?
Solved

Assistance with active directory and file replication errors

Posted on 2008-06-09
6
Medium Priority
?
578 Views
Last Modified: 2011-10-03
Two domain controllers, connected via VPN connection.

All is working great, however we continue to get errors from what I think are DNS related issues.

Did a dcdiag on what we will call the second server (SERVER2) at the remote location.

Server1 is at the main office.

The log below:

___________________________________

C:\Program Files\Support Tools>nltest.exe /dsregdns
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully



C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\SERVER2
      Starting test: Connectivity
         ......................... SERVER2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\SERVER2
      Starting test: Replications
         [Replications Check,SERVER2] A recent replication attempt failed:
            From SERVER1 to SERVER2
            Naming Context: DC=ForestDnsZones,DC=MES,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-06-09 12:41:00.
            The last success occurred at 2008-06-09 11:58:55.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SERVER2] A recent replication attempt failed:
            From SERVER1 to SERVER2
            Naming Context: DC=DomainDnsZones,DC=MES,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-06-09 12:40:00.
            The last success occurred at 2008-06-09 11:58:54.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SERVER2] A recent replication attempt failed:
            From SERVER1 to SERVER2
            Naming Context: CN=Schema,CN=Configuration,DC=MES,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-06-09 12:38:59.
            The last success occurred at 2008-06-09 11:58:54.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SERVER2] A recent replication attempt failed:
            From SERVER1 to SERVER2
            Naming Context: CN=Configuration,DC=MES,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-06-09 12:37:59.
            The last success occurred at 2008-06-09 12:00:33.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SERVER2] A recent replication attempt failed:
            From SERVER1 to SERVER2
            Naming Context: DC=MES,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-06-09 12:36:59.
            The last success occurred at 2008-06-09 12:31:40.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... SERVER2 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER2 passed test NetLogons
      Starting test: Advertising
         Warning: SERVER2 is not advertising as a time server.
         ......................... SERVER2 failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER2 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER2 passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER2 passed test MachineAccount
      Starting test: Services
         ......................... SERVER2 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER2 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER2 passed test frssysvol
      Starting test: frsevent
         ......................... SERVER2 passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80250828
            Time Generated: 06/09/2008   12:36:47
            (Event String could not be retrieved)
         ......................... SERVER2 failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC00038BB
            Time Generated: 06/09/2008   12:35:48
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 06/09/2008   12:35:52
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 06/09/2008   12:36:57
            Event String: The DHCP service failed to see a directory server
         An Error Event occured.  EventID: 0xC0000021
            Time Generated: 06/09/2008   12:37:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 06/09/2008   12:37:25
            Event String: The DHCP service failed to see a directory server
         ......................... SERVER2 failed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER2 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : MES
      Starting test: CrossRefValidation
         ......................... MES passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... MES passed test CheckSDRefDom

   Running enterprise tests on : MES.local
      Starting test: Intersite
         ......................... MES.local passed test Intersite
      Starting test: FsmoCheck
         ......................... MES.local passed test FsmoCheck

C:\Program Files\Support Tools>

_____________________________________________________

Any assistance would be greatly appreciated.
0
Comment
Question by:valleyauto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21747486
DNS most likely....
here is a start to look at
http://www.block.net.au/help/dns-basics/
0
 

Author Comment

by:valleyauto
ID: 21751411
Thanks for the reference, nice refresher.

I should have put Intermediate in the experience box.

Regardless, here is another error I am getting. It's related to RPC, however it's all related to the replication, so I think it's one more clue to the issue.

The error:
_____________________________

The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful.
 
A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint.
 
The checkpoint process will be tried again in four hours.
 
Additional Data
Error value:
1722 The RPC server is unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

_______________________________________________

It's event 1586, Source NTDS Replication, Category Replication and User - NT Authority/anonyomous logon

Would this give a clue as to why the DNS is giving problems. I will also report that the DNS event log for both servers is showing no errors.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 1500 total points
ID: 21755786
uh do you actually run NT4 boxes in there?
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 

Author Comment

by:valleyauto
ID: 21756260
No, we are dealing with two Win2K3 R2 boxes, that's one of the things that is really confusing me!
0
 

Author Comment

by:valleyauto
ID: 21756262
we are connected via VPN connections, can that be an issue?
0
 

Author Comment

by:valleyauto
ID: 21806501
I'm closing this, found it to be ports not opened on firewall in remote access that was blocking the RPC function
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question