bergquistcompany
asked on
New 2012 DC online to replace 2003 and getting Event ID 14550 DfsSvc error
Hello,
We have a 2003 server online and we have a 2012 I just prompted to a DC that will eventually replace the 2003 server, but I want to bring them up side by side to configure. However I am getting a event is14550 DfsSvc error but all seems to be working. Any help would be great. Been through several google articles and not able to figure the issue.
We have a 2003 server online and we have a 2012 I just prompted to a DC that will eventually replace the 2003 server, but I want to bring them up side by side to configure. However I am getting a event is14550 DfsSvc error but all seems to be working. Any help would be great. Been through several google articles and not able to figure the issue.
ASKER
We have an old configuration where we have an empty root domain forest and the users domain child.
Forest Root
Child Domain Controller (DC1 2003 server)
Everything works
Forest Root
Child Domain Controller (DC1 2003 server)
Child Domain Controller (DC2 2012 server) - just bringing up to eventually replace 2003 DC.
Event log showing errors on the new 2012 server.
Forest Root
Child Domain Controller (DC1 2003 server)
Everything works
Forest Root
Child Domain Controller (DC1 2003 server)
Child Domain Controller (DC2 2012 server) - just bringing up to eventually replace 2003 DC.
Event log showing errors on the new 2012 server.
Did you AD/Domain/Forest prep both domains? Did you run DCDiAG to see if it shows any errors?
ASKER
prep has been run on both domains yes
dcdiag
Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = IS2288
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Chanhassen\IS2288
Starting test: Connectivity
......................... IS2288 passed test Connectivity
Doing primary tests
Testing server: Chanhassen\IS2288
Starting test: Advertising
......................... IS2288 passed test Advertising
Starting test: FrsEvent
......................... IS2288 passed test FrsEvent
Starting test: DFSREvent
......................... IS2288 passed test DFSREvent
Starting test: SysVolCheck
......................... IS2288 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 12/05/2013 13:56:27
Event String:
The security of this directory server can be significantly enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest)
LDAP binds that do not request signing (integrity verification) and LDAP simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. E
ven if no clients are using such binds, configuring the server to reject them wi
ll improve the security of this server.
A warning event occurred. EventID: 0x80000828
Time Generated: 12/05/2013 13:56:57
Event String:
Active Directory Domain Services could not use DNS to resolve the IP
address of the source domain controller listed below. To maintain the consisten
cy of Security groups, group policy, users and computers and their passwords, Ac
tive Directory Domain Services successfully replicated using the NetBIOS or full
y qualified computer name of the source domain controller.
A warning event occurred. EventID: 0x8000051C
Time Generated: 12/05/2013 14:01:28
Event String:
The Knowledge Consistency Checker (KCC) has detected that successive
attempts to replicate with the following directory service has consistently fai
led.
A warning event occurred. EventID: 0x80000786
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link to a read-only directory
partition with the following parameters failed.
A warning event occurred. EventID: 0x80000786
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link to a read-only directory
partition with the following parameters failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link for the following writab
le directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link for the following writab
le directory partition failed.
A warning event occurred. EventID: 0x80000786
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link to a read-only directory
partition with the following parameters failed.
......................... IS2288 passed test KccEvent
Starting test: KnowsOfRoleHolders
[BQDC1] DsBindWithSpnEx() failed with error -2146892976,
The system cannot contact a domain controller to service the authentica
tion request. Please try again later..
Warning: BQDC1 is the Schema Owner, but is not responding to DS RPC
Bind.
[BQDC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: BQDC1 is the Schema Owner, but is not responding to LDAP
Bind.
[BQDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: BQDC2 is the Domain Owner, but is not responding to DS RPC
Bind.
Ldap search capability attribute search failed on server BQDC2, return
value = 81
Warning: BQDC2 is the Domain Owner, but is not responding to LDAP
Bind.
......................... IS2288 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... IS2288 passed test MachineAccount
Starting test: NCSecDesc
......................... IS2288 passed test NCSecDesc
Starting test: NetLogons
......................... IS2288 passed test NetLogons
Starting test: ObjectsReplicated
......................... IS2288 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context:
CN=Schema,CN=Configuration ,DC=bergqu istcompany ,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 13:56:58.
The last success occurred at 2013-12-05 07:54:28.
12 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context: CN=Configuration,DC=bergqu istcompany ,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 14:02:47.
The last success occurred at 2013-12-05 07:54:28.
20 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context: DC=bergquistcompany,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 13:58:01.
