Replication issues after server conflict
I have 2 domain controllers. One at site A and one at site B.
At site A, I converted the domain controller (DC) to a virtual machine. After I booted the new VM DC, I started the old one to check something and forgot to remove the network cables. So, it tried to get on the network and gave me a conflicting machine message. I remove the cables from the old machine, but now I am getting a bunch of errors. Basically, the new DC doesn't look valid to the other DC at site B.
Here is a list of errors and the DCDIAG.exe output
Your help is GREATLY appreciated!
At site A, I converted the domain controller (DC) to a virtual machine. After I booted the new VM DC, I started the old one to check something and forgot to remove the network cables. So, it tried to get on the network and gave me a conflicting machine message. I remove the cables from the old machine, but now I am getting a bunch of errors. Basically, the new DC doesn't look valid to the other DC at site B.
Here is a list of errors and the DCDIAG.exe output
Your help is GREATLY appreciated!
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Ottawa\DC2
Starting test: Connectivity
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Ottawa\DC2
Starting test: Replications
[Replications Check,DC2] A recent replication attempt failed:
From DC1 to DC2
Naming Context: DC=ForestDnsZones,DC=DOMAIN,DC=local
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2010-09-17 13:33:27.
The last success occurred at 2010-09-15 13:34:09.
191 failures have occurred since the last success.
[Replications Check,DC2] A recent replication attempt failed:
From DC1 to DC2
Naming Context: DC=DomainDnsZones,DC=DOMAIN,DC=local
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2010-09-17 13:33:27.
The last success occurred at 2010-09-15 13:34:09.
191 failures have occurred since the last success.
[Replications Check,DC2] A recent replication attempt failed:
From DC1 to DC2
Naming Context: CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
The replication generated an error (-2146893022):
Win32 Error -2146893022
The failure occurred at 2010-09-17 13:33:28.
The last success occurred at 2010-09-15 13:34:09.
191 failures have occurred since the last success.
[Replications Check,DC2] A recent replication attempt failed:
From DC1 to DC2
Naming Context: CN=Configuration,DC=DOMAIN,DC=local
The replication generated an error (-2146893022):
Win32 Error -2146893022
The failure occurred at 2010-09-17 13:33:27.
The last success occurred at 2010-09-15 13:34:09.
191 failures have occurred since the last success.
[Replications Check,DC2] A recent replication attempt failed:
From DC1 to DC2
Naming Context: DC=DOMAIN,DC=local
The replication generated an error (-2146893022):
Win32 Error -2146893022
The failure occurred at 2010-09-17 13:33:27.
The last success occurred at 2010-09-15 13:34:09.
191 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
DC2: Current time is 2010-09-17 13:45:11.
DC=ForestDnsZones,DC=DOMAIN,DC=local
Last replication recieved from DC1 at 2010-09-15 13:34:09.
DC=DomainDnsZones,DC=DOMAIN,DC=local
Last replication recieved from DC1 at 2010-09-15 13:34:09.
CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
Last replication recieved from DC1 at 2010-09-15 13:34:09.
CN=Configuration,DC=DOMAIN,DC=local
Last replication recieved from DC1 at 2010-09-15 13:34:09.
DC=DOMAIN,DC=local
Last replication recieved from DC1 at 2010-09-15 13:34:09.
REPLICATION-RECEIVED LATENCY WARNING
Source site:
CN=NTDS Site Settings,CN=Markham,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Current time: 2010-09-17 13:45:12
Last update time: 2010-09-15 12:52:37
Check if source site has an elected ISTG running.
Check replication from source site to this server.
......................... DC2 passed test Replications
Starting test: NCSecDesc
......................... DC2 passed test NCSecDesc
Starting test: NetLogons
......................... DC2 passed test NetLogons
Starting test: Advertising
......................... DC2 passed test Advertising
Starting test: KnowsOfRoleHolders
[DC1] DsBindWithSpnEx() failed with error -2146893022,
Win32 Error -2146893022.
Warning: DC1 is the Schema Owner, but is not responding to DS RPC Bind.
[DC1] LDAP bind failed with error 8341,
Win32 Error 8341.
Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... DC2 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC2 failed test RidManager
Starting test: MachineAccount
......................... DC2 passed test MachineAccount
Starting test: Services
......................... DC2 passed test Services
Starting test: ObjectsReplicated
......................... DC2 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC2 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC2 failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000061E
Time Generated: 09/17/2010 13:41:34
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 09/17/2010 13:41:34
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 09/17/2010 13:41:34
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 09/17/2010 13:41:34
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 09/17/2010 13:41:34
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 09/17/2010 13:41:34
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 09/17/2010 13:41:34
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 09/17/2010 13:41:34
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 09/17/2010 13:41:34
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 09/17/2010 13:41:34
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 09/17/2010 13:41:34
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 09/17/2010 13:41:34
Event String: The Knowledge Consistency Checker (KCC) was
......................... DC2 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 09/17/2010 13:07:04
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 09/17/2010 13:18:27
Event String: The kerberos client received a
An Error Event occured. EventID: 0x00000457
Time Generated: 09/17/2010 13:26:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/17/2010 13:26:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/17/2010 13:26:43
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/17/2010 13:26:43
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 09/17/2010 13:45:06
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 09/17/2010 13:45:07
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 09/17/2010 13:45:12
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 09/17/2010 13:45:12
Event String: The kerberos client received a
......................... DC2 failed test systemlog
Starting test: VerifyReferences
......................... DC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : EFC
Starting test: CrossRefValidation
......................... EFC passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... EFC passed test CheckSDRefDom
Running enterprise tests on : EFC.local
Starting test: Intersite
......................... EFC.local passed test Intersite
Starting test: FsmoCheck
......................... EFC.local passed test FsmoCheck
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 9/17/2010
Time: 2:09:05 PM
User: N/A
Computer: DC2
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/DC1.efc.local. The target name used was . This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DOMAIN.LOCAL), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 9/17/2010
Time: 3:17:24 PM
User: N/A
Computer: DC1
Description:
The File Replication Service is having trouble enabling replication from EFC-S09-OTTAWA to EFC-DC1 for c:\windows\sysvol\domain using the DNS DC2.DOMAIN.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC2.DOMAIN.local from this computer.
[2] FRS is not running DC2.DOMAIN.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2092
Date: 9/17/2010
Time: 4:07:44 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=DOMAIN,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Let me see if I get it straight. This error has nothing to do with site B, rather with a DC you had running at site A (which you call old DC), which in addition to it, you had running in parallel (accidentally) with its own DC VM , Right?
Do both DC share the same name?
Have you tried NTDSUTIL.EXE
Do both DC share the same name?
Have you tried NTDSUTIL.EXE
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The old DC isn't running anymore. I was restarted it accidentally with the network cables in. I had to take a look at something on it before I rebuilt it.
There is a VPN between the sites. Nothing's changed there for months.
I believe it has something to do with either the computer passwords, something called SPN, SID's or something like that.