Active Directory Fails Replication
I have a network that has two Windows 2003 domain controllers in one site including the master domain controller and a third that is Windows 2008 R2 in a 2nd site across a full T1. I am proficient in active directory setup as I have done dozens of them. I removed the windows 2003 domain controller from the 2nd site several months ago and replaced it with the Win 2008 R2 domain controller. I demoted the old one whithout any errors and promoted the new one without any errors. For a reason that I don't know the new server tombstoned on me. I have spent two days trying to fix this.
All 3 servers are DNS servers and DNS replications appears to be working fine. I can ping all 3 servers from each domain controller using server names. The two domain controllers in the main site replicate with each other fine. Since DNS issues are a frequent cause of tombstoning, I've spent hours looking thru the DNS records and all appear to be correct and there is nothing old there. I've run dcdiag /fix many times. When I run netdiag on both Win 2003 servers I get no errors. Netdiag has been depricated on Win 2008 R2 so I can't run that.
I finally decided to demote the Win 2008 R2 controller using the force option since it would not demote the normal way. I cleaned up the metadata stuff left behind by the force removal and then promoted it again to be a domain controller with no errors. Unfortunatly I still am having replication problems between the Windows 2008 R2 and both servers in the other site.
When I open the Run command and type in either server name in the form of \\servername from the Win 2008 R2 server it works fine for both. However when I do the same from both Win 2003 servers I get the same error of "No network provider accepted the given network path.".
When I run dcdiag from the Win 2003 master domain controller I get the following:
C:\WINDOWS>dcdiag /fix
__________________________
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: PDC-Main-Club\PDC-FILE
Starting test: Connectivity
......................... PDC-FILE passed test Connectivity
Doing primary tests
Testing server: PDC-Main-Club\PDC-FILE
Starting test: Replications
......................... PDC-FILE passed test Replications
Starting test: NCSecDesc
......................... PDC-FILE passed test NCSecDesc
Starting test: NetLogons
......................... PDC-FILE passed test NetLogons
Starting test: Advertising
......................... PDC-FILE passed test Advertising
Starting test: KnowsOfRoleHolders
......................... PDC-FILE passed test KnowsOfRoleHolders
Starting test: RidManager
......................... PDC-FILE passed test RidManager
Starting test: MachineAccount
......................... PDC-FILE passed test MachineAccount
Starting test: Services
......................... PDC-FILE passed test Services
Starting test: ObjectsReplicated
......................... PDC-FILE passed test ObjectsReplicated
Starting test: frssysvol
......................... PDC-FILE passed test frssysvol
Starting test: frsevent
......................... PDC-FILE passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x80000785
Time Generated: 09/06/2010 14:04:09
Event String: The attempt to establish a replication link for
......................... PDC-FILE failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/06/2010 13:15:14
Event String: The session setup from computer 'PDC-DT18' failed
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/06/2010 13:18:19
Event String: The session setup from the computer PDC-DT18
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/06/2010 13:18:53
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/06/2010 13:18:53
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/06/2010 13:18:53
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/06/2010 13:18:53
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/06/2010 13:33:23
Event String: The session setup from computer 'PDC-DT27' failed
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/06/2010 13:33:24
Event String: The session setup from computer 'PDC-DT18A'
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/06/2010 13:35:23
Event String: The session setup from the computer PDC-DT27
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/06/2010 13:36:50
Event String: The session setup from the computer PDC-DT18A
An Error Event occured. EventID: 0xC0000036
Time Generated: 09/06/2010 13:59:12
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/06/2010 14:05:37
Event String: The session setup from computer 'PDC-DT27' failed
......................... PDC-FILE failed test systemlog
Starting test: VerifyReferences
......................... PDC-FILE passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : drivingclub
Starting test: CrossRefValidation
......................... drivingclub passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... drivingclub passed test CheckSDRefDom
Running enterprise tests on : drivingclub.com
Starting test: Intersite
......................... drivingclub.com passed test Intersite
Starting test: FsmoCheck
......................... drivingclub.com passed test FsmoCheck
__________________________
When I run DCDiag from 2nd Win 2003 domain controller I get similiar results:
C:\Program Files\Support Tools>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: PDC-Main-Club\PDC-MAIL
Starting test: Connectivity
......................... PDC-MAIL passed test Connectivity
Doing primary tests
Testing server: PDC-Main-Club\PDC-MAIL
Starting test: Replications
......................... PDC-MAIL passed test Replications
Starting test: NCSecDesc
......................... PDC-MAIL passed test NCSecDesc
Starting test: NetLogons
......................... PDC-MAIL passed test NetLogons
Starting test: Advertising
......................... PDC-MAIL passed test Advertising
Starting test: KnowsOfRoleHolders
......................... PDC-MAIL passed test KnowsOfRoleHolders
Starting test: RidManager
......................... PDC-MAIL passed test RidManager
Starting test: MachineAccount
......................... PDC-MAIL passed test MachineAccount
Starting test: Services
......................... PDC-MAIL passed test Services
Starting test: ObjectsReplicated
......................... PDC-MAIL passed test ObjectsReplicated
Starting test: frssysvol
......................... PDC-MAIL passed test frssysvol
Starting test: frsevent
......................... PDC-MAIL passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000061E
Time Generated: 09/06/2010 14:11:05
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 09/06/2010 14:11:05
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 09/06/2010 14:11:05
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 09/06/2010 14:11:05
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 09/06/2010 14:11:05
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 09/06/2010 14:11:05
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x80000785
Time Generated: 09/06/2010 14:11:26
Event String: The attempt to establish a replication link for
......................... PDC-MAIL failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:58:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:58:36
(Event String could not be retrieved)
......................... PDC-MAIL failed test systemlog
Starting test: VerifyReferences
......................... PDC-MAIL passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : drivingclub
Starting test: CrossRefValidation
......................... drivingclub passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... drivingclub passed test CheckSDRefDom
Running enterprise tests on : drivingclub.com
Starting test: Intersite
......................... drivingclub.com passed test Intersite
Starting test: FsmoCheck
......................... drivingclub.com passed test FsmoCheck
__________________________
But when I run DCDiag from the Win 2008 R2 server in teh 2nd site I get:
C:\>dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PDC-FILE2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: PDC-Golf-Club\PDC-FILE2
Starting test: Connectivity
......................... PDC-FILE2 passed test Connectivity
Doing primary tests
Testing server: PDC-Golf-Club\PDC-FILE2
Starting test: Advertising
Warning: DsGetDcName returned information for
\\pdc-file.drivingclub.com
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... PDC-FILE2 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PDC-FILE2 passed test FrsEvent
Starting test: DFSREvent
......................... PDC-FILE2 passed test DFSREvent
Starting test: SysVolCheck
......................... PDC-FILE2 passed test SysVolCheck
Starting test: KccEvent
......................... PDC-FILE2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PDC-FILE2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PDC-FILE2 passed test MachineAccount
Starting test: NCSecDesc
......................... PDC-FILE2 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\PDC-FILE2\netlogon)
[PDC-FILE2] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... PDC-FILE2 failed test NetLogons
Starting test: ObjectsReplicated
......................... PDC-FILE2 passed test ObjectsReplicated
Starting test: Replications
......................... PDC-FILE2 passed test Replications
Starting test: RidManager
......................... PDC-FILE2 passed test RidManager
Starting test: Services
......................... PDC-FILE2 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:19:48
Event String:
DCOM was unable to communicate with the computer pdc-file.drivingclu
b.com using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:20:09
Event String:
DCOM was unable to communicate with the computer 10.12.15.10 using a
ny of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:20:31
Event String:
DCOM was unable to communicate with the computer pdc-file.drivingclu
b.com using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:20:52
Event String:
DCOM was unable to communicate with the computer 10.12.15.10 using a
ny of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:21:13
Event String:
DCOM was unable to communicate with the computer pdc-file.drivingclu
b.com using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:21:22
Event String:
DCOM was unable to communicate with the computer 10.12.15.10 using a
ny of the configured protocols.
......................... PDC-FILE2 failed test SystemLog
Starting test: VerifyReferences
......................... PDC-FILE2 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : drivingclub
Starting test: CheckSDRefDom
......................... drivingclub passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... drivingclub passed test CrossRefValidation
Running enterprise tests on : drivingclub.com
Starting test: LocatorCheck
......................... drivingclub.com passed test LocatorCheck
Starting test: Intersite
......................... drivingclub.com passed test Intersite
__________________________
Notice the Advertising test warning and the 67 Error. In the logs of the Win 2008 R2 server I get constant Event 13565 followed by two 13508 and I never get a 13509. In the logs of the Win 2003 servers i get constant NTDS KCC Event ID 1925 repeated.
