Site to Site Replication just stopped Funny errors

reactive-it
reactive-it used Ask the Experts™
on
Site A Windows 2003 Server Parent Domain
Site B Windows 2003 Server Child Domain
Has been working fine for months. Then on 30/05/07 a new user was created in Site B usually within 10-15 mins the new user is in the Global Address List and viewable After 36 Hours and a bit of investigation it would seem for no apparent reason upon 22/05/07 the replication between the two stopped.
IPConfig for Site A DC
IP 10.10.57.2
Mask 255.255.255.0
Gateway 10.10.57.1
DNS 10.10.57.2
WINS 10.10.57.2
WINS2 10.10.29.5
IPCONFIG Site B
IP 10.10.29.5
Mask 255.255.255.0
Gateway 10.10.29.1
DNS 10.10.57.2
WINS 10.10.29.5
WINS 210.10.57.2

Sites seem to ping each other Okay and Pass Netdiag Okay
DCDIAG on Site B passes all bar systemlog with Kerberos errors
DCDIAG on Site A doesnt fails Replications and kccevent
NETDIAGand DCDIAG below
Server A Site A
Netdiag


    Computer Name: servera
    DNS Host Name: servera.site.co.uk
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896424
        KB896428
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB908519
        KB908531
        KB908981
        KB910437
        KB911280
        KB911562
        KB911564
        KB911567
        KB911927
        KB912919
        KB912945
        KB914388
        KB914389
        KB916846
        KB917159
        KB917344
        KB917422
        KB917537
        KB917734
        KB917953
        KB918439
        KB918899
        KB920213
        KB920214
        KB920670
        KB920683
        KB920685
        KB921398
        KB921883
        KB922582
        KB922616
        KB922819
        KB923191
        KB923414
        KB923689
        KB923694
        KB923980
        KB924191
        KB924496
        KB925398_WMP64
        KB925454
        KB925486
        KB928388
        KB929120
        KB929969
        KB931836
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : servera
        IP Address . . . . . . . . : 10.10.57.2
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.10.57.1
        Primary WINS Server. . . . : 10.10.57.2
        Secondary WINS Server. . . : 10.10.29.5
        Dns Servers. . . . . . . . : 10.10.57.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.10.57.2' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
NETDIAG CHILD DC Server B



    Computer Name: serverb
    DNS Host Name: serverb.child.site.co.uk
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 4, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896424
        KB896428
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB904942
        KB905414
        KB908519
        KB908531
        KB909520
        KB910437
        KB911280
        KB911562
        KB911567
        KB911927
        KB912919
        KB914388
        KB914389
        KB916281
        KB916846
        KB917159
        KB917344
        KB917422
        KB917537
        KB917734
        KB917953
        KB918439
        KB918899
        KB920213
        KB920214
        KB920670
        KB920683
        KB920685
        KB921398
        KB921883
        KB922582
        KB922616
        KB922819
        KB923191
        KB923414
        KB923689
        KB923694
        KB923980
        KB924191
        KB924496
        KB925398_WMP64
        KB925454
        KB925486
        KB926247
        KB928388
        KB929120
        KB929969
        KB931836
        Q147222


Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets.



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : serverb
        IP Address . . . . . . . . : 10.10.29.5
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.10.29.1
        Primary WINS Server. . . . : 10.10.29.5
        Secondary WINS Server. . . : 10.10.57.2
        Dns Servers. . . . . . . . : 10.10.57.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{A676A03B-3D50-4E58-B008-BECE1CF198FB}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.10.57.2' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{A676A03B-3D50-4E58-B008-BECE1CF198FB}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{A676A03B-3D50-4E58-B008-BECE1CF198FB}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
DCDIAG SERVER A PARENT

