bergquistcompany
asked on
Enter the name and password of an account with permission for bergquistcompany.com
Hello EE,
We have an empty forest root and we have a child domain where users authenticate:
Forest: Bergquistcompany.com
Child: northamerica.bergquistcomp
When I go to the child domain and under users/computers try to add a user under security to a distribution list I get a prompt "Enter the name and password of an account with permissions for Bergquistcompany.com"
There is a 2 way trust so why am I getting prompted?
We have an empty forest root and we have a child domain where users authenticate:
Forest: Bergquistcompany.com
Child: northamerica.bergquistcomp
When I go to the child domain and under users/computers try to add a user under security to a distribution list I get a prompt "Enter the name and password of an account with permissions for Bergquistcompany.com"
There is a 2 way trust so why am I getting prompted?
Sean
Domain admins are still separate groups. Make sure your user is in both domain's domain admin group.
Child Domains, when created automatically have a 2 way transitive trust enabled. As stated domains are separate entities and require domain admins privledges in each specific domain.
Will.
Will.
ASKER
So from the root domain I can add child accounts but from the child domain I should be prompted to add root accounts?
I am getting these events which are new on the child DC:
1. Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
2. The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Schema,CN=Configuration
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Serve
Source domain controller address:
04a482b6-a285-4268-936a-89
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
1908 Could not find the domain controller for this domain.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I am getting these events which are new on the child DC:
1. Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
2. The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Schema,CN=Configuration
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Serve
Source domain controller address:
04a482b6-a285-4268-936a-89
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
1908 Could not find the domain controller for this domain.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
How many DC you have in Parent Domain ?
1) Verify that Bergquistcompany.com DC's KDC and Netlogon services are running.
Example - Query the KDC service with: "SC Query KDC" and the Netlogon Service with: "SC Query Netlogon"
These commands should return "State: Running"
2) Verify that the parent Domain Controllers is Advertising as a Key Distribution Center
Use DCDIAG.exe to verify that the destination Domain Controller is advertising. From a CMD.exe prompt run the following:
C:\DCDiag.exe /v /test:Advertising /test:SysVolCheck
1) Verify that Bergquistcompany.com DC's KDC and Netlogon services are running.
Example - Query the KDC service with: "SC Query KDC" and the Netlogon Service with: "SC Query Netlogon"
These commands should return "State: Running"
2) Verify that the parent Domain Controllers is Advertising as a Key Distribution Center
Use DCDIAG.exe to verify that the destination Domain Controller is advertising. From a CMD.exe prompt run the following:
C:\DCDiag.exe /v /test:Advertising /test:SysVolCheck
ASKER
I have 2 in the parent domain. Here are the results for sc query kdc- running and netlogon - running
C:\Windows\system32>sc query kdc
SERVICE_NAME: kdc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Windows\system32>SC Query Netlogon
SERVICE_NAME: Netlogon
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
DCDIAG:
Testing server: Chanhassen\BQDC2
Starting test: Advertising
The DC BQDC2 is advertising itself as a DC and having a DS.
The DC BQDC2 is advertising as an LDAP server
The DC BQDC2 is advertising as having a writeable directory
The DC BQDC2 is advertising as a Key Distribution Center
The DC BQDC2 is advertising as a time server
The DS BQDC2 is advertising as a GC.
......................... BQDC2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BQDC2 passed test SysVolCheck
and
Testing server: Chanhassen\BQDC1
Starting test: Advertising
The DC BQDC1 is advertising itself as a DC and having a DS.
The DC BQDC1 is advertising as an LDAP server
The DC BQDC1 is advertising as having a writeable directory
The DC BQDC1 is advertising as a Key Distribution Center
The DC BQDC1 is advertising as a time server
The DS BQDC1 is advertising as a GC.
