Solved

Error Across Domain with Logons, replication and Services

Posted on 2011-03-14
7
952 Views
Last Modified: 2012-06-22
Hey all,

Got into work today and got a problem.

The domain we have has 5 dc's in 4 sites. (4 - 2003, 1 - 2008) The two DC's in the one site are having no problems replicating. The other 2 sites are unable to replicate. Its causing all sorts of issues.

For example when trying to browse to the other exchange server from another exchange server using the exchange browser it says its not available or cant be found IIS errors ect but the servers are all working as normal when on them locally. Lots of domain computers are sitting at the applying computer settings after logging on. Only working after hard reboot and no network cable plugged in does it work to logon to domain.

netdiag has no errors when run in standard mode
Dcdiag shows no errors except that the other 2 sites:

 *Warning: Remote bridgehead EEST\DC4 is not eligible as a

            bridgehead due to too many failures.  Replication may be disrupted

            into the local site NY. "

Where can I start any ideas? I've looked at some questions on here around a hotfix for SP1 but our tcpip.sys is a greater version then that of the hotfix.



0
Comment
Question by:KevinA123
  • 6
7 Comments
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
ID: 35133181
You can use repadmin to check replication health:

http://technet.microsoft.com/en-us/library/cc736571%28WS.10%29.aspx

Also, check your event logs to see if there are any Errors.  Report results of both.

DrUltima
0
 

Author Comment

by:KevinA123
ID: 35133255
Directory Service on the PDC reports the following errors for each directory partition

Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1862
Date:            3/14/2011
Time:            12:31:11 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      DC1
Description:
This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
DC=ForestDnsZones,DC=EEST,DC=local
 
The local domain controller has not received replication information from a number of domain controllers in other sites within the configured latency intverval.
 
Number of domain controllers:
2
Latency Interval (Hours):
24
 
The latency interval can be modified with the following registry key.
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:KevinA123
ID: 35133266
system log has on this error,

Event Type:      Error
Event Source:      MRxSmb
Event Category:      None
Event ID:      8003
Date:            3/14/2011
Time:            3:48:55 PM
User:            N/A
Computer:      DC1
Description:
The master browser has received a server announcement from the computer CMP1385 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{361E9596-A680-4D36-. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00   ......N.
0008: 00 00 00 00 43 1f 00 c0   ....C..
0010: 00 00 00 00 00 00 00 00   ........
0018: 04 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0
 

Author Comment

by:KevinA123
ID: 35133279
FRS and DNS are clean. Application log has a few of these but no others:

Event Type:      Warning
Event Source:      SceCli
Event Category:      None
Event ID:      1202
Date:            3/14/2011
Time:            3:55:33 PM
User:            N/A
Computer:      TARCAL01
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID.  This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions:

1.      Identify accounts that could not be resolved to a SID:


0
 

Author Comment

by:KevinA123
ID: 35133339
the command repadmin /bridgeheads shows lots of errors
Each source site and the local bridge error with:
The remote procedure call failed and did not execute.
and
DsBindwithCred to DC4 failed with status 1727 (0x6bf)

what other commands can be run with repadmin?
0
 

Assisted Solution

by:KevinA123
KevinA123 earned 0 total points
ID: 35138779
Found the fix after looking at the ability for port 135 to connect from remote sites. the Ciscio 5510ASA was inspecting the RPC packets and holding for some reason. Applying RPC fix up did the fix
0
 

Author Closing Comment

by:KevinA123
ID: 35174524
Found Answer
0

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now