Replication AD sites problem urgent 500 points

Ok thank some answers for you

------Is all looking ok in AD Sites & services? Are all replication partners talking to each other? what happens when you manually replicate?

I forece repocate and get the wait message it will do it at the next  oppertuniy

---------Also- in AD Users & Computers ¬ Domain Controlers, are the Domain controlers 'Trusted for deligation'?
Yes

--------can you access the shares say for example \\londc01\c$  

Yes and can access \\file02\c$ (PDC)  BUT when i goto windows exploerer and try one of the mapped drives i get Logon Failure: The target account name is inccorect error message. This is only from LON01 to a mapped drive to file02(Aberdeen)

----you could use the Nltest to check the secure channel. i believe its Nltest /sc_query command.

From Lon01

C:\Documents and Settings\Administrator.ABZPI>nltest /sc_query:abzpi
Flags: 30 HAS_IP  HAS_TIMESERV
Trusted DC Name \\file02abzpi.***************com
Trusted DC Connection Status Status = 0 0x0 NERR_Success

From File02

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.ABZPI>nltest /sc_query:abzpi
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

C:\Documents and Settings\Administrator.ABZPI>





--------------access this computer from the network, domain controller security policy.the useraccount control value for both the domain controllers in ADSIEDIT, it should be 532480.


Sorry you lost me on these two point can you give me more info what to check


--------also check for time skew on the Dc's, it seems like a problem with the secure channel.


Both times are the same on each server


Thanks for all yor help

----------------if you have the support tools, you could open ADSIEDIT.msc, under your domain, go to the Domain controller objects and its attributes have this user account control attribute, its value should be 532480 for a domain controller.

I right clicked on each of the Dc folders in Ou= Domain Controllers and all the values for the PDC and two other DC where the same as below

*************775807
*************775807
*************775807


-----as for the accesss this computer from the network its a security policy. right click the Domain controllers ou, its policies. Under computer config /windows settings/security settings, local policies and user right assignments.


Ok i did this on the LON01 server it asked my which policy to get i said use one from any avliable DC.

I went to said location and it is populated witht he correct users.

http://support.microsoft.com/kb/288167  <--- Carried this out yesterday. This did get rid of the Windows Exploere problem. But it cam back after server reboot

Carried out the above again and the windows exploere problem has gone away

Fails i got on netdiag -v

[WARNING] Failed to query SPN registration on DC 'file02abzpi.******.com'.

[WARNING] Failed to query SPN registration on DC 'FILE04ABZPI.*******.com'.

---------------- does Repadmin /bind give any bind errors.


repadmin /bind
Bind to localhost succeeded.

Extensions supported:
    BASE                        : yes
    ASYNCREPL                   : yes
    REMOVEAPI                   : yes
    MOVEREQ_V2                  : yes
    GETCHG_COMPRESS             : yes
    DCINFO_V1                   : yes
    STRONG_ENCRYPTION           : yes
    ADDENTRY_V2                 : yes
    KCC_EXECUTE                 : yes
    DCINFO_V2                   : yes
    DCINFO_VFFFFFFFF            : yes
    INSTANCE_TYPE_NOT_REQ_ON_MOD: yes
    GET_REPL_INFO               : yes
    ADD_SID_HISTORY             : yes
    POST_BETA3                  : yes
    RESTORE_USN_OPTIMIZATION    : yes

Site guid: ****************************

No file replication errors But

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      (1)
Event ID:      1265
Date:            08/08/2007
Time:            10:15:36
User:            N/A
Computer:      LON01
Description:
The attempt to establish a replication link with parameters
 
 Partition: CN=Schema,CN=Configuration,DC=abz,DC=something,DC=com
 Source DSA DN: CN=NTDS Settings,CN=FILE02ABZPI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abz,DC=something,DC=com
 Source DSA Address: fa2c5389-c85c-4132-9dfd-e7a56ca81539._msdcs.abz.something.com
 Inter-site Transport (if any): CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=abz,DC=something,DC=com
 
 failed with the following status:
 
 Access is denied.
 
 The record data is the status code.  This operation will be retried.
Data:
0000: 05 00 00 00               ....    

----------------one more thing to check would be whether there are any File replication errors and whether the 31b and 6Ac policies are in the policies folder for sysvol on both the domain controllers.

Both polices are there on both domains

One thing tho i did the

C:\Documents and Settings\Administrator>netdom resetpwd /server:lon01 /use
rd:abzpi administrator /passwordd:********

On the File02 server as well.

