jasonmichel
asked on
FRS error 13508 without 13509
I had an earlier post concerning setting permissions on a shared folder, it seems that i've opened a larger can of worms. I have a PDC in xcity, ohio, I recently set up 2 other domain controllers for the same domain in xcity, michigan and ycity, ohio. The one in michigan is giving me the 13508 error and is the one i am having problems, setting permissions, mapping drives, having all workstations show up in network neighborhood etc. I checked the NTDS settings on the problem DC and it shows that it is replicating TO the PDC and nothing in the replicate from. Are all my issues coming from the FRS or is it a router/network issue. I can ping the FQDN of the PDC and everything works fine that way. I run Repadmin /showres and everything seems to complete successfully. I am very frustrated that this isn't working. Have the one set up in ycity, ohio exactly the same role and everything works fine. Please help and thanks in advance for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Remove your ISP dns from your tcp/ip settings
yes you need netbios over tcp but if you have an internet face NIC, you should disable it on external NIC
If KCC couldn't generate connection object (the entry you see in Sites&Services), incoming replication won't happen. what is the desc. in KCC error?
SRV records are those under _mcdcs zone. SRV records tell client where to get a particular service, such ldap
To manually trigger KCC, right click "NTDS settings", all tasks\check replication topology
To manually create a connection object instead of letting KCC do it, right click, new, connection (but I prefer KCC generating unless you have special needs. and even you can manually create a connection, it won't work with the underlying problem unsolved.)
A "netdiag /v> netdiag.txt" and "dcdiag /v>dcdiag.txt" will help you as well.
yes you need netbios over tcp but if you have an internet face NIC, you should disable it on external NIC
If KCC couldn't generate connection object (the entry you see in Sites&Services), incoming replication won't happen. what is the desc. in KCC error?
SRV records are those under _mcdcs zone. SRV records tell client where to get a particular service, such ldap
To manually trigger KCC, right click "NTDS settings", all tasks\check replication topology
To manually create a connection object instead of letting KCC do it, right click, new, connection (but I prefer KCC generating unless you have special needs. and even you can manually create a connection, it won't work with the underlying problem unsolved.)
A "netdiag /v> netdiag.txt" and "dcdiag /v>dcdiag.txt" will help you as well.
ASKER
I manually created that connection to my primary domain controller, then manually replicated it. However as you said it doesn't mean anything. I took the ISP out of my DNS record. I only have 1 Nic active. The NTDS replication error i get is
" Active Directory Could not use DNS to resolve the OP address of the source domain controller listed below. To maintain the consistency of security groups, group policy, user and computers and their passwords, Active Directory successfully replicated using the Netbios or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operation on member computers, domain controllers or application servers in this AD forest including logon authentication or access to network resources.
you should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS."
This was before i changed the DNS. My DNS is now, my SDC as my primary DNS and my PDC as my secondary DNS.
WHen i try to check replication topology i get " The following error occurred during the attempt to contact the domain controller: The directory property cannot be found in the cache, having manually created the connection, the PDC shows up in the replicate from and replicate to, now
" Active Directory Could not use DNS to resolve the OP address of the source domain controller listed below. To maintain the consistency of security groups, group policy, user and computers and their passwords, Active Directory successfully replicated using the Netbios or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operation on member computers, domain controllers or application servers in this AD forest including logon authentication or access to network resources.
you should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS."
This was before i changed the DNS. My DNS is now, my SDC as my primary DNS and my PDC as my secondary DNS.
WHen i try to check replication topology i get " The following error occurred during the attempt to contact the domain controller: The directory property cannot be found in the cache, having manually created the connection, the PDC shows up in the replicate from and replicate to, now
ASKER
ran DSDIAG and this is the output
Directory Server Diagnosis
Performing initial setup:
* Verifying that the local machine JASOUTHFS, is a Directory Server.
* Connecting to directory service on server JASOUTHFS.
