rgutwein
asked on
Problems with DNS after running DCDIAG
Hi Everyone,
I am having difficulty with the replication between my two Domain Controllers in my domain. Here is the setup:
Charybdis: the "master" domain controller
Sycilla: another domain controller
Odyssey: the name of the domain
I figured that it is a DNS issue, so I ran the DCDIAG.EXE tool, and here are the results:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>dcd
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CH
Starting test: Connectivity
......................... CHARYBDIS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CH
Starting test: Replications
[Replications Check,CHARYBDIS] A recent replication attempt failed:
From SCYLLA to CHARYBDIS
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2006-06-13 17:50:41.
The last success occurred at 2006-06-13 16:53:45.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[SCYLLA] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,CHARYBDIS] A recent replication attempt failed:
From SCYLLA to CHARYBDIS
Naming Context: CN=Configuration,DC=odysse
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2006-06-13 17:50:41.
The last success occurred at 2006-06-13 17:24:42.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... CHARYBDIS passed test Replications
Starting test: NCSecDesc
......................... CHARYBDIS passed test NCSecDesc
Starting test: NetLogons
......................... CHARYBDIS passed test NetLogons
Starting test: Advertising
......................... CHARYBDIS passed test Advertising
Starting test: KnowsOfRoleHolders
......................... CHARYBDIS passed test KnowsOfRoleHolders
Starting test: RidManager
......................... CHARYBDIS passed test RidManager
Starting test: MachineAccount
......................... CHARYBDIS passed test MachineAccount
Starting test: Services
......................... CHARYBDIS passed test Services
Starting test: ObjectsReplicated
......................... CHARYBDIS passed test ObjectsReplicated
Starting test: frssysvol
......................... CHARYBDIS passed test frssysvol
Starting test: frsevent
......................... CHARYBDIS passed test frsevent
Starting test: kccevent
......................... CHARYBDIS passed test kccevent
Starting test: systemlog
......................... CHARYBDIS passed test systemlog
Starting test: VerifyReferences
......................... CHARYBDIS passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : odyssey
Starting test: CrossRefValidation
......................... odyssey passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... odyssey passed test CheckSDRefDom
Running enterprise tests on : odyssey.org
Starting test: Intersite
......................... odyssey.org passed test Intersite
Starting test: FsmoCheck
......................... odyssey.org passed test FsmoCheck
Please help...thanks!
Randy
I am having difficulty with the replication between my two Domain Controllers in my domain. Here is the setup:
Charybdis: the "master" domain controller
Sycilla: another domain controller
Odyssey: the name of the domain
I figured that it is a DNS issue, so I ran the DCDIAG.EXE tool, and here are the results:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>dcd
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CH
Starting test: Connectivity
......................... CHARYBDIS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CH
Starting test: Replications
[Replications Check,CHARYBDIS] A recent replication attempt failed:
From SCYLLA to CHARYBDIS
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2006-06-13 17:50:41.
The last success occurred at 2006-06-13 16:53:45.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[SCYLLA] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,CHARYBDIS] A recent replication attempt failed:
From SCYLLA to CHARYBDIS
Naming Context: CN=Configuration,DC=odysse
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2006-06-13 17:50:41.
The last success occurred at 2006-06-13 17:24:42.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... CHARYBDIS passed test Replications
Starting test: NCSecDesc
......................... CHARYBDIS passed test NCSecDesc
Starting test: NetLogons
......................... CHARYBDIS passed test NetLogons
Starting test: Advertising
......................... CHARYBDIS passed test Advertising
Starting test: KnowsOfRoleHolders
......................... CHARYBDIS passed test KnowsOfRoleHolders
Starting test: RidManager
......................... CHARYBDIS passed test RidManager
Starting test: MachineAccount
......................... CHARYBDIS passed test MachineAccount
Starting test: Services
......................... CHARYBDIS passed test Services
Starting test: ObjectsReplicated
......................... CHARYBDIS passed test ObjectsReplicated
Starting test: frssysvol
......................... CHARYBDIS passed test frssysvol
Starting test: frsevent
......................... CHARYBDIS passed test frsevent
Starting test: kccevent
......................... CHARYBDIS passed test kccevent
Starting test: systemlog
......................... CHARYBDIS passed test systemlog
Starting test: VerifyReferences
......................... CHARYBDIS passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : odyssey
Starting test: CrossRefValidation
......................... odyssey passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... odyssey passed test CheckSDRefDom
Running enterprise tests on : odyssey.org
Starting test: Intersite
......................... odyssey.org passed test Intersite
Starting test: FsmoCheck
......................... odyssey.org passed test FsmoCheck
Please help...thanks!
Randy
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
going to have to give me a little bit to check this out :) lots of info here and i have to run to a meeting in a lil while, i will be back though :)
Jay
Jay
ASKER
Ok, great...thank you! Also, I wanted to let you know that these servers are running on Micosoft's Virtual Server 2005 on my Windows XP Pro machine. Each Domain controller has its own VHD (i didnt just copy and paste it) so they have their own SID.
Maybe the DNS issues are related to Microsoft's Virtual Server 2005, since it is not a "real" domain environment, and it is just emulated.
Maybe the DNS issues are related to Microsoft's Virtual Server 2005, since it is not a "real" domain environment, and it is just emulated.
hmmm an important point, i will get back to you asap you have my word
Jay_Jay70 is far more knowledgeable with these issues than I, but the one thing I notice is it appears your own DNS server is 192.168.1.109 but you also have 167.206.245.20 listed which I believe is an ISP DNS server. The server and workstations should only point to your internal DNS servers. The ISP's DNS should be added as a forwarder in the DNS management console only.