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\servera
      Starting test: Connectivity
         ......................... servera passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\servera
      Starting test: Replications
         [Replications Check,servera] A recent replication attempt failed:
            From serverb to servera
            Naming Context: DC=ForestDnsZones,DC=sitea,DC=co,DC=uk
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2007-05-31 22:57:01.
            The last success occurred at 2007-05-22 17:09:05.
            975 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [serverb] DsBindWithSpnEx() failed with error -2146892976,
         The system detected a possible attempt to compromise security.  Please ensure that you can contact the server that authenticated you..
         [Replications Check,servera] A recent replication attempt failed:
            From serverb to servera
            Naming Context: CN=Schema,CN=Configuration,DC=sitea,DC=co,DC=uk
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2007-05-31 22:49:34.
            The last success occurred at 2007-05-22 17:09:05.
            882 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,servera] A recent replication attempt failed:
            From serverb to servera
            Naming Context: CN=Configuration,DC=sitea,DC=co,DC=uk
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2007-05-31 22:58:02.
            The last success occurred at 2007-05-22 17:09:05.
            1363 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,servera] A recent replication attempt failed:
            From serverb to servera
            Naming Context: DC=wigan,DC=sitea,DC=co,DC=uk
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2007-05-31 22:48:34.
            The last success occurred at 2007-05-22 17:09:05.
            3213 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         servera:  Current time is 2007-05-31 22:59:18.
            DC=ForestDnsZones,DC=sitea,DC=co,DC=uk
               Last replication recieved from serverb at 2007-05-22 17:08:32.
            CN=Schema,CN=Configuration,DC=sitea,DC=co,DC=uk
               Last replication recieved from serverb at 2007-05-22 17:08:31.
            CN=Configuration,DC=sitea,DC=co,DC=uk
               Last replication recieved from serverb at 2007-05-22 17:08:31.
            DC=wigan,DC=sitea,DC=co,DC=uk
               Last replication recieved from serverb at 2007-05-22 17:08:32.
         ......................... servera passed test Replications
      Starting test: NCSecDesc
         ......................... servera passed test NCSecDesc
      Starting test: NetLogons
         ......................... servera passed test NetLogons
      Starting test: Advertising
         ......................... servera passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... servera passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... servera passed test RidManager
      Starting test: MachineAccount
         ......................... servera passed test MachineAccount
      Starting test: Services
         ......................... servera passed test Services
      Starting test: ObjectsReplicated
         ......................... servera passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... servera passed test frssysvol
      Starting test: frsevent
         ......................... servera passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x8025082C
            Time Generated: 05/31/2007   22:46:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 05/31/2007   22:46:53
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x8025082C
            Time Generated: 05/31/2007   22:46:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 05/31/2007   22:46:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 05/31/2007   22:46:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 05/31/2007   22:46:53
            (Event String could not be retrieved)
         ......................... servera failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 05/31/2007   22:39:26
            (Event String could not be retrieved)
         ......................... servera failed test systemlog
      Starting test: VerifyReferences
         ......................... servera passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : sitea
      Starting test: CrossRefValidation
         ......................... sitea passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... sitea passed test CheckSDRefDom
   
   Running enterprise tests on : sitea.co.uk
      Starting test: Intersite
         ......................... sitea.co.uk passed test Intersite
      Starting test: FsmoCheck
         ......................... sitea.co.uk passed test FsmoCheck
SERVER B CHILD DOMAIN DCDIAG

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\serverb
      Starting test: Connectivity
         ......................... serverb passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\serverb
      Starting test: Replications
         ......................... serverb passed test Replications
      Starting test: NCSecDesc
         ......................... serverb passed test NCSecDesc
      Starting test: NetLogons
         ......................... serverb passed test NetLogons
      Starting test: Advertising
         ......................... serverb passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... serverb passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... serverb passed test RidManager
      Starting test: MachineAccount
         ......................... serverb passed test MachineAccount
      Starting test: Services
         ......................... serverb passed test Services
      Starting test: ObjectsReplicated
         ......................... serverb passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... serverb passed test frssysvol
      Starting test: frsevent
         ......................... serverb passed test frsevent
      Starting test: kccevent
         ......................... serverb passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 05/31/2007   22:11:33
            Event String: A Kerberos Error Message was received:
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 05/31/2007   22:19:17
            Event String: A Kerberos Error Message was received:
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 05/31/2007   22:21:15
            Event String: A Kerberos Error Message was received:
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 05/31/2007   22:34:20
            Event String: A Kerberos Error Message was received:
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 05/31/2007   22:49:22
            Event String: A Kerberos Error Message was received:
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 05/31/2007   22:59:30
            Event String: A Kerberos Error Message was received:
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 05/31/2007   23:04:39
            Event String: A Kerberos Error Message was received:
         ......................... serverb failed test systemlog
      Starting test: VerifyReferences
         ......................... serverb passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : wigan
      Starting test: CrossRefValidation
         ......................... wigan passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... wigan passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running enterprise tests on : site.co.uk
      Starting test: Intersite
         ......................... site.co.uk passed test Intersite
      Starting test: FsmoCheck
         ......................... site.co.uk passed test FsmoCheck
Regards



Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
As an interim troubleshooting step point the site B DCs to the site A DCs for DNS - do this on their network connection properties.