......................... BQDC1 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BQDC1 passed test SysVolCheck
C:\Windows\system32>sc query kdc
SERVICE_NAME: kdc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Windows\system32>SC Query Netlogon
SERVICE_NAME: Netlogon
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
DCDIAG:
Testing server: Chanhassen\BQDC2
Starting test: Advertising
The DC BQDC2 is advertising itself as a DC and having a DS.
The DC BQDC2 is advertising as an LDAP server
The DC BQDC2 is advertising as having a writeable directory
The DC BQDC2 is advertising as a Key Distribution Center
The DC BQDC2 is advertising as a time server
The DS BQDC2 is advertising as a GC.
......................... BQDC2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BQDC2 passed test SysVolCheck
and
Testing server: Chanhassen\BQDC1
Starting test: Advertising
The DC BQDC1 is advertising itself as a DC and having a DS.
The DC BQDC1 is advertising as an LDAP server
The DC BQDC1 is advertising as having a writeable directory
The DC BQDC1 is advertising as a Key Distribution Center
The DC BQDC1 is advertising as a time server
The DS BQDC1 is advertising as a GC.
......................... BQDC1 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BQDC1 passed test SysVolCheck
Those errors from event logs that you have mentioned - when it was created (date )?
How you are accessing child domain ? are you logged in to a computer which in part of child domain ?
ASKER
All users are on the child domain. The parent BQDC1 and 2 are empty root domains
The other was a couple days ago but this is 10 min ago
The attempt to establish a replication link to a read-only directory partition with the following parameters failed.
Directory partition:
DC=eu,DC=bergquistcompany,
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Serve
Source domain controller address:
04a482b6-a285-4268-936a-89
Intersite transport (if any):
Additional Data
Error value:
1908 Could not find the domain controller for this domain.
For more information, see Help and Support Center at
The other was a couple days ago but this is 10 min ago
The attempt to establish a replication link to a read-only directory partition with the following parameters failed.
Directory partition:
DC=eu,DC=bergquistcompany,
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Serve
Source domain controller address:
04a482b6-a285-4268-936a-89
Intersite transport (if any):
Additional Data
Error value:
1908 Could not find the domain controller for this domain.
For more information, see Help and Support Center at
I believe this error has nothing to do with prompt you get. This could be because of some network connectivity issue.Based on the previous test results there seems no issues with connectivity between domains, for replication test you can run following command
repadmin /replsummary
Meanwhile, if you try to add user from another domain, it might ask for credentials. Ensure your ID is having sufficient privileges.
repadmin /replsummary
Meanwhile, if you try to add user from another domain, it might ask for credentials. Ensure your ID is having sufficient privileges.
Have you setup proper name resolution between parent and child domain ?
What is the domain DNS zone name in parent and child domain ?
Does both zone names are same or different ?
If both zone names are different, then in child domain, in DNS server, under Conditional forwarder, add parent domain with its dns server ip address so that you can resolve parent domain queries from child domain
Also check that if you are able to resolve child domain queries from parent domain ? If not add delegation in parent domain dns zone pointing to child domain dns server
Lastly, check that_msdcs.domain.com zone is populated in child domain or not ?
Also check if Domaindnszones partition (folder) exists in child domain dns zone on child DC
If everything above is prefect, just try to replicate from parent domain to child domain in active directory sites and services
Mahesh
What is the domain DNS zone name in parent and child domain ?
Does both zone names are same or different ?
If both zone names are different, then in child domain, in DNS server, under Conditional forwarder, add parent domain with its dns server ip address so that you can resolve parent domain queries from child domain
Also check that if you are able to resolve child domain queries from parent domain ? If not add delegation in parent domain dns zone pointing to child domain dns server
Lastly, check that_msdcs.domain.com zone is populated in child domain or not ?
Also check if Domaindnszones partition (folder) exists in child domain dns zone on child DC
If everything above is prefect, just try to replicate from parent domain to child domain in active directory sites and services
Mahesh
ASKER
@ ram_kerala - so if I'm on the child and add security for anyone in the child it isn't prompting but if I change the domain to bergquistcompany.com it prompts me is that expected?