* Identified AD Forest.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JA SOUTHFS
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... JASOUTHFS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JA SOUTHFS
Starting test: Replications
* Replications Check
[Replications Check,JASOUTHFS] A recent replication attempt failed:
From JANEWCOMER to JASOUTHFS
Naming Context: CN=Schema,CN=Configuration ,DC=JA,DC= local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-01-31 11:59:17.
The last success occurred at 2007-01-31 09:58:14.
2 failures have occurred since the last success.
[JANEWCOMER] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3940 (DcDiag)
System Time is: 1/31/2007 17:8:30:976
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 323
Error Record 2, ProcessID is 3940 (DcDiag)
System Time is: 1/31/2007 17:8:30:976
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A retry should be performed.
Detection location is 313
Error Record 3, ProcessID is 3940 (DcDiag)
System Time is: 1/31/2007 17:8:30:976
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 3940 (DcDiag)
System Time is: 1/31/2007 17:8:30:976
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
The source remains down. Please check the machine.
[Replications Check,JASOUTHFS] A recent replication attempt failed:
From JANEWCOMER to JASOUTHFS
Naming Context: CN=Configuration,DC=JA,DC= local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-01-31 11:58:56.
The last success occurred at 2007-01-31 10:45:37.
2 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,JASOUTHFS] A recent replication attempt failed:
From JANEWCOMER to JASOUTHFS
Naming Context: DC=JA,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-01-31 11:58:35.
The last success occurred at 2007-01-31 09:58:14.
2 failures have occurred since the last success.
The source remains down. Please check the machine.
* Replication Latency Check
CN=Schema,CN=Configuration ,DC=JA,DC= local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=JA,DC= local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=JA,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... JASOUTHFS passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC JASOUTHFS.
* Security Permissions Check for
DC=ForestDnsZones,DC=JA,DC =local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=JA,DC =local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=JA,DC= local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=JA,DC= local
(Configuration,Version 2)
* Security Permissions Check for
DC=JA,DC=local
(Domain,Version 2)
......................... JASOUTHFS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\JASOUTHFS\netlogon)
[JASOUTHFS] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
......................... JASOUTHFS failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\jane.JA.local, when we were trying to reach JASOUTHFS.
Server is not responding or is not considered suitable.
The DC JASOUTHFS is advertising itself as a DC and having a DS.
The DC JASOUTHFS is advertising as an LDAP server
The DC JASOUTHFS is advertising as having a writeable directory
The DC JASOUTHFS is advertising as a Key Distribution Center
The DC JASOUTHFS is advertising as a time server
The DS JASOUTHFS is advertising as a GC.
......................... JASOUTHFS failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=JANE,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=JA ,DC=local
Role Domain Owner = CN=NTDS Settings,CN=JANE,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=JA ,DC=local
Role PDC Owner = CN=NTDS Settings,CN=JANE,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=JA ,DC=local
Role Rid Owner = CN=NTDS Settings,CN=JANE,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=JA ,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=JANE,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=JA ,DC=local
......................... JASOUTHFS passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4110 to 1073741823
* jane.JA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2110 to 2609
* rIDPreviousAllocationPool is 2110 to 2609
* rIDNextRID: 2110
......................... JASOUTHFS passed test RidManager
Starting test: MachineAccount
Checking machine account for DC JASOUTHFS on DC JASOUTHFS.