I got no reply which mean it fails

When doing it on the lon01 server i got a passed or success message

C:\Documents and Settings\Administrator>netdom resetpwd /server:File02/use
rd:abzpi administrator /passwordd:********

http://support.microsoft.com/kb/837513   <---- passed them all

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine lon01, is a DC.
   * Connecting to directory service on server lon01.
   * Collecting site info.
   * Identifying all servers.
   * Found 3 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: London\LON01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... LON01 passed test Connectivity

Doing primary tests

   Testing server: London\LON01
      Starting test: Replications
         * Replications Check
         ......................... LON01 passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=abz,DC=****,DC=com
         * Security Permissions Check for
           CN=Configuration,DC=abz,DC=****,DC=com
         * Security Permissions Check for
           DC=abz,DC=****,DC=com
         ......................... LON01 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         ......................... LON01 passed test NetLogons
      Starting test: Advertising
         The DC LON01 is advertising itself as a DC and having a DS.
         The DC LON01 is advertising as an LDAP server
         The DC LON01 is advertising as having a writeable directory
         The DC LON01 is advertising as a Key Distribution Center
         The DC LON01 is advertising as a time server
         The DS LON01 is advertising as a GC.
         ......................... LON01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=FILE02ABZPI,CN=Servers,CN=Defau
lt-First-Site-Name,CN=Sites,CN=Configuration,DC=abz,DC=****,DC=
com
         [FILE02ABZPI] DsBind() failed with error -2146893022,
         The target principal name is incorrect..
         Warning: FILE02ABZPI is the Schema Owner, but is not responding to DS R
PC Bind.
         [FILE02ABZPI] LDAP bind failed with error 31,
         A device attached to the system is not functioning..
         Warning: FILE02ABZPI is the Schema Owner, but is not responding to LDAP
 Bind.
         Role Domain Owner = CN=NTDS Settings,CN=FILE02ABZPI,CN=Servers,CN=Defau
lt-First-Site-Name,CN=Sites,CN=Configuration,DC=abz,DC=****,DC=
com
         Warning: FILE02ABZPI is the Domain Owner, but is not responding to DS R
PC Bind.
         Warning: FILE02ABZPI is the Domain Owner, but is not responding to LDAP
 Bind.
         Role PDC Owner = CN=NTDS Settings,CN=FILE02ABZPI,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=abz,DC=****,DC=com

         Warning: FILE02ABZPI is the PDC Owner, but is not responding to DS RPC
Bind.
         Warning: FILE02ABZPI is the PDC Owner, but is not responding to LDAP Bi
nd.
         Role Rid Owner = CN=NTDS Settings,CN=FILE02ABZPI,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=abz,DC=****,DC=com

         Warning: FILE02ABZPI is the Rid Owner, but is not responding to DS RPC
Bind.
         Warning: FILE02ABZPI is the Rid Owner, but is not responding to LDAP Bi
nd.
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=FILE02ABZPI,CN=S
ervers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abz,DC=*******,DC=com
         Warning: FILE02ABZPI is the Infrastructure Update Owner, but is not res
ponding to DS RPC Bind.
         Warning: FILE02ABZPI is the Infrastructure Update Owner, but is not res
ponding to LDAP Bind.
         ......................... LON01 failed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 6615 to 1073741823
         * file02abzpi.abz.****.com is the RID Master
         [LON01] DsBindWithCred() failed with error -2146893022. The target prin
cipal name is incorrect.
         ......................... LON01 failed test RidManager
      Starting test: MachineAccount
         * SPN found :LDAP/lon01.abz.****.com/abz.something.com
         * SPN found :LDAP/lon01.abz.****.com
         * SPN found :LDAP/LON01
         * SPN found :LDAP/lon01.abz.****.com/ABZPI
         * SPN found :LDAP/cdb95bd4-96c7-4830-b6aa-f2f7b6195122._msdcs.abz.********

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/cdb95bd4-96c7-4830-b6
aa-f2f7b6195122/abz.****.com
         * SPN found :HOST/lon01.abz.****.com/abz.****.com
         * SPN found :HOST/lon01.abz.****.com
         * SPN found :HOST/LON01
         * SPN found :HOST/lon01.abz.****.com/ABZPI
         * SPN found :GC/lon01.abz.****.com/abz.****.com
         ......................... LON01 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: RPCLOCATOR
         * Checking Service: w32time
         * Checking Service: TrkWks
         * Checking Service: TrkSvr
         * Checking Service: NETLOGON
         ......................... LON01 passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         LON01 is in domain DC=abz,DC=****,DC=com
         Checking for CN=LON01,OU=Domain Controllers,DC=abz,DC=*****
,DC=com in domain DC=abz,DC=****,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=LON01,CN=Servers,CN=London,CN=Sites,CN
=Configuration,DC=abz,DC=****,DC=com in domain CN=Configuration
,DC=abz,DC=****,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... LON01 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service Event log test
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         ......................... LON01 passed test frssysvol
      Starting test: kccevent
         * The KCC Event log test
         An Warning Event occured.  EventID: 0x8000061E
            Time Generated: 08/08/2007   11:00:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000051F
            Time Generated: 08/08/2007   11:00:55
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x8000061E
            Time Generated: 08/08/2007   11:00:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000051F
            Time Generated: 08/08/2007   11:00:55
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 08/08/2007   11:00:55
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 08/08/2007   11:00:55
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 08/08/2007   11:00:55
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 08/08/2007   11:00:55
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 08/08/2007   11:00:56
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 08/08/2007   11:00:56
            (Event String could not be retrieved)
         ......................... LON01 failed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/08/2007   10:55:44
            Event String: Driver
Microsoft Office Document Image Writer Driver
required for printer
Microsoft Office Document Image Writer is
unknown. Contact the administrator to install the
driver before you log in again.
         An Error Event occured.  EventID: 0x00000452
            Time Generated: 08/08/2007   10:55:44
            Event String: The printer could not be installed.
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/08/2007   10:55:45
            Event String: Driver Microsoft XPS Document Writer required for
printer Microsoft XPS Document Writer is unknown.
Contact the administrator to install the driver
before you log in again.
         An Error Event occured.  EventID: 0x00000452
            Time Generated: 08/08/2007   10:55:45
            Event String: The printer could not be installed.
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/08/2007   10:55:45
            Event String: Driver PDFCreator required for printer PDFCreator
is unknown. Contact the administrator to install
the driver before you log in again.
         An Error Event occured.  EventID: 0x00000452
            Time Generated: 08/08/2007   10:55:45
            Event String: The printer could not be installed.
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/08/2007   10:55:47
            Event String: Driver NRG DSc332 RPCS required for printer
__file02abzpi_NRG DSc332 RPCS is unknown. Contact
the administrator to install the driver before
you log in again.
         An Error Event occured.  EventID: 0x00000452
            Time Generated: 08/08/2007   10:55:47
            Event String: The printer could not be installed.
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 08/08/2007   10:55:47
            Event String: Driver NRG DSc328 RPCS required for printer
__file02abzpi_NRG DSc328 RPCS is unknown. Contact
the administrator to install the driver before
you log in again.
         An Error Event occured.  EventID: 0x00000452
            Time Generated: 08/08/2007   10:55:47
            Event String: The printer could not be installed.
         ......................... LON01 failed test systemlog

   Running enterprise tests on : abz.****.com
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site London, this site is outside the scope provided by the
         command line arguments provided.
         ......................... abz.****.com passed test Int
ersite
      Starting test: FsmoCheck
         GC Name: \\lon01.abz.****.com
         Locator Flags: 0xe00001fc
         PDC Name: \\file02abzpi.abz.****.com
         Locator Flags: 0xe000017d
         Time Server Name: \\lon01.abz.****.com
         Locator Flags: 0xe00001fc
         Preferred Time Server Name: \\lon01.abz.****.com
         Locator Flags: 0xe00001fc
         KDC Name: \\lon01.abz.****.com
         Locator Flags: 0xe00001fc
         ......................... abz.****.com passed test Fsm
oCheck

On the tombstone point i do get replication from server lon01 to file02 but not the other way rnd

Showreps results


C:\Documents and Settings\Administrator.ABZPI>repadmin /showreps
London\LON01
DSA Options : IS_GC
objectGuid  : cdb95bd4-96c7-4830-b6aa-f2f7b6195122
invocationID: 29b57ede-295f-41f4-9d62-13715f73d2de

==== INBOUND NEIGHBORS ======================================

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=abz,DC=***************,DC=com
    Default-First-Site-Name\FILE02ABZPI via RPC
        objectGuid: fa2c5389-c85c-4132-9dfd-e7a56ca81539

CN=Configuration,DC=abz,DC=***********8,DC=com
    Default-First-Site-Name\FILE02ABZPI via RPC
        objectGuid: fa2c5389-c85c-4132-9dfd-e7a56ca81539

DC=abz,DC=*********,DC=com
    Default-First-Site-Name\FILE02ABZPI via RPC
        objectGuid: fa2c5389-c85c-4132-9dfd-e7a56ca81539

C:\Documents and Settings\Administrator.ABZPI>