Source DC largest delta fails/total %% error
ALVIN 20m:22s 0 / 12 0
ASDC1 17m:29s 0 / 9 0
BFDC1 02m:48s 0 / 8 0
BQDC1 26m:50s 0 / 6 0
BQDC2 14d.19h:53m:39s 6 / 6 100 (1908) Could not find th...
BRDC1 28m:38s 0 / 14 0
BRICKROCK 28m:38s 0 / 22 0
CFDC1 02m:33s 0 / 8 0
CHDC1 26m:50s 0 / 49 0
CHEF 19m:37s 0 / 14 0
EUDC1 26m:29s 0 / 8 0
KYLE 31m:09s 0 / 6 0
PDC2 02m:47s 0 / 8 0
Source DC largest delta fails/total %% error
ALVIN 20m:22s 0 / 12 0
ASDC1 17m:29s 0 / 9 0
BFDC1 02m:48s 0 / 8 0
BQDC1 26m:50s 0 / 6 0
BQDC2 14d.19h:53m:39s 6 / 6 100 (1908) Could not find th...
BRDC1 28m:38s 0 / 14 0
BRICKROCK 28m:38s 0 / 22 0
CFDC1 02m:33s 0 / 8 0
CHDC1 26m:50s 0 / 49 0
CHEF 19m:37s 0 / 14 0
EUDC1 26m:29s 0 / 8 0
KYLE 31m:09s 0 / 6 0
PDC2 02m:47s 0 / 8 0
ASKER
by: MaheshPM
If I go into DNS for the parent under Forward Lookup Zones I see bergquistcompany.com under which I have a folder for Northamerica
Parent: bergquistcompany.com
Child: Northamerica (see attached)
On the child I only see cached, forward lookup and reverse not conditional (2003 server)
Yes _msdcs.bergquistcompany.co
Capture.JPG
Capture2.JPG
If I go into DNS for the parent under Forward Lookup Zones I see bergquistcompany.com under which I have a folder for Northamerica
Parent: bergquistcompany.com
Child: Northamerica (see attached)
On the child I only see cached, forward lookup and reverse not conditional (2003 server)
Yes _msdcs.bergquistcompany.co
Capture.JPG
Capture2.JPG
Why a trust relationship just lay the "road" for future traffic. Just because a trust is in place doesn mean traffic can flow each domain needs to have the proper permissions assign as other E.E experts have points out.
You stated that you receive a password prompt while selecting the parent domain from the child domain. Is you account a member of the domain admins group in the parent domain. If not, the password prompt you are receiving may be "normal" than,,,
Did you manually create trust or did windows create it for you when the child domain was added?
You stated that you receive a password prompt while selecting the parent domain from the child domain. Is you account a member of the domain admins group in the parent domain. If not, the password prompt you are receiving may be "normal" than,,,
Did you manually create trust or did windows create it for you when the child domain was added?
coming to replication related error:
What is the authentication method used in BQDC2 while compared with other DCs
Is there any other errors found in event logs ?
Is the time and timezone same in BQDC2 while compared with other DCs ?
What is the authentication method used in BQDC2 while compared with other DCs
Is there any other errors found in event logs ?
Is the time and timezone same in BQDC2 while compared with other DCs ?
From screen shot its clear that in parent domain you have subdomain folder pointing to child domain and same parent zone is getting replicated to child domain as well.
So you should be able to resolve child domain names from parent domain and vice versa.
Are you able to resolve parent domain from child domain ?
Also try to validate \ verify trust from child domain and parent domain in Active directory domains and trust..
Mahesh
So you should be able to resolve child domain names from parent domain and vice versa.
Are you able to resolve parent domain from child domain ?
Also try to validate \ verify trust from child domain and parent domain in Active directory domains and trust..
