?
Solved

Error Across Domain with Logons, replication and Services

Posted on 2011-03-14
7
Medium Priority
?
969 Views
Last Modified: 2012-06-22
Hey all,

Got into work today and got a problem.

The domain we have has 5 dc's in 4 sites. (4 - 2003, 1 - 2008) The two DC's in the one site are having no problems replicating. The other 2 sites are unable to replicate. Its causing all sorts of issues.

For example when trying to browse to the other exchange server from another exchange server using the exchange browser it says its not available or cant be found IIS errors ect but the servers are all working as normal when on them locally. Lots of domain computers are sitting at the applying computer settings after logging on. Only working after hard reboot and no network cable plugged in does it work to logon to domain.

netdiag has no errors when run in standard mode
Dcdiag shows no errors except that the other 2 sites:

 *Warning: Remote bridgehead EEST\DC4 is not eligible as a

            bridgehead due to too many failures.  Replication may be disrupted

            into the local site NY. "

Where can I start any ideas? I've looked at some questions on here around a hotfix for SP1 but our tcpip.sys is a greater version then that of the hotfix.



0
Comment
Question by:KevinA123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
7 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 2000 total points
ID: 35133181
You can use repadmin to check replication health:

http://technet.microsoft.com/en-us/library/cc736571%28WS.10%29.aspx

Also, check your event logs to see if there are any Errors.  Report results of both.

DrUltima
0
 

Author Comment

by:KevinA123
ID: 35133255
Directory Service on the PDC reports the following errors for each directory partition

Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1862
Date:            3/14/2011
Time:            12:31:11 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      DC1
Description:
This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
DC=ForestDnsZones,DC=EEST,DC=local
 
The local domain controller has not received replication information from a number of domain controllers in other sites within the configured latency intverval.
 
Number of domain controllers:
2
Latency Interval (Hours):
24
 
The latency interval can be modified with the following registry key.
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:KevinA123
ID: 35133266
system log has on this error,

Event Type:      Error
Event Source:      MRxSmb
Event Category:      None
Event ID:      8003
Date:            3/14/2011
Time:            3:48:55 PM
User:            N/A
Computer:      DC1
Description:
The master browser has received a server announcement from the computer CMP1385 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{361E9596-A680-4D36-. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00   ......N.
0008: 00 00 00 00 43 1f 00 c0   ....C..
0010: 00 00 00 00 00 00 00 00   ........
0018: 04 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:KevinA123
ID: 35133279
FRS and DNS are clean. Application log has a few of these but no others:

Event Type:      Warning
Event Source:      SceCli
Event Category:      None
Event ID:      1202
Date:            3/14/2011
Time:            3:55:33 PM
User:            N/A
Computer:      TARCAL01
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID.  This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions:

1.      Identify accounts that could not be resolved to a SID:


0
 

Author Comment

by:KevinA123
ID: 35133339
the command repadmin /bridgeheads shows lots of errors
Each source site and the local bridge error with:
The remote procedure call failed and did not execute.
and
DsBindwithCred to DC4 failed with status 1727 (0x6bf)

what other commands can be run with repadmin?
0
 

Assisted Solution

by:KevinA123
KevinA123 earned 0 total points
ID: 35138779
Found the fix after looking at the ability for port 135 to connect from remote sites. the Ciscio 5510ASA was inspecting the RPC packets and holding for some reason. Applying RPC fix up did the fix
0
 

Author Closing Comment

by:KevinA123
ID: 35174524
Found Answer
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses
Course of the Month9 days, 7 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question