The last success occurred at 2013-12-05 07:54:28.
67 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context: DC=BQAsia,DC=bergquistcomp any,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 13:56:58.
The last success occurred at 2013-12-05 07:54:28.
13 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context: DC=eu,DC=bergquistcompany, DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 13:56:58.
The last success occurred at 2013-12-05 07:54:28.
12 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... IS2288 failed test Replications
Starting test: RidManager
......................... IS2288 passed test RidManager
Starting test: Services
......................... IS2288 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/05/2013 13:51:56
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x000727A5
Time Generated: 12/05/2013 13:52:43
Event String:
The WinRM service is not listening for WS-Management requests.
A warning event occurred. EventID: 0x80050004
Time Generated: 12/05/2013 13:56:08
Event String:
Broadcom NetXtreme Gigabit Ethernet #2: The network link is down. C
heck to make sure the network cable is properly connected.
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/05/2013 13:56:34
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.north america.be rgq
uistcompany.com. timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x81000204
Time Generated: 12/05/2013 13:56:45
Event String:
Process **\mcshield.exe pid (2880) contains signed but untrusted cod
e, but was allowed to perform a privileged operation with a McAfee driver.
A warning event occurred. EventID: 0x81000204
Time Generated: 12/05/2013 13:56:46
Event String:
Process **\mcshield.exe pid (2880) contains signed but untrusted cod
e, but was allowed to perform a privileged operation with a McAfee driver.
A warning event occurred. EventID: 0x81000204
Time Generated: 12/05/2013 13:56:46
Event String:
Process **\mcshield.exe pid (2880) contains signed but untrusted cod
e, but was allowed to perform a privileged operation with a McAfee driver.
A warning event occurred. EventID: 0x81000202
Time Generated: 12/05/2013 13:57:14
Event String:
Process **\VsTskMgr.exe pid (2584) contained unsigned or corrupted c
ode and was blocked from performing a privileged operation with a McAfee driver.
A warning event occurred. EventID: 0x00001796
Time Generated: 12/05/2013 13:59:12
Event String:
Microsoft Windows Server has detected that NTLM authentication is pr
esently being used between clients and this server. This event occurs once per b
oot of the server on the first time a client uses NTLM with this server.
An error event occurred. EventID: 0x0000165B
Time Generated: 12/05/2013 14:03:53
Event String:
The session setup from computer 'IS2164' failed because the security
database does not contain a trust account 'IS2164$' referenced by the specified
computer.
......................... IS2288 failed test SystemLog
Starting test: VerifyReferences
......................... IS2288 passed test VerifyReferences
Running partition tests on : northamerica
Starting test: CheckSDRefDom
......................... northamerica passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... northamerica passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running enterprise tests on : bergquistcompany.com
Starting test: LocatorCheck
......................... bergquistcompany.com passed test
LocatorCheck
Starting test: Intersite
......................... bergquistcompany.com passed test Intersite
C:\Windows\system32>
dcdiag
Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = IS2288
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Chanhassen\IS2288
Starting test: Connectivity
......................... IS2288 passed test Connectivity
Doing primary tests
Testing server: Chanhassen\IS2288
Starting test: Advertising
......................... IS2288 passed test Advertising
Starting test: FrsEvent
......................... IS2288 passed test FrsEvent
Starting test: DFSREvent
......................... IS2288 passed test DFSREvent
Starting test: SysVolCheck
......................... IS2288 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 12/05/2013 13:56:27
Event String:
The security of this directory server can be significantly enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest)
LDAP binds that do not request signing (integrity verification) and LDAP simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. E
ven if no clients are using such binds, configuring the server to reject them wi
ll improve the security of this server.
A warning event occurred. EventID: 0x80000828
Time Generated: 12/05/2013 13:56:57
Event String:
Active Directory Domain Services could not use DNS to resolve the IP
address of the source domain controller listed below. To maintain the consisten
cy of Security groups, group policy, users and computers and their passwords, Ac
tive Directory Domain Services successfully replicated using the NetBIOS or full
y qualified computer name of the source domain controller.
A warning event occurred. EventID: 0x8000051C
Time Generated: 12/05/2013 14:01:28
Event String:
The Knowledge Consistency Checker (KCC) has detected that successive
attempts to replicate with the following directory service has consistently fai
led.
A warning event occurred. EventID: 0x80000786
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link to a read-only directory
partition with the following parameters failed.
A warning event occurred. EventID: 0x80000786
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link to a read-only directory
partition with the following parameters failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link for the following writab
le directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link for the following writab
le directory partition failed.
