3 2003 DCs - Replication issue with one DC
Hi all!
I have been having a few problems with my servers and only now am able to address them. My environment consists of 3 windows 2003 standard servers (SCSERVER1, SCSERVER2, SCSERVER3). All three are a distance apart and all three are on their own subnets. Server 1 and 2 are connected through a wireless bridge. The internet connection for both is at the same location as server 1 (server 2 is quite remote). Server 3 is connected through a VPN. Server 3 does not carry any roles, as the vpn does go down sometimes. All three are DC's and part of the same domain.
My problem seems to be with replication. Replication seems to be fine between servers 1 & 2. Server 3 will not replicate. When I try to force replication through sites and services I get the error message: "The following error occured during the attempt to syncronize naming context SENTREX.local from domain controller SCSERVER1 to domain controler SCSERVER3: The target principle name is incorrect. This operation will not continue."
Physically I can connect to server 3 no problem. I can ping with no problem. I can also browse files on and from all servers no problem. Every now and then my users get a kerbos error in their event logs "KRB_AP_ERR_MODIFIED". The servers all have warning events 13508 for replication in the FRS event log for every day.
Any help to resolve this problems would be so greatly appreciated!
Below I will attach dcdiag for server 3 and then server 1:
C:\>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SCSERVE
Starting test: Connectivity
......................... SCSERVER3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SCSERVE
Starting test: Replications
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: DC=ForestDnsZones,DC=SENTR
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2007-07-31 11:57:16.
The last success occurred at 2007-05-15 17:56:04.
1849 failures have occurred since the last success.
[SCSERVER2] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: DC=ForestDnsZones,DC=SENTR
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:04.
1849 failures have occurred since the last success.
[SCSERVER1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: DC=DomainDnsZones,DC=SENTR
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2007-07-31 11:57:16.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: DC=DomainDnsZones,DC=SENTR
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:04.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: CN=Configuration,DC=SENTRE
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:16.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: CN=Configuration,DC=SENTRE
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: DC=SENTREX,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:16.
The last success occurred at 2007-05-15 18:23:24.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: DC=SENTREX,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 12:18:08.
The last success occurred at 2007-05-15 18:23:50.
1852 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
SCSERVER3: Current time is 2007-07-31 12:20:15.
DC=ForestDnsZones,DC=SENTR
Last replication recieved from SCSERVER1 at 2007-05-15 17:56:04.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 17:56:04.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=SENTR
Last replication recieved from SCSERVER1 at 2007-05-15 17:56:04.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration
Last replication recieved from SCSERVER1 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=SENTRE
Last replication recieved from SCSERVER1 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=SENTREX,DC=local
Last replication recieved from SCSERVER1 at 2007-05-15 18:23:50.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 18:23:27.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... SCSERVER3 passed test Replications
Starting test: NCSecDesc
......................... SCSERVER3 passed test NCSecDesc
Starting test: NetLogons
......................... SCSERVER3 passed test NetLogons
Starting test: Advertising
Warning: SCSERVER3 is not advertising as a time server.
......................... SCSERVER3 failed test Advertising
Starting test: KnowsOfRoleHolders
Warning: SCSERVER2 is the Schema Owner, but is not responding to DS RPC
Bind.
[SCSERVER2] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: SCSERVER2 is the Schema Owner, but is not responding to LDAP B
ind.
Warning: SCSERVER2 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SCSERVER2 is the Domain Owner, but is not responding to LDAP B
ind.
Warning: SCSERVER2 is the PDC Owner, but is not responding to DS RPC Bi
nd.
Warning: SCSERVER2 is the PDC Owner, but is not responding to LDAP Bind
.
Warning: SCSERVER2 is the Rid Owner, but is not responding to DS RPC Bi
nd.
Warning: SCSERVER2 is the Rid Owner, but is not responding to LDAP Bind
.
Warning: SCSERVER2 is the Infrastructure Update Owner, but is not respo
nding to DS RPC Bind.
Warning: SCSERVER2 is the Infrastructure Update Owner, but is not respo
nding to LDAP Bind.
