[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 946
  • Last Modified:

windows 2008 DC

hi experts,

Two DCs, SV01 and SV03

logged in as a domain admin, run the dcdiag and repadmin from both servers. SV01 passed all test but SV03 has errors as shown below. From dcdiag results, SV03 passed all test except Netlogon and replication. From repadmin /showrepl, last two lines showed denied access. Please advise on how to identify the cause of the failed test.


### DCDIAG Output for SV03####

Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\SV03\netlogon
         Verified share \\SV03\sysvol
         [SV03] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... SV03 failed test NetLogons

Starting test: Replications
         * Replications Check
         [Replications Check,SV03] DsReplicaGetInfo(PENDING_OPS, NULL)
         failed, error 0x2105 "Replication access was denied."
         ......................... SV03 failed test Replications



### REPADMIN /SHOWREPL for SV03####


==== INBOUND NEIGHBORS ======================================


DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:54:08 was successful.

CN=Configuration,DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:51:35 was successful.

CN=Schema,CN=Configuration,DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:51:35 was successful.

DC=DomainDnsZones,DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:51:35 was successful.

DC=ForestDnsZones,DC=rba,DC=com,DC=bn
    RR-site\SV01 via RPC
        DSA object GUID: fa144525-f3d1-49e0-96e1-ea7dac2eaad7
        Last attempt @ 2010-09-09 13:51:35 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.

 
0
kenny_klbn
Asked:
kenny_klbn
2 Solutions
 
Coast-ITCommented:
Have a look at this thread ;

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23527747.html

I know it says 2003, but same rules apply.
0
 
Kini pradeepIT Technology Senior ConsultantCommented:
Is any of these domain controllers a RODC ?
have you run Dcdiag /V in a verbose mode?

could you run the repadmin from Start-Programs-Administrative Tools-Server Manager
Roles-Active Directory Domain Services
Advanced Tools - Repamin.exe and run repadmin /showreps from this cmd prompt

 i have seen issues with the repadmin tool itself.
0
 
Darius GhassemCommented:
Check the permissions on the Netlogon and SYSVOl folders make sure you have the correct permissions listed.
0
 
mattconroyCommented:
Are there any 2003 DC's in your environment. If so; have you ever done an authoritative restore on the 2003 DC's?
0
 
kenny_klbnAuthor Commented:
done
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now