A warning event occurred. EventID: 0x80000786
Time Generated: 12/05/2013 14:01:28
Event String:
The attempt to establish a replication link to a read-only directory
partition with the following parameters failed.
......................... IS2288 passed test KccEvent
Starting test: KnowsOfRoleHolders
[BQDC1] DsBindWithSpnEx() failed with error -2146892976,
The system cannot contact a domain controller to service the authentica
tion request. Please try again later..
Warning: BQDC1 is the Schema Owner, but is not responding to DS RPC
Bind.
[BQDC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: BQDC1 is the Schema Owner, but is not responding to LDAP
Bind.
[BQDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: BQDC2 is the Domain Owner, but is not responding to DS RPC
Bind.
Ldap search capability attribute search failed on server BQDC2, return
value = 81
Warning: BQDC2 is the Domain Owner, but is not responding to LDAP
Bind.
......................... IS2288 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... IS2288 passed test MachineAccount
Starting test: NCSecDesc
......................... IS2288 passed test NCSecDesc
Starting test: NetLogons
......................... IS2288 passed test NetLogons
Starting test: ObjectsReplicated
......................... IS2288 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context:
CN=Schema,CN=Configuration
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 13:56:58.
The last success occurred at 2013-12-05 07:54:28.
12 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context: CN=Configuration,DC=bergqu
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 14:02:47.
The last success occurred at 2013-12-05 07:54:28.
20 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context: DC=bergquistcompany,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 13:58:01.
The last success occurred at 2013-12-05 07:54:28.
67 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context: DC=BQAsia,DC=bergquistcomp
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 13:56:58.
The last success occurred at 2013-12-05 07:54:28.
13 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,IS2288] A recent replication attempt failed:
From BQDC2 to IS2288
Naming Context: DC=eu,DC=bergquistcompany,
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-05 13:56:58.
The last success occurred at 2013-12-05 07:54:28.
12 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... IS2288 failed test Replications
Starting test: RidManager
......................... IS2288 passed test RidManager
Starting test: Services
......................... IS2288 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/05/2013 13:51:56
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x000727A5
Time Generated: 12/05/2013 13:52:43
Event String:
The WinRM service is not listening for WS-Management requests.
A warning event occurred. EventID: 0x80050004
Time Generated: 12/05/2013 13:56:08
Event String:
Broadcom NetXtreme Gigabit Ethernet #2: The network link is down. C
heck to make sure the network cable is properly connected.
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/05/2013 13:56:34
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.north
uistcompany.com. timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x81000204
Time Generated: 12/05/2013 13:56:45
Event String:
Process **\mcshield.exe pid (2880) contains signed but untrusted cod
e, but was allowed to perform a privileged operation with a McAfee driver.
A warning event occurred. EventID: 0x81000204
Time Generated: 12/05/2013 13:56:46
Event String:
Process **\mcshield.exe pid (2880) contains signed but untrusted cod
e, but was allowed to perform a privileged operation with a McAfee driver.
A warning event occurred. EventID: 0x81000204
Time Generated: 12/05/2013 13:56:46
Event String:
Process **\mcshield.exe pid (2880) contains signed but untrusted cod
e, but was allowed to perform a privileged operation with a McAfee driver.
A warning event occurred. EventID: 0x81000202
Time Generated: 12/05/2013 13:57:14
Event String:
Process **\VsTskMgr.exe pid (2584) contained unsigned or corrupted c
ode and was blocked from performing a privileged operation with a McAfee driver.
A warning event occurred. EventID: 0x00001796
Time Generated: 12/05/2013 13:59:12
Event String:
Microsoft Windows Server has detected that NTLM authentication is pr
esently being used between clients and this server. This event occurs once per b
oot of the server on the first time a client uses NTLM with this server.
An error event occurred. EventID: 0x0000165B
Time Generated: 12/05/2013 14:03:53
Event String:
The session setup from computer 'IS2164' failed because the security
database does not contain a trust account 'IS2164$' referenced by the specified
computer.
......................... IS2288 failed test SystemLog
Starting test: VerifyReferences
......................... IS2288 passed test VerifyReferences
Running partition tests on : northamerica
Starting test: CheckSDRefDom
......................... northamerica passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... northamerica passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running enterprise tests on : bergquistcompany.com
Starting test: LocatorCheck
......................... bergquistcompany.com passed test
LocatorCheck
Starting test: Intersite
......................... bergquistcompany.com passed test Intersite
C:\Windows\system32>
Is BQDC2 online or is has it been shutdown?
