Solved

Replication Failure, machine account issues.

Posted on 2006-07-12
5
1,219 Views
Last Modified: 2010-08-05
I have created a rather large problem.

In an attempt to create a copy of our AD in a vitual envo, I mistakenly promoted a virtual server, with the same name as an existing server, to our production AD.

When I discovered my mistake, I attempted to correct it by depromoting it. The account for the original server, known here after as "Server2" remained in AD, but it was not able to comunicate with the remaining DC, "Server1". I reset the machine account on Server2 using

netdom resetpwd /server:Server1 /userd:OURCOMPANY\administrator_id /passwordd:*

Now Server2 can replicate to Server1, but Server1 cannot replicate to Server2. The machine accounts are still not right. The output from DCDIAG is attached below.

At this point my only idea is to attempt to depromote Server2, join it to a workgroup, then rejoin the domain and repromote. Is there a way to fix the machine account some other way that I'm missing?

Also ran dcdiag /s:localhost /repairmachineaccount .... output follows
------------------------------------------------
Relevent portion of out put is...
-----------------------------------------------
Starting test: MachineAccount
         * Server2 is not a server trust account
         ......................... Server2 failed test MachineAccount

=======================================
Full output is.....
=======================================
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: NOC\Server2
      Starting test: Connectivity
         ......................... Server2 passed test Connectivity

Doing primary tests

   Testing server: NOC\Server2
      Starting test: Replications
         [Replications Check,Server2] A recent replication attempt failed:
            From Server1 to Server2
            Naming Context: CN=Schema,CN=Configuration,DC=MYCOMPANY,DC=com
            The replication generated an error (8453):
            Replication access was denied.
            The failure occurred at 2006-07-12 16:48.26.
            The last success occurred at 2006-07-11 10:52.20.
            41 failures have occurred since the last success.
            The machine account for the destination Server2.
            is not configured properly.
            Check the userAccountControl field.
            Kerberos Error.
            The machine account is not present, or does not match on the.
            destination, source or KDC servers.
            Verify domain partition of KDC is in sync with rest of enterprise.
            The tool repadmin/syncall can be used for this purpose.
         [Replications Check,Server2] A recent replication attempt failed:
            From Server1 to Server2
            Naming Context: CN=Configuration,DC=MYCOMPANY,DC=com
            The replication generated an error (8453):
            Replication access was denied.
            The failure occurred at 2006-07-12 17:01.52.
            The last success occurred at 2006-07-11 10:52.28.
            311 failures have occurred since the last success.
            The machine account for the destination Server2.
            is not configured properly.
            Check the userAccountControl field.
            Kerberos Error.
            The machine account is not present, or does not match on the.
            destination, source or KDC servers.
            Verify domain partition of KDC is in sync with rest of enterprise.
            The tool repadmin/syncall can be used for this purpose.
         [Replications Check,Server2] A recent replication attempt failed:
            From Server1 to Server2
            Naming Context: DC=MYCOMPANY,DC=com
            The replication generated an error (8453):
            Replication access was denied.
            The failure occurred at 2006-07-12 17:05.59.
            The last success occurred at 2006-07-11 11:00.22.
            525 failures have occurred since the last success.
            The machine account for the destination Server2.
            is not configured properly.
            Check the userAccountControl field.
            Kerberos Error.
            The machine account is not present, or does not match on the.
            destination, source or KDC servers.
            Verify domain partition of KDC is in sync with rest of enterprise.
            The tool repadmin/syncall can be used for this purpose.
         ......................... Server2 passed test Replications
      Starting test: NCSecDesc
         ......................... Server2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... Server2 passed test NetLogons
      Starting test: Advertising
         ......................... Server2 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... Server2 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... Server2 passed test RidManager
      Starting test: MachineAccount
         * Server2 is not a server trust account
         ......................... Server2 failed test MachineAccount
      Starting test: Services
         ......................... Server2 passed test Services
      Starting test: ObjectsReplicated
         ......................... Server2 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... Server2 passed test frssysvol
      Starting test: kccevent
         ......................... Server2 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/12/2006   16:38:33
            Event String: Driver hp psc 2200 series required for printer
         An Error Event occured.  EventID: 0x00000452
            Time Generated: 07/12/2006   16:38:33
            Event String: The printer could not be installed.
         An Error Event occured.  EventID: 0x00001659
            Time Generated: 07/12/2006   16:50:27
            Event String: The session setup to the Windows NT or Windows
         ......................... Server2 failed test systemlog

   Running enterprise tests on : MYCOMPANY.com
      Starting test: Intersite
         ......................... MYCOMPANY.com passed test Intersite
      Starting test: FsmoCheck
         ......................... MYCOMPANY.com passed test FsmoCheck
0
Comment
Question by:Canisrufas
  • 2
5 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17097664
when you demoted your other DC did it demote gracefully or did you have to force remove it
0
 

Author Comment

by:Canisrufas
ID: 17111134
it demoted gracefully. turned out the machine acount type was damaged, still showed as a member server in AD. used ADSIedit to correct.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17112888
ah glad all is well,

well done
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 17306408
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 7 7 262
Windows 7 / Windows 8 casual users can't connect to Win 2000 SBS shares 6 308
Windows 16 347
Can you expand C: in Windows 2000? 5 132
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now