......................... SCSERVER3 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... SCSERVER3 failed test RidManager
Starting test: MachineAccount
......................... SCSERVER3 passed test MachineAccount
Starting test: Services
......................... SCSERVER3 passed test Services
Starting test: ObjectsReplicated
......................... SCSERVER3 passed test ObjectsReplicated
Starting test: frssysvol
......................... SCSERVER3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SCSERVER3 failed test frsevent
Starting test: kccevent
......................... SCSERVER3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:30:38
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:30:43
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:30:44
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:49:13
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:57:16
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 12:01:20
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 12:20:15
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 12:20:15
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 12:20:17
Event String: The kerberos client received a
......................... SCSERVER3 failed test systemlog
Starting test: VerifyReferences
......................... SCSERVER3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SENTREX
Starting test: CrossRefValidation
......................... SENTREX passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SENTREX passed test CheckSDRefDom
Running enterprise tests on : SENTREX.local
Starting test: Intersite
......................... SENTREX.local passed test Intersite
Starting test: FsmoCheck
......................... SENTREX.local passed test FsmoCheck
C:\>
--------------------------
AND FROM SERVER 1:
--------------------------
C:\>dcdiag
DC Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site\SCSERVE
Starting test: Connectivity
......................... SCSERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SCSERVE
Starting test: Replications
......................... SCSERVER1 passed test Replications
Starting test: NCSecDesc
......................... SCSERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SCSERVER1 passed test NetLogons
Starting test: Advertising
......................... SCSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SCSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SCSERVER1 passed test RidManager
Starting test: MachineAccount
......................... SCSERVER1 passed test MachineAccount
Starting test: Services
RPCLOCATOR Service is stopped on [SCSERVER1]
TrkWks Service is stopped on [SCSERVER1]
TrkSvr Service is stopped on [SCSERVER1]
......................... SCSERVER1 failed test Services
Starting test: ObjectsReplicated
......................... SCSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SCSERVER1 passed test frssysvol
Starting test: kccevent
......................... SCSERVER1 passed test kccevent
Starting test: systemlog
......................... SCSERVER1 passed test systemlog
Running enterprise tests on : SENTREX.local
Starting test: Intersite
......................... SENTREX.local passed test Intersite
Starting test: FsmoCheck
......................... SENTREX.local passed test FsmoCheck
C:\>
I have been having a few problems with my servers and only now am able to address them. My environment consists of 3 windows 2003 standard servers (SCSERVER1, SCSERVER2, SCSERVER3). All three are a distance apart and all three are on their own subnets. Server 1 and 2 are connected through a wireless bridge. The internet connection for both is at the same location as server 1 (server 2 is quite remote). Server 3 is connected through a VPN. Server 3 does not carry any roles, as the vpn does go down sometimes. All three are DC's and part of the same domain.
My problem seems to be with replication. Replication seems to be fine between servers 1 & 2. Server 3 will not replicate. When I try to force replication through sites and services I get the error message: "The following error occured during the attempt to syncronize naming context SENTREX.local from domain controller SCSERVER1 to domain controler SCSERVER3: The target principle name is incorrect. This operation will not continue."
Physically I can connect to server 3 no problem. I can ping with no problem. I can also browse files on and from all servers no problem. Every now and then my users get a kerbos error in their event logs "KRB_AP_ERR_MODIFIED". The servers all have warning events 13508 for replication in the FRS event log for every day.
Any help to resolve this problems would be so greatly appreciated!
Below I will attach dcdiag for server 3 and then server 1:
C:\>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SCSERVE
Starting test: Connectivity
......................... SCSERVER3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SCSERVE
Starting test: Replications
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: DC=ForestDnsZones,DC=SENTR
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2007-07-31 11:57:16.
The last success occurred at 2007-05-15 17:56:04.
1849 failures have occurred since the last success.
[SCSERVER2] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: DC=ForestDnsZones,DC=SENTR
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:04.
1849 failures have occurred since the last success.
[SCSERVER1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: DC=DomainDnsZones,DC=SENTR
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2007-07-31 11:57:16.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: DC=DomainDnsZones,DC=SENTR
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:04.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: CN=Configuration,DC=SENTRE
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:16.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: CN=Configuration,DC=SENTRE
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:17.
The last success occurred at 2007-05-15 17:56:03.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER2 to SCSERVER3
Naming Context: DC=SENTREX,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 11:57:16.
The last success occurred at 2007-05-15 18:23:24.
1849 failures have occurred since the last success.
