?
Solved

Replications Errors & Other errors

Posted on 2007-08-02
9
Medium Priority
?
613 Views
Last Modified: 2008-05-31
Ok, I am not sure how to construct this question, so I am just going to try and start from the beginning.  **WARNING, this is going to be kind of long**
In the past I have had replication errors on my network that stemmed from the previous administrators lack of understanding of what he was doing.  I had thought that my replication errors were fixed, however they have seemed to resurface with a vengance.
I have two Servers that affect this topic, and they are;
1.) ISSVR01 - SBS2003 Server
  a.)  Runs Exchange 2002
  b.)  Is the primary DNS Server
2.) ISSVR02 -  Windows 2003 Server
  a.)  More less a file server
  b.)  Has a secondary DNS setup

This morning, after a week vacation, I came in to find that individuals were having problems logging in to certain applications as well as e-mail.  So I immediately tried to connect to the main server (listed as number 1 above) via Unc  "Start, Run, \\ISSVR01" and I get the error "\\issvr01 is not accessible.  You might not have permissions to access this network resource.  Contact the administrator of this server to find out if you have permissions.  Logon Failure:  The target account name is incorrect."
So I immediately went to the server and noticed that it was riddled with event error logs.  Under Directory Service there were two consistant errors 1358 and 1373, and there were a lot of these.  There was also a  1988, which I had seen before and has to do with lingering objects.  So I decided to take a stab at this first.
When I located the lingering object and tried to remove it, I got an error of "The Target principal name is incorrect"
I stumbled upon a few other sites that pointed me in some random directions, and one of the things I came across when trying to find help on this is that when I log in to Active Directory Users and Computers, right click on the server, and Choose Operations Master, it shows under operations master as  "ERROR"

Does anyone have any suggestions, or where to start with correcting this issue.  Please this is extremely frustrating.
0
Comment
Question by:thebside
  • 5
  • 2
8 Comments
 
LVL 8

Expert Comment

by:thenone
ID: 19619589
try running dcdiag on the server and post the results. Also do a netdiag while your at it.
0
 

Author Comment

by:thebside
ID: 19619689
DCDiag:
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\ISSVR02
      Starting test: Connectivity
         ......................... ISSVR02 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\ISSVR02
      Starting test: Replications
         [ISSVR01] DsBindWithSpnEx() failed with error -2146893022,
         The target principal name is incorrect..
         [Replications Check,ISSVR02] A recent replication attempt failed:
            From ISSVR01 to ISSVR02
            Naming Context: DC=integrated,DC=internal
            The replication generated an error (8606):
            Insufficient attributes were given to create an object.  This object may not exist because it may have been deleted and already garbage collected.
            The failure occurred at 2007-08-02 11:25:04.
            The last success occurred at 2007-06-12 13:45:45.
            6248 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         ISSVR02:  Current time is 2007-08-02 11:41:33.
            DC=integrated,DC=internal
               Last replication recieved from ISSVR01 at 2007-06-12 13:45:39.
         ......................... ISSVR02 passed test Replications
      Starting test: NCSecDesc
         ......................... ISSVR02 passed test NCSecDesc
      Starting test: NetLogons
         ......................... ISSVR02 passed test NetLogons
      Starting test: Advertising
         Warning: ISSVR02 is not advertising as a time server.
         ......................... ISSVR02 failed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: ISSVR01 is the Schema Owner, but is not responding to DS RPC Bind.
         [ISSVR01] LDAP bind failed with error 8341,
         A directory service error has occurred..
         Warning: ISSVR01 is the Schema Owner, but is not responding to LDAP Bind.
         Warning: ISSVR01 is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: ISSVR01 is the Domain Owner, but is not responding to LDAP Bind.
         Warning: ISSVR01 is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: ISSVR01 is the PDC Owner, but is not responding to LDAP Bind.
         Warning: ISSVR01 is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: ISSVR01 is the Rid Owner, but is not responding to LDAP Bind.
         Warning: ISSVR01 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: ISSVR01 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... ISSVR02 failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ISSVR02 failed test RidManager
      Starting test: MachineAccount
         ......................... ISSVR02 passed test MachineAccount
      Starting test: Services
         ......................... ISSVR02 passed test Services
      Starting test: ObjectsReplicated
         ......................... ISSVR02 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ISSVR02 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... ISSVR02 failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x8025082D
            Time Generated: 08/02/2007   11:35:47
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x8025082D
            Time Generated: 08/02/2007   11:35:47
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x8025082D
            Time Generated: 08/02/2007   11:35:47
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 08/02/2007   11:35:47
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC00005F8
            Time Generated: 08/02/2007   11:40:47
            Event String: Internal error: The Intersite Messaging service