Mahesh
The following article I found is very interesting and confirms what I and other have stated. A child domain is still a different security boundary from the parent.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/1b714a72-4e52-44c4-a0a4-af1f5e0ca5f9/root-domain-user-lists-not-shown-in-child-domain?forum=winserverDS
is the user you are trying to add in the child domain or parent?
can you please upload the results of the verbose dcdiag: dcdiag /v /e >c:\dcdiag.txt
Also please run the following command in your parent and child domain:
nltest /dclist:<parentdomain>
nltest /dclist:<childdomain>
http://social.technet.microsoft.com/Forums/windowsserver/en-US/1b714a72-4e52-44c4-a0a4-af1f5e0ca5f9/root-domain-user-lists-not-shown-in-child-domain?forum=winserverDS
is the user you are trying to add in the child domain or parent?
can you please upload the results of the verbose dcdiag: dcdiag /v /e >c:\dcdiag.txt
Also please run the following command in your parent and child domain:
nltest /dclist:<parentdomain>
nltest /dclist:<childdomain>
ASKER
@ compdigit44 there is a transitive 2 way trust with parent child. Attached dcdiag
NLTest parent:
C:\Windows\system32>nltest
Get list of DCs in domain 'bergquistcompany.com' from '\\BQDC2.bergquistcompany.
com'.
BQDC2.bergquistcompany.com
BQDC1.bergquistcompany.com
The command completed successfully
NLTEST child:
C:\Documents and Settings\Administrator.CHD
istcompany.com
Get list of DCs in domain 'northamerica.bergquistcom
hamerica.bergquistcompany.
chdc1.northamerica.bergqui
cfdc1.northamerica.bergqui
chef.northamerica.bergquis
KYLE.northamerica.bergquis
brickrock.northamerica.ber
ALVIN.northamerica.bergqui
PDC2.northamerica.bergquis
ch-riverbed.northamerica.b
cf-riverbed.northamerica.b
br-riverbed.northamerica.b
pr-riverbed.northamerica.b
BRDC1.northamerica.bergqui
BFDC1.northamerica.bergqui
The command completed successfully
@ ram_kerala it consistently shows Source:
BQDC2 15d.18h:50m:00s 6 / 14 42 (1908) Could not find the do
main controller for this domain.
Destination: CHDC1 (child domain)
This is a new error on BQDC2 today: 1908 A pointer device did not report a valid unit of angular measurement.
Another interesting thing is on BQDC1 (other parent DC I have 2 BQDC1 in DNS (see attached) and only BQDC2 listed once on BQDC2 DNS.
@ MaheshPM - validation works
dcdiag.txt
Capture.JPG
NLTest parent:
C:\Windows\system32>nltest
Get list of DCs in domain 'bergquistcompany.com' from '\\BQDC2.bergquistcompany.
com'.
BQDC2.bergquistcompany.com
BQDC1.bergquistcompany.com
The command completed successfully
NLTEST child:
C:\Documents and Settings\Administrator.CHD
istcompany.com
Get list of DCs in domain 'northamerica.bergquistcom
hamerica.bergquistcompany.
chdc1.northamerica.bergqui
cfdc1.northamerica.bergqui
chef.northamerica.bergquis
KYLE.northamerica.bergquis
brickrock.northamerica.ber
ALVIN.northamerica.bergqui
PDC2.northamerica.bergquis
ch-riverbed.northamerica.b
cf-riverbed.northamerica.b
br-riverbed.northamerica.b
pr-riverbed.northamerica.b
BRDC1.northamerica.bergqui
BFDC1.northamerica.bergqui
The command completed successfully
@ ram_kerala it consistently shows Source:
BQDC2 15d.18h:50m:00s 6 / 14 42 (1908) Could not find the do
main controller for this domain.
Destination: CHDC1 (child domain)
This is a new error on BQDC2 today: 1908 A pointer device did not report a valid unit of angular measurement.
