Solved

Enter the name and password of an account with permission for bergquistcompany.com

Posted on 2013-12-10
29
799 Views
Last Modified: 2013-12-18
Hello EE,

We have an empty forest root and we have a child domain where users authenticate:
Forest: Bergquistcompany.com
Child: northamerica.bergquistcompany.com

When I go to the child domain and under users/computers try to add a user under security to a distribution list I get a prompt "Enter the name and password of an account with permissions for Bergquistcompany.com"

There is a 2 way trust so why am I getting prompted?
0
Comment
Question by:bergquistcompany
  • 12
  • 7
  • 6
  • +3
29 Comments
 
LVL 9

Expert Comment

by:Sean
ID: 39709308
Domain admins are still separate groups. Make sure your user is in both domain's domain admin group.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39709361
Child Domains, when created automatically have a 2 way transitive trust enabled. As stated domains are separate entities and require domain admins privledges in each specific domain.

Will.
0
 

Author Comment

by:bergquistcompany
ID: 39709436
So from the root domain I can add child accounts but from the child domain I should be prompted to add root accounts?

I am getting these events which are new on the child DC:

1. Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

2. The attempt to establish a replication link for the following writable directory partition failed.
 
Directory partition:
CN=Schema,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Servers,CN=Chanhassen,CN=Sites,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller address:
04a482b6-a285-4268-936a-893180b61841._msdcs.bergquistcompany.com
Intersite transport (if any):
 
 
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.  
 
User Action
Verify if the source domain controller is accessible or network connectivity is available.
 
Additional Data
Error value:
1908 Could not find the domain controller for this domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39709474
How many DC you have in Parent Domain ?

1) Verify that Bergquistcompany.com DC's  KDC and Netlogon services are running.

Example - Query the KDC service with: "SC Query KDC" and the Netlogon Service with: "SC Query Netlogon"
These commands should return "State: Running"

2) Verify that the parent Domain Controllers is Advertising as a Key Distribution Center

Use DCDIAG.exe to verify that the destination Domain Controller is advertising. From a CMD.exe prompt run the following:

       C:\DCDiag.exe /v /test:Advertising /test:SysVolCheck
0
 

Author Comment

by:bergquistcompany
ID: 39709515
I have 2 in the parent domain.  Here are the results for sc query kdc- running and netlogon - running

C:\Windows\system32>sc query kdc
SERVICE_NAME: kdc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

C:\Windows\system32>SC Query Netlogon

SERVICE_NAME: Netlogon
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

DCDIAG:
 Testing server: Chanhassen\BQDC2
    Starting test: Advertising
       The DC BQDC2 is advertising itself as a DC and having a DS.
       The DC BQDC2 is advertising as an LDAP server
       The DC BQDC2 is advertising as having a writeable directory
       The DC BQDC2 is advertising as a Key Distribution Center
       The DC BQDC2 is advertising as a time server
       The DS BQDC2 is advertising as a GC.
       ......................... BQDC2 passed test Advertising
    Test omitted by user request: CheckSecurityError
    Test omitted by user request: CutoffServers
    Test omitted by user request: FrsEvent
    Test omitted by user request: DFSREvent
    Starting test: SysVolCheck
       * The File Replication Service SYSVOL ready test
       File Replication Service's SYSVOL is ready
       ......................... BQDC2 passed test SysVolCheck

and

 Testing server: Chanhassen\BQDC1
    Starting test: Advertising
       The DC BQDC1 is advertising itself as a DC and having a DS.
       The DC BQDC1 is advertising as an LDAP server
       The DC BQDC1 is advertising as having a writeable directory
       The DC BQDC1 is advertising as a Key Distribution Center
       The DC BQDC1 is advertising as a time server
       The DS BQDC1 is advertising as a GC.
       ......................... BQDC1 passed test Advertising
    Test omitted by user request: CheckSecurityError
    Test omitted by user request: CutoffServers
    Test omitted by user request: FrsEvent
    Test omitted by user request: DFSREvent
    Starting test: SysVolCheck
       * The File Replication Service SYSVOL ready test
       File Replication Service's SYSVOL is ready
       ......................... BQDC1 passed test SysVolCheck
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39709531
Those errors from event logs that you have mentioned - when it was created (date )?
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39709537
How you are accessing child domain ? are you logged in to a computer which in part of child domain ?
0
 

Author Comment

by:bergquistcompany
ID: 39709577
All users are on the child domain.  The parent BQDC1 and 2 are empty root domains

The other was a couple days ago but this is 10 min ago
The attempt to establish a replication link to a read-only directory partition with the following parameters failed.
 
Directory partition:
DC=eu,DC=bergquistcompany,DC=com
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Servers,CN=Chanhassen,CN=Sites,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller address:
04a482b6-a285-4268-936a-893180b61841._msdcs.bergquistcompany.com
Intersite transport (if any):
 
 
Additional Data
Error value:
1908 Could not find the domain controller for this domain.

