Solved

windows 2000 replication problems

Posted on 2006-06-22
16
2,410 Views
Last Modified: 2008-01-09
It seems like I'm having replication problems. When I create a user in active directory on one of my two dc's it does not replicate on the other dc. when I try to force the replication in Active Directory Sites and Services I get this message

"The following error occurred during the attempt to synchronize the domain controllers: Access is denied"

and

: The target principal name is incorrect.

When I run netdiag, this is what I get:

         The last success occurred at 2006-04-11 11:55.50.
         1720 failures have occurred since the last success.
      [SERVEUREXCHANGE] DsBind() failed with error -2146893022,
      Win32 Error -2146893022.
      [Replications Check,SERVEURBD] A recent replication attempt failed:
         From SERVEUREXCHANGE to SERVEURBD
         Naming Context: CN=Configuration,DC=polybois,DC=ca
         The replication generated an error (5):
         Win32 Error 5
         The failure occurred at 2006-06-22 15:43.37.
         The last success occurred at 2006-04-11 12:34.06.
         8660 failures have occurred since the last success.

can someone help?
bob
 
0
Comment
Question by:bobsensor
  • 8
  • 4
  • 3
  • +1
16 Comments
 
LVL 7

Expert Comment

by:puter_geek
ID: 16965147
What are each of the Servers running?
Are you part of the Administrators group or Domain Admins?
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 16965337
IS one of your DCs also an exchange server?
0
 
LVL 6

Expert Comment

by:dotENG
ID: 16967482
My guess is: you somewhere along the road lost the synchronization between two DCs, the number of changes needed to replicate now is too high and AD does not know how to deal with it.

Please post a report of the server's errors in all event logs, something like:

10100 - started 11/11/02 repeats every boot
10101 - started 12/12/03 repeats every hour
etc...
0
 

Author Comment

by:bobsensor
ID: 16983497
Hello all... sory for the delay, I was gone for the week end.

puter_geek

two windows 2000 servers

1x File server (the defect one)
1x exchange server

rickhobbs

yes one is an exchange server

dotENG

You may be right... you do I fix w/o reformating
here is the message error I get in my event log


Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1000
Date:            2006-06-26
Time:            08:39:41
User:            NT AUTHORITY\SYSTEM
Computer:      SERVEURFILES
Description:
Windows cannot determine the user or computer name. Return value (-2146893022).


I have another problem... My file server that is not working well (wich is a DC) is still trying to authentificate users w/o succes... so to temporarely solve the problem, I paused the netlogon service on that computer... is that the right thing to do????
0
 

Author Comment

by:bobsensor
ID: 16983506
I also have this message:

Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13508
Date:            2006-06-25
Time:            12:46:29
User:            N/A
Computer:      SERVEURFILES
Description:
The File Replication Service is having trouble enabling replication from SERVEUREXCHANGE to SERVEURFILES for c:\winnt\sysvol\domain using the DNS name serveurexchange.poly.com. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name serveurexchange.poly.com from this computer.
 [2] FRS is not running on serveurexchange.poly.com.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
Data:
0000: 21 07 00 00               !...    
0
 

Author Comment

by:bobsensor
ID: 16984387
this is a netlogon error that occurs when a user is being authentificated by the faulty DC

vent Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5722
Date:            2006-06-26
Time:            07:32:02
User:            N/A
Computer:      SERVEURFILES
Description:
The session setup from the computer PC15444 failed to authenticate. The name of the account referenced in the security database is PC15444$.  The following error occurred:
Access is denied.  
Data:
0000: 22 00 00 c0               "..À    
0
 
LVL 6

Expert Comment

by:dotENG
ID: 16985709
Well, the outcome of your problems is the 13508 Error, you should check that:
a. Your DNS holds the AD zone.
b. both servers use the same DNS for resolving

Check this document for details:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd12.mspx
0
 

Author Comment

by:bobsensor
ID: 16987082
doteng:

can you give me more information on the solutio that you gave me

I canot see anything about error 13508 on the lynk you sent me...

I have tried the repadmin /showreps

and this is what I get

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=poly,DC=com
    Default-First-Site-Name\SERVEUREXCHANGE via RPC
        objectGuid: 71508b0c-0f18-49b1-8927-7781c8ac4c2f
        Last attempt @ 2006-06-26 15:27.08 failed, result 5:
            Can't retrieve message string 5 (0x5), error 1815.
        Last success @ 2006-04-11 11:55.50.
        2103 consecutive failure(s).

CN=Configuration,DC=poly,DC=com
    Default-First-Site-Name\SERVEUREXCHANGE via RPC
        objectGuid: 71508b0c-0f18-49b1-8927-7781c8ac4c2f
        Last attempt @ 2006-06-26 15:28.40 failed, result 5:
            Can't retrieve message string 5 (0x5), error 1815.
        Last success @ 2006-04-11 12:34.06.
        9815 consecutive failure(s).¸


please help
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 6

Accepted Solution

by:
dotENG earned 500 total points
ID: 16989164
After you verify that Time is synchronized and both servers use the same DNS
Troubleshooting here:
http://support.microsoft.com/kb/237675/EN-US/

Try the three steps from this document:
http://support.microsoft.com/kb/329860/?sd=RMVP&fr=1

This error is already two months old, if it's not the initial install data (2006-04-11) try figuring what has happened at that date.
0
 

Author Comment

by:bobsensor
ID: 16991757
thanks doteng

I try doing net time command from serveurfiles.... and I get this


C:\Documents and Settings\Administrator>net time \\serveurexchange /set /yes
System error 5 has occurred.

Access is denied.


here is a stupid question.... how do I know if they are using the same DNS???

thank you

0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 16992356
Check their IP settings to determine if they are using the same DNS.

Manually set their time a close as you possibly can using time gui.
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 16992393
Does the file server have all the FSMO roles or are they shared?
Try to move all FSMO roles to the Exchange system and then dcpromo x 2 on the file server. (Once to remove active directory, once to add it back in).  Then check Replication.  If it is ok, split the FSMO roles and make sure both are global catalogs.
0
 

Author Comment

by:bobsensor
ID: 16993509
ok.... I have reset the secure channel password of the faulty server "serveurfiles"
and there seems to be good things happening!... the a.d. has replicated.

But it seems like the sysvol is not replicating... when I do a dcdiag I get this error

 Starting test: frssysvol Error: No record of File Replication System, SYSVOL started.

we are getting close!...
0
 

Author Comment

by:bobsensor
ID: 16993721
I restarted the frs service and no more errors in the frssysvol test!... but the sysvol folder does not seem to replicate... I will wait a couple hours and come back with that....

bob
0
 

Author Comment

by:bobsensor
ID: 16994274
yes sir!... everything is back on track!... thank you experts!
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 16997853
Sweet.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now