* SPN found :LDAP/JASOUTHFS.JA.local/J A.local
* SPN found :LDAP/JASOUTHFS.JA.local
* SPN found :LDAP/JASOUTHFS
* SPN found :LDAP/JASOUTHFS.JA.local/J A
* SPN found :LDAP/c6ee1360-8d7d-49f7-b c6a-ae0920 c7b2b5._ms dcs.JA.loc al
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/c6ee1360 -8d7d-49f7 -bc6a-ae09 20c7b2b5/J A.local
* SPN found :HOST/JASOUTHFS.JA.local/J A.local
* SPN found :HOST/JASOUTHFS.JA.local
* SPN found :HOST/JASOUTHFS
* SPN found :HOST/JASOUTHFS.JA.local/J A
* SPN found :GC/JASOUTHFS.JA.local/JA. local
......................... JASOUTHFS passed test MachineAccount
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... JASOUTHFS passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
JASOUTHFS is in domain DC=JA,DC=local
Checking for CN=JASOUTHFS,OU=Domain Controllers,DC=JA,DC=local in domain DC=JA,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=JASOUTHFS,CN=S ervers,CN= Default-Fi rst-Site-N ame,CN=Sit es,CN=Conf iguration, DC=JA,DC=l ocal in domain CN=Configuration,DC=JA,DC= local on 1 servers
Object is up-to-date on all servers.
......................... JASOUTHFS passed test ObjectsReplicated
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The
error returned was 0 (The operation completed successfully.). Check
the FRS event log to see if the SYSVOL has successfully been shared.
......................... JASOUTHFS passed test FrsSysVol
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034FD
Time Generated: 01/31/2007 09:07:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/31/2007 09:09:36
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/31/2007 09:17:36
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/31/2007 09:17:37
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034FA
Time Generated: 01/31/2007 11:52:56
(Event String could not be retrieved)
......................... JASOUTHFS failed test FrsEvent
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... JASOUTHFS passed test KccEvent
Starting test: SystemLog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... JASOUTHFS passed test SystemLog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=JASOUTHFS,OU=Domain Controllers,DC=JA,DC=local and backlink on
CN=JASOUTHFS,CN=Servers,CN =Default-F irst-Site- Name,CN=Si tes,CN=Con figuration ,DC=JA,DC= local
are correct.
The system object reference (frsComputerReferenceBL)
CN=JASOUTHFS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=JA,DC =local
and backlink on CN=JASOUTHFS,OU=Domain Controllers,DC=JA,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=JASOUTHFS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=JA,DC =local
and backlink on
CN=NTDS Settings,CN=JASOUTHFS,CN=S ervers,CN= Default-Fi rst-Site-N ame,CN=Sit es,CN=Conf iguration, DC=JA,DC=l ocal
are correct.
......................... JASOUTHFS passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : JA
Starting test: CrossRefValidation
......................... JA passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... JA passed test CheckSDRefDom
Running enterprise tests on : JA.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... JA.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\jane.JA.local
Locator Flags: 0xe00003fd
PDC Name: \\jane.JA.local
Locator Flags: 0xe00003fd
Time Server Name: \\jane.JA.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\jane.JA.local
Locator Flags: 0xe00003fd
KDC Name: \\jane.JA.local
Locator Flags: 0xe00003fd
......................... JA.local passed test FsmoCheck
Directory Server Diagnosis
Performing initial setup:
* Verifying that the local machine JASOUTHFS, is a Directory Server.
* Connecting to directory service on server JASOUTHFS.
* Identified AD Forest.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... JASOUTHFS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JA
Starting test: Replications
* Replications Check
[Replications Check,JASOUTHFS] A recent replication attempt failed:
From JANEWCOMER to JASOUTHFS
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-01-31 11:59:17.
The last success occurred at 2007-01-31 09:58:14.
2 failures have occurred since the last success.
[JANEWCOMER] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3940 (DcDiag)
System Time is: 1/31/2007 17:8:30:976
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 323
Error Record 2, ProcessID is 3940 (DcDiag)
System Time is: 1/31/2007 17:8:30:976
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A retry should be performed.
Detection location is 313
Error Record 3, ProcessID is 3940 (DcDiag)
System Time is: 1/31/2007 17:8:30:976
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 3940 (DcDiag)
System Time is: 1/31/2007 17:8:30:976
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
The source remains down. Please check the machine.
[Replications Check,JASOUTHFS] A recent replication attempt failed:
From JANEWCOMER to JASOUTHFS
Naming Context: CN=Configuration,DC=JA,DC=
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-01-31 11:58:56.
