valleyauto
asked on
Assistance with active directory and file replication errors
Two domain controllers, connected via VPN connection.
All is working great, however we continue to get errors from what I think are DNS related issues.
Did a dcdiag on what we will call the second server (SERVER2) at the remote location.
Server1 is at the main office.
The log below:
__________________________
C:\Program Files\Support Tools>nltest.exe /dsregdns
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SERVER2
Starting test: Connectivity
......................... SERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SERVER2
Starting test: Replications
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=ForestDnsZones,DC=MES,D
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:41:00.
The last success occurred at 2008-06-09 11:58:55.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=DomainDnsZones,DC=MES,D
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:40:00.
The last success occurred at 2008-06-09 11:58:54.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:38:59.
The last success occurred at 2008-06-09 11:58:54.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: CN=Configuration,DC=MES,DC
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:37:59.
The last success occurred at 2008-06-09 12:00:33.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=MES,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:36:59.
The last success occurred at 2008-06-09 12:31:40.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... SERVER2 passed test Replications
Starting test: NCSecDesc
......................... SERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2 passed test NetLogons
Starting test: Advertising
Warning: SERVER2 is not advertising as a time server.
......................... SERVER2 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER2 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER2 passed test RidManager
Starting test: MachineAccount
......................... SERVER2 passed test MachineAccount
Starting test: Services
......................... SERVER2 passed test Services
Starting test: ObjectsReplicated
......................... SERVER2 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER2 passed test frssysvol
Starting test: frsevent
......................... SERVER2 passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x80250828
Time Generated: 06/09/2008 12:36:47
(Event String could not be retrieved)
......................... SERVER2 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC00038BB
Time Generated: 06/09/2008 12:35:48
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 06/09/2008 12:35:52
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 06/09/2008 12:36:57
Event String: The DHCP service failed to see a directory server
An Error Event occured. EventID: 0xC0000021
Time Generated: 06/09/2008 12:37:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 06/09/2008 12:37:25
Event String: The DHCP service failed to see a directory server
......................... SERVER2 failed test systemlog
Starting test: VerifyReferences
......................... SERVER2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : MES
Starting test: CrossRefValidation
......................... MES passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... MES passed test CheckSDRefDom
Running enterprise tests on : MES.local
Starting test: Intersite
......................... MES.local passed test Intersite
Starting test: FsmoCheck
......................... MES.local passed test FsmoCheck
C:\Program Files\Support Tools>
__________________________
Any assistance would be greatly appreciated.
All is working great, however we continue to get errors from what I think are DNS related issues.
Did a dcdiag on what we will call the second server (SERVER2) at the remote location.
Server1 is at the main office.
The log below:
__________________________
C:\Program Files\Support Tools>nltest.exe /dsregdns
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SERVER2
Starting test: Connectivity
......................... SERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SERVER2
Starting test: Replications
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=ForestDnsZones,DC=MES,D
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:41:00.
The last success occurred at 2008-06-09 11:58:55.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=DomainDnsZones,DC=MES,D
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:40:00.
The last success occurred at 2008-06-09 11:58:54.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:38:59.
The last success occurred at 2008-06-09 11:58:54.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: CN=Configuration,DC=MES,DC
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:37:59.
The last success occurred at 2008-06-09 12:00:33.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=MES,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2008-06-09 12:36:59.
The last success occurred at 2008-06-09 12:31:40.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... SERVER2 passed test Replications
Starting test: NCSecDesc
......................... SERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2 passed test NetLogons
Starting test: Advertising
Warning: SERVER2 is not advertising as a time server.
......................... SERVER2 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER2 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER2 passed test RidManager
Starting test: MachineAccount
......................... SERVER2 passed test MachineAccount
Starting test: Services
......................... SERVER2 passed test Services
Starting test: ObjectsReplicated
......................... SERVER2 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER2 passed test frssysvol
Starting test: frsevent
......................... SERVER2 passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x80250828
Time Generated: 06/09/2008 12:36:47
(Event String could not be retrieved)
......................... SERVER2 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC00038BB
Time Generated: 06/09/2008 12:35:48
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 06/09/2008 12:35:52
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 06/09/2008 12:36:57
Event String: The DHCP service failed to see a directory server
An Error Event occured. EventID: 0xC0000021
Time Generated: 06/09/2008 12:37:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 06/09/2008 12:37:25
Event String: The DHCP service failed to see a directory server
......................... SERVER2 failed test systemlog
Starting test: VerifyReferences
......................... SERVER2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : MES
Starting test: CrossRefValidation
......................... MES passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... MES passed test CheckSDRefDom
Running enterprise tests on : MES.local
Starting test: Intersite
......................... MES.local passed test Intersite
Starting test: FsmoCheck
......................... MES.local passed test FsmoCheck
C:\Program Files\Support Tools>
__________________________
Any assistance would be greatly appreciated.
ASKER
Thanks for the reference, nice refresher.
I should have put Intermediate in the experience box.
Regardless, here is another error I am getting. It's related to RPC, however it's all related to the replication, so I think it's one more clue to the issue.
The error:
__________________________
The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful.
A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint.
The checkpoint process will be tried again in four hours.
Additional Data
Error value:
1722 The RPC server is unavailable.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
__________________________
It's event 1586, Source NTDS Replication, Category Replication and User - NT Authority/anonyomous logon
Would this give a clue as to why the DNS is giving problems. I will also report that the DNS event log for both servers is showing no errors.
I should have put Intermediate in the experience box.
Regardless, here is another error I am getting. It's related to RPC, however it's all related to the replication, so I think it's one more clue to the issue.
The error:
__________________________
The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful.
A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint.
The checkpoint process will be tried again in four hours.
Additional Data
Error value:
1722 The RPC server is unavailable.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
__________________________
It's event 1586, Source NTDS Replication, Category Replication and User - NT Authority/anonyomous logon
Would this give a clue as to why the DNS is giving problems. I will also report that the DNS event log for both servers is showing no errors.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No, we are dealing with two Win2K3 R2 boxes, that's one of the things that is really confusing me!
ASKER
we are connected via VPN connections, can that be an issue?
ASKER
I'm closing this, found it to be ports not opened on firewall in remote access that was blocking the RPC function
here is a start to look at
http://www.block.net.au/help/dns-basics/