Solved

windows 2008 DC

Posted on 2010-09-08
5
935 Views
Last Modified: 2012-05-10
hi experts,

Two DCs, SV01 and SV03

logged in as a domain admin, run the dcdiag and repadmin from both servers. SV01 passed all test but SV03 has errors as shown below. From dcdiag results, SV03 passed all test except Netlogon and replication. From repadmin /showrepl, last two lines showed denied access. Please advise on how to identify the cause of the failed test.


### DCDIAG Output for SV03####

Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\SV03\netlogon
         Verified share \\SV03\sysvol
         [SV03] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... SV03 failed test NetLogons

Starting test: Replications
         * Replications Check
         [Replications Check,SV03] DsReplicaGetInfo(PENDING_OPS, NULL)
         failed, error 0x2105 "Replication access was denied."
         ......................... SV03 failed test Replications



### REPADMIN /SHOWREPL for SV03####


==== INBOUND NEIGHBORS ======================================


DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:54:08 was successful.

CN=Configuration,DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:51:35 was successful.

CN=Schema,CN=Configuration,DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:51:35 was successful.

DC=DomainDnsZones,DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:51:35 was successful.

DC=ForestDnsZones,DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:51:35 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.

 
0
Comment
Question by:kenny_klbn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
Coast-IT earned 250 total points
ID: 33634228
Have a look at this thread ;

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23527747.html

I know it says 2003, but same rules apply.
0
 
LVL 13

Assisted Solution

by:Kini pradeep
Kini pradeep earned 250 total points
ID: 33635501
Is any of these domain controllers a RODC ?
have you run Dcdiag /V in a verbose mode?

could you run the repadmin from Start-Programs-Administrative Tools-Server Manager
Roles-Active Directory Domain Services
Advanced Tools - Repamin.exe and run repadmin /showreps from this cmd prompt

 i have seen issues with the repadmin tool itself.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33637306
Check the permissions on the Netlogon and SYSVOl folders make sure you have the correct permissions listed.
0
 
LVL 6

Expert Comment

by:mattconroy
ID: 33638983
Are there any 2003 DC's in your environment. If so; have you ever done an authoritative restore on the 2003 DC's?
0
 

Author Closing Comment

by:kenny_klbn
ID: 33786113
done
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question