For more information, see Help and Support Center at
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39709616
I believe this error has nothing to do with prompt you get. This could be because of some network connectivity issue.Based on the previous test results there seems no issues with connectivity between domains, for replication test you can run following command

repadmin /replsummary

Meanwhile, if you try to add user from another domain, it might ask for credentials. Ensure your ID is having sufficient privileges.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39709667
Have you setup proper name resolution between parent and child domain ?

What is the domain DNS zone name in parent and child domain ?
Does both zone names are same or different ?

If both zone names are different, then in child domain, in DNS server, under Conditional forwarder, add parent domain with its dns server ip address so that you can resolve parent domain queries from child domain
Also check that if you are able to resolve child domain queries from parent domain ? If not add delegation in parent domain dns zone pointing to child domain dns server

Lastly, check that_msdcs.domain.com zone is populated in child domain or not ?
Also check if Domaindnszones partition (folder) exists in child domain dns zone on child DC

If everything above is prefect, just try to replicate from parent domain to child domain in active directory sites and services

Mahesh
0
 

Author Comment

by:bergquistcompany
ID: 39709886
@ ram_kerala - so if I'm on the child and add security for anyone in the child it isn't prompting but if I change the domain to bergquistcompany.com it prompts me is that expected?  

Source DC           largest delta  fails/total  %%  error
 ALVIN                     20m:22s    0 /  12    0
 ASDC1                     17m:29s    0 /   9    0
 BFDC1                     02m:48s    0 /   8    0
 BQDC1                     26m:50s    0 /   6    0
 BQDC2             14d.19h:53m:39s    6 /   6  100  (1908) Could not find th...
 BRDC1                     28m:38s    0 /  14    0
 BRICKROCK                 28m:38s    0 /  22    0
 CFDC1                     02m:33s    0 /   8    0
 CHDC1                     26m:50s    0 /  49    0
 CHEF                      19m:37s    0 /  14    0
 EUDC1                     26m:29s    0 /   8    0
 KYLE                      31m:09s    0 /   6    0
 PDC2                      02m:47s    0 /   8    0
0
 

Author Comment

by:bergquistcompany
ID: 39709914
by: MaheshPM

If I go into DNS for the parent under Forward Lookup Zones I see bergquistcompany.com under which I have a folder for Northamerica

Parent: bergquistcompany.com
Child: Northamerica (see attached)

On the child I only see cached, forward lookup and reverse not conditional (2003 server)

Yes _msdcs.bergquistcompany.com is under forward lookup.  Yes under ForestDNS under bergquistcompany.com in child (see attached capture 2)
Capture.JPG
Capture2.JPG
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39712902
Why a trust relationship just lay the "road" for future traffic. Just because a trust is in place doesn mean traffic can flow each domain needs to have the proper permissions assign as other E.E experts have points out.

You stated that you receive a password prompt while selecting the parent domain from the child domain. Is you account a member of the domain admins group in the parent domain.  If not, the password prompt you are receiving may be "normal" than,,,

Did you manually create trust or did windows create it for you when the child domain was added?
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39713223
coming to replication related error:

What is the authentication method used in  BQDC2  while compared with other DCs
Is there any other errors found in event logs ?
Is the time and timezone same in  BQDC2  while compared with other DCs ?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 35

Expert Comment

by:Mahesh
ID: 39713378
From screen shot its clear that in parent domain you have subdomain folder pointing to child domain and same parent zone is getting replicated to child domain as well.
So you should be able to resolve child domain names from parent domain and vice versa.

Are you able to resolve parent domain from child domain ?
Also try to validate \ verify trust from child domain and parent domain in Active directory domains and trust..

Mahesh
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39714575
The following article I found is very interesting and confirms what I and other have stated. A child domain is still a different security boundary from the parent.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/1b714a72-4e52-44c4-a0a4-af1f5e0ca5f9/root-domain-user-lists-not-shown-in-child-domain?forum=winserverDS

is the user you are trying to add in the child domain or parent?

can you please upload the results of the verbose dcdiag:   dcdiag /v /e >c:\dcdiag.txt

Also please run the following command in your parent and child domain:

nltest /dclist:<parentdomain>
nltest /dclist:<childdomain>
0
 

Author Comment

by:bergquistcompany
ID: 39714900
@ compdigit44 there is a transitive 2 way trust with parent child.  Attached dcdiag
NLTest parent:
       C:\Windows\system32>nltest /dclist:bergquistcompany.com
       Get list of DCs in domain 'bergquistcompany.com' from '\\BQDC2.bergquistcompany.
       com'.
       BQDC2.bergquistcompany.com        [DS] Site: Chanhassen
       BQDC1.bergquistcompany.com [PDC]  [DS] Site: Chanhassen
       The command completed successfully

NLTEST child:
C:\Documents and Settings\Administrator.CHDC1>nltest /dclist:northamerