Solved

AD Replication, DCDIAG errors...  HELP!!!

Posted on 2007-03-19
6
6,535 Views
Last Modified: 2008-05-31
have an exchange server that the motherboard failed on.
After the server came back up I had tons of issues.  I have resolved all but this one...
I have 2 sites.  The main issue I seem to be having is AD replication.  WHen running DC Diag I get this...

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Birmingham-AL\MERCURY
      Starting test: Connectivity
         ......................... MERCURY passed test Connectivity

Doing primary tests

   Testing server: Birmingham-AL\MERCURY
      Starting test: Replications
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source ZEUS
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         REPLICATION-RECEIVED LATENCY WARNING
         MERCURY:  Current time is 2007-03-19 12:22:30.
            DC=ForestDnsZones,DC=subdomain,DC=domain,DC=com
               Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.

               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            DC=DomainDnsZones,DC=subdomain,DC=domain,DC=com
               Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.

               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            CN=Schema,CN=Configuration,DC=subdomain,DC=domain,DC=com
               Last replication recieved from PROMETHEUS at 2006-03-18 03:49:13.

               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            CN=Configuration,DC=subdomain,DC=domain,DC=com
               Last replication recieved from PROMETHEUS at 2006-03-18 03:49:13.

               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            DC=subdomain,DC=domain,DC=com
               Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.

               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

         ......................... MERCURY passed test Replications
      Starting test: NCSecDesc
         ......................... MERCURY passed test NCSecDesc
      Starting test: NetLogons
         ......................... MERCURY passed test NetLogons
      Starting test: Advertising
         ......................... MERCURY passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MERCURY passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MERCURY passed test RidManager
      Starting test: MachineAccount
         ......................... MERCURY passed test MachineAccount
      Starting test: Services
         ......................... MERCURY passed test Services
      Starting test: ObjectsReplicated
         ......................... MERCURY passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MERCURY passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... MERCURY failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x8000061E
            Time Generated: 03/19/2007   12:09:12
            Event String: All domain controllers in the following site that
         An Error Event occured.  EventID: 0xC000051F
            Time Generated: 03/19/2007   12:09:12
            Event String: The Knowledge Consistency Checker (KCC) has
         An Warning Event occured.  EventID: 0x80000749
            Time Generated: 03/19/2007   12:09:12
            Event String: The Knowledge Consistency Checker (KCC) was
         An Warning Event occured.  EventID: 0x8000061E
            Time Generated: 03/19/2007   12:09:12
            Event String: All domain controllers in the following site that
         An Error Event occured.  EventID: 0xC000051F
            Time Generated: 03/19/2007   12:09:12
            Event String: The Knowledge Consistency Checker (KCC) has
         An Warning Event occured.  EventID: 0x80000749
            Time Generated: 03/19/2007   12:09:12
            Event String: The Knowledge Consistency Checker (KCC) was
         An Warning Event occured.  EventID: 0x8000061E
            Time Generated: 03/19/2007   12:09:12
            Event String: All domain controllers in the following site that
         An Error Event occured.  EventID: 0xC000051F
            Time Generated: 03/19/2007   12:09:12
            Event String: The Knowledge Consistency Checker (KCC) has
         An Warning Event occured.  EventID: 0x80000749
            Time Generated: 03/19/2007   12:09:12
            Event String: The Knowledge Consistency Checker (KCC) was
         An Warning Event occured.  EventID: 0x8000061E
            Time Generated: 03/19/2007   12:09:12
            Event String: All domain controllers in the following site that
         An Error Event occured.  EventID: 0xC000051F
            Time Generated: 03/19/2007   12:09:12
            Event String: The Knowledge Consistency Checker (KCC) has
         An Warning Event occured.  EventID: 0x80000749
            Time Generated: 03/19/2007   12:09:12
            Event String: The Knowledge Consistency Checker (KCC) was
         ......................... MERCURY failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/19/2007   11:47:00
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/19/2007   11:47:01
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/19/2007   11:47:01
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/19/2007   11:47:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/19/2007   11:47:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/19/2007   11:47:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/19/2007   11:47:03
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/19/2007   11:47:03
            (Event String could not be retrieved)
         ......................... MERCURY failed test systemlog
      Starting test: VerifyReferences
         ......................... MERCURY passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : subdomain
      Starting test: CrossRefValidation
         ......................... subdomain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... subdomain passed test CheckSDRefDom

