?
Solved

DC replication and demotion

Posted on 2009-12-17
15
Medium Priority
?
885 Views
Last Modified: 2012-05-08
I'm in the process of demoting one DC and promoting another to be master. In the process something has gone awry.

Cxxxx is the current schema master and I want to move this role to new vm Nxxxx. I believe I had things moving in the right direction, until I did a meta cleanup on an abandoned server. Now replication seems to be hosed. If I just force replication will this issue resolve itself?

DNS seems to be OK. see second output below.

thanks.





Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.xxxxx>cd C:\WINDOWS\ServicePackFiles\i38
6>dcdiag

C:\WINDOWS\ServicePackFiles\i386>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: CTS\Nxxxxx
      Starting test: Connectivity
         ......................... Nxxxxx passed test Connectivity

Doing primary tests

   Testing server: CTS\Nxxxxx
      Starting test: Replications
         [Replications Check,Nxxxxx] A recent replication attempt failed:
            From Cxxxxx to Nxxxxx
            Naming Context: DC=ForestDnsZones,DC=xxxxx,DC=org
            The replication generated an error (8456):
            The source server is currently rejecting replication requests.
            The failure occurred at 2009-12-17 08:51:32.
            The last success occurred at 2009-11-17 14:58:28.
            716 failures have occurred since the last success.
            Replication has been explicitly disabled through the server options.

         [Replications Check,Nxxxxx] A recent replication attempt failed:
            From Cxxxxx to Nxxxxx
            Naming Context: DC=DomainDnsZones,DC=xxxxx,DC=org
            The replication generated an error (8456):
            The source server is currently rejecting replication requests.
            The failure occurred at 2009-12-17 09:05:23.
            The last success occurred at 2009-11-17 15:51:54.
            11624 failures have occurred since the last success.
            Replication has been explicitly disabled through the server options.

         [Replications Check,Nxxxxx] A recent replication attempt failed:
            From Cxxxxx to Nxxxxx
            Naming Context: CN=Schema,CN=Configuration,DC=xxxxx,DC=org
            The replication generated an error (8456):
            The source server is currently rejecting replication requests.
            The failure occurred at 2009-12-17 08:51:32.
            The last success occurred at 2009-11-17 14:58:28.
            716 failures have occurred since the last success.
            Replication has been explicitly disabled through the server options.

         [Replications Check,Nxxxxx] A recent replication attempt failed:
            From Cxxxxx to Nxxxxx
            Naming Context: CN=Configuration,DC=xxxxx,DC=org
            The replication generated an error (8456):
            The source server is currently rejecting replication requests.
            The failure occurred at 2009-12-17 08:51:32.
            The last success occurred at 2009-11-17 15:45:21.
            748 failures have occurred since the last success.
            Replication has been explicitly disabled through the server options.

         [Replications Check,Nxxxxx] A recent replication attempt failed:
            From Cxxxxx to Nxxxxx
            Naming Context: DC=xxxxx,DC=org
            The replication generated an error (8456):
            The source server is currently rejecting replication requests.
            The failure occurred at 2009-12-17 09:00:00.
            The last success occurred at 2009-11-17 15:47:33.
            5814 failures have occurred since the last success.
            Replication has been explicitly disabled through the server options.

         [Replications Check,Nxxxxx] A recent replication attempt failed:
            From Cxxxxx to Nxxxxx
            Naming Context: DC=nettech,DC=xxxxx,DC=org
            The replication generated an error (8456):
            The source server is currently rejecting replication requests.
            The failure occurred at 2009-12-17 08:51:32.
            The last success occurred at 2009-11-17 14:58:28.
            716 failures have occurred since the last success.
            Replication has been explicitly disabled through the server options.

