• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1002
  • Last Modified:

Enter the name and password of an account with permission for bergquistcompany.com

Hello EE,

We have an empty forest root and we have a child domain where users authenticate:
Forest: Bergquistcompany.com
Child: northamerica.bergquistcompany.com

When I go to the child domain and under users/computers try to add a user under security to a distribution list I get a prompt "Enter the name and password of an account with permissions for Bergquistcompany.com"

There is a 2 way trust so why am I getting prompted?
0
bergquistcompany
Asked:
bergquistcompany
  • 12
  • 7
  • 6
  • +3
1 Solution
 
SeanSystem EngineerCommented:
Domain admins are still separate groups. Make sure your user is in both domain's domain admin group.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Child Domains, when created automatically have a 2 way transitive trust enabled. As stated domains are separate entities and require domain admins privledges in each specific domain.

Will.
0
 
bergquistcompanyAuthor Commented:
So from the root domain I can add child accounts but from the child domain I should be prompted to add root accounts?

I am getting these events which are new on the child DC:

1. Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

2. The attempt to establish a replication link for the following writable directory partition failed.
 
Directory partition:
CN=Schema,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Servers,CN=Chanhassen,CN=Sites,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller address:
04a482b6-a285-4268-936a-893180b61841._msdcs.bergquistcompany.com
Intersite transport (if any):
 
 
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.  
 
User Action
Verify if the source domain controller is accessible or network connectivity is available.
 
Additional Data
Error value:
1908 Could not find the domain controller for this domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
Ram BalachandranCommented:
How many DC you have in Parent Domain ?

1) Verify that Bergquistcompany.com DC's  KDC and Netlogon services are running.

Example - Query the KDC service with: "SC Query KDC" and the Netlogon Service with: "SC Query Netlogon"
These commands should return "State: Running"

2) Verify that the parent Domain Controllers is Advertising as a Key Distribution Center

Use DCDIAG.exe to verify that the destination Domain Controller is advertising. From a CMD.exe prompt run the following:

       C:\DCDiag.exe /v /test:Advertising /test:SysVolCheck
0
 
bergquistcompanyAuthor Commented:
I have 2 in the parent domain.  Here are the results for sc query kdc- running and netlogon - running

C:\Windows\system32>sc query kdc
SERVICE_NAME: kdc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

C:\Windows\system32>SC Query Netlogon

SERVICE_NAME: Netlogon
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

DCDIAG:
 Testing server: Chanhassen\BQDC2
    Starting test: Advertising
       The DC BQDC2 is advertising itself as a DC and having a DS.
       The DC BQDC2 is advertising as an LDAP server
       The DC BQDC2 is advertising as having a writeable directory
       The DC BQDC2 is advertising as a Key Distribution Center
       The DC BQDC2 is advertising as a time server
       The DS BQDC2 is advertising as a GC.
       ......................... BQDC2 passed test Advertising
    Test omitted by user request: CheckSecurityError
    Test omitted by user request: CutoffServers
    Test omitted by user request: FrsEvent
    Test omitted by user request: DFSREvent
    Starting test: SysVolCheck
       * The File Replication Service SYSVOL ready test
       File Replication Service's SYSVOL is ready
       ......................... BQDC2 passed test SysVolCheck

and

 Testing server: Chanhassen\BQDC1
    Starting test: Advertising
       The DC BQDC1 is advertising itself as a DC and having a DS.
       The DC BQDC1 is advertising as an LDAP server
       The DC BQDC1 is advertising as having a writeable directory
       The DC BQDC1 is advertising as a Key Distribution Center
       The DC BQDC1 is advertising as a time server
       The DS BQDC1 is advertising as a GC.
       ......................... BQDC1 passed test Advertising
    Test omitted by user request: CheckSecurityError
    Test omitted by user request: CutoffServers
    Test omitted by user request: FrsEvent
    Test omitted by user request: DFSREvent
    Starting test: SysVolCheck
       * The File Replication Service SYSVOL ready test
       File Replication Service's SYSVOL is ready
       ......................... BQDC1 passed test SysVolCheck
0
 
Ram BalachandranCommented:
Those errors from event logs that you have mentioned - when it was created (date )?
0
 
Ram BalachandranCommented:
How you are accessing child domain ? are you logged in to a computer which in part of child domain ?
0
 
bergquistcompanyAuthor Commented:
All users are on the child domain.  The parent BQDC1 and 2 are empty root domains

The other was a couple days ago but this is 10 min ago
The attempt to establish a replication link to a read-only directory partition with the following parameters failed.
 
