Solved

directory replication nightmare

Posted on 2007-11-14
6
674 Views
Last Modified: 2012-08-14
This problem all started out with users complaining about offline files and folders.  Now I can't seem to replicate between my domains.  I can't for the life of me figure this one out.  I want to change some stuff in my group policies but I can't connect to the global catalog server and get the updates.  I think it has to do with my vpn that is connected between the two domains but I need to rule out the servers first.  Can someone please look at this dcdiag.txt output of server2 and see what they think.  Thanks in advance.

Brad



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\WINSERVER
      Starting test: Connectivity
         ......................... WINSERVER passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\WINSERVER
      Starting test: Replications
         [Replications Check,WINSERVER] A recent replication attempt failed:
            From MCCOY-SVR to WINSERVER
            Naming Context: DC=ForestDnsZones,DC=jmj,DC=local
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2007-11-14 14:04:23.
            The last success occurred at 2007-11-14 07:12:54.
            27 failures have occurred since the last success.
         [MCCOY-SVR] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         [Replications Check,WINSERVER] A recent replication attempt failed:
            From MCCOY-SVR to WINSERVER
            Naming Context: DC=DomainDnsZones,DC=jmj,DC=local
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2007-11-14 14:04:23.
            The last success occurred at 2007-11-14 07:12:54.
            31 failures have occurred since the last success.
         [Replications Check,WINSERVER] A recent replication attempt failed:
            From MCCOY-SVR to WINSERVER
            Naming Context: CN=Schema,CN=Configuration,DC=jmj,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-11-14 14:05:05.
            The last success occurred at 2007-11-14 07:12:54.
            27 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,WINSERVER] A recent replication attempt failed:
            From MCCOY-SVR to WINSERVER
            Naming Context: CN=Configuration,DC=jmj,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-11-14 14:04:44.
            The last success occurred at 2007-11-14 07:12:54.
            35 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,WINSERVER] A recent replication attempt failed:
            From MCCOY-SVR to WINSERVER
            Naming Context: DC=jmj,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-11-14 14:11:42.
            The last success occurred at 2007-11-14 07:12:54.
            199 failures have occurred since the last success.
            The source remains down. Please check the machine.
         ......................... WINSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... WINSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... WINSERVER passed test NetLogons
      Starting test: Advertising
         ......................... WINSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: MCCOY-SVR is the Schema Owner, but is not responding to DS RPC Bind.
         [MCCOY-SVR] LDAP search failed with error 58,
         The specified server cannot perform the requested operation..
         Warning: MCCOY-SVR is the Schema Owner, but is not responding to LDAP Bind.
         Warning: MCCOY-SVR is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: MCCOY-SVR is the Domain Owner, but is not responding to LDAP Bind.
         Warning: MCCOY-SVR is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: MCCOY-SVR is the PDC Owner, but is not responding to LDAP Bind.
         Warning: MCCOY-SVR is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: MCCOY-SVR is the Rid Owner, but is not responding to LDAP Bind.
         Warning: MCCOY-SVR is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: MCCOY-SVR is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... WINSERVER failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... WINSERVER failed test RidManager
      Starting test: MachineAccount
         ......................... WINSERVER passed test MachineAccount
      Starting test: Services
         ......................... WINSERVER passed test Services
      Starting test: ObjectsReplicated
         ......................... WINSERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... WINSERVER passed test frssysvol
      Starting test: frsevent
         ......................... WINSERVER passed test frsevent
      Starting test: kccevent
         ......................... WINSERVER passed test kccevent
      Starting test: systemlog
         ......................... WINSERVER passed test systemlog
      Starting test: VerifyReferences
         ......................... WINSERVER passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : jmj
      Starting test: CrossRefValidation
         ......................... jmj passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... jmj passed test CheckSDRefDom
   
   Running enterprise tests on : jmj.local
      Starting test: Intersite
         ......................... jmj.local passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         ......................... jmj.local failed test FsmoCheck
0
Comment
Question by:bhgewilson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:JSoup
ID: 20283222
Cleaning Up After AD
If you've worked with Active Directory long enough, most likely you have run into situations where Active Directory domain controllers refuse to be demoted when you use the Active Directory Installation Wizard (dcpromo.exe). Even though everything else on your network seems to be fine, the demotion process will fail no matter what you do.

According to Microsoft this can happen if "required dependency or operation fails," such as network connectivity, name resolution or authentication. If you've determined that these are not the culprit, then certain problems with Active Directory may be the cause, such as Active Directory unable to locate certain objects or problems with replication service.
http://mcpmag.com/columns/article.asp?EditorialsID=1352
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20283298
By the looks of those logs, there is definitely a communication problem between servers.

A VPN tunnel between sites should NOT block traffic between these sites.  If there are some filters, you need to remove or rework them.

Also, check each server for the following Services and ensure they are started and set to Automatic.

Kerberos Key Distribution Center
Netlogon
TCP/IP NetBIOS Helper
Remote Procedure Call (RPC)
Windows Time
Workstation
Server
DHCP Client
Cryptographic Services
DNS Server
DNS Client

You also need to ensure your time (date, time, Time Zone, DST settings) are proper for the location they reside in.  Clocks cannot be more than 5 minutes off after Time zone considerations.


Advise.

0
 

Author Comment

by:bhgewilson
ID: 20283422
All services and time are correct.  Any other suggestions.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 51

Expert Comment

by:Netman66
ID: 20284875
Ok, good.

Now, from the MCCOY-SVR site, you need to check the router/firewall to ensure there are no access rules in place that will block domain comms.

Check the contents of DNS (_msdcs) zone to ensure all SRV records are in place.

Download and run the FRSDIAG tool so we can pinpoint what's going on.  You can also look at UltraSound and Sonar in addition to get some more details for us.  Post anything that may look wrong.

FRSDIAG:http://www.microsoft.com/downloads/details.aspx?FamilyID=43CB658E-8553-4DE7-811A-562563EB5EBF&displaylang=en

UltraSound: http://www.microsoft.com/downloads/details.aspx?FamilyID=61acb9b9-c354-4f98-a823-24cc0da73b50

Sonar: http://www.microsoft.com/downloads/details.aspx?FamilyID=158cb0fb-fe09-477c-8148-25ae02cf15d8

0
 

Author Comment

by:bhgewilson
ID: 20288513
There are errors in this but it is hard for me to read.  I have the cab file.  Which one of these txt files should I be concentrating on?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20288692
You can send them to me at my alias here at gmail.

0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to rollback Windows updates with SCCM? 6 78
GPO on certain users 17 33
Distinguished username as email address 4 41
Remote login in windows 7 8 33
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question