Solved

Active Directory Replication Issue between two DC's

Posted on 2008-10-28
5
545 Views
Last Modified: 2012-06-21
We have two domain controllers (W2K8) and when performing a manual AD replication between them the following error is detailed;
The following error occured during the attempt to synchronize context. The target principle name is incorrect.
On DC1 when you manually replicate AD reports the connections as OK to DC2, on DC2 the error appears. Checking AD Users and computers on DC1 shows it as the operations master. Checking on DC2 shows error. Checking in AD sites/svcs shows the same. DC3 is fine to all others except going from DC2 to DC1.
DC2 has Exchange 2007 installed, Symantec BU Exec 12 required the install of the Exchange Management Console yesterday on DC1 which hosts Backup Exec. Restarting AD Services is to no avail. Checking Logs on DC1 don't list any issues. Checking the logs on DC2 showlots of 1308 KCC errors having issues. DC1 also has had Network Policy Server installed 3 days ago.
0
Comment
Question by:Anthony_Rich
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 22828293
RUn dcdiag and netdiag on all servers and see what shows up.

Also see if there is a Best practices analyzer for exchange and or win 2008.


I hope this helps !
0
 
LVL 15

Expert Comment

by:HayesJupe
ID: 22828981
theres no BPA for win 2008 AD.... but there is for exchange.

Its likely to be a DNS issue, but if you check the directory services log on the DC thats having the issue, it will tell you what the issue is.... and if you cant interpret it, post it here...
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22831255
Please have the following reports run to provide us some better information. Also, can you paste those KCC errors here - thanks.

Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located on my website at
http://www.pbbergs.com/windows/downloads.htm

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

Description and download for dnslint
http://support.microsoft.com/kb/321045

Ref: http://www.techtalkz.com/windows-server-2003/459203-ntds-kcc-1308-a.html

0
 

Accepted Solution

by:
Anthony_Rich earned 0 total points
ID: 22863325
Okay state of play at the moment, ran DCDiag and it reported that all servers were failing replication. Restarted DNS on all servers and Active Directory services. Re built active directory sites and services. (Identical to what it was) and commenced to do manual replication between sites. Is now working. DCDiag reports minimul errors.
C:\Users\Administrator>dcdiag /test:replications
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = TCCI-SVR1
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Hobart\TCCI-SVR1
      Starting test: Connectivity
    ............... TCCI-SVR1 passed test Connectivity
Doing primary tests
   Testing server: Hobart\TCCI-SVR1
    Starting test: Replications
     .... TCCI-SVR1 passed test Replications
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : tcci
   Running enterprise tests on : tcci.local
C:\Users\Administrator>
Don't know on this one.....
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22863689
SO when you run  the DCDIAG again, does it say that it is replicating ?

0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question