wmbuchan2013
asked on
DFS File Replication
I have my main DC which is the fismo master. I also have 5 other DC's as site links that need to be replicated. I am having a serious problem with with one of the DC's not being able to replicate system volume group. I receive the event id 5002 and additionally error 1825 (security package specific error). I can ping adn nslookup brings up correct DNS server which is the fismo from the other DC sitelink. I have also checked to see if there is enough space on the sitelink DC for replication which there is. Unfortunately, the sitelink DC hosts our virtual servers and is our pipline to the internet. Please advise....
Thank you in advance,
Wendy
Thank you in advance,
Wendy
What server OS versions are we dealing with here?
ASKER
DC's are all win 2008 server R2 standard with the exception of the fismo DC which has the enterprise version of 2008 R2. The workstations are all win 7.
On the problematic dc, could you run dcdiag /test:dns and post the output.
Can you go into all DC's into the main yourdomain.whatever zone and note the number of records that you have, let me know if there is any major (more than 5) difference. (basic simple visual check for replication issues)
Could you also download, install and run this tool on the problematic DC and your PDC, just post any issues it shows. http://www.microsoft.com/en-gb/download/details.aspx?id=30005
Can you go into all DC's into the main yourdomain.whatever zone and note the number of records that you have, let me know if there is any major (more than 5) difference. (basic simple visual check for replication issues)
Could you also download, install and run this tool on the problematic DC and your PDC, just post any issues it shows. http://www.microsoft.com/en-gb/download/details.aspx?id=30005
I will recommend to also run dcdiag /q and repadmin /replsum and post the log.Most of the time replication issue is due to dns misconfig ensure that you have set dns as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
ASKER
I have attached the dcdiag test for your review. I am now downloading the replication tool on both DC's.
Thank you very much!
dcdiagdnstest.txt
Thank you very much!
dcdiagdnstest.txt
ASKER
Hi All,
Here is the file after running the replication tool. The DC that it was ran on is the FISMO Master. I will also run the tool on our virtual 2012 DC and post that as well.
Again, thanks for all of your help!
ADReplicationStatus.2013.11.11.1.csv
Here is the file after running the replication tool. The DC that it was ran on is the FISMO Master. I will also run the tool on our virtual 2012 DC and post that as well.
Again, thanks for all of your help!
ADReplicationStatus.2013.11.11.1.csv
ASKER
Hi to all,
I wanted to update you on DC's. The BL-DC is going to be demoted and powered down, I didn't want you to have that error be part of our problem solving.
Hoping all have a great day!
I wanted to update you on DC's. The BL-DC is going to be demoted and powered down, I didn't want you to have that error be part of our problem solving.
Hoping all have a great day!
ASKER
Attached is the problematic DC's DNS test. I noticed that the DNS server is being referenced as 192.168.244.1.... The DNS server is 192.168.244.2 .. maybe this might be the beginning of the light in the tunnel.
Let me know your thoughts1
Wendy
dcdiagdnstestbjprob.txt
Let me know your thoughts1
Wendy
dcdiagdnstestbjprob.txt
The dcdiag output indicates dns forwarder failed,you can contact ISP to get the valid forwarders.Can you post the dcdiag /q and repadmin /replsun from all DC to get the clear view of AD health.
If you are planning to remove BL-DC perform normal demotion and check.If this is faulty server which is causing the issue and normal demotion is not possible perform forcefull demotion followed by metadata cleanup.
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
If you are planning to remove BL-DC perform normal demotion and check.If this is faulty server which is causing the issue and normal demotion is not possible perform forcefull demotion followed by metadata cleanup.
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
ASKER
Thank you Sandeshdubey! I will finish up and post the output for both dcdiag /q and repad min /repel sum.
Thanks again,
Wendy
Thanks again,
Wendy
ASKER
Hi again,
Attached are the dc's dcdiag /q and repadmin /replsum from all dc's in forest.
bj-dc.txt
br-dc.txt
pk-dc.txt
wd-dc.txt
hq-dc-fismo.txt
Attached are the dc's dcdiag /q and repadmin /replsum from all dc's in forest.
bj-dc.txt
br-dc.txt
pk-dc.txt
wd-dc.txt
hq-dc-fismo.txt
ASKER
Thanks again, hopefully it won't be too painful!
Wendy
Wendy
ASKER
i wanted to make sure I posted the DNS test after changing to correct DNS Server IP. Forwarders are now all valid!
dcdiag-test-after-dns-chg.txt
dcdiag-test-after-dns-chg.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much, I have already found DC's are running local firewall, I am going to connect to each DC and make sure all local FW's are disabled.
ASKER
Thanks again in advance,
Wendy