[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1256
  • Last Modified:

Replication Between 2 Server 2008 Domain Controllers

We have two domain controllers that are also acting as global catalog servers.  We are having some replication issues between both domain controllers.  One of our major issues is that some computers are picking up on group policy changes and others are not.

Both are running Server 2008

What is the first step in troubleshooting this issue?  Is there some type of diagnostic utility?
0
fbclubbock
Asked:
fbclubbock
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
Mike KlineCommented:
repadmin and dcdiag are two tools that will get you started.  The event logs can also help
Repadmin /replsummary  
dcdiag /v
Group policy replication issues could also mean that you are having issues with sysvol replication.  That could be using FRS or DFSR for replication (depends on your fucnionality level)
That should get you started
Thanks
Mike
0
 
fbclubbockAuthor Commented:
I have attached my results of Repadmin, what does the information mean?
Jalapeno.txt
Tabasco.txt
0
 
snusgubbenCommented:
You should post the dcdiag log as they will tell you more.

dcdiag /v /e /f:dcdiag.txt

(the e-switch will diagnose both DC)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
AwinishCommented:

Follow below step for problem server.

-Check nslookup is working fine from host to IP & vice versa.

-Sysvol & netlogon share is present.

-In sites & services,the subnet is mapped to their respective site.

-Connection object is present in ADSS.

-All the AD services like DNS,DFSR(its in wind 2k3 R2),FRS,KDC,Netlogon is started.

-Ports are being able to telnet like 135,88,53,3268,389,445 etc.

-Physicall connectivity is proper & primary & alternate dns has been specified into problem server.

Run dcdiag /v /fix & netdiag /v /fix

Try to force the replication from ADSS or use repadmin /replicate

repadmin /replicate server1 server2's_guid dc=contoso,dc=com

or use repadmin /syncall /a /p /e /d

http://technet.microsoft.com/en-us/library/cc835086%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc835086%28WS.10%29.aspx



0
 
AwinishCommented:
Could you check what event log says?

Restart the DNS, DFSR,FRS,KDC,NETLOGON services into problem dc.
Restating the services will remove the probability of services not running or hanged.


References:

http://technet.microsoft.com/en-us/library/bb727057.aspx

http://technet.microsoft.com/en-us/library/cc755349(WS.10).aspx
0
 
fbclubbockAuthor Commented:
Thanks for the tips and suggestions.

snusgubben - Below is what dcdiag revealed.  Any pointers on something you see as critical?
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine jalapeno, is a Directory Server. 
   Home Server = jalapeno

   * Connecting to directory service on server jalapeno.

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=TABASCO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 2 DC(s). Testing 2 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\JALAPENO

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         Determining IP6 connectivity 
         * Active Directory RPC Services Check
         ......................... JALAPENO passed test Connectivity

   
   Testing server: Default-First-Site-Name\TABASCO

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         Determining IP6 connectivity 
         * Active Directory RPC Services Check
         ......................... TABASCO passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\JALAPENO

      Starting test: Advertising

         The DC JALAPENO is advertising itself as a DC and having a DS.
         The DC JALAPENO is advertising as an LDAP server
         The DC JALAPENO is advertising as having a writeable directory
         The DC JALAPENO is advertising as a Key Distribution Center
         The DC JALAPENO is advertising as a time server
         The DS JALAPENO is advertising as a GC.
         ......................... JALAPENO passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         ......................... JALAPENO passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         ......................... JALAPENO passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... JALAPENO passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... JALAPENO passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         Role Domain Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         Role PDC Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         Role Rid Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         ......................... JALAPENO passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC JALAPENO on DC JALAPENO.
         * SPN found :LDAP/jalapeno.fbclubbock.org/fbclubbock.org
         * SPN found :LDAP/jalapeno.fbclubbock.org
         * SPN found :LDAP/JALAPENO
         * SPN found :LDAP/jalapeno.fbclubbock.org/FBC
         * SPN found :LDAP/fa3bcc81-7dde-4717-b775-d01c394e3569._msdcs.fbclubbock.org
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fa3bcc81-7dde-4717-b775-d01c394e3569/fbclubbock.org
         * SPN found :HOST/jalapeno.fbclubbock.org/fbclubbock.org
         * SPN found :HOST/jalapeno.fbclubbock.org
         * SPN found :HOST/JALAPENO
         * SPN found :HOST/jalapeno.fbclubbock.org/FBC
         * SPN found :GC/jalapeno.fbclubbock.org/fbclubbock.org
         ......................... JALAPENO passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC JALAPENO.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=fbclubbock,DC=org
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=fbclubbock,DC=org
         * Security Permissions Check for

           DC=DomainDnsZones,DC=fbclubbock,DC=org
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=fbclubbock,DC=org
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=fbclubbock,DC=org
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=fbclubbock,DC=org
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=fbclubbock,DC=org
            (Domain,Version 3)
         ......................... JALAPENO failed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\JALAPENO\netlogon
         Verified share \\JALAPENO\sysvol
         ......................... JALAPENO passed test NetLogons

      Starting test: ObjectsReplicated

         JALAPENO is in domain DC=fbclubbock,DC=org
         Checking for CN=JALAPENO,OU=Domain Controllers,DC=fbclubbock,DC=org in domain DC=fbclubbock,DC=org on 2 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org in domain CN=Configuration,DC=fbclubbock,DC=org on 2 servers
            Object is up-to-date on all servers.
         ......................... JALAPENO passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=fbclubbock,DC=org
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=fbclubbock,DC=org
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=fbclubbock,DC=org
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=fbclubbock,DC=org
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=fbclubbock,DC=org
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         * Replication Site Latency Check 
         ......................... JALAPENO passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 9369 to 1073741823
         * jalapeno.fbclubbock.org is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 7869 to 8368
         * rIDPreviousAllocationPool is 7869 to 8368
         * rIDNextRID: 7887
         ......................... JALAPENO passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... JALAPENO passed test Services