Does anyone have an idea of how I can fix this? Your help is greatly appreciated!!! Thanks! :-)
All 3 servers are DNS servers and DNS replications appears to be working fine. I can ping all 3 servers from each domain controller using server names. The two domain controllers in the main site replicate with each other fine. Since DNS issues are a frequent cause of tombstoning, I've spent hours looking thru the DNS records and all appear to be correct and there is nothing old there. I've run dcdiag /fix many times. When I run netdiag on both Win 2003 servers I get no errors. Netdiag has been depricated on Win 2008 R2 so I can't run that.
I finally decided to demote the Win 2008 R2 controller using the force option since it would not demote the normal way. I cleaned up the metadata stuff left behind by the force removal and then promoted it again to be a domain controller with no errors. Unfortunatly I still am having replication problems between the Windows 2008 R2 and both servers in the other site.
When I open the Run command and type in either server name in the form of \\servername from the Win 2008 R2 server it works fine for both. However when I do the same from both Win 2003 servers I get the same error of "No network provider accepted the given network path.".
When I run dcdiag from the Win 2003 master domain controller I get the following:
C:\WINDOWS>dcdiag /fix
__________________________
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: PDC-Main-Club\PDC-FILE
Starting test: Connectivity
......................... PDC-FILE passed test Connectivity
Doing primary tests
Testing server: PDC-Main-Club\PDC-FILE
Starting test: Replications
......................... PDC-FILE passed test Replications
Starting test: NCSecDesc
......................... PDC-FILE passed test NCSecDesc
Starting test: NetLogons
......................... PDC-FILE passed test NetLogons
Starting test: Advertising
......................... PDC-FILE passed test Advertising
Starting test: KnowsOfRoleHolders
......................... PDC-FILE passed test KnowsOfRoleHolders
Starting test: RidManager
......................... PDC-FILE passed test RidManager
Starting test: MachineAccount
......................... PDC-FILE passed test MachineAccount
Starting test: Services
......................... PDC-FILE passed test Services
Starting test: ObjectsReplicated
......................... PDC-FILE passed test ObjectsReplicated
Starting test: frssysvol
......................... PDC-FILE passed test frssysvol
Starting test: frsevent
......................... PDC-FILE passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x80000785
Time Generated: 09/06/2010 14:04:09
Event String: The attempt to establish a replication link for
......................... PDC-FILE failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/06/2010 13:15:14
Event String: The session setup from computer 'PDC-DT18' failed
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/06/2010 13:18:19
Event String: The session setup from the computer PDC-DT18
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/06/2010 13:18:53
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/06/2010 13:18:53
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/06/2010 13:18:53
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/06/2010 13:18:53
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/06/2010 13:33:23
Event String: The session setup from computer 'PDC-DT27' failed
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/06/2010 13:33:24
Event String: The session setup from computer 'PDC-DT18A'
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/06/2010 13:35:23
Event String: The session setup from the computer PDC-DT27
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/06/2010 13:36:50
Event String: The session setup from the computer PDC-DT18A
An Error Event occured. EventID: 0xC0000036
Time Generated: 09/06/2010 13:59:12
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/06/2010 14:05:37
Event String: The session setup from computer 'PDC-DT27' failed
......................... PDC-FILE failed test systemlog
Starting test: VerifyReferences
......................... PDC-FILE passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : drivingclub
Starting test: CrossRefValidation
......................... drivingclub passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... drivingclub passed test CheckSDRefDom
Running enterprise tests on : drivingclub.com
Starting test: Intersite
......................... drivingclub.com passed test Intersite
Starting test: FsmoCheck
......................... drivingclub.com passed test FsmoCheck
__________________________
When I run DCDiag from 2nd Win 2003 domain controller I get similiar results:
C:\Program Files\Support Tools>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: PDC-Main-Club\PDC-MAIL
Starting test: Connectivity
......................... PDC-MAIL passed test Connectivity
Doing primary tests
Testing server: PDC-Main-Club\PDC-MAIL
Starting test: Replications
......................... PDC-MAIL passed test Replications
Starting test: NCSecDesc
......................... PDC-MAIL passed test NCSecDesc
Starting test: NetLogons
......................... PDC-MAIL passed test NetLogons
Starting test: Advertising
......................... PDC-MAIL passed test Advertising
Starting test: KnowsOfRoleHolders
......................... PDC-MAIL passed test KnowsOfRoleHolders
Starting test: RidManager
......................... PDC-MAIL passed test RidManager
Starting test: MachineAccount
......................... PDC-MAIL passed test MachineAccount
Starting test: Services
......................... PDC-MAIL passed test Services
Starting test: ObjectsReplicated
......................... PDC-MAIL passed test ObjectsReplicated
Starting test: frssysvol
......................... PDC-MAIL passed test frssysvol