Another interesting thing is on BQDC1 (other parent DC I have 2 BQDC1 in DNS (see attached) and only BQDC2 listed once on BQDC2 DNS.
@ MaheshPM - validation works
dcdiag.txt
Capture.JPG
I haven't had much time to review the Dcdiag in detail but I did notice some errors.
1) have there been any changes in the parent domain recently?
2) Check your sercuity logs on your parent DC for kerbose errors?
3) please upload the results of the following command from the parent and child domain:
repadmin /showrepl >c:\repl.txt
4) upload a screen shot of your all your msdc dns records for your parents and child domains.
5) How long has this issue be going on?
1) have there been any changes in the parent domain recently?
2) Check your sercuity logs on your parent DC for kerbose errors?
3) please upload the results of the following command from the parent and child domain:
repadmin /showrepl >c:\repl.txt
4) upload a screen shot of your all your msdc dns records for your parents and child domains.
5) How long has this issue be going on?
There are many errors in Dcdiag test results and probably need to run dcdiag /fix
Example : C:\Windows\system32>dcdiag
[ http://technet.microsoft.com/en-us/library/cc961811.aspx]
But recommend to wait for other experts opinion.
Example : C:\Windows\system32>dcdiag
[ http://technet.microsoft.com/en-us/library/cc961811.aspx]
But recommend to wait for other experts opinion.
What OS are all of your DC's running?
What is your domain & functional levels?
What is server CFDC1?
Can you please upload a screen shot of your AD DNS records?
What is your domain & functional levels?
What is server CFDC1?
Can you please upload a screen shot of your AD DNS records?
ASKER
@compdigit44
1) no changes recently but we would like to eventually replace one of the child DCs as it's 2003 and we'd like to get to 2012.
2) Zero errors in security
3) see attached error on child reference to parent 1908 no DC
4) attached
5) unfortunately it's intermittent
@ ram_kerala ok thanks for the suggestion I'll see what others say
@ compdigit44 some DCs are 2003 some are 2012 we are wanting to get them all to 2012. CFDC1 is a child level DC at one of our branch office. All our branch offices have DCs. See capture.jpg and mixed mode given the environment has both versions
repl.txt
replchild.txt
Capture.JPG
1) no changes recently but we would like to eventually replace one of the child DCs as it's 2003 and we'd like to get to 2012.
2) Zero errors in security
3) see attached error on child reference to parent 1908 no DC
4) attached
5) unfortunately it's intermittent
@ ram_kerala ok thanks for the suggestion I'll see what others say
@ compdigit44 some DCs are 2003 some are 2012 we are wanting to get them all to 2012. CFDC1 is a child level DC at one of our branch office. All our branch offices have DCs. See capture.jpg and mixed mode given the environment has both versions
repl.txt
replchild.txt
Capture.JPG
ASKER
Also if it helps this morning in addition to the repadmin /replsummary showing source BQDC2 (2nd parent) and destination CHDC1 (child) 1908 could not find the domain controller for this domain.
Note: BQDC1 points to self for DNS primary and BQDC2 as secondary. BQDC2 is reverse of that. Forwarders on BQDC1 are ISP and forwarders on BQDC2 are other internal DCs.
BQDC2 shows this error which is new in system log: Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.
CHDC1 shows this error
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Schema,CN=Configuration
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Serve
Source domain controller address:
04a482b6-a285-4268-936a-89
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
1908 Could not find the domain controller for this domain.
For more information, see Help and Support Center at
Note: BQDC1 points to self for DNS primary and BQDC2 as secondary. BQDC2 is reverse of that. Forwarders on BQDC1 are ISP and forwarders on BQDC2 are other internal DCs.
BQDC2 shows this error which is new in system log: Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.