         An Error Event occured.  EventID: 0xC000055D
            Time Generated: 08/02/2007   11:40:47
            Event String: The Intersite Messaging service could not receive

         ......................... ISSVR02 failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   10:52:34
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   10:52:34
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   10:53:50
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   11:18:50
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   11:18:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   11:18:58
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   11:35:48
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   11:35:48
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   11:37:28
            Event String: The kerberos client received a

         ......................... ISSVR02 failed test systemlog
      Starting test: VerifyReferences
         ......................... ISSVR02 passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : integrated
      Starting test: CrossRefValidation
         ......................... integrated passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... integrated passed test CheckSDRefDom
   
   Running enterprise tests on : integrated.internal
      Starting test: Intersite
         ......................... integrated.internal passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
         A Good Time Server could not be located.
         ......................... integrated.internal failed test FsmoCheck

NETDIAG:



    Computer Name: ISSVR02
    DNS Host Name: issvr02.integrated.internal
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB928090-IE7
        KB929123
        KB929969
        KB930178
        KB931768-IE7
        KB931784
        KB931836
        KB932168
        KB933566-IE7
        KB933854
        KB935839
        KB935840
        KB935966
        KB936357
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Primary

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : issvr02
        IP Address . . . . . . . . : 192.168.1.11
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Primary WINS Server. . . . : 192.168.1.10
        Dns Servers. . . . . . . . : 192.168.1.10
                                     192.168.1.11


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{FA13C003-035E-482C-A735-C67C33909B13}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.10' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.11' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{FA13C003-035E-482C-A735-C67C33909B13}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{FA13C003-035E-482C-A735-C67C33909B13}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'INTEGRATED' is to '\\issvr01.integrated.internal'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'issvr01.integrated.internal'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
 
LVL 8

Expert Comment

by:thenone
ID: 19619752
is this the only dc and if not who has the primary roles?
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 

Author Comment

by:thebside
ID: 19619779
No, ISSVR01 and this one (ISSVR02) are both domain controllers.
Issvr01 has the primary roles.
0
 

Author Comment

by:thebside
ID: 19620486
Anything?  
Would I be better off removing ISSVR02 from the Domain, and then promoting it again?  It just seems like there are a great deal of errors, and I can't make heads or tails of them all, let alone where to start.
0
 

Author Comment

by:thebside
ID: 19621154
UPDATE:
Interesting Change here, I was running through some steps as outlined <a href="http://support.microsoft.com/kb/288167">HERE </a>and as soon as I disabled the "Kerberos Key Distribution Center service (KDC)" some of my errors went away.  I have left it disabled for now, and here is my Dfsdiag again.