Directory partition:
DC=eu,DC=bergquistcompany,DC=com
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Servers,CN=Chanhassen,CN=Sites,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller address:
04a482b6-a285-4268-936a-893180b61841._msdcs.bergquistcompany.com
Intersite transport (if any):
 
 
Additional Data
Error value:
1908 Could not find the domain controller for this domain.

For more information, see Help and Support Center at
0
 
Ram BalachandranCommented:
I believe this error has nothing to do with prompt you get. This could be because of some network connectivity issue.Based on the previous test results there seems no issues with connectivity between domains, for replication test you can run following command

repadmin /replsummary

Meanwhile, if you try to add user from another domain, it might ask for credentials. Ensure your ID is having sufficient privileges.
0
 
MaheshArchitectCommented:
Have you setup proper name resolution between parent and child domain ?

What is the domain DNS zone name in parent and child domain ?
Does both zone names are same or different ?

If both zone names are different, then in child domain, in DNS server, under Conditional forwarder, add parent domain with its dns server ip address so that you can resolve parent domain queries from child domain
Also check that if you are able to resolve child domain queries from parent domain ? If not add delegation in parent domain dns zone pointing to child domain dns server

Lastly, check that_msdcs.domain.com zone is populated in child domain or not ?
Also check if Domaindnszones partition (folder) exists in child domain dns zone on child DC

If everything above is prefect, just try to replicate from parent domain to child domain in active directory sites and services

Mahesh
0
 
bergquistcompanyAuthor Commented:
@ ram_kerala - so if I'm on the child and add security for anyone in the child it isn't prompting but if I change the domain to bergquistcompany.com it prompts me is that expected?  

Source DC           largest delta  fails/total  %%  error
 ALVIN                     20m:22s    0 /  12    0
 ASDC1                     17m:29s    0 /   9    0
 BFDC1                     02m:48s    0 /   8    0
 BQDC1                     26m:50s    0 /   6    0
 BQDC2             14d.19h:53m:39s    6 /   6  100  (1908) Could not find th...
 BRDC1                     28m:38s    0 /  14    0
 BRICKROCK                 28m:38s    0 /  22    0
 CFDC1                     02m:33s    0 /   8    0
 CHDC1                     26m:50s    0 /  49    0
 CHEF                      19m:37s    0 /  14    0
 EUDC1                     26m:29s    0 /   8    0
 KYLE                      31m:09s    0 /   6    0
 PDC2                      02m:47s    0 /   8    0
0
 
bergquistcompanyAuthor Commented:
by: MaheshPM

If I go into DNS for the parent under Forward Lookup Zones I see bergquistcompany.com under which I have a folder for Northamerica

Parent: bergquistcompany.com
Child: Northamerica (see attached)

On the child I only see cached, forward lookup and reverse not conditional (2003 server)

Yes _msdcs.bergquistcompany.com is under forward lookup.  Yes under ForestDNS under bergquistcompany.com in child (see attached capture 2)
Capture.JPG
Capture2.JPG
0
 
compdigit44Commented:
Why a trust relationship just lay the "road" for future traffic. Just because a trust is in place doesn mean traffic can flow each domain needs to have the proper permissions assign as other E.E experts have points out.

You stated that you receive a password prompt while selecting the parent domain from the child domain. Is you account a member of the domain admins group in the parent domain.  If not, the password prompt you are receiving may be "normal" than,,,

Did you manually create trust or did windows create it for you when the child domain was added?
0
 
Ram BalachandranCommented:
coming to replication related error:

What is the authentication method used in  BQDC2  while compared with other DCs
Is there any other errors found in event logs ?
Is the time and timezone same in  BQDC2  while compared with other DCs ?
0
 
MaheshArchitectCommented:
From screen shot its clear that in parent domain you have subdomain folder pointing to child domain and same parent zone is getting replicated to child domain as well.
So you should be able to resolve child domain names from parent domain and vice versa.