CHDC1 shows this error
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Schema,CN=Configuration
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Serve
Source domain controller address:
04a482b6-a285-4268-936a-89
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
1908 Could not find the domain controller for this domain.
For more information, see Help and Support Center at
Your DNS configu on the servers seems correct. It is the best practice to point AD DNS server to themselves and then to another server. Please note, you should never us a loop back address for the primary DNS server IP.
Let do the following, on BQDC2 type the following commands at the command prompt:
1) ipconfig /flusdns
2) netsh ip delete arpcache
3) dcdiag /fix
4) net stop netlogon
5) net start netlogon
6) Rerun the repadmin /showrepl command in both domain and post the results
Let us know how you make out!!!!
Let do the following, on BQDC2 type the following commands at the command prompt:
1) ipconfig /flusdns
2) netsh ip delete arpcache
3) dcdiag /fix
4) net stop netlogon
5) net start netlogon
6) Rerun the repadmin /showrepl command in both domain and post the results
Let us know how you make out!!!!
ASKER
Thank you so much for your help thus far
1. done
2. changed to netsh interface ip delete arpcache....ok
3. Below are results: REPLICATION LATENCY WARNING ERROR: Expected
notificationtion link is missing. Source CHDC1
4-5. Done
6. Clean for BQDC2 and lots of errors for CHDC1
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = BQDC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Chanhassen\BQDC2
Starting test: Connectivity
......................... BQDC2 passed test Connectivity
Doing primary tests
Testing server: Chanhassen\BQDC2
Starting test: Advertising
......................... BQDC2 passed test Advertising
Starting test: FrsEvent
......................... BQDC2 passed test FrsEvent
Starting test: DFSREvent
......................... BQDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... BQDC2 passed test SysVolCheck
Starting test: KccEvent
......................... BQDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BQDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BQDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... BQDC2 passed test NCSecDesc
Starting test: NetLogons
......................... BQDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... BQDC2 passed test ObjectsReplicated
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source CHDC1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source CHDC1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source CHDC1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
......................... BQDC2 passed test Replications
Starting test: RidManager
......................... BQDC2 passed test RidManager
Starting test: Services
......................... BQDC2 passed test Services
Starting test: SystemLog
......................... BQDC2 passed test SystemLog
Starting test: VerifyReferences
......................... BQDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : bergquistcompany
Starting test: CheckSDRefDom
......................... bergquistcompany passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... bergquistcompany passed test
CrossRefValidation
Running enterprise tests on : bergquistcompany.com
Starting test: LocatorCheck
......................... bergquistcompany.com passed test
LocatorCheck
Starting test: Intersite
......................... bergquistcompany.com passed test Intersite
showrepl-BQDC2.docx
showreplCHDC1.docx
1. done
2. changed to netsh interface ip delete arpcache....ok
3. Below are results: REPLICATION LATENCY WARNING ERROR: Expected
notificationtion link is missing. Source CHDC1
4-5. Done
6. Clean for BQDC2 and lots of errors for CHDC1
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = BQDC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Chanhassen\BQDC2
Starting test: Connectivity
......................... BQDC2 passed test Connectivity
Doing primary tests
Testing server: Chanhassen\BQDC2
Starting test: Advertising
......................... BQDC2 passed test Advertising
Starting test: FrsEvent
......................... BQDC2 passed test FrsEvent
Starting test: DFSREvent
......................... BQDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... BQDC2 passed test SysVolCheck
Starting test: KccEvent
......................... BQDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BQDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BQDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... BQDC2 passed test NCSecDesc
Starting test: NetLogons
......................... BQDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... BQDC2 passed test ObjectsReplicated
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source CHDC1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source CHDC1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source CHDC1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
......................... BQDC2 passed test Replications
Starting test: RidManager
......................... BQDC2 passed test RidManager
Starting test: Services
......................... BQDC2 passed test Services
Starting test: SystemLog
......................... BQDC2 passed test SystemLog
Starting test: VerifyReferences
......................... BQDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : bergquistcompany
Starting test: CheckSDRefDom
......................... bergquistcompany passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... bergquistcompany passed test
CrossRefValidation
Running enterprise tests on : bergquistcompany.com
Starting test: LocatorCheck
......................... bergquistcompany.com passed test
LocatorCheck
Starting test: Intersite
......................... bergquistcompany.com passed test Intersite
showrepl-BQDC2.docx
showreplCHDC1.docx
OK, run the save steps you did prior but this time run it on CHDC1
ASKER
errors on step 3
C:\Documents and Settings\Administrator.CHD
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Chanhassen\CHDC1
Starting test: Connectivity
......................... CHDC1 passed test Connectivity
Doing primary tests
Testing server: Chanhassen\CHDC1
Starting test: Replications
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: DC=ForestDnsZones,DC=bergq
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 11:08:13.
The last success occurred at 2013-11-25 19:44:16.
6345 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[BQDC2] DsBindWithSpnEx() failed with error -2146892976,
The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you..
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: CN=Schema,CN=Configuration
m
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 10:45:36.
The last success occurred at 2013-11-25 19:23:32.
869 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: CN=Configuration,DC=bergqu
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 10:48:45.
The last success occurred at 2013-11-25 19:23:30.
1156 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: DC=BQAsia,DC=bergquistcomp
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 11:07:09.
The last success occurred at 2013-11-25 19:37:37.
1360 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: DC=bergquistcompany,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 11:07:08.
The last success occurred at 2013-11-25 19:41:35.
4186 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: DC=eu,DC=bergquistcompany,
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 11:01:17.
The last success occurred at 2013-11-25 19:23:35.
856 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... CHDC1 passed test Replications
Starting test: NCSecDesc
......................... CHDC1 passed test NCSecDesc
Starting test: NetLogons
......................... CHDC1 passed test NetLogons
Starting test: Advertising
......................... CHDC1 passed test Advertising
Starting test: KnowsOfRoleHolders
[BQDC1] DsBindWithSpnEx() failed with error -2146892976,
The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you..
Warning: BQDC1 is the Schema Owner, but is not responding to DS RPC Bin
d.
[BQDC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: BQDC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: BQDC2 is the Domain Owner, but is not responding to DS RPC Bin
d.
[BQDC2] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: BQDC2 is the Domain Owner, but is not responding to LDAP Bind.
......................... CHDC1 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... CHDC1 passed test RidManager
Starting test: MachineAccount
......................... CHDC1 passed test MachineAccount
Starting test: Services
......................... CHDC1 passed test Services
Starting test: ObjectsReplicated
......................... CHDC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... CHDC1 passed test frssysvol
Starting test: frsevent
......................... CHDC1 passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x80000785
Time Generated: 12/13/2013 11:03:58
Event String: The attempt to establish a replication link for
An Warning Event occured. EventID: 0x80000786
Time Generated: 12/13/2013 11:03:58
Event String: The attempt to establish a replication link to a
An Warning Event occured. EventID: 0x80000786
Time Generated: 12/13/2013 11:03:59
Event String: The attempt to establish a replication link to a
An Warning Event occured. EventID: 0x80000785
Time Generated: 12/13/2013 11:03:59
Event String: The attempt to establish a replication link for
An Warning Event occured. EventID: 0x80000785
Time Generated: 12/13/2013 11:04:00
Event String: The attempt to establish a replication link for
An Warning Event occured. EventID: 0x80000786
Time Generated: 12/13/2013 11:04:00
Event String: The attempt to establish a replication link to a
......................... CHDC1 failed test kccevent
Starting test: systemlog
......................... CHDC1 passed test systemlog
Starting test: VerifyReferences
......................... CHDC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : northamerica
Starting test: CrossRefValidation
......................... northamerica passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... northamerica passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running enterprise tests on : bergquistcompany.com
Starting test: Intersite
......................... bergquistcompany.com passed test Intersite
Starting test: FsmoCheck
......................... bergquistcompany.com passed test FsmoCheck
C:\Documents and Settings\Administrator.CHD
C:\Documents and Settings\Administrator.CHD
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Chanhassen\CHDC1
Starting test: Connectivity
......................... CHDC1 passed test Connectivity
Doing primary tests
Testing server: Chanhassen\CHDC1
Starting test: Replications
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: DC=ForestDnsZones,DC=bergq
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 11:08:13.
