Link to home
Start Free TrialLog in
Avatar of Joe
JoeFlag for United States of America

asked on

file replication errors between domain controllers

We are using windows server 2003 and having problems with FRS.  We are receiving the following error.  

The following error occurred duringthe attempt to synchronize the naming context %domainname% from the domain controller %servername% to domain controller %servername%. the naming context is in the process of being removed or is not replicated from the specified server.  

Our Primary domain controller has been down for five hours please help!!!  
Avatar of g000se
g000se
Flag of United States of America image

Hi Josefah,

Did you run dcdiag on the Primary DC?

What are the event ids?

Did you try to transfer the fsmo roles to your backup DC?
Avatar of Radhakrishnan
First can you check the event viewer for what error you are getting?
From your DC run this command and check whether any error found.
DCDIAG /D /C /V
NETDIAG /DEBUG /V

Also manually try to replicate from dssite.msc -----ntds settings---replicate now.
Avatar of Joe

ASKER

The events are just saying cannot connect with DC01.

We have already run a DCDIAG /debug /v

Also we have already manually replicated.

no luck
Avatar of Joe

ASKER

We are getting the error when running a DCDIAG /e

Error BUILTIN\Administrators doesn't have
            Replicating Directory Changes
            Replication Synchronization
            Manage Replication Topology
         access rights for the naming context:
         DC=rdigest,DC=com
Avatar of Joe

ASKER

The above error is now fixed after giving administrators permissions to domain controllers in AD.

now we are getting the folling error in DCDIAG

 Starting test: frsevent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared.  Failing SYSVOL replication problems may cause
    Group Policy problems.
To monitor and find issues with frs you can also use these two tools.


http://www.microsoft.com/downloads/en/details.aspx?FamilyID=158cb0fb-fe09-477c-8148-25ae02cf15d8&displaylang=en

http://www.microsoft.com/windowsserversystem/dfs/tshootfrs.mspx

Can you run repadmin /showreps and post the errors it returns?
Avatar of Joe

ASKER

here are the results of the repadmin

C:\WINNT\system32>repadmin /showreps
Default-First-Site-Name\CVN75UCSDC02
DC Options: IS_GC
Site Options: (none)
DC object GUID: 2565f65b-e9b5-473a-bd09-2b3c06248424
DC invocationID: 77bb8bb0-6537-4e41-9e47-bec9409daf25

==== INBOUND NEIGHBORS ======================================

DC=cvn75,DC=navy,DC=mil
    Default-First-Site-Name\CVN75UCSDC01 via RPC
        DC object GUID: c765e94a-a8e1-4329-b4d6-558f3f35109c
        Last attempt @ 2010-10-17 00:37:47 was successful.

CN=Configuration,DC=cvn75,DC=navy,DC=mil
    Default-First-Site-Name\CVN75UCSDC01 via RPC
        DC object GUID: c765e94a-a8e1-4329-b4d6-558f3f35109c
        Last attempt @ 2010-10-17 00:34:14 was successful.

CN=Schema,CN=Configuration,DC=cvn75,DC=navy,DC=mil
    Default-First-Site-Name\CVN75UCSDC01 via RPC
        DC object GUID: c765e94a-a8e1-4329-b4d6-558f3f35109c
        Last attempt @ 2010-10-17 00:33:28 was successful.


