Solved

Error Across Domain with Logons, replication and Services

Posted on 2011-03-14
7
953 Views
Last Modified: 2012-06-22
Hey all,

Got into work today and got a problem.

The domain we have has 5 dc's in 4 sites. (4 - 2003, 1 - 2008) The two DC's in the one site are having no problems replicating. The other 2 sites are unable to replicate. Its causing all sorts of issues.

For example when trying to browse to the other exchange server from another exchange server using the exchange browser it says its not available or cant be found IIS errors ect but the servers are all working as normal when on them locally. Lots of domain computers are sitting at the applying computer settings after logging on. Only working after hard reboot and no network cable plugged in does it work to logon to domain.

netdiag has no errors when run in standard mode
Dcdiag shows no errors except that the other 2 sites:

 *Warning: Remote bridgehead EEST\DC4 is not eligible as a

            bridgehead due to too many failures.  Replication may be disrupted

            into the local site NY. "

Where can I start any ideas? I've looked at some questions on here around a hotfix for SP1 but our tcpip.sys is a greater version then that of the hotfix.



0
Comment
Question by:KevinA123
  • 6
7 Comments
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
ID: 35133181
You can use repadmin to check replication health:

http://technet.microsoft.com/en-us/library/cc736571%28WS.10%29.aspx

Also, check your event logs to see if there are any Errors.  Report results of both.

DrUltima
0
 

Author Comment

by:KevinA123
ID: 35133255
Directory Service on the PDC reports the following errors for each directory partition

Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1862
Date:            3/14/2011
Time:            12:31:11 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      DC1
Description:
This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
DC=ForestDnsZones,DC=EEST,DC=local
 
The local domain controller has not received replication information from a number of domain controllers in other sites within the configured latency intverval.
 
Number of domain controllers:
2
Latency Interval (Hours):
24
 
The latency interval can be modified with the following registry key.
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:KevinA123
ID: 35133266
system log has on this error,

Event Type:      Error
Event Source:      MRxSmb
Event Category:      None
Event ID:      8003
Date:            3/14/2011
Time:            3:48:55 PM
User:            N/A
Computer:      DC1
Description:
The master browser has received a server announcement from the computer CMP1385 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{361E9596-A680-4D36-. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00   ......N.
0008: 00 00 00 00 43 1f 00 c0   ....C..
0010: 00 00 00 00 00 00 00 00   ........
0018: 04 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:KevinA123
ID: 35133279
FRS and DNS are clean. Application log has a few of these but no others:

Event Type:      Warning
Event Source:      SceCli
Event Category:      None
Event ID:      1202
Date:            3/14/2011
Time:            3:55:33 PM
User:            N/A
Computer:      TARCAL01
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID.  This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions:

1.      Identify accounts that could not be resolved to a SID:


0
 

Author Comment

by:KevinA123
ID: 35133339
the command repadmin /bridgeheads shows lots of errors
Each source site and the local bridge error with:
The remote procedure call failed and did not execute.
and
DsBindwithCred to DC4 failed with status 1727 (0x6bf)

what other commands can be run with repadmin?
0
 

Assisted Solution

by:KevinA123
KevinA123 earned 0 total points
ID: 35138779
Found the fix after looking at the ability for port 135 to connect from remote sites. the Ciscio 5510ASA was inspecting the RPC packets and holding for some reason. Applying RPC fix up did the fix
0
 

Author Closing Comment

by:KevinA123
ID: 35174524
Found Answer
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now