Are you able to resolve parent domain from child domain ?
Also try to validate \ verify trust from child domain and parent domain in Active directory domains and trust..

Mahesh
0
 
compdigit44Commented:
The following article I found is very interesting and confirms what I and other have stated. A child domain is still a different security boundary from the parent.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/1b714a72-4e52-44c4-a0a4-af1f5e0ca5f9/root-domain-user-lists-not-shown-in-child-domain?forum=winserverDS

is the user you are trying to add in the child domain or parent?

can you please upload the results of the verbose dcdiag:   dcdiag /v /e >c:\dcdiag.txt

Also please run the following command in your parent and child domain:

nltest /dclist:<parentdomain>
nltest /dclist:<childdomain>
0
 
bergquistcompanyAuthor Commented:
@ compdigit44 there is a transitive 2 way trust with parent child.  Attached dcdiag
NLTest parent:
       C:\Windows\system32>nltest /dclist:bergquistcompany.com
       Get list of DCs in domain 'bergquistcompany.com' from '\\BQDC2.bergquistcompany.
       com'.
       BQDC2.bergquistcompany.com        [DS] Site: Chanhassen
       BQDC1.bergquistcompany.com [PDC]  [DS] Site: Chanhassen
       The command completed successfully

NLTEST child:
C:\Documents and Settings\Administrator.CHDC1>nltest /dclist:northamerica.bergq
istcompany.com
Get list of DCs in domain 'northamerica.bergquistcompany.com' from '\\chdc1.nor
hamerica.bergquistcompany.com'.
          chdc1.northamerica.bergquistcompany.com [PDC] [DS] Site: Chanhassen
          cfdc1.northamerica.bergquistcompany.com       [DS] Site: CannonFalls
           chef.northamerica.bergquistcompany.com       [DS] Site: Torrington
           KYLE.northamerica.bergquistcompany.com       [DS] Site: Torrington
      brickrock.northamerica.bergquistcompany.com       [DS] Site: Brandon
          ALVIN.northamerica.bergquistcompany.com       [DS] Site: Brandon
           PDC2.northamerica.bergquistcompany.com       [DS] Site: Prescott
    ch-riverbed.northamerica.bergquistcompany.com
    cf-riverbed.northamerica.bergquistcompany.com
    br-riverbed.northamerica.bergquistcompany.com
    pr-riverbed.northamerica.bergquistcompany.com
          BRDC1.northamerica.bergquistcompany.com       [DS] Site: Brandon
          BFDC1.northamerica.bergquistcompany.com       [DS] Site: BigFork
The command completed successfully


@ ram_kerala it consistently shows Source:
 BQDC2             15d.18h:50m:00s    6 /  14   42  (1908) Could not find the do
main controller for this domain.
Destination: CHDC1  (child domain)
This is a new error on BQDC2 today: 1908 A pointer device did not report a valid unit of angular measurement.
Another interesting thing is on BQDC1 (other parent DC I have 2 BQDC1 in DNS (see attached) and only BQDC2 listed once on BQDC2 DNS.

@ MaheshPM - validation works
dcdiag.txt
Capture.JPG
0
 
compdigit44Commented:
I haven't had much time to review the Dcdiag in detail but I did notice some errors.

1) have there been any changes in the parent domain recently?
2)  Check your sercuity logs on your parent DC for kerbose errors?
3) please upload the results of the following command from the parent and child domain:
repadmin /showrepl >c:\repl.txt
4) upload a screen shot of your all your msdc dns records for your parents and child domains.
5) How long has this issue be going on?
0
 
Ram BalachandranCommented:
There are many errors in Dcdiag test results and probably need to run dcdiag /fix

Example :  C:\Windows\system32>dcdiag /s:reskit-DC1 \administrator password /e


[ http://technet.microsoft.com/en-us/library/cc961811.aspx]

