is offline or cannot be contacted.
-Make the current domain naming master accessible. If necessary, see "Seizing Operations Master Roles" in this guide.

Wich the obviously fetched right off this page :

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd13.mspx#EVG

Still suggesting DNS Problems :S

regards,
0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16783132
Ps on the fsmo seizure (nasty and forced :S ) http://technet2.microsoft.com/WindowsServer/en/Library/bde352aa-101a-4da1-872a-de18b2bb87fb1033.mspx?mfr=true

<< As the article they pinpoint to
0
 
LVL 5

Expert Comment

by:dutchclan
ID: 16783136
>> Scrape this "Still suggesting DNS Problems :S"
0
 
LVL 5

Accepted Solution

by:
dutchclan earned 1000 total points
ID: 16848416
A little tutorial on Application Shares and Active Directory in general.

History.

ActiveDirectory (mainly pointing to the windows2K3 version) is the so called windows NOS (Network Opperating System) in wich the AD is storing all the network and topology relative data about the zone or better subnet the domain was installed in. Because of the limitations the windows NT threw up with its Single Master model and replication overhead caused by replication of the complete schema top down and being not compliant to the standards (using WINS for name resolution) they came up with the AD diverted from the novel X500 Directory.

Basics.

To keep the directory up-to-date while using a "multi master" model they thought of some verry clever ways to do this. Mainly using the meta data on attributes (USN - Update Sequence Number, UTDSN Up-To-Date sequence number, HighWater Mark Vector etc) the Replication Service is able to replicate on a per attribute / value level reducing bandwidth etc. Next to that the AD is split up in so called NC`s. Wich splits up the AD in multiple parts wich all are replicated seperatly.

The DNS zone data is (using windows 2K3) possibly also inserted in the AD. I say possibly because this would require the DNS to allow DDNS updates (Dynamic DNS Updates) wich is usually considered a security risk. AD offers its own protection against it tough. To prevent the Replication service to replicate this specific data to all the AD copies (on other DC`s wich might not be DNS Servers) one could use application partitions to prevent the zone file from being replicated to all the DC`s and save bandwidth this way.

The Bit more advanced.

Allot of Server and Service information about the domain is usually stored in the DNS servers resp. as "A","CNAME","SRV","PTR" records. The updates usually made can be found on any DC in the following path : %systemRoot%\System32\Config\netlogon.dns .

It is used for allot of client to server administrative tasks initialised from the client, like finding a DC in a specific zone, to finding the best DC to logon to (slow connections etc) using the AD as information hive.

Where the FSMO kicks in.

As most people know we have FSMO roles pointed to servers in our Domain. wich are kind o important to keep the directory and topology information consistant.

Schema Master (forest wide role)
Basicly is the only DC that is allowed to make changes/Updates to the schema Default the first server to be installed/Promoted

Domain Naming Master(forest wide)
Basicly the server that controls changes to the namespace (myorg.com) and is required to enable renaming, moving domain namespaces within a forest. Default also the first server to be installed.

PDC (Domain Wide)
Only use to be backwards compatible with "old" NT4 machines that are still based on the Single Master model.

RID Master (Domain wide)
This is the first realy insteresting FSMO role. This one make sure that all new objects in the schema get their own unique GUID for security purposes. By default all other DC`s not holding this task reserve a set of UID`s for their own use. When they run out they will request a new set of UID`s. The treshold to request new ID`s is usually set 100 in case the RID master is not available. If this takes to long you will be unable to create new objects like users in the schema.

Infrastructure Master (Domain-wide)
Is used to keep track of so called "phantoms" from other domains. It is also reposible to continually know where other for instance user objects reside in other domains so they are available in the domain it services. Usually in a Single domain setup the Infrastructure FSMO has nothing to do and doesnt pose any problem. If more domains are introduced its wise to move this role to any NON-GC DC. This because the IFM creates stale references from objects. It does this by comparing the objects with the GC and checks if its up-to-date. If the server that holds the IFM also is GC the GC is always up-to-date and thus the IFM will never have stale references.

By default most of this data is kept inside the AD for thats why the NOS was designed. Create a central repository of all the network data and make is broadly available. Replication problems might also be detected using naturaly the Toolset from the installation CD. But understanding it is more important to track problems.

Basicly replication is comparing the meta-data on the AD objects to that of an other DC. To do this all servers keep track of the Update Sequence Number, Up-To-Date sequence number of all replication partners. (on GUID Level). Next they compare the numbers of the objects with that in that table. If there is a difference the attribute gets updated, else the attribute is ignored and the next attribute is enummerised. And so on. Problems in this process might be verry critical if all FSMO`s / DNS / Dataconsitancy Checker etc are working properly.

Yet again, its fairly complex to explain and almost would advice you to read this book.

Active Directory ISBN:0-596-00466-4

Regards,

Chris gralike
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question