Solved

Error Across Domain with Logons, replication and Services

Posted on 2011-03-14
7
962 Views
Last Modified: 2012-06-22
Hey all,

Got into work today and got a problem.

The domain we have has 5 dc's in 4 sites. (4 - 2003, 1 - 2008) The two DC's in the one site are having no problems replicating. The other 2 sites are unable to replicate. Its causing all sorts of issues.

For example when trying to browse to the other exchange server from another exchange server using the exchange browser it says its not available or cant be found IIS errors ect but the servers are all working as normal when on them locally. Lots of domain computers are sitting at the applying computer settings after logging on. Only working after hard reboot and no network cable plugged in does it work to logon to domain.

netdiag has no errors when run in standard mode
Dcdiag shows no errors except that the other 2 sites:

 *Warning: Remote bridgehead EEST\DC4 is not eligible as a

            bridgehead due to too many failures.  Replication may be disrupted

            into the local site NY. "

Where can I start any ideas? I've looked at some questions on here around a hotfix for SP1 but our tcpip.sys is a greater version then that of the hotfix.



0
Comment
Question by:KevinA123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
7 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35133181
You can use repadmin to check replication health:

http://technet.microsoft.com/en-us/library/cc736571%28WS.10%29.aspx

Also, check your event logs to see if there are any Errors.  Report results of both.

DrUltima
0
 

Author Comment

by:KevinA123
ID: 35133255
Directory Service on the PDC reports the following errors for each directory partition

Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1862
Date:            3/14/2011
Time:            12:31:11 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      DC1
Description:
This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
DC=ForestDnsZones,DC=EEST,DC=local
 
The local domain controller has not received replication information from a number of domain controllers in other sites within the configured latency intverval.
 
Number of domain controllers:
2
Latency Interval (Hours):
24
 
The latency interval can be modified with the following registry key.
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:KevinA123
ID: 35133266
system log has on this error,

Event Type:      Error
Event Source:      MRxSmb
Event Category:      None
Event ID:      8003
Date:            3/14/2011
Time:            3:48:55 PM
User:            N/A
Computer:      DC1
Description:
The master browser has received a server announcement from the computer CMP1385 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{361E9596-A680-4D36-. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00   ......N.
0008: 00 00 00 00 43 1f 00 c0   ....C..
0010: 00 00 00 00 00 00 00 00   ........
0018: 04 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:KevinA123
ID: 35133279
FRS and DNS are clean. Application log has a few of these but no others:

Event Type:      Warning
Event Source:      SceCli
Event Category:      None
Event ID:      1202
Date:            3/14/2011
Time:            3:55:33 PM
User:            N/A
Computer:      TARCAL01
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID.  This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions:

1.      Identify accounts that could not be resolved to a SID:


0
 

Author Comment

by:KevinA123
ID: 35133339
the command repadmin /bridgeheads shows lots of errors
Each source site and the local bridge error with:
The remote procedure call failed and did not execute.
and
DsBindwithCred to DC4 failed with status 1727 (0x6bf)

what other commands can be run with repadmin?
0
 

Assisted Solution

by:KevinA123
KevinA123 earned 0 total points
ID: 35138779
Found the fix after looking at the ability for port 135 to connect from remote sites. the Ciscio 5510ASA was inspecting the RPC packets and holding for some reason. Applying RPC fix up did the fix
0
 

Author Closing Comment

by:KevinA123
ID: 35174524
Found Answer
0

Featured Post

Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question