         REPLICATION-RECEIVED LATENCY WARNING
         Nxxxxx:  Current time is 2009-12-17 09:05:29.
            DC=ForestDnsZones,DC=xxxxx,DC=org
               Last replication recieved from Cxxxxx at 2009-11-17 16:03:52.
            DC=DomainDnsZones,DC=xxxxx,DC=org
               Last replication recieved from Cxxxxx at 2009-11-17 16:03:51.
            CN=Schema,CN=Configuration,DC=xxxxx,DC=org
               Last replication recieved from Cxxxxx at 2009-11-17 16:03:51.
            CN=Configuration,DC=xxxxx,DC=org
               Last replication recieved from Cxxxxx at 2009-11-17 16:03:51.
            DC=xxxxx,DC=org
               Last replication recieved from Cxxxxx at 2009-11-17 16:04:36.
         ......................... Nxxxxx passed test Replications
      Starting test: NCSecDesc
         ......................... Nxxxxx passed test NCSecDesc
      Starting test: NetLogons
         ......................... Nxxxxx passed test NetLogons
      Starting test: Advertising
         ......................... Nxxxxx passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... Nxxxxx passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... Nxxxxx passed test RidManager
      Starting test: MachineAccount
         Warning:  Attribute userAccountControl of Nxxxxx is: 0x82020 = ( UF_P
ASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TR
USTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... Nxxxxx passed test MachineAccount
      Starting test: Services
         ......................... Nxxxxx passed test Services
      Starting test: ObjectsReplicated
         ......................... Nxxxxx passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... Nxxxxx passed test frssysvol
      Starting test: frsevent
         ......................... Nxxxxx passed test frsevent
      Starting test: kccevent
         ......................... Nxxxxx passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC00010E1
            Time Generated: 12/17/2009   08:11:40
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC00010E1
            Time Generated: 12/17/2009   08:25:43
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC00010E1
            Time Generated: 12/17/2009   08:42:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC00010E1
            Time Generated: 12/17/2009   08:46:46
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC00010E1
            Time Generated: 12/17/2009   08:58:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:05
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:05
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:05
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:05
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/17/2009   09:04:08
            (Event String could not be retrieved)
         ......................... Nxxxxx failed test systemlog
      Starting test: VerifyReferences
         ......................... Nxxxxx passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : xxxxx
      Starting test: CrossRefValidation
         ......................... xxxxx passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... xxxxx passed test CheckSDRefDom

   Running enterprise tests on : xxxxx.org
      Starting test: Intersite
         ......................... xxxxx.org passed test Intersite
      Starting test: FsmoCheck
         ......................... xxxxx.org passed test FsmoCheck

C:\WINDOWS\ServicePackFiles\i386>



DNS TEST


 C:\WINDOWS\ServicePackFiles\i386>dcdiag /test:DNS

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: CTS\Nxxxx
      Starting test: Connectivity
         ......................... Nxxxx passed test Connectivity

Doing primary tests

   Testing server: CTS\Nxxxx

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : xxxxx

   Running enterprise tests on : xxxxx.org
      Starting test: DNS
         Test results for domain controllers:

            DC: Nxxxx.xxxxx.org
            Domain: xxxxx.org


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.9.0.107

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12

         ......................... xxxxx.org passed test DNS

C:\WINDOWS\ServicePackFiles\i386>
0
Comment
Question by:percussed
  • 5
  • 4
  • 4
  • +2
15 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 26071980
Have you restore any of the DCs by using an image? Please post ipconfig /all.
0
 

Author Comment

by:percussed
ID: 26072181
I have not restored any DCs woth an image.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 26073135
FIrst try to determine the role holder dc holding all the roles & its ben recognised using cmd
netdom query fsmo
Follow below step for problem server.
-Check nslookup is working fine from host to IP & vice versa.
-Sysvol & netlogon share is present.
-Connection object is present in ADSS.
-All the AD services like DNS,DFSR(its in wind 2k3 R2),FRS,KDC,Netlogon is started.
-Ports are being able to telnet like 135,88,53,3268,389,445 etc.
-Physicall connectivity is proper & primary & alternate dns has been specified into problem server.
Are you getting netlogon pause error into the eventviewer or check netlogon status on problem server.
 
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 7

Expert Comment

by:jgpd
ID: 26073952
replication is disabled " Replication has been explicitly disabled through the server options"
run repadmin /options on the source DC to see if the outbound replication is disabled, post the results
regards,
Jose
0
 

Author Comment

by:percussed
ID: 26074244
Thanks Awinish, here's the answer to your questions.

-FIrst try to determine the role holder dc holding all the roles & its ben recognised using cmd

-netdom query fsmo

C:\Program Files\Support Tools>netdom query fsmo
Schema owner                Cxxxx.xxxxx.org
Domain role owner           Cxxxx.xxxxx.org
PDC role                    Cxxxx.xxxxx.org
RID pool manager            Cxxxx.xxxxx.org
Infrastructure owner        Dxxxx.xxxxx.org

Follow below step for problem server.