The last success occurred at 2007-01-31 10:45:37.
2 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,JASOUTHFS] A recent replication attempt failed:
From JANEWCOMER to JASOUTHFS
Naming Context: DC=JA,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-01-31 11:58:35.
The last success occurred at 2007-01-31 09:58:14.
2 failures have occurred since the last success.
The source remains down. Please check the machine.
* Replication Latency Check
CN=Schema,CN=Configuration
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=JA,DC=
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=JA,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... JASOUTHFS passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC JASOUTHFS.
* Security Permissions Check for
DC=ForestDnsZones,DC=JA,DC
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=JA,DC
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=JA,DC=
(Configuration,Version 2)
* Security Permissions Check for
DC=JA,DC=local
(Domain,Version 2)
......................... JASOUTHFS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\JASOUTHFS\netlogon)
[JASOUTHFS] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
......................... JASOUTHFS failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\jane.JA.local, when we were trying to reach JASOUTHFS.
Server is not responding or is not considered suitable.
The DC JASOUTHFS is advertising itself as a DC and having a DS.
The DC JASOUTHFS is advertising as an LDAP server
The DC JASOUTHFS is advertising as having a writeable directory
The DC JASOUTHFS is advertising as a Key Distribution Center
The DC JASOUTHFS is advertising as a time server
The DS JASOUTHFS is advertising as a GC.
......................... JASOUTHFS failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=JANE,CN=Server
Role Domain Owner = CN=NTDS Settings,CN=JANE,CN=Server
Role PDC Owner = CN=NTDS Settings,CN=JANE,CN=Server
Role Rid Owner = CN=NTDS Settings,CN=JANE,CN=Server
Role Infrastructure Update Owner = CN=NTDS Settings,CN=JANE,CN=Server
......................... JASOUTHFS passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4110 to 1073741823
* jane.JA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2110 to 2609
* rIDPreviousAllocationPool is 2110 to 2609
* rIDNextRID: 2110
......................... JASOUTHFS passed test RidManager
Starting test: MachineAccount
Checking machine account for DC JASOUTHFS on DC JASOUTHFS.
* SPN found :LDAP/JASOUTHFS.JA.local/J
* SPN found :LDAP/JASOUTHFS.JA.local
* SPN found :LDAP/JASOUTHFS
* SPN found :LDAP/JASOUTHFS.JA.local/J
* SPN found :LDAP/c6ee1360-8d7d-49f7-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/JASOUTHFS.JA.local/J
* SPN found :HOST/JASOUTHFS.JA.local
* SPN found :HOST/JASOUTHFS
* SPN found :HOST/JASOUTHFS.JA.local/J
* SPN found :GC/JASOUTHFS.JA.local/JA.
......................... JASOUTHFS passed test MachineAccount
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... JASOUTHFS passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
JASOUTHFS is in domain DC=JA,DC=local
Checking for CN=JASOUTHFS,OU=Domain Controllers,DC=JA,DC=local
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=JASOUTHFS,CN=S
Object is up-to-date on all servers.
......................... JASOUTHFS passed test ObjectsReplicated
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The
error returned was 0 (The operation completed successfully.). Check
the FRS event log to see if the SYSVOL has successfully been shared.
......................... JASOUTHFS passed test FrsSysVol
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034FD
Time Generated: 01/31/2007 09:07:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/31/2007 09:09:36
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/31/2007 09:17:36
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/31/2007 09:17:37
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034FA
Time Generated: 01/31/2007 11:52:56
(Event String could not be retrieved)
......................... JASOUTHFS failed test FrsEvent
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... JASOUTHFS passed test KccEvent
Starting test: SystemLog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... JASOUTHFS passed test SystemLog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=JASOUTHFS,OU=Domain Controllers,DC=JA,DC=local
CN=JASOUTHFS,CN=Servers,CN
are correct.
