kenny_klbn
asked on
windows 2008 DC
hi experts,
Two DCs, SV01 and SV03
logged in as a domain admin, run the dcdiag and repadmin from both servers. SV01 passed all test but SV03 has errors as shown below. From dcdiag results, SV03 passed all test except Netlogon and replication. From repadmin /showrepl, last two lines showed denied access. Please advise on how to identify the cause of the failed test.
### DCDIAG Output for SV03####
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SV03\netlogon
Verified share \\SV03\sysvol
[SV03] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... SV03 failed test NetLogons
Starting test: Replications
* Replications Check
[Replications Check,SV03] DsReplicaGetInfo(PENDING_O PS, NULL)
failed, error 0x2105 "Replication access was denied."
......................... SV03 failed test Replications
### REPADMIN /SHOWREPL for SV03####
==== INBOUND NEIGHBORS ========================== ========== ==
DC=rba,DC=com,DC=bn
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea 7dac2eaad7
Last attempt @ 2010-09-09 13:54:08 was successful.
CN=Configuration,DC=rba,DC =com,DC=bn
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea 7dac2eaad7
Last attempt @ 2010-09-09 13:51:35 was successful.
CN=Schema,CN=Configuration ,DC=rba,DC =com,DC=bn
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea 7dac2eaad7
Last attempt @ 2010-09-09 13:51:35 was successful.
DC=DomainDnsZones,DC=rba,D C=com,DC=b n
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea 7dac2eaad7
Last attempt @ 2010-09-09 13:51:35 was successful.
DC=ForestDnsZones,DC=rba,D C=com,DC=b n
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea 7dac2eaad7
Last attempt @ 2010-09-09 13:51:35 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
Two DCs, SV01 and SV03
logged in as a domain admin, run the dcdiag and repadmin from both servers. SV01 passed all test but SV03 has errors as shown below. From dcdiag results, SV03 passed all test except Netlogon and replication. From repadmin /showrepl, last two lines showed denied access. Please advise on how to identify the cause of the failed test.
### DCDIAG Output for SV03####
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SV03\netlogon
Verified share \\SV03\sysvol
[SV03] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... SV03 failed test NetLogons
Starting test: Replications
* Replications Check
[Replications Check,SV03] DsReplicaGetInfo(PENDING_O
failed, error 0x2105 "Replication access was denied."
......................... SV03 failed test Replications
### REPADMIN /SHOWREPL for SV03####
==== INBOUND NEIGHBORS ==========================
DC=rba,DC=com,DC=bn
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea
Last attempt @ 2010-09-09 13:54:08 was successful.
CN=Configuration,DC=rba,DC
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea
Last attempt @ 2010-09-09 13:51:35 was successful.
CN=Schema,CN=Configuration
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea
Last attempt @ 2010-09-09 13:51:35 was successful.
DC=DomainDnsZones,DC=rba,D
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea
Last attempt @ 2010-09-09 13:51:35 was successful.
DC=ForestDnsZones,DC=rba,D
RR-site\SV01 via RPC
DSA object GUID: fa144525-f3d1-49e0-96e1-ea
Last attempt @ 2010-09-09 13:51:35 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check the permissions on the Netlogon and SYSVOl folders make sure you have the correct permissions listed.
Are there any 2003 DC's in your environment. If so; have you ever done an authoritative restore on the 2003 DC's?
ASKER
done