-Check nslookup is working fine from host to IP & vice versa.

nslookup is fine

-Sysvol & netlogon share is present.

sysvol is ok and a share
I don't see a share for netlogon, I have a netlogon.CHG file and netlogon.log, and some others, but no shared folder

-Connection object is present in ADSS.

Connection object is present In AD sites and services for 3 DCs. Cxxxx - to Dxxxx and Nxxxx, Dxxxx - to Cxxxx and Nxxxx, Nxxxx - to Cxxxx and Dxxxx

-All the AD services like DNS,DFSR(its in wind 2k3 R2),FRS,KDC,Netlogon is started.

Services: DNS started, DFSR not present, I have Win2k3 stnd sp2,  (DFS is); FRS,KDC,Netlogon are all started

-Ports are being able to telnet like 135,88,53,3268,389,445 etc.

unsure how to test open ports, no local firewall

-Physicall connectivity is proper & primary & alternate dns has been specified into problem server.

Phys connectivity OK, prim and alt dns set

-Are you getting netlogon pause error into the eventviewer or check netlogon status on problem server.

not getting netlogon pause error, am getting netlogon error to one group of PCs, but I don't believe it's related

netlogon status?- service is started


I am getting

0
 
LVL 7

Expert Comment

by:jgpd
ID: 26074327
please also check for  replications events id, look on the path %Systemroot%\Debug for the frs logs and post the results,the file names are listed from NtFrs_001.log to NtFrs_005.log
Jose
0
 

Author Comment

by:percussed
ID: 26074371
Here's the results of epadmin /options

on Cxxxx (schama master):

C:\Documents and Settings\djames>repadmin /options

repadmin running command /options against server localhost

Current DC Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL


on Nxxxx:

C:\Program Files\Support Tools>repadmin /options

repadmin running command /options against server localhost

Current DC Options: IS_GC

0
 
LVL 24

Expert Comment

by:Awinish
ID: 26074425
You have to use port query tool to check for ports.
Secondly, try telnet to working dc from problem dc like telnet IP port no.

Netlogon is missing so,stop the FRS service,copy the complete sysvol from working dc to problem dc & start the netlogon service,as netlogon uses srv records to locate gc & then dc.

If sysvol & netlogon shares doesn't comes use below steps.

-Stop the File Replication service on the domain controller.
-Start Registry Editor (Regedt32.exe).
-Locate and then click the BurFlags value under the following key in the registry:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
-On the Edit menu, click DWORD, click Hex, type D2, and then click OK.
-Quit Registry Editor.
-Move data out of the PreExisting folder.
-Restart the File Replication Service.


Please use value D2 instead of D4 from kb.

http://support.microsoft.com/kb/315457

http://support.microsoft.com/kb/316790
0
 
LVL 7

Expert Comment

by:jgpd
ID: 26074504
on the CXX server please run:
Repadmin /options -IS_GC
Repadmin /options - DISABLE_INBOUND_REPL
Repadmin /options - DISABLE_OUTBOUND_REPL
 to enable replication on that server  after that  force replication betwen the 2 Dcs
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 800 total points
ID: 26074541
Try to force the replication from ADSS or use repadmin /replicate

repadmin /replicate server1 server2's guid dc=contoso,dc=com

or use repadmin /syncall /a/p/e/p

http://technet.microsoft.com/en-us/library/cc835086%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc835086%28WS.10%29.aspx
0
 
LVL 7

Accepted Solution

by:
jgpd earned 1200 total points
ID: 26074552

Sorry I forgot , please add the dc name before all  the minus sign -
this the sintaxis for repadmin
Repadmin /options <DC> [{+|-} IS_GC] [{+|-} DISABLE_INBOUND_REPL] [{+|- DISABLE_OUTBOUND_REPL] [{+|-} DISAB LE_NTDSCONN_XLATE]
http://technet.microsoft.com/en-us/library/cc811549(WS.10).aspx
Jose
0
 

Author Comment

by:percussed
ID: 26074898
Thanks, awinish and igpd

You both seem to be onto my issues, just not sure which path to follow??
0
 
LVL 24

Expert Comment

by:Awinish
ID: 26075087
Did you try installing fresh OS on new VM & then run dcpromo or used any backup from any media to do that?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26089649
Hello, just logging on to see how things are going. You are in good hands.

It appears to me that you have FRS metadata. There are three steps to a metadata cleanup.

Step 1) AD
Step2) DNS
Step 3) FRS.

I think you will find the FRS metadata in AD sites and services.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question