Starting test: frsevent
......................... PDC-MAIL passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000061E
Time Generated: 09/06/2010 14:11:05
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 09/06/2010 14:11:05
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 09/06/2010 14:11:05
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 09/06/2010 14:11:05
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 09/06/2010 14:11:05
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 09/06/2010 14:11:05
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x80000785
Time Generated: 09/06/2010 14:11:26
Event String: The attempt to establish a replication link for
......................... PDC-MAIL failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:18:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:58:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/06/2010 13:58:36
(Event String could not be retrieved)
......................... PDC-MAIL failed test systemlog
Starting test: VerifyReferences
......................... PDC-MAIL passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : drivingclub
Starting test: CrossRefValidation
......................... drivingclub passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... drivingclub passed test CheckSDRefDom
Running enterprise tests on : drivingclub.com
Starting test: Intersite
......................... drivingclub.com passed test Intersite
Starting test: FsmoCheck
......................... drivingclub.com passed test FsmoCheck
__________________________
But when I run DCDiag from the Win 2008 R2 server in teh 2nd site I get:
C:\>dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PDC-FILE2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: PDC-Golf-Club\PDC-FILE2
Starting test: Connectivity
......................... PDC-FILE2 passed test Connectivity
Doing primary tests
Testing server: PDC-Golf-Club\PDC-FILE2
Starting test: Advertising
Warning: DsGetDcName returned information for
\\pdc-file.drivingclub.com
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... PDC-FILE2 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PDC-FILE2 passed test FrsEvent
Starting test: DFSREvent
......................... PDC-FILE2 passed test DFSREvent
Starting test: SysVolCheck
......................... PDC-FILE2 passed test SysVolCheck
Starting test: KccEvent
......................... PDC-FILE2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PDC-FILE2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PDC-FILE2 passed test MachineAccount
Starting test: NCSecDesc
......................... PDC-FILE2 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\PDC-FILE2\netlogon)
[PDC-FILE2] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... PDC-FILE2 failed test NetLogons
Starting test: ObjectsReplicated
......................... PDC-FILE2 passed test ObjectsReplicated
Starting test: Replications
......................... PDC-FILE2 passed test Replications
Starting test: RidManager
......................... PDC-FILE2 passed test RidManager
Starting test: Services
......................... PDC-FILE2 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:19:48
Event String:
DCOM was unable to communicate with the computer pdc-file.drivingclu
b.com using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:20:09
Event String:
DCOM was unable to communicate with the computer 10.12.15.10 using a
ny of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:20:31
Event String:
DCOM was unable to communicate with the computer pdc-file.drivingclu
b.com using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:20:52
Event String:
DCOM was unable to communicate with the computer 10.12.15.10 using a
ny of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:21:13
Event String:
DCOM was unable to communicate with the computer pdc-file.drivingclu
b.com using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 09/06/2010 13:21:22
Event String:
DCOM was unable to communicate with the computer 10.12.15.10 using a
ny of the configured protocols.
......................... PDC-FILE2 failed test SystemLog
Starting test: VerifyReferences
......................... PDC-FILE2 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : drivingclub
Starting test: CheckSDRefDom
......................... drivingclub passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... drivingclub passed test CrossRefValidation
Running enterprise tests on : drivingclub.com
Starting test: LocatorCheck
......................... drivingclub.com passed test LocatorCheck
Starting test: Intersite
......................... drivingclub.com passed test Intersite
__________________________
Notice the Advertising test warning and the 67 Error. In the logs of the Win 2008 R2 server I get constant Event 13565 followed by two 13508 and I never get a 13509. In the logs of the Win 2003 servers i get constant NTDS KCC Event ID 1925 repeated.
Does anyone have an idea of how I can fix this? Your help is greatly appreciated!!! Thanks! :-)
ASKER
After the 2008 was demoted forcefully and then promted with no error, both the netlogon and sysvol shares are NOT there.
I tried pointing all primary dns to master controller and doesn't work. I tried pointing the Win 2008 to the 2003 and the secondary to itself - and vica versa and that doesn't work.
I looked at the srv records again for the 20th time and noticed that there are no missing SRV records but there are extra SRV records for both domain controllers from the first site listed again in the remote site. I went ahead and removed them but it didn't make any difference.
Any other thoughts?
I tried pointing all primary dns to master controller and doesn't work. I tried pointing the Win 2008 to the 2003 and the secondary to itself - and vica versa and that doesn't work.
I looked at the srv records again for the 20th time and noticed that there are no missing SRV records but there are extra SRV records for both domain controllers from the first site listed again in the remote site. I went ahead and removed them but it didn't make any difference.
Any other thoughts?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The old domain controller that i removed several months ago worked fine for several years across a Frac T1. When I installed the Win 2008 R2 I had no problems doing that across the same line. There isn't a firewall on the 2 Win 2003 domain controllers and there is the Windows firewall on the Win 2008 R2 server but as best I can tell the ports are open to allow replaication. We did install a new private point to point AT&T full T1 a couple of months ago but the Win 2008 R2 server tombstoned months before that was installed - I just didn't realize it. AT&T is managing the routers for the new T1 and there are no firewalls needed since it is a private T1 line. I don't have a way to look at the configs of those AT&T routers though. Anything is possible but the AT&T routers shouldn't be blocking ports.
Ok ... can you verify that the network configuration on the three servers is correct putting particular emphasis on the subnet mask?
A thought just occured to me while you're checking the network settings on your Windows 2008 R2 box make sure that "File and Printer sharing for Microsoft networks" is enabled, and "Client for Microsoft Networks"
ASKER
Yes I created 2 sites in ADSS and set up a class C: ip address on each 10.12.15.x 255.255.255.0 on one of them and 10.12.16.x 255.255.255.0 on the other. I attached each site to a subnet.
Yes File & Printer sharing roles are installed and the MS Client for MS Networks is bound to the NIC. sr
Yes File & Printer sharing roles are installed and the MS Client for MS Networks is bound to the NIC. sr
"No network provider accepted the given network path." indicates that you have a NetBIOS problem on your server. I'm just trying to determine the root of it.
Can you check your NIC settings on the Windows 2008 R2 box and verify that you haven't disabled NetBIOS over TCP/IP?
Can you check your NIC settings on the Windows 2008 R2 box and verify that you haven't disabled NetBIOS over TCP/IP?
ASKER
All 3 domain controller are set to the Default - if it is a static then use it. I went ahead and forced it on for the Win 2008 R2 server but no change. On that server I have turned on Computer Browser, SSDP, uPNP already so that Network Discovery will turn on. Note that this server uses Hyper-V so it messes with the NIC ports. This is an HP server with a dual NIC ports built in and there is one Virtual server that also runs on it.
ASKER
I've demoted the Windows 2008 R2 server using force and cleaned up metadata. I cleaned up all DNS as well. I still can't map a drive to Win 2008 R2 server and I get a 67 error when I try it. I can map from the 2008 server over to th 2003 servers just fine but not the other way. I updated the NIC card driver with the latest from HPs site. Now that the domain controller stuff has been removed why can't I map a drive?? Thanks for the help!
Are the Win2K3 servers running FRS and the Win2K8 running DFS and not FRS?
So at this point the 2008 DC has been force demoted and cleaned out?
ASKER
Yes it is sitting there just as a member server. I can not map a drive over to it from the other servers which is wierd. I've got AT&T checking the routers on the T1 to see if they are blocking any ports - they are not supposed to be blocking anything as it is a private line. I get a 67 error when I try and map a drive. Mapping a drive the other direction works.
ASKER
Is there a way to test to make sure all ports are open that Active Directory across a router that we don't manage?
I believe the reason for the 67 error is a NetBIOS problem, which I believe is the same cause for the network provider path error problem. On the Windows 2008 R2 box try uninstall the NIC card in the device manager and resinstalling.
ASKER
I removed the driver from both NICs and rebooted and the drivers were reinstalled. Unfortunately still can't map a drive - still get error 67. I can still ping it though. I tend to agree that it might be a netbiois problem but I don't know what might be causing it. I installed the latest NIC driver from HP yesterday but no change. Any more thoughts?
Do you have any GP's in place the change the default settings for NTLM or any security parameters of the sort?
ASKER
No and i checked Security Policy just in case and the Win 2003 Master Domain Controller is set for NTLM only.
ASKER
AT&T came out and reprogrammed both routers to fully open up all the ports. They also fixed a problem with the T1 line. I also added a route statement to both Win 2003 servers to make sure traffic intended for the remote site was going there - just in case the firewall was somehow blocking. It is a Comcast modem/firewall unfortunately.
ASKER
Appreciated the Help!
Just tossing out some questions.
1) Do both the netlogon and sysvol share exist on the 2008 server?
2) Double check DNS specifically SRV records, are they correct?
3) DNS on the 2008 and 2003 servers are pointed to themselves and the PDC second?