But recommend to wait for other experts opinion.
0
 
compdigit44Commented:
What OS are all of your DC's running?
What is your domain & functional levels?
What is server CFDC1?
Can you please upload a screen shot of your AD DNS records?
0
 
bergquistcompanyAuthor Commented:
@compdigit44
1) no changes recently but we would like to eventually replace one of the child DCs as it's 2003 and we'd like to get to 2012.
2)  Zero errors in security
3) see attached error on child reference to parent 1908 no DC
4) attached
5) unfortunately it's intermittent

@ ram_kerala ok thanks for the suggestion I'll see what others say

@ compdigit44 some DCs are 2003 some are 2012 we are wanting to get them all to 2012.  CFDC1 is a child level DC at one of our branch office.  All our branch offices have DCs.  See capture.jpg and mixed mode given the environment has both versions
repl.txt
replchild.txt
Capture.JPG
0
 
bergquistcompanyAuthor Commented:
Also if it helps this morning in addition to the repadmin /replsummary showing source BQDC2 (2nd parent) and destination CHDC1 (child) 1908 could not find the domain controller for this domain.

Note: BQDC1 points to self for DNS primary and BQDC2 as secondary.  BQDC2 is reverse of that.  Forwarders on BQDC1 are ISP and forwarders on BQDC2 are other internal DCs.

BQDC2 shows this error which is new in system log: Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.

CHDC1 shows this error
The attempt to establish a replication link for the following writable directory partition failed.
 
Directory partition:
CN=Schema,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Servers,CN=Chanhassen,CN=Sites,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller address:
04a482b6-a285-4268-936a-893180b61841._msdcs.bergquistcompany.com
Intersite transport (if any):
 
 
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.  
 
User Action
Verify if the source domain controller is accessible or network connectivity is available.
 
Additional Data
Error value:
1908 Could not find the domain controller for this domain.

For more information, see Help and Support Center at
0
 
compdigit44Commented:
Your DNS configu on the servers seems correct. It is the best practice to point AD DNS server to themselves and then to another server. Please note, you should never us a loop back address for the primary DNS server IP.

 Let do the following, on BQDC2 type the following commands at the command prompt:
1) ipconfig /flusdns
2) netsh ip delete arpcache
3) dcdiag /fix
4) net stop netlogon
5) net start netlogon
6) Rerun the repadmin /showrepl command in both domain and post the results

Let us know how you make out!!!!
0
 
bergquistcompanyAuthor Commented:
Thank you so much for your help thus far
1. done
2. changed to netsh interface ip delete arpcache....ok
3. Below are results:          REPLICATION LATENCY WARNING ERROR: Expected  
        notificationtion link is missing.  Source CHDC1
4-5. Done
6. Clean for BQDC2 and lots of errors for CHDC1

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = BQDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Chanhassen\BQDC2
      Starting test: Connectivity
         ......................... BQDC2 passed test Connectivity

Doing primary tests

   Testing server: Chanhassen\BQDC2
      Starting test: Advertising
         ......................... BQDC2 passed test Advertising
      Starting test: FrsEvent
         ......................... BQDC2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... BQDC2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... BQDC2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... BQDC2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... BQDC2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... BQDC2 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... BQDC2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... BQDC2 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... BQDC2 passed test ObjectsReplicated
      Starting test: Replications
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source CHDC1
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source CHDC1
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source CHDC1
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         ......................... BQDC2 passed test Replications
      Starting test: RidManager
         ......................... BQDC2 passed test RidManager
      Starting test: Services
         ......................... BQDC2 passed test Services
      Starting test: SystemLog
         ......................... BQDC2 passed test SystemLog
      Starting test: VerifyReferences
         ......................... BQDC2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : bergquistcompany
      Starting test: CheckSDRefDom
         ......................... bergquistcompany passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... bergquistcompany passed test
         CrossRefValidation

   Running enterprise tests on : bergquistcompany.com
      Starting test: LocatorCheck
         ......................... bergquistcompany.com passed test
         LocatorCheck
      Starting test: Intersite
         ......................... bergquistcompany.com passed test Intersite
showrepl-BQDC2.docx
showreplCHDC1.docx
0
 
compdigit44Commented:
OK, run the save steps you did prior but this time run it on CHDC1
0
 
bergquistcompanyAuthor Commented:
errors on step 3


C:\Documents and Settings\Administrator.CHDC1>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Chanhassen\CHDC1
      Starting test: Connectivity
         ......................... CHDC1 passed test Connectivity