ASKER
Thank you, RobWill, for pointing that out. I thought that I erased all of those ISP DNS IPs, I guess I missed that one :)
Thank you both for helping me out with this! I am going to split to the points, so that you both get credit for helping me.
Thank you both for helping me out with this! I am going to split to the points, so that you both get credit for helping me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi, thank you for the response, I added the two IPs like you said, and it is definetly replicating a lot faster. I only have DNS setup on 1 out of the 2 Domain Controllers (Charybdis). Is it best practice to have DNS set up on every Domain Controller?
back! wow, busy Q :)
was going to start with dns but it seems to be mostly covered so far,
do you have complete name resolution cranking?
was going to start with dns but it seems to be mostly covered so far,
do you have complete name resolution cranking?
:) yup best to have each DC as DNS so that it replicates DNS accross, make your DNS zones AD integrated
Thanks rgutwein . Glad to hear you have some improvement. Have all of the errors/failures been resolved ?
--Rob
--Rob
ASKER
Great, thank you everyone so much. I gave out points as fairly as I could. I really appreciate all of your help!
Randy
Randy
glad it worked good luck!
you dont need dns on every DC, but its nice.
if you have dns on 2 DCs and one DC crashes (and your dhcp/static ip settings has both DCs in its dns settings) the clients will automaticly fall over to the other DC for dns name res. I install dns on all my DCs
if you have dns on 2 DCs and one DC crashes (and your dhcp/static ip settings has both DCs in its dns settings) the clients will automaticly fall over to the other DC for dns name res. I install dns on all my DCs
oh ya also make both server global catalog servers
ASKER
Here is the IPCONFIG info:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.ODY
Windows IP Configuration
Host Name . . . . . . . . . . . . : scylla
Primary Dns Suffix . . . . . . . : odyssey.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : odyssey.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet Adapt
er (Generic)
Physical Address. . . . . . . . . : 00-03-FF-4A-4B-C9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.110
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.109
C:\Documents and Settings\Administrator.ODY
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipc
Windows IP Configuration
Host Name . . . . . . . . . . . . : Charybdis
Primary Dns Suffix . . . . . . . : odyssey.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : odyssey.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet Adapt
er (Generic)
Physical Address. . . . . . . . . : 00-03-FF-4C-4B-C9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.109
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.109
167.206.245.20
Here is the info from the Event Log (sorry, its a little long):
6/13/2006 5:48:56 PM NtFrs Information None 13516 N/A SCYLLA "The File Replication Service is no longer preventing the computer SCYLLA from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type ""net share"" to check for the SYSVOL share."
6/13/2006 5:48:11 PM NtFrs Information None 13501 N/A SCYLLA The File Replication Service is starting.
6/13/2006 4:49:37 PM NtFrs Information None 13516 N/A SCYLLA "The File Replication Service is no longer preventing the computer SCYLLA from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type ""net share"" to check for the SYSVOL share."
6/13/2006 4:49:34 PM NtFrs Information None 13501 N/A SCYLLA The File Replication Service is starting.
6/13/2006 4:34:52 PM NtFrs Information None 13516 N/A SCYLLA "The File Replication Service is no longer preventing the computer SCYLLA from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type ""net share"" to check for the SYSVOL share."
6/13/2006 4:34:47 PM NtFrs Information None 13501 N/A SCYLLA The File Replication Service is starting.
6/13/2006 4:29:23 PM NtFrs Warning None 13509 N/A SCYLLA The File Replication Service has enabled replication from CHARYBDIS to SCYLLA for c:\windows\sysvol\domain after repeated retries.
6/13/2006 4:02:37 PM NtFrs Warning None 13508 N/A SCYLLA "The File Replication Service is having trouble enabling replication from CHARYBDIS to SCYLLA for c:\windows\sysvol\domain using the DNS name Charybdis.odyssey.org. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name Charybdis.odyssey.org from this computer.
[2] FRS is not running on Charybdis.odyssey.org.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established."
6/13/2006 3:56:15 PM NtFrs Information None 13516 N/A SCYLLA "The File Replication Service is no longer preventing the computer SCYLLA from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type ""net share"" to check for the SYSVOL share."
6/13/2006 3:56:00 PM NtFrs Information None 13553 N/A SCYLLA "The File Replication Service successfully added this computer to the following replica set:
""DOMAIN SYSTEM VOLUME (SYSVOL SHARE)""
Information related to this event is shown below:
Computer DNS name is ""scylla.odyssey.org""
Replica set member name is ""SCYLLA""
Replica set root path is ""c:\windows\sysvol\domain
Replica staging directory path is ""c:\windows\sysvol\stagin
Replica working directory path is ""c:\windows\ntfrs\jet"""
6/13/2006 3:55:58 PM NtFrs Warning None 13565 N/A SCYLLA "File Replication Service is initializing the system volume with data from another domain controller. Computer SCYLLA cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers."
6/13/2006 3:55:57 PM NtFrs Information None 13501 N/A SCYLLA The File Replication Service is starting.
6/13/2006 3:53:45 PM NtFrs Information None 13503 N/A SCYLLA The File Replication Service has stopped.
6/13/2006 3:53:41 PM NtFrs Information None 13502 N/A SCYLLA The File Replication Service is stopping.
6/13/2006 3:52:53 PM NtFrs Warning None 13512 N/A SCYLLA The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer SCYLLA. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost.
Thanks for helping me out!
Randy