      Starting test: SystemLog

         * The System Event log test
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... JALAPENO passed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=JALAPENO,OU=Domain Controllers,DC=fbclubbock,DC=org and backlink on

         CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org

          are correct. 
         The system object reference (serverReferenceBL)

         CN=JALAPENO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fbclubbock,DC=org

         and backlink on

         CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org

         are correct. 
         ......................... JALAPENO passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
   Testing server: Default-First-Site-Name\TABASCO

      Starting test: Advertising

         The DC TABASCO is advertising itself as a DC and having a DS.
         The DC TABASCO is advertising as an LDAP server
         The DC TABASCO is advertising as having a writeable directory
         The DC TABASCO is advertising as a Key Distribution Center
         The DC TABASCO is advertising as a time server
         The DS TABASCO is advertising as a GC.
         ......................... TABASCO passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         ......................... TABASCO passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         ......................... TABASCO passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... TABASCO passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... TABASCO passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         Role Domain Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         Role PDC Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         Role Rid Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=JALAPENO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org
         ......................... TABASCO passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC TABASCO on DC TABASCO.
         * SPN found :LDAP/TABASCO.fbclubbock.org/fbclubbock.org
         * SPN found :LDAP/TABASCO.fbclubbock.org
         * SPN found :LDAP/TABASCO
         * SPN found :LDAP/TABASCO.fbclubbock.org/FBC
         * SPN found :LDAP/03db4fc4-4ac1-4a6b-8bd2-80ee2b13dd9b._msdcs.fbclubbock.org
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/03db4fc4-4ac1-4a6b-8bd2-80ee2b13dd9b/fbclubbock.org
         * SPN found :HOST/TABASCO.fbclubbock.org/fbclubbock.org
         * SPN found :HOST/TABASCO.fbclubbock.org
         * SPN found :HOST/TABASCO
         * SPN found :HOST/TABASCO.fbclubbock.org/FBC
         * SPN found :GC/TABASCO.fbclubbock.org/fbclubbock.org
         ......................... TABASCO passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC TABASCO.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=fbclubbock,DC=org
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=fbclubbock,DC=org
         * Security Permissions Check for

           DC=DomainDnsZones,DC=fbclubbock,DC=org
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=fbclubbock,DC=org
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=fbclubbock,DC=org
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=fbclubbock,DC=org
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=fbclubbock,DC=org
            (Domain,Version 3)
         ......................... TABASCO failed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\TABASCO\netlogon
         Verified share \\TABASCO\sysvol
         ......................... TABASCO passed test NetLogons

      Starting test: ObjectsReplicated

         TABASCO is in domain DC=fbclubbock,DC=org
         Checking for CN=TABASCO,OU=Domain Controllers,DC=fbclubbock,DC=org in domain DC=fbclubbock,DC=org on 2 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=TABASCO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org in domain CN=Configuration,DC=fbclubbock,DC=org on 2 servers
            Object is up-to-date on all servers.
         ......................... TABASCO passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=fbclubbock,DC=org
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=fbclubbock,DC=org
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=fbclubbock,DC=org
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=fbclubbock,DC=org
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=fbclubbock,DC=org
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         * Replication Site Latency Check 
         ......................... TABASCO passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 9369 to 1073741823
         * jalapeno.fbclubbock.org is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 8369 to 8868
         * rIDPreviousAllocationPool is 8369 to 8868
         * rIDNextRID: 8374
         ......................... TABASCO passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... TABASCO passed test Services

      Starting test: SystemLog

         * The System Event log test
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... TABASCO passed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=TABASCO,OU=Domain Controllers,DC=fbclubbock,DC=org and backlink on

         CN=TABASCO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org

         are correct. 
         The system object reference (serverReferenceBL)

         CN=TABASCO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fbclubbock,DC=org

         and backlink on

         CN=NTDS Settings,CN=TABASCO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fbclubbock,DC=org

         are correct. 
         ......................... TABASCO passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : fbclubbock

      Starting test: CheckSDRefDom

         ......................... fbclubbock passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... fbclubbock passed test CrossRefValidation

   
   Running enterprise tests on : fbclubbock.org

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\jalapeno.fbclubbock.org

         Locator Flags: 0xe00013fd
         PDC Name: \\jalapeno.fbclubbock.org
         Locator Flags: 0xe00013fd
         Time Server Name: \\jalapeno.fbclubbock.org
         Locator Flags: 0xe00013fd
         Preferred Time Server Name: \\jalapeno.fbclubbock.org
         Locator Flags: 0xe00013fd
         KDC Name: \\jalapeno.fbclubbock.org
         Locator Flags: 0xe00013fd
         ......................... fbclubbock.org passed test LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided. 
         ......................... fbclubbock.org passed test Intersite

Open in new window

0
 
AwinishCommented:
The forest is not ready for RODC, did you updated the schema before introducing RODC?
0
 
snusgubbenCommented:
If you don't have RODC's or don't plan to get some, then you don't need to run "adprep /rodcprep", but you will get the NCSecDesc errors in the dcdiag. These error can be disregarded.

The rest of the log seems fine. When you say some clients are picking up GPO changes while some are not, then you should troubleshoot with the GPMC -> RSoP. Test against a computer/user that do not get changes.

A quick test is just to count the folders in "..\sysvol\<domain>\policies" on both DC's. Same amount of folders (policies)?


SG
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now