Doing primary tests

   Testing server: Chanhassen\CHDC1
      Starting test: Replications
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: DC=ForestDnsZones,DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 11:08:13.
            The last success occurred at 2013-11-25 19:44:16.
            6345 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [BQDC2] DsBindWithSpnEx() failed with error -2146892976,
         The system detected a possible attempt to compromise security.  Please
ensure that you can contact the server that authenticated you..
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: CN=Schema,CN=Configuration,DC=bergquistcompany,DC=co
m
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 10:45:36.
            The last success occurred at 2013-11-25 19:23:32.
            869 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: CN=Configuration,DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 10:48:45.
            The last success occurred at 2013-11-25 19:23:30.
            1156 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: DC=BQAsia,DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 11:07:09.
            The last success occurred at 2013-11-25 19:37:37.
            1360 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 11:07:08.
            The last success occurred at 2013-11-25 19:41:35.
            4186 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: DC=eu,DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 11:01:17.
            The last success occurred at 2013-11-25 19:23:35.
            856 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... CHDC1 passed test Replications
      Starting test: NCSecDesc
         ......................... CHDC1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... CHDC1 passed test NetLogons
      Starting test: Advertising
         ......................... CHDC1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         [BQDC1] DsBindWithSpnEx() failed with error -2146892976,
         The system detected a possible attempt to compromise security.  Please
ensure that you can contact the server that authenticated you..
         Warning: BQDC1 is the Schema Owner, but is not responding to DS RPC Bin
d.
         [BQDC1] LDAP bind failed with error 8341,
         A directory service error has occurred..
         Warning: BQDC1 is the Schema Owner, but is not responding to LDAP Bind.

         Warning: BQDC2 is the Domain Owner, but is not responding to DS RPC Bin
d.
         [BQDC2] LDAP bind failed with error 8341,
         A directory service error has occurred..
         Warning: BQDC2 is the Domain Owner, but is not responding to LDAP Bind.

         ......................... CHDC1 failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... CHDC1 passed test RidManager
      Starting test: MachineAccount
         ......................... CHDC1 passed test MachineAccount
      Starting test: Services
         ......................... CHDC1 passed test Services
      Starting test: ObjectsReplicated
         ......................... CHDC1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... CHDC1 passed test frssysvol
      Starting test: frsevent
         ......................... CHDC1 passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 12/13/2013   11:03:58
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000786
            Time Generated: 12/13/2013   11:03:58
            Event String: The attempt to establish a replication link to a
         An Warning Event occured.  EventID: 0x80000786
            Time Generated: 12/13/2013   11:03:59
            Event String: The attempt to establish a replication link to a
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 12/13/2013   11:03:59
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 12/13/2013   11:04:00
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000786
            Time Generated: 12/13/2013   11:04:00
            Event String: The attempt to establish a replication link to a
         ......................... CHDC1 failed test kccevent
      Starting test: systemlog
         ......................... CHDC1 passed test systemlog
      Starting test: VerifyReferences
         ......................... CHDC1 passed test VerifyReferences

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : northamerica
      Starting test: CrossRefValidation
         ......................... northamerica passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... northamerica passed test CheckSDRefDom

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running enterprise tests on : bergquistcompany.com
      Starting test: Intersite
         ......................... bergquistcompany.com passed test Intersite
      Starting test: FsmoCheck
         ......................... bergquistcompany.com passed test FsmoCheck

C:\Documents and Settings\Administrator.CHDC1>
0
 
bergquistcompanyAuthor Commented:
same repl errors as attached above for chdc1
0
 
compdigit44Commented:
Wow, this server hasn't successfully replicated since 11/25/13!!!

You could try to demote then repromo the server at the point.
0
 
bergquistcompanyAuthor Commented:
that worked thanks for all your help.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 12
  • 7
  • 6
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now