No errors

I will try those two tools

Thanks

Avatar of Joe

ASKER

C:\WINNT\system32>dcdiag /d /c /v

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine cvn75ucsdc02, is a DC.
   * Connecting to directory service on server cvn75ucsdc02.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CVN75UCSDC02
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... CVN75UCSDC02 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CVN75UCSDC02
      Starting test: Replications
         * Replications Check
         [CVN75UCSDC01] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         * Replication Latency Check
            DC=ForestDnsZones,DC=cvn75,DC=navy,DC=mil
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).
            DC=DomainDnsZones,DC=cvn75,DC=navy,DC=mil
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).
            CN=Schema,CN=Configuration,DC=cvn75,DC=navy,DC=mil
               Latency information for 7 entries in the vector were ignored.
                  7 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).
            CN=Configuration,DC=cvn75,DC=navy,DC=mil
               Latency information for 7 entries in the vector were ignored.
                  7 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).
            DC=cvn75,DC=navy,DC=mil
               Latency information for 7 entries in the vector were ignored.
                  7 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).
         * Replication Site Latency Check
         ......................... CVN75UCSDC02 passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... CVN75UCSDC02 passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for CN=Configuration,DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for DC=cvn75,DC=navy,DC=mil.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         ......................... CVN75UCSDC02 passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC CVN75UCSDC02.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=cvn75,DC=navy,DC=mil
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=cvn75,DC=navy,DC=mil
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=cvn75,DC=navy,DC=mil
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=cvn75,DC=navy,DC=mil
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=cvn75,DC=navy,DC=mil
            (Domain,Version 2)
         ......................... CVN75UCSDC02 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\CVN75UCSDC02\netlogon
         Verified share \\CVN75UCSDC02\sysvol
         ......................... CVN75UCSDC02 passed test NetLogons
      Starting test: Advertising
         The DC CVN75UCSDC02 is advertising itself as a DC and having a DS.
         The DC CVN75UCSDC02 is advertising as an LDAP server
         The DC CVN75UCSDC02 is advertising as having a writeable directory
         The DC CVN75UCSDC02 is advertising as a Key Distribution Center
         The DC CVN75UCSDC02 is advertising as a time server
         The DS CVN75UCSDC02 is advertising as a GC.
         ......................... CVN75UCSDC02 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=CVN75UCSDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cvn75,DC=navy,DC=mil
         Warning: CVN75UCSDC01 is the Schema Owner, but is not responding to DS RPC Bind.
         Role Domain Owner = CN=NTDS Settings,CN=CVN75UCSDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cvn75,DC=navy,DC=mil
         Warning: CVN75UCSDC01 is the Domain Owner, but is not responding to DS RPC Bind.
         Role PDC Owner = CN=NTDS Settings,CN=CVN75UCSDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cvn75,DC=navy,DC=mil
         Warning: CVN75UCSDC01 is the PDC Owner, but is not responding to DS RPC Bind.
         Role Rid Owner = CN=NTDS Settings,CN=CVN75UCSDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cvn75,DC=navy,DC=mil
         Warning: CVN75UCSDC01 is the Rid Owner, but is not responding to DS RPC Bind.
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=CVN75UCSDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cvn75,DC=navy,DC=mil
         Warning: CVN75UCSDC01 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         ......................... CVN75UCSDC02 failed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 54457 to 1073741823
         * cvn75ucsdc01.cvn75.navy.mil is the RID Master
         ......................... CVN75UCSDC02 failed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC CVN75UCSDC02 on DC CVN75UCSDC02.
         * SPN found :LDAP/cvn75ucsdc02.cvn75.navy.mil/cvn75.navy.mil
         * SPN found :LDAP/cvn75ucsdc02.cvn75.navy.mil
         * SPN found :LDAP/CVN75UCSDC02
         * SPN found :LDAP/cvn75ucsdc02.cvn75.navy.mil/CVN75
         * SPN found :LDAP/2565f65b-e9b5-473a-bd09-2b3c06248424._msdcs.cvn75.navy.mil
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2565f65b-e9b5-473a-bd09-2b3c06248424/cvn75.navy.mil
         * SPN found :HOST/cvn75ucsdc02.cvn75.navy.mil/cvn75.navy.mil
         * SPN found :HOST/cvn75ucsdc02.cvn75.navy.mil
         * SPN found :HOST/CVN75UCSDC02
         * SPN found :HOST/cvn75ucsdc02.cvn75.navy.mil/CVN75
         * SPN found :GC/cvn75ucsdc02.cvn75.navy.mil/cvn75.navy.mil
         ......................... CVN75UCSDC02 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... CVN75UCSDC02 passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... CVN75UCSDC02 passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         CVN75UCSDC02 is in domain DC=cvn75,DC=navy,DC=mil
         Checking for CN=CVN75UCSDC02,OU=Domain Controllers,DC=cvn75,DC=navy,DC=mil in domain DC=cvn75,DC=navy,DC=mil on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=CVN75UCSDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cvn75,DC=navy,DC=mil in domain CN=Configuration,DC=cvn75,DC=navy,DC=mil on 1 servers
            Object is up-to-date on all servers.
         ......................... CVN75UCSDC02 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... CVN75UCSDC02 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... CVN75UCSDC02 passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         An Warning Event occured.  EventID: 0x8000043B
            Time Generated: 10/17/2010   00:43:26
            (Event String could not be retrieved)
         ......................... CVN75UCSDC02 failed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 10/17/2010   00:48:45
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 10/17/2010   00:49:10
            (Event String could not be retrieved)
         ......................... CVN75UCSDC02 failed test systemlog
      Starting test: VerifyReplicas
         ......................... CVN75UCSDC02 passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=CVN75UCSDC02,OU=Domain Controllers,DC=cvn75,DC=navy,DC=mil and
         backlink on
         CN=CVN75UCSDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cvn75,DC=navy,DC=mil
         are correct.
         The system object reference (frsComputerReferenceBL)
         CN={2ab92b6e-7c36-47ab-92b8-7f31bc3ebc06},CN=COMPOSEDFSRoot|Logs,CN=COMPOSEDFSRoot,CN=DFS Volumes,CN=File Replication Service,CN=System,DC=cvn75,DC=navy,DC=mil
         and backlink on
         CN=CVN75UCSDC02,OU=Domain Controllers,DC=cvn75,DC=navy,DC=mil are
         correct.
         The system object reference (serverReferenceBL)
         CN=CVN75UCSDC02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cvn75,DC=navy,DC=mil
         and backlink on
         CN=NTDS Settings,CN=CVN75UCSDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cvn75,DC=navy,DC=mil
         are correct.
         ......................... CVN75UCSDC02 passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... CVN75UCSDC02 passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC CVN75UCSDC02 for domain cvn75.navy.mil in site Default-First-Site-Name
         Checking machine account for DC CVN75UCSDC02 on DC CVN75UCSDC02.
         * SPN found :LDAP/cvn75ucsdc02.cvn75.navy.mil/cvn75.navy.mil
         * SPN found :LDAP/cvn75ucsdc02.cvn75.navy.mil
         * SPN found :LDAP/CVN75UCSDC02
         * SPN found :LDAP/cvn75ucsdc02.cvn75.navy.mil/CVN75
         * SPN found :LDAP/2565f65b-e9b5-473a-bd09-2b3c06248424._msdcs.cvn75.navy.mil
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2565f65b-e9b5-473a-bd09-2b3c06248424/cvn75.navy.mil
         * SPN found :HOST/cvn75ucsdc02.cvn75.navy.mil/cvn75.navy.mil
         * SPN found :HOST/cvn75ucsdc02.cvn75.navy.mil
         * SPN found :HOST/CVN75UCSDC02
         * SPN found :HOST/cvn75ucsdc02.cvn75.navy.mil/CVN75
         * SPN found :GC/cvn75ucsdc02.cvn75.navy.mil/cvn75.navy.mil
         [CVN75UCSDC02] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... CVN75UCSDC02 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : cvn75
      Starting test: CrossRefValidation
         ......................... cvn75 passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... cvn75 passed test CheckSDRefDom

