Solved

Error Across Domain with Logons, replication and Services

Posted on 2011-03-14
7
956 Views
Last Modified: 2012-06-22
Hey all,

Got into work today and got a problem.

The domain we have has 5 dc's in 4 sites. (4 - 2003, 1 - 2008) The two DC's in the one site are having no problems replicating. The other 2 sites are unable to replicate. Its causing all sorts of issues.

For example when trying to browse to the other exchange server from another exchange server using the exchange browser it says its not available or cant be found IIS errors ect but the servers are all working as normal when on them locally. Lots of domain computers are sitting at the applying computer settings after logging on. Only working after hard reboot and no network cable plugged in does it work to logon to domain.

netdiag has no errors when run in standard mode
Dcdiag shows no errors except that the other 2 sites:

 *Warning: Remote bridgehead EEST\DC4 is not eligible as a

            bridgehead due to too many failures.  Replication may be disrupted

            into the local site NY. "

Where can I start any ideas? I've looked at some questions on here around a hotfix for SP1 but our tcpip.sys is a greater version then that of the hotfix.



0
Comment
Question by:KevinA123
  • 6
7 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35133181
You can use repadmin to check replication health:

http://technet.microsoft.com/en-us/library/cc736571%28WS.10%29.aspx

Also, check your event logs to see if there are any Errors.  Report results of both.

DrUltima
0
 

Author Comment

by:KevinA123
ID: 35133255
Directory Service on the PDC reports the following errors for each directory partition

Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1862
Date:            3/14/2011
Time:            12:31:11 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      DC1
Description:
This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
DC=ForestDnsZones,DC=EEST,DC=local
 
The local domain controller has not received replication information from a number of domain controllers in other sites within the configured latency intverval.
 
Number of domain controllers:
2
Latency Interval (Hours):
24
 
The latency interval can be modified with the following registry key.
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:KevinA123
ID: 35133266
system log has on this error,

Event Type:      Error
Event Source:      MRxSmb
Event Category:      None
Event ID:      8003
Date:            3/14/2011
Time:            3:48:55 PM
User:            N/A
Computer:      DC1
Description:
The master browser has received a server announcement from the computer CMP1385 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{361E9596-A680-4D36-. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00   ......N.
0008: 00 00 00 00 43 1f 00 c0   ....C..
0010: 00 00 00 00 00 00 00 00   ........
0018: 04 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:KevinA123
ID: 35133279
FRS and DNS are clean. Application log has a few of these but no others:

Event Type:      Warning
Event Source:      SceCli
Event Category:      None
Event ID:      1202
Date:            3/14/2011
Time:            3:55:33 PM
User:            N/A
Computer:      TARCAL01
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID.  This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions:

1.      Identify accounts that could not be resolved to a SID:


0
 

Author Comment

by:KevinA123
ID: 35133339
the command repadmin /bridgeheads shows lots of errors
Each source site and the local bridge error with:
The remote procedure call failed and did not execute.
and
DsBindwithCred to DC4 failed with status 1727 (0x6bf)

what other commands can be run with repadmin?
0
 

Assisted Solution

by:KevinA123
KevinA123 earned 0 total points
ID: 35138779
Found the fix after looking at the ability for port 135 to connect from remote sites. the Ciscio 5510ASA was inspecting the RPC packets and holding for some reason. Applying RPC fix up did the fix
0
 

Author Closing Comment

by:KevinA123
ID: 35174524
Found Answer
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
In-place Upgrading Dirsync to Azure AD Connect
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question