[BQDC1] DsBindWithSpnEx() failed with error -2146892976,
The system cannot contact a domain controller to service the authentica
tion request. Please try again later..
Warning: BQDC1 is the Schema Owner, but is not responding to DS RPC
Bind.
[BQDC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: BQDC1 is the Schema Owner, but is not responding to LDAP
Bind.
[BQDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: BQDC2 is the Domain Owner, but is not responding to DS RPC
Bind.
Ldap search capability attribute search failed on server BQDC2, return
value = 81
Warning: BQDC2 is the Domain Owner, but is not responding to LDAP
Bind.
......................... IS2288 failed test KnowsOfRoleHolders
Starting test: MachineAccount
If you run NETDOM QUERY FSMO do all of the roles belong to a server that is still in production?
[BQDC1] DsBindWithSpnEx() failed with error -2146892976,
The system cannot contact a domain controller to service the authentica
tion request. Please try again later..
Warning: BQDC1 is the Schema Owner, but is not responding to DS RPC
Bind.
[BQDC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: BQDC1 is the Schema Owner, but is not responding to LDAP
Bind.
[BQDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: BQDC2 is the Domain Owner, but is not responding to DS RPC
Bind.
Ldap search capability attribute search failed on server BQDC2, return
value = 81
Warning: BQDC2 is the Domain Owner, but is not responding to LDAP
Bind.
......................... IS2288 failed test KnowsOfRoleHolders
Starting test: MachineAccount
If you run NETDOM QUERY FSMO do all of the roles belong to a server that is still in production?
ASKER
BQDC2 is online
BQDC1 and BQDC2 are the root domain.
CHDC1 is the 2003 in the child domain and is2288 is the 2012 server I'm troubleshooting.
From is2288 I get
Schema master BQDC1.bergquistcompany.com
Domain naming master BQDC2.bergquistcompany.com
PDC chdc1.northamerica.bergqui stcompany. com
RID pool manager chdc1.northamerica.bergqui stcompany. com
Infrastructure master chdc1.northamerica.bergqui stcompany. com
The command completed successfully.
From BQDC2 if I run DCDIAG I get
Doing primary tests
Testing server: Chanhassen\BQDC2
Starting test: Advertising
......................... BQDC2 passed test Advertising
Starting test: FrsEvent
......................... BQDC2 passed test FrsEvent
Starting test: DFSREvent
......................... BQDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... BQDC2 passed test SysVolCheck
Starting test: KccEvent
......................... BQDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BQDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BQDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... BQDC2 passed test NCSecDesc
Starting test: NetLogons
......................... BQDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... BQDC2 passed test ObjectsReplicated
Starting test: Replications
[IS2288] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
......................... BQDC2 failed test Replications
Starting test: RidManager
......................... BQDC2 passed test RidManager
Starting test: Services
......................... BQDC2 passed test Services
Starting test: SystemLog
......................... BQDC2 passed test SystemLog
Starting test: VerifyReferences
......................... BQDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidatio
Running partition tests on : bergquistcompany
Starting test: CheckSDRefDom
......................... bergquistcompany passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... bergquistcompany passed test
CrossRefValidation
Running enterprise tests on : bergquistcompany.com
Starting test: LocatorCheck
......................... bergquistcompany.com passed test
LocatorCheck
Starting test: Intersite
......................... bergquistcompany.com passed test Intersite
C:\Windows\system32>
BQDC1 and BQDC2 are the root domain.
CHDC1 is the 2003 in the child domain and is2288 is the 2012 server I'm troubleshooting.
From is2288 I get
Schema master BQDC1.bergquistcompany.com
Domain naming master BQDC2.bergquistcompany.com
PDC chdc1.northamerica.bergqui
RID pool manager chdc1.northamerica.bergqui
Infrastructure master chdc1.northamerica.bergqui
The command completed successfully.
From BQDC2 if I run DCDIAG I get
Doing primary tests
Testing server: Chanhassen\BQDC2
Starting test: Advertising
......................... BQDC2 passed test Advertising
Starting test: FrsEvent
......................... BQDC2 passed test FrsEvent
Starting test: DFSREvent
......................... BQDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... BQDC2 passed test SysVolCheck
Starting test: KccEvent
......................... BQDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BQDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BQDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... BQDC2 passed test NCSecDesc
Starting test: NetLogons
......................... BQDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... BQDC2 passed test ObjectsReplicated
Starting test: Replications
[IS2288] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
......................... BQDC2 failed test Replications
Starting test: RidManager
......................... BQDC2 passed test RidManager
Starting test: Services
......................... BQDC2 passed test Services
Starting test: SystemLog
......................... BQDC2 passed test SystemLog
Starting test: VerifyReferences
......................... BQDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidatio
Running partition tests on : bergquistcompany
Starting test: CheckSDRefDom
......................... bergquistcompany passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... bergquistcompany passed test
CrossRefValidation
Running enterprise tests on : bergquistcompany.com
Starting test: LocatorCheck
......................... bergquistcompany.com passed test
LocatorCheck
Starting test: Intersite
......................... bergquistcompany.com passed test Intersite
C:\Windows\system32>
ASKER
also on is2288 I am getting in event viewer on DNS Server event id 4015 DNS-Server-Service
You are getting the error "The RPC server is unavailable" relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.
http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.
http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx
ASKER
Ok now I have it down to one error:
1908 could not find the domain controller for this domain?
Destination DSA largest delta fails/total %% error
ALVIN 47m:53s 0 / 12 0
ASDC1 16m:43s 0 / 16 0
BFDC1 09m:35s 0 / 8 0
BQDC1 11m:14s 0 / 22 0
BQDC2 17m:00s 0 / 22 0
BQROOT 18m:52s 0 / 32 0
BRDC1 39m:09s 0 / 14 0
BRICKROCK 39m:39s 0 / 22 0
CFDC1 01d.19h:40m:44s 0 / 14 0
CHDC1 10d.13h:12m:53s 12 / 62 19 (1908) Could not find the do
main controller for this domain.
CHEF 50m:28s 0 / 14 0
EUDC1 07m:03s 0 / 6 0
KYLE 38m:50s 0 / 6 0
PDC2 14m:31s 0 / 8 0
C:\Windows\system32>
1908 could not find the domain controller for this domain?
Destination DSA largest delta fails/total %% error
ALVIN 47m:53s 0 / 12 0
ASDC1 16m:43s 0 / 16 0
BFDC1 09m:35s 0 / 8 0
BQDC1 11m:14s 0 / 22 0
BQDC2 17m:00s 0 / 22 0
BQROOT 18m:52s 0 / 32 0
BRDC1 39m:09s 0 / 14 0
BRICKROCK 39m:39s 0 / 22 0
CFDC1 01d.19h:40m:44s 0 / 14 0
CHDC1 10d.13h:12m:53s 12 / 62 19 (1908) Could not find the do
main controller for this domain.
CHEF 50m:28s 0 / 14 0
EUDC1 07m:03s 0 / 6 0
KYLE 38m:50s 0 / 6 0
PDC2 14m:31s 0 / 8 0
C:\Windows\system32>
ASKER
on CHDC1 I get event ID 1925 and it says:
Source domain controller address:
04a482b6-a285-4268-936a-89 3180b61841 ._msdcs.be rgquistcom pany.com
Intersite transport (if any):
but I don't have a domain controller with this name?
Source domain controller address:
04a482b6-a285-4268-936a-89
Intersite transport (if any):
but I don't have a domain controller with this name?
Read through this article and check for the records in DNS to see if there's an old orphaned DC - http://support.microsoft.com/kb/555846
If the name of the DC is present in AD which is not in network then it seems that faulty DC instances are still present you neeed to run metadata cleanup to remove the instances of faulty DC.http://www.petri.co.il/delete_failed_dcs_from_ad.htm
ASKER
Ran that will see what happens
ASKER
ran metadata cleanup and replication seems to be working but still getting events:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data every hour.
Replsummary and showrepl pass
Dcdiag: Starting test: KccEvent
......................... BRDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
[BQDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: BQDC2 is the Schema Owner, but is not responding to DS RPC
Bind.
Ldap search capability attribute search failed on server BQDC2, return
value = 81
Warning: BQDC2 is the Schema Owner, but is not responding to LDAP
We have a DC at each site so 5 in the child domain and only this one getting the error.
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data every hour.
Replsummary and showrepl pass
Dcdiag: Starting test: KccEvent
......................... BRDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
[BQDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: BQDC2 is the Schema Owner, but is not responding to DS RPC
Bind.
Ldap search capability attribute search failed on server BQDC2, return
value = 81
Warning: BQDC2 is the Schema Owner, but is not responding to LDAP
We have a DC at each site so 5 in the child domain and only this one getting the error.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
called Microsoft
If it's a single domain you may need to check for some orphaned objects in AD by running dcdiag to see if it complains about any issues.