Sp0cky
asked on
I cannot replicate AD from one AD site to another both in the same domain..
"The following error occurred during the attempt to synchronize the domain controllers.
The naming context is in the process of being removed or is not replicated from the specified server. "
I can ping AND get DNS replies from servers in each domain from the other no problem! But I cant replicate AD from either side. The sites "A" and B" are connected via a VPN.
The naming context is in the process of being removed or is not replicated from the specified server. "
I can ping AND get DNS replies from servers in each domain from the other no problem! But I cant replicate AD from either side. The sites "A" and B" are connected via a VPN.
C:\Documents and Settings\administrator.abc2>netdiag
....................................
Computer Name: abcdrDC01
DNS Host Name: abcdrdc01.abc2.local
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 8, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB941202
KB941569
KB941693
KB942763
KB943055
KB943460
KB943485
KB944338
KB944653
KB945553
KB946026
KB948496
KB948590
KB950759
KB950760
KB950762
KB951698
KB951748
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : abcdrdc01
IP Address . . . . . . . . : 10.0.222.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.0.222.1
Dns Servers. . . . . . . . : 127.0.0.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{9B1E7EB1-AB67-49FB-B878-9B540382CB90}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{9B1E7EB1-AB67-49FB-B878-9B540382CB90}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{9B1E7EB1-AB67-49FB-B878-9B540382CB90}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'abc2' is to '\\abcdc2.abc2.local'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'abcdc2.abc2.local'.
[WARNING] Failed to query SPN registration on DC 'abc2dc1.abc2.local'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Documents and Settings\administrator.abc2>
Last Comment
Check your active directory sites and services. Do you have your sites/subnets setup and your Inter-Site transports configured?
ASKER
I checked..They seem ok, some other person set this up. should there be any specific permissions checked?
What have you done recently in your AD? Adding or removing an AD integrated DNS zone or something like that?
Have you checked SRV records of your DCs in both DNS servers. (Try to make your DCs to use the same DNS and restart their Netlogon service, clear their DNS client cache (ipconfig/flushdns) and try again.
Good Luck
Have you checked SRV records of your DCs in both DNS servers. (Try to make your DCs to use the same DNS and restart their Netlogon service, clear their DNS client cache (ipconfig/flushdns) and try again.
Good Luck
ASKER
One of them is an extra setting. should be 2 ip subnetts but there are 3.
untitled.bmp
untitled.bmp
Can you run a repadmin /showreps command and post the output here.
Thanks
Mike
Thanks
Mike
ASKER
Here you go:
C:\Program Files\Support Tools>repadmin /showreps
locationB\ABCDRDC021
DC Options: (none)
Site Options: (none)
DC object GUID: 4cfbcf7d-d471-4ae6-93ee-274e104c4bdf
DC invocationID: ae6d3958-2c7a-4dd8-a380-57c16c4848f8
==== INBOUND NEIGHBORS ======================================
DC=ABC2,DC=local
locationB\ABCDRDC01 via RPC
DC object GUID: 07b0145d-6a56-47ee-94c0-69eca9163de8
Last atteABCt @ 2009-01-26 18:05:25 was successful.
CN=Configuration,DC=ABC2,DC=local
locationB\ABCDRDC01 via RPC
DC object GUID: 07b0145d-6a56-47ee-94c0-69eca9163de8
Last atteABCt @ 2009-01-26 17:52:10 was successful.
CN=Schema,CN=Configuration,DC=ABC2,DC=local
locationB\ABCDRDC01 via RPC
DC object GUID: 07b0145d-6a56-47ee-94c0-69eca9163de8
Last atteABCt @ 2009-01-26 17:52:10 was successful.
Source: Default-First-Site-Name\ABCDC2
******* 8 CONSECUTIVE FAILURES since 2009-01-26 16:12:10
Last error: -2146893022 (0x80090322):
The target principal name is incorrect.
Source: Default-First-Site-Name\ABC2DC1
******* 6 CONSECUTIVE FAILURES since 2009-01-26 16:42:12
Last error: -2146893022 (0x80090322):
The target principal name is incorrect.
C:\Program Files\Support Tools>
ASKER
So it looks like each site can talk to its own DC's ...but not the other site...however, dns resolves everywherre..weird..
Try to change the dns server
Host Name. . . . . . . . . : abcdrdc01
IP Address . . . . . . . . : 10.0.222.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.0.222.1
Dns Servers. . . . . . . . : 127.0.0.1 <---- to the right dns server
Host Name. . . . . . . . . : abcdrdc01
IP Address . . . . . . . . : 10.0.222.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.0.222.1
Dns Servers. . . . . . . . : 127.0.0.1 <---- to the right dns server
Check your event-log
ASKER
RPC Server is "unavailable" when I changed it. The primary DC in the environment is a tombstoned DC on one side. Will that matter?
What happened to that DC?
ASKER
It is actually a secondary DC ,sorry. It was communicating with the primary in another location before the site link went down for 180 days.
ASKER
I added another DC to the remote environment and intend on dcpromoing the old one. DNS traffic works and ping yet site-to-site- replication throws these errors. Latest is "rpc server is unavailable."
ASKER
DNS is NOT on the new dc, only the tombstoned one..does that matter? It seems to be able to replicate to the dead dc and not the new one..
Are you running Active directory DNS? I'd add DNS to the new box too..
Ok so that DC was down for 180+ days in terms of replication and now it is back up? You may be dealing with lingering objects also. Do you have any of these events on the box (1388 or 1988)
http://technet.microsoft.c
Ok so that DC was down for 180+ days in terms of replication and now it is back up? You may be dealing with lingering objects also. Do you have any of these events on the box (1388 or 1988)
http://technet.microsoft.c
ASKER
I may have to reset the secure channel..how do yo udo this?
ASKER
No 1988's. This may be the source of the issue. How do I correct it?
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 1/27/2009
Time: 2:34:53 PM
User: N/A
Computer: ABCRDC01
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/abcdc2.abc2.local. The target name used was cifs/abcdc2.abc2.local. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (abc2.LOCAL), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 1/27/2009
Time: 2:34:53 PM
User: N/A
Computer: ABCRDC01
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/abcdc2.abc2.local. The target name used was cifs/abcdc2.abc2.local. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (abc2.LOCAL), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