   Running enterprise tests on : subdomain.domain.com
      Starting test: Intersite
         ......................... subdomain.domain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... subdomain.domain.com passed test FsmoCheck


any help is MUCH MUCH appreciated...  
0
Comment
Question by:Gizneek
  • 3
  • 2
6 Comments
 
LVL 15

Assisted Solution

by:JimboEfx
JimboEfx earned 50 total points
Comment Utility
Last replication received from PROMETHEUS at 2006-03-18 03:49:13.

Can you confirm this is the last time replication happened - check the logs on PROMETHEUS  for confirmation.
0
 
LVL 1

Author Comment

by:Gizneek
Comment Utility
yes this is confirmed...
Thanks for the reply
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 450 total points
Comment Utility
WARNING:  This latency is over the Tombstone Lifetime of 60 days!

It appears this DC hasn't been replicating properly for too long.

On this DC only:

Stop the NTFRS service.  Leave it set to Automatic.
Run Regedit.
Find this key:  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\
Backup/Restore\Process at Startup
Double click BurFlags
Change the value to D2.
Reboot.

Be patient.

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 450 total points
Comment Utility
This should be done on MERCURY.

Make sure (also) the the TIME and TIME ZONE (along with Daylight Savings & Associated patches) is correct before you restart.

0
 
LVL 1

Author Comment

by:Gizneek
Comment Utility
k... here is what I did.  
This got pretty deep so I called Microsoft and got an engineer on the line.  Evidentally what happned is when the server died and the system board was changed.  Because of this we started having issues due the whole kerberos password issue that I found on the internet, and the internall equipment change.
The microsoft guy ran some reports and some tests.  Went to all DC's and tried to connect via
\\servername.domain.bla and found that they could not connect to mercury.  Also the DNS just went away on prometheus as well... forgot to mention that one.  But I cannot remember everything he did as I was fighting about 5 other fires at the same time.  That was the main reason I had to call... and that I have 5 free incidents per year.  Here are the links I got after he fixed everything...

http://technet2.microsoft.com/WindowsServer/en/Library/1465d773-b763-45ec-b971-c23cdc27400e1033.mspx?mfr=true

http://technet2.microsoft.com/WindowsServer/f/?en/library/838dbebe-7a87-4cd2-b6f7-fc5847a2c2261033.mspx

http://support.microsoft.com/kb/830069/en-us

http://support.microsoft.com/kb/288167/en-us

I will have to say that calling these people was the best thing I could do in my situation as I was swamped and I was actually having a hard time juggling this with the other issues.  They actually did a good job.  I expected it to be scripted like when you call dell or HP.  but it was not and for that I am thankful.  I will award points for those of you who replied.
Thanks,... If you have any additional questions I will do my best to answer them.
0
 
LVL 1

Author Comment

by:Gizneek
Comment Utility
Some other stuff in the email sent to me after fix...

# DC: 3 SITE: 2
# subdomain.domain.com
# Hardware --> Board Changed on the server.
# found that the Secure channel was broken..
# Did reset the secure channel of Mercury with Zeus & PROMETHEUS
# Followed Command:  
***added by Gizneek*** (You have to stop it first then run this)
               netdom resetpwd /server:<PDCe> /userd:<DOMAIN>\<Admin_account> /passwordd:*
# It worked fine..
# On PROMETHEUS zones were not getting populated.. so did run Klist to purge tickets & then tried to reset the secure channel & then ran the following commands:
ipconfig /flushdns
net stop netlogon
net start netlogon
ipconfig /registerdns
# Now were not getting any AD Replication errors: i.e. Logon Failure. Target principle name is incorrect

Hope this helps anyone else that has this issue.
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now