[Replications Check,SCSERVER3] A recent replication attempt failed:
From SCSERVER1 to SCSERVER3
Naming Context: DC=SENTREX,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2007-07-31 12:18:08.
The last success occurred at 2007-05-15 18:23:50.
1852 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
SCSERVER3: Current time is 2007-07-31 12:20:15.
DC=ForestDnsZones,DC=SENTR
Last replication recieved from SCSERVER1 at 2007-05-15 17:56:04.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 17:56:04.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=SENTR
Last replication recieved from SCSERVER1 at 2007-05-15 17:56:04.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration
Last replication recieved from SCSERVER1 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=SENTRE
Last replication recieved from SCSERVER1 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 17:56:03.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=SENTREX,DC=local
Last replication recieved from SCSERVER1 at 2007-05-15 18:23:50.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SCSERVER2 at 2007-05-15 18:23:27.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... SCSERVER3 passed test Replications
Starting test: NCSecDesc
......................... SCSERVER3 passed test NCSecDesc
Starting test: NetLogons
......................... SCSERVER3 passed test NetLogons
Starting test: Advertising
Warning: SCSERVER3 is not advertising as a time server.
......................... SCSERVER3 failed test Advertising
Starting test: KnowsOfRoleHolders
Warning: SCSERVER2 is the Schema Owner, but is not responding to DS RPC
Bind.
[SCSERVER2] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: SCSERVER2 is the Schema Owner, but is not responding to LDAP B
ind.
Warning: SCSERVER2 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SCSERVER2 is the Domain Owner, but is not responding to LDAP B
ind.
Warning: SCSERVER2 is the PDC Owner, but is not responding to DS RPC Bi
nd.
Warning: SCSERVER2 is the PDC Owner, but is not responding to LDAP Bind
.
Warning: SCSERVER2 is the Rid Owner, but is not responding to DS RPC Bi
nd.
Warning: SCSERVER2 is the Rid Owner, but is not responding to LDAP Bind
.
Warning: SCSERVER2 is the Infrastructure Update Owner, but is not respo
nding to DS RPC Bind.
Warning: SCSERVER2 is the Infrastructure Update Owner, but is not respo
nding to LDAP Bind.
......................... SCSERVER3 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... SCSERVER3 failed test RidManager
Starting test: MachineAccount
......................... SCSERVER3 passed test MachineAccount
Starting test: Services
......................... SCSERVER3 passed test Services
Starting test: ObjectsReplicated
......................... SCSERVER3 passed test ObjectsReplicated
Starting test: frssysvol
......................... SCSERVER3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SCSERVER3 failed test frsevent
Starting test: kccevent
......................... SCSERVER3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:30:38
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:30:43
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:30:44
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:49:13
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 11:57:16
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 12:01:20
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 12:20:15
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 12:20:15
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/31/2007 12:20:17
Event String: The kerberos client received a
......................... SCSERVER3 failed test systemlog
Starting test: VerifyReferences
......................... SCSERVER3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SENTREX
Starting test: CrossRefValidation
......................... SENTREX passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SENTREX passed test CheckSDRefDom
Running enterprise tests on : SENTREX.local
Starting test: Intersite
......................... SENTREX.local passed test Intersite
Starting test: FsmoCheck
......................... SENTREX.local passed test FsmoCheck
C:\>
--------------------------
AND FROM SERVER 1:
--------------------------
C:\>dcdiag
DC Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site\SCSERVE
Starting test: Connectivity
......................... SCSERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SCSERVE
Starting test: Replications
......................... SCSERVER1 passed test Replications
Starting test: NCSecDesc
......................... SCSERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SCSERVER1 passed test NetLogons
Starting test: Advertising
......................... SCSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SCSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SCSERVER1 passed test RidManager
Starting test: MachineAccount
......................... SCSERVER1 passed test MachineAccount
Starting test: Services
RPCLOCATOR Service is stopped on [SCSERVER1]
TrkWks Service is stopped on [SCSERVER1]
TrkSvr Service is stopped on [SCSERVER1]
......................... SCSERVER1 failed test Services
Starting test: ObjectsReplicated
......................... SCSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SCSERVER1 passed test frssysvol
Starting test: kccevent
......................... SCSERVER1 passed test kccevent
Starting test: systemlog
......................... SCSERVER1 passed test systemlog
Running enterprise tests on : SENTREX.local
Starting test: Intersite
......................... SENTREX.local passed test Intersite
Starting test: FsmoCheck
......................... SENTREX.local passed test FsmoCheck
C:\>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
So it doesn't look as though the MS KB article helped any. Now my users which are connected to server 2 (PDC) are getting Access Denied errors to server drives. Right now when they restart their computers everything is fine.