   Running enterprise tests on : cvn75.navy.mil
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... cvn75.navy.mil passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\cvn75ucsdc02.cvn75.navy.mil
         Locator Flags: 0xe00001fc
         PDC Name: \\cvn75ucsdc01.cvn75.navy.mil
         Locator Flags: 0xe00003fd
         Time Server Name: \\cvn75ucsdc02.cvn75.navy.mil
         Locator Flags: 0xe00001fc
         Preferred Time Server Name: \\cvn75ucsdc01.cvn75.navy.mil
         Locator Flags: 0xe00003fd
         KDC Name: \\cvn75ucsdc02.cvn75.navy.mil
         Locator Flags: 0xe00001fc
         ......................... cvn75.navy.mil passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:

            DC: cvn75ucsdc02.cvn75.navy.mil
            Domain: cvn75.navy.mil


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000011] HP Network Teaming Virtual Miniport Driver:
                     MAC address is 00:11:0A:5B:3A:9E
                     IP address is static
                     IP address: 205.63.0.21
                     DNS servers:
                        205.63.0.20 (<name unavailable>) [Valid]
                        205.63.0.21 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found

               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     157.153.3.240 (<name unavailable>) [Valid]

               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server

               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone cvn75.navy.mil.
                  Test record _dcdiag_test_record added successfully in zone cvn75.navy.mil.
                  Test record _dcdiag_test_record deleted successfully in zone cvn75.navy.mil.

               TEST: Records registration (RReg)
                  Network Adapter [00000011] HP Network Teaming Virtual Miniport Driver:
                     Matching A record found at DNS server 205.63.0.20:
                     cvn75ucsdc02.cvn75.navy.mil

                     Matching CNAME record found at DNS server 205.63.0.20:
                     2565f65b-e9b5-473a-bd09-2b3c06248424._msdcs.cvn75.navy.mil

                     Matching DC SRV record found at DNS server 205.63.0.20:
                     _ldap._tcp.dc._msdcs.cvn75.navy.mil

                     Matching GC SRV record found at DNS server 205.63.0.20:
                     _ldap._tcp.gc._msdcs.cvn75.navy.mil


         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 157.153.3.240 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server

            DNS server: 205.63.0.20 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered

            DNS server: 205.63.0.21 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: cvn75.navy.mil
               cvn75ucsdc02                 PASS PASS PASS PASS PASS PASS n/a

         ......................... cvn75.navy.mil passed test DNS

Here are the result for the DCDIAG /D /C /V sorry it is long
ASKER CERTIFIED SOLUTION
Avatar of nbhaskar
nbhaskar

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial