Raleigh Guevarra
asked on
Active Directory suddenly not replicating
I'm newly employed and just found out after running a dcdiag and netdiag, that their Active Directory was not replicating since last November 5, 2008. Kindly help on fixing the replication problem:
Below are the results from DCDIAG and NETDIAG:
NETDIAG-RESULT-02092009.txt
Below are the results from DCDIAG and NETDIAG:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=[ DCDIAG ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: MYSITE\MYPDC
Starting test: Connectivity
......................... MYPDC passed test Connectivity
Doing primary tests
Testing server: MYSITE\MYPDC
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
MYPDC: Current time is 2009-02-09 11:07:46.
DC=ForestDnsZones,DC=MYDOMAIN,DC=local
Last replication recieved from MYBDC at 2008-11-05 02:58:56
.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=MYDOMAIN,DC=local
Last replication recieved from MYBDC at 2008-11-05 02:58:56
.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=local
Last replication recieved from MYBDC at 2008-11-05 02:58:56
.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=MYDOMAIN,DC=local
Last replication recieved from MYBDC at 2008-11-05 02:59:29
.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=MYDOMAIN,DC=local
Last replication recieved from MYBDC at 2008-11-05 02:58:56
.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... MYPDC passed test Replications
Starting test: NCSecDesc
......................... MYPDC passed test NCSecDesc
Starting test: NetLogons
......................... MYPDC passed test NetLogons
Starting test: Advertising
......................... MYPDC passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: CN=NTDS Settings\0ADEL:1807a617-0df5-43f6-9494-edcd083cbbbe,CN=MYBDC,CN=Servers,CN=OTHERSITE,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=local is the Infrastructure Update Owner, but is deleted.
......................... MYPDC failed test KnowsOfRoleHolders
Starting test: RidManager
......................... MYPDC passed test RidManager
Starting test: MachineAccount
......................... MYPDC passed test MachineAccount
Starting test: Services
......................... MYPDC passed test Services
Starting test: ObjectsReplicated
......................... MYPDC passed test ObjectsReplicated
Starting test: frssysvol
......................... MYPDC passed test frssysvol
Starting test: frsevent
......................... MYPDC passed test frsevent
Starting test: kccevent
......................... MYPDC passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 02/09/2009 11:03:58
(Event String could not be retrieved)
......................... MYPDC failed test systemlog
Starting test: VerifyReferences
......................... MYPDC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : MYDOMAIN
Starting test: CrossRefValidation
......................... MYDOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... MYDOMAIN passed test CheckSDRefDom
Running enterprise tests on : MYDOMAIN.local
Starting test: Intersite
......................... MYDOMAIN.local passed test Intersite
Starting test: FsmoCheck
......................... MYDOMAIN.local passed test FsmoCheck
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=[ NETDIAG ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Computer Name: MYPDC
DNS Host Name: MYPDC.MYDOMAIN.local
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB911564
KB921503
KB925398_WMP64
KB925902
KB926122
KB927891
KB929123
KB930178
KB931768
KB931784
KB931836
KB932168
KB933360
KB933566
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB937143
KB938127
KB938464
KB939653
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942615
KB942763
KB942830
KB942831
KB942840
KB943055
KB943460
KB943484
KB943485
KB944338
KB944533
KB944653
KB945553
KB946026
KB947864
KB948496
KB948590
KB948881
KB949014
KB950759
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952069
KB952954
KB953838
KB953839
KB954211
KB954600
KB955069
KB955839
KB956390
KB956391
KB956802
KB956803
KB956841
KB957095
KB957097
KB958215
KB958644
KB958687
KB960714
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : MYPDC
IP Address . . . . . . . . : 192.168.1.53
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.53
192.168.2.80
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F761DF85-5918-4E78-B2C2-A5898748F8F6}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.53' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '192.168.2.80' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F761DF85-5918-4E78-B2C2-A5898748F8F6}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F761DF85-5918-4E78-B2C2-A5898748F8F6}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'MYBDC.MYDOMAIN.local'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
DCDIAG-RESULT-02092009.txtNETDIAG-RESULT-02092009.txt
You have 2 problems:
1) Why did the replication fail at all?
2) How to find the DC that has the up-to-date information?
Regarding 1)
It looks like the 2 DCs reside on different subnets. How are they connected? WAN/LAN/VPN? I'd also like to see the output of dcdiag and netdiag of "MYBDC"
2) Check who holds the FSMO roles on your "MYPDC" :
DCdiag /test:Knowsofroleholders /v
Also check which system is authenticating your users (I assume only MYPDC)
If all roles and user authentication is running on MYPDC, the easiest thing would be to denote MYBDC, clean up the Active Directory metadata of MYBDC on MYPDC (http://support.microsoft.com/kb/216498/en-us) and re-promote MYBDC as a domain controller.
If MYBDC does not allow to be denoted, check http://support.microsoft.com/kb/332199/en-us how to force the denote process.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
in AD sites and services - if you force replication what error do you get?
Regards,
PeteLong