As for the other questions asked: All DC's are running AD integrated DNS. Server 3 is pointed to Server 1 (I would point it to the PDC (server 2) but that would have it go through a vpn and then the bridge just to get to server 2....server 1 is just through the vpn). I beleive that the SRV records for server 3 are in DNS, everything appears to be there but how do I confirm that everything is correct? The FSMO roles are located on server 2.
Is there any way that I can check things before doing a forceremoval? If I do a forceremoval, would I then still have to run a meta data cleanup? I am also a little confused now how this would effect the users connected to server 2?
So it doesn't look as though the MS KB article helped any. Now my users which are connected to server 2 (PDC) are getting Access Denied errors to server drives. Right now when they restart their computers everything is fine.
As for the other questions asked: All DC's are running AD integrated DNS. Server 3 is pointed to Server 1 (I would point it to the PDC (server 2) but that would have it go through a vpn and then the bridge just to get to server 2....server 1 is just through the vpn). I beleive that the SRV records for server 3 are in DNS, everything appears to be there but how do I confirm that everything is correct? The FSMO roles are located on server 2.
Is there any way that I can check things before doing a forceremoval? If I do a forceremoval, would I then still have to run a meta data cleanup? I am also a little confused now how this would effect the users connected to server 2?
Replmon will show you the replication errors that have been going on. From the command line "repadmin /showreps /all will show you inbound as well as outbound rpelication and connections. If your replication has been unavailable to server 3 for 60 days you will have to do the dcpromo. Try just dcpromo first, if it doesn't work then do the forceremoval option. (Actually I believe that the forceremoval will try a normal first, then do the force is there is a failure.) After the forceremoval you will have to do a metadata cleanup on one of the remaining dc's. The you can try the repromote, but you really need to ensure your connectivity first. The metadata cleanup is a very simeple procedure, just a lot of steps.
ASKER
Sorry for the delay....i was off for a few days.
You were right, I could not just use dcpromo, so i did a forceremoval. Then a metadata cleanup. Everything looked good at that point so I did the repromote which also went smoothly. Although it has only been about 30min or so since the dcpromo, but the DNS records don't seem to be reflecting the repromoted server. Plus in sites and services there is no connections under the re-promoted server.
Is this right? or do i have to start manually updating the connections and DNS records?
Or am i too quick and should give it a short bit to replicate and populate?
Thx!
You were right, I could not just use dcpromo, so i did a forceremoval. Then a metadata cleanup. Everything looked good at that point so I did the repromote which also went smoothly. Although it has only been about 30min or so since the dcpromo, but the DNS records don't seem to be reflecting the repromoted server. Plus in sites and services there is no connections under the re-promoted server.
Is this right? or do i have to start manually updating the connections and DNS records?
Or am i too quick and should give it a short bit to replicate and populate?
Thx!
I have no idea why DNS takes its time, but it does. Sometimes you can force it by restarting the DNS Server service. Somtimes its a waiting game.
ASKER
hmmmm.....still not updated. I think that something is wrong. Sites and services still shows the server, but no connections inside it. The other two servers show that they are set to replicate from server 3. DNS doesn't have a CNAME record for server 3 under _msdcs in the forward lookup. Obviously I am getting errors and warnings in the file replication and dcdiag for that server. I can connect to it, but only using the ip address.
Should I try demoting it again?
On the plus side, my users aren't getting the access denied errors any more...but we can't browse that server by the server name. It's like it half registered in DNS.
Should I try demoting it again?
On the plus side, my users aren't getting the access denied errors any more...but we can't browse that server by the server name. It's like it half registered in DNS.
ASKER
Looks like I have everything fixed up. For some reason dynamic updates were set to none on servers 1 and 2, server 3 was set to secure. Once I set all to secure, everything went back to normal.
http://support.microsoft.com/kb/288167
Go through the steps in the article and you should be ok.