The last success occurred at 2013-11-25 19:44:16.
6345 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[BQDC2] DsBindWithSpnEx() failed with error -2146892976,
The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you..
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: CN=Schema,CN=Configuration
m
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 10:45:36.
The last success occurred at 2013-11-25 19:23:32.
869 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: CN=Configuration,DC=bergqu
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 10:48:45.
The last success occurred at 2013-11-25 19:23:30.
1156 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: DC=BQAsia,DC=bergquistcomp
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 11:07:09.
The last success occurred at 2013-11-25 19:37:37.
1360 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: DC=bergquistcompany,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 11:07:08.
The last success occurred at 2013-11-25 19:41:35.
4186 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,CHDC1] A recent replication attempt failed:
From BQDC2 to CHDC1
Naming Context: DC=eu,DC=bergquistcompany,
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2013-12-13 11:01:17.
The last success occurred at 2013-11-25 19:23:35.
856 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... CHDC1 passed test Replications
Starting test: NCSecDesc
......................... CHDC1 passed test NCSecDesc
Starting test: NetLogons
......................... CHDC1 passed test NetLogons
Starting test: Advertising
......................... CHDC1 passed test Advertising
Starting test: KnowsOfRoleHolders
[BQDC1] DsBindWithSpnEx() failed with error -2146892976,
The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you..
Warning: BQDC1 is the Schema Owner, but is not responding to DS RPC Bin
d.
[BQDC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: BQDC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: BQDC2 is the Domain Owner, but is not responding to DS RPC Bin
d.
[BQDC2] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: BQDC2 is the Domain Owner, but is not responding to LDAP Bind.
......................... CHDC1 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... CHDC1 passed test RidManager
Starting test: MachineAccount
......................... CHDC1 passed test MachineAccount
Starting test: Services
......................... CHDC1 passed test Services
Starting test: ObjectsReplicated
......................... CHDC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... CHDC1 passed test frssysvol
Starting test: frsevent
......................... CHDC1 passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x80000785
Time Generated: 12/13/2013 11:03:58
Event String: The attempt to establish a replication link for
An Warning Event occured. EventID: 0x80000786
Time Generated: 12/13/2013 11:03:58
Event String: The attempt to establish a replication link to a
An Warning Event occured. EventID: 0x80000786
Time Generated: 12/13/2013 11:03:59
Event String: The attempt to establish a replication link to a
An Warning Event occured. EventID: 0x80000785
Time Generated: 12/13/2013 11:03:59
Event String: The attempt to establish a replication link for
An Warning Event occured. EventID: 0x80000785
Time Generated: 12/13/2013 11:04:00
Event String: The attempt to establish a replication link for
An Warning Event occured. EventID: 0x80000786
Time Generated: 12/13/2013 11:04:00
Event String: The attempt to establish a replication link to a
......................... CHDC1 failed test kccevent
Starting test: systemlog
......................... CHDC1 passed test systemlog
Starting test: VerifyReferences
......................... CHDC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : northamerica
Starting test: CrossRefValidation
......................... northamerica passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... northamerica passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running enterprise tests on : bergquistcompany.com
Starting test: Intersite
......................... bergquistcompany.com passed test Intersite
Starting test: FsmoCheck
......................... bergquistcompany.com passed test FsmoCheck
C:\Documents and Settings\Administrator.CHD
ASKER
same repl errors as attached above for chdc1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
that worked thanks for all your help.