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\ISSVR02
      Starting test: Connectivity
         ......................... ISSVR02 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\ISSVR02
      Starting test: Replications
         [Replications Check,ISSVR02] A recent replication attempt failed:
            From ISSVR01 to ISSVR02
            Naming Context: DC=integrated,DC=internal
            The replication generated an error (8606):
            Insufficient attributes were given to create an object.  This object may not exist because it may have been deleted and already garbage collected.
            The failure occurred at 2007-08-02 14:31:22.
            The last success occurred at 2007-06-12 13:45:45.
            6289 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         ISSVR02:  Current time is 2007-08-02 14:31:55.
            DC=integrated,DC=internal
               Last replication recieved from ISSVR01 at 2007-06-12 13:45:39.
         ......................... ISSVR02 passed test Replications
      Starting test: NCSecDesc
         ......................... ISSVR02 passed test NCSecDesc
      Starting test: NetLogons
         ......................... ISSVR02 passed test NetLogons
      Starting test: Advertising
         Warning: ISSVR02 is not advertising as a Key Distribution Center.
         Check that the Directory has started.
         Warning: ISSVR02 is not advertising as a time server.
         ......................... ISSVR02 failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ISSVR02 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ISSVR02 passed test RidManager
      Starting test: MachineAccount
         ......................... ISSVR02 passed test MachineAccount
      Starting test: Services
            kdc Service is stopped on [ISSVR02]
         ......................... ISSVR02 failed test Services
      Starting test: ObjectsReplicated
         ......................... ISSVR02 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ISSVR02 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... ISSVR02 failed test frsevent
      Starting test: kccevent
         ......................... ISSVR02 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/02/2007   13:35:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 08/02/2007   13:35:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/02/2007   13:35:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/02/2007   13:35:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B6F
            Time Generated: 08/02/2007   13:35:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 08/02/2007   13:35:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 08/02/2007   13:35:45
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   13:35:59
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 08/02/2007   13:36:00
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 08/02/2007   13:36:00
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 08/02/2007   13:47:12
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   14:31:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   14:31:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   14:31:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   14:31:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   14:31:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   14:31:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   14:31:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/02/2007   14:31:17
            (Event String could not be retrieved)
         ......................... ISSVR02 failed test systemlog
      Starting test: VerifyReferences
         ......................... ISSVR02 passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : integrated
      Starting test: CrossRefValidation
         ......................... integrated passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... integrated passed test CheckSDRefDom
   
   Running enterprise tests on : integrated.internal
      Starting test: Intersite
         ......................... integrated.internal passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
         A Good Time Server could not be located.
         ......................... integrated.internal failed test FsmoCheck

So now I am starting to go through and try to clean up Replication, however any help through this would be helpfull also.  Should I worry about the KDC being disabled?  What exactly does it do?
0
 

Author Comment

by:thebside
ID: 19626002
Wow, when I submit questions I usually get many more answers.  Well in either case, I think I have gotten the majority of my errors taken care of.

So, here is what I did, and the links that led me down the right path.
1.)  The initial problem of users not able to log into a device on the network had to do with the Kerberos Key Distribution Center service (KDC) being enabled.  This along with the fact that I had quite a few errors with replication culminated into one big mess.  So I disabled this on the server that was throwing the errors in the Event Log.  Do not just stop the service, completely Disable it.  Then follow the steps on this link: Kerberos Key Distribution Center service (KDC).  Once this was done, my users were able to login and work as if there were no problems.  This allowed me to focus on some other errors in the log files.
2.)  The next step was to clear up any Jrnl_wrap errors.  I don't know that this was the right way or wrong way to go about this, however I did this step as that was the error I came across next.  Here is the link that I followed to help me to clear up the JrNl_Wrap Error, which when corrected also cleared up some errors with my login scripts:  http://www.mcse.ms/message1446472.html.  This link isn't much different than following the steps outlined in the Event Log.  
3.)  After that I moved on to my lingering objects, which seemed to be what caused this whole debacle  Once I removed the lingering objects, replication started almost immediately.  To remove the lingering objects, I followed the directions specified on this page.  http://support.microsoft.com/kb/870695/en-us
4.)  The last item I did was I went back in and enabled, and started the Kerberos Key Distribution Center service (KDC).  Once I did this everything seemed to go back to normal.
After this I tested my replication and monitored the event logs.  I ran FRSdiag, Dfsdiag, and Netdiag again and apart from some minor issues all seems to be well.

I hope that my experience here helps someone else down the road.
thanks for the audience.
0
 
LVL 1

Accepted Solution

by:
Vee_Mod earned 0 total points
ID: 19729551
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question