The system object reference (frsComputerReferenceBL)
CN=JASOUTHFS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=JA,DC
and backlink on CN=JASOUTHFS,OU=Domain Controllers,DC=JA,DC=local
correct.
The system object reference (serverReferenceBL)
CN=JASOUTHFS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=JA,DC
and backlink on
CN=NTDS Settings,CN=JASOUTHFS,CN=S
are correct.
......................... JASOUTHFS passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : JA
Starting test: CrossRefValidation
......................... JA passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... JA passed test CheckSDRefDom
Running enterprise tests on : JA.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... JA.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\jane.JA.local
Locator Flags: 0xe00003fd
PDC Name: \\jane.JA.local
Locator Flags: 0xe00003fd
Time Server Name: \\jane.JA.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\jane.JA.local
Locator Flags: 0xe00003fd
KDC Name: \\jane.JA.local
Locator Flags: 0xe00003fd
......................... JA.local passed test FsmoCheck
> Warning: DsGetDcName returned information for \\jane.JA.local, when we
> were trying to reach JASOUTHFS
for sure we still have DNS issue here. Try this
1. use only one DNS server on JAsouthfs. Use your the one that Jane uses
2. make sure zone ja.local and _msdcs.ja.local are accepting dynamic updates
3. verify that A record jashouthfs.ja.local is correct on the only DNS server we are using
4. remove everything under _msdcs.ja.local, restart netlogon service on all DCs
(it's very safe to do so despite the fact it appears scarry. if you are uncomfortable with this, remove everything that points to jasouthfs in _msdcs zone, then restart netlogon service, which should register all SRV records again for you)
ASKER
just to clarify, Use the IP of the PDC for the primary DNS of the JAsouthfs and leave secondary empty, and delete everything in _msdcs.ja.local on both servers. Another thing i should point out after digging a little. The jasouthfs is the remote DC and DNS is not installed on it, the Jane is the PDC and has DNS but it is set as a primary zone and not AD-integrated. Should i rectify this situation prior to continuing?
it's ok to have non-ad-integrated zone and has only one DNS server. In multiple dns server case, remove things on primary DNS and the deletion should be replicated out. And yes use PDC as primary DNS and leave secondary empty.
ASKER
I"ve done everything you've suggest and i'm still getting DNS type errors and still can't get it to let me add users to a shared drive, still gives me replication errors. I don't know why this is acting like this. I have another one set up and a different remote location identical and there are no issues. Anything else you think i can try?
jasonmichel,
> Unable to connect to the NETLOGON share! (\\JASOUTHFS\netlogon)
> [JASOUTHFS] An net use or LsaPolicy operation failed with
> error 1203, No network provider accepted the given network path..
> ......................... JASOUTHFS failed test NetLogons
ok I checked back the netdiag result and above caught my eyes. See if 257338 helps.
http://support.microsoft.com/?kbid=257338
> Unable to connect to the NETLOGON share! (\\JASOUTHFS\netlogon)
> [JASOUTHFS] An net use or LsaPolicy operation failed with
> error 1203, No network provider accepted the given network path..
> ......................... JASOUTHFS failed test NetLogons
ok I checked back the netdiag result and above caught my eyes. See if 257338 helps.
http://support.microsoft.com/?kbid=257338
ASKER
I ran repadmin /showreps %upstreamcomputer% and also for downstream to check replication and i get same error on both: "[d:\r2\ds\adam\src\util\r epadmin\re pbind.c, 207] LDAP error 81 (server Down) WIn32 error 58
ASKER
heres a strange twist, it seems when i go to network places and select the JA domain, all the workstations show up. If i find the secondary DC that is giving me issues and go into it and access the share, I can right click on it go properties and then security. If i type a name and then hit check name, boom, pops right up. But if i click advanced..it times outs and locks up, If i access the same share by going through my computer and go to security, it can't find the name either way and locks up. What the heck is goin on.. Real close to wiping that server and starting over
ASKER