Restart the netlogon service on the site B DCs and then restart FRS.

Lets eliminate DNS as an issue, as most replication errors invariably have DNS as their root cause.

Author

Commented:
If you read Site B Server already has Site A Server as its DNS Server

Author

Commented:
Both Sites use Server A in the Root as the DNS Server for clarity
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Also check out repadmin:

http://technet2.microsoft.com/windowsserver/en/library/a103036b-5d82-4d99-8e61-23d434a8e6eb1033.mspx?mfr=true

See if it gives you any further information.


Also can you confirm time sync between the DCs?

http://www.goldfisch.at/knowledge/301

Since this appears to be a kerberos error - check out the troubleshooting guide:

https://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx

Author

Commented:
PortQry from Site A Dc to Site B
Provides success from Site B
Site A However reports
IP address resolved to MORGAN

querying...

TCP port 88 (kerberos service): LISTENING

UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n 10.10.57.2 -e 88 -p BOTH exits with return code 0x00000002.
=============================================
The rest seems okay

Author

Commented:
IGNORE PREVIOUS POST
Site A to B OK PortQryUI
Site B to A reports ok less for
IP address resolved to SERVER A

querying...

TCP port 88 (kerberos service): LISTENING

UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n 10.10.57.2 -e 88 -p BOTH exits with return code 0x00000002.
=============================================

Author

Commented:
repladmin from server A
repadmin running command /showrepl against server localhost

Default-First-Site-Name\site
DC Options: IS_GC
Site Options: (none)
DC object GUID: 443c9970-ad95-45e7-adac-c119de846820
DC invocationID: 443c9970-ad95-45e7-adac-c119de846820

==== INBOUND NEIGHBORS ======================================

CN=Configuration,DC=servera,DC=co,DC=uk
    Default-First-Site-Name\serverb via RPC
        DC object GUID: a645534f-b2c5-4f35-8748-64aad17d72c8
        Last attempt @ 2007-06-01 07:47:53 failed, result 1908 (0x774):
            Could not find the domain controller for this domain.
        1416 consecutive failure(s).
        Last success @ 2007-05-22 17:09:05.

CN=Schema,CN=Configuration,DC=servera,DC=co,DC=uk
    Default-First-Site-Name\serverb via RPC
        DC object GUID: a645534f-b2c5-4f35-8748-64aad17d72c8
        Last attempt @ 2007-06-01 07:48:54 failed, result 1908 (0x774):
            Could not find the domain controller for this domain.
        918 consecutive failure(s).
        Last success @ 2007-05-22 17:09:05.

DC=ForestDnsZones,DC=servera,DC=co,DC=uk
    Default-First-Site-Name\serverb via RPC
        DC object GUID: a645534f-b2c5-4f35-8748-64aad17d72c8
        Last attempt @ 2007-06-01 07:47:53 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        1019 consecutive failure(s).
        Last success @ 2007-05-22 17:09:05.

DC=child,DC=servera,DC=co,DC=uk
    Default-First-Site-Name\serverb via RPC
        DC object GUID: a645534f-b2c5-4f35-8748-64aad17d72c8
        Last attempt @ 2007-06-01 07:51:51 failed, result 1908 (0x774):
            Could not find the domain controller for this domain.
        3300 consecutive failure(s).
        Last success @ 2007-05-22 17:09:05.

Source: Default-First-Site-Name\serverb
******* 3300 CONSECUTIVE FAILURES since 2007-05-22 17:09:05
Last error: 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

Author

Commented:
FROM SERVER B
repadmin running command /showrepl against server localhost

Default-First-Site-Name\serverb
DC Options: IS_GC
Site Options: (none)
DC object GUID: a645534f-b2c5-4f35-8748-64aad17d72c8
DC invocationID: 45c809c3-bd4b-4db9-acf7-098dd9bce738

==== INBOUND NEIGHBORS ======================================

CN=Configuration,DC=site,DC=co,DC=uk
    Default-First-Site-Name\servera via RPC
        DC object GUID: 443c9970-ad95-45e7-adac-c119de846820
        Last attempt @ 2007-06-01 07:59:49 was successful.

CN=Schema,CN=Configuration,DC=site,DC=co,DC=uk
    Default-First-Site-Name\servera via RPC
        DC object GUID: 443c9970-ad95-45e7-adac-c119de846820
        Last attempt @ 2007-06-01 07:59:49 was successful.

DC=ForestDnsZones,DC=site,DC=co,DC=uk
    Default-First-Site-Name\servera via RPC
        DC object GUID: 443c9970-ad95-45e7-adac-c119de846820
        Last attempt @ 2007-06-01 07:59:50 was successful.

DC=site,DC=co,DC=uk
    Default-First-Site-Name\servera via RPC
        DC object GUID: 443c9970-ad95-45e7-adac-c119de846820
        Last attempt @ 2007-06-01 07:59:50 was successful.

Author

Commented:
Running Kerbtray on Server A All ok
Running Kerbtray on Server B Says Has Expired

Author

Commented:
SITE B SAYS NO Network Credentials When i list Tickets in Kerberos Tray
Check this post out:

http://minasi.com/forum/topic.asp?TOPIC_ID=22452

Specificially look at the ms case notes to re-establish the secure channel between the DCs

Author

Commented:
he references
dctoolbox ?
ADSS - Active Directory
repladmin
what is dctoolbox
"force ad replication using dctoolbox,adss and repadmin /showreps"
Thanks
Sorry I'm not sure what it is, but articles refer to it as a tool to force replcation between two specified DCs much like repadmin does

http://www.ktectraining.com/demo/Demo5/Plan%20and%20Mantain%20a%20Server%202003%20AD%20Infrastructure,%20Part%204/page_14.html

I think the general jist is to force replication once the changes have been made as prescribed.

Author

Commented:
Kerbtray shows Green at both Sites Prior to doing this only one site was green however still no replication and whereas Netdiag wasnt too bad before we now have
SITE A



    Computer Name: servera
    DNS Host Name: servera.sitea.co.uk
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896424
        KB896428
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB908519
        KB908531
        KB908981
        KB910437
        KB911280
        KB911562
        KB911564
        KB911567
        KB911927
        KB912919
        KB912945
        KB914388
        KB914389
        KB916846
        KB917159
        KB917344
        KB917422
        KB917537
        KB917734
        KB917953
        KB918439
        KB918899
        KB920213
        KB920214
        KB920670
        KB920683
        KB920685
        KB921398
        KB921883
        KB922582
        KB922616
        KB922819
        KB923191
        KB923414
        KB923689
        KB923694
        KB923980
        KB924191
        KB924496
        KB925398_WMP64
        KB925454
        KB925486
        KB928388
        KB929120
        KB929969
        KB931836
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : servera
        IP Address . . . . . . . . : 10.10.57.2
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.10.57.1
        Primary WINS Server. . . . : 10.10.57.2
        Secondary WINS Server. . . : 10.10.29.5
        Dns Servers. . . . . . . . : 10.10.57.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.10.57.2' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/servera.sitea.co.uk.


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

----------------------------
SITE B



    Computer Name: servera
    DNS Host Name: servera.sitea.co.uk
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896424
        KB896428
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB908519
        KB908531
        KB908981
        KB910437
        KB911280
        KB911562
        KB911564
        KB911567
        KB911927
        KB912919
        KB912945
        KB914388
        KB914389
        KB916846
        KB917159
        KB917344
        KB917422
        KB917537
        KB917734
        KB917953
        KB918439
        KB918899
        KB920213
        KB920214
        KB920670
        KB920683
        KB920685
        KB921398
        KB921883
        KB922582
        KB922616
        KB922819
        KB923191
        KB923414
        KB923689
        KB923694
        KB923980
        KB924191
        KB924496
        KB925398_WMP64
        KB925454
        KB925486
        KB928388
        KB929120
        KB929969
        KB931836
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : servera
        IP Address . . . . . . . . : 10.10.57.2
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.10.57.1
        Primary WINS Server. . . . : 10.10.57.2
        Secondary WINS Server. . . : 10.10.29.5
        Dns Servers. . . . . . . . : 10.10.57.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.10.57.2' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{DAEA2973-1590-490B-BA78-919512D4A07F}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/servera.sitea.co.uk.


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

Which is a different Kerberos error i can confirm that in kerbtray there are lots of tickets but the one related too in netdiag does not seem to be there.

I feel we are closer but not quite.
The only thing i havent managed is a reboot which i dare not do prior to backing up all essential data which is nearly finished now.
How have you got on after rebooting the server?

If that hasn't worked... maybe the next step is the demotion (or forced demotion) of site B, cleanup metadata on A and then dcpromo B back up again.

Author

Commented:
No one else helped the Minassi post with the netdom resetpwd done trick only thing is took hell of a long time 36 hours ish to synchback up.
I thought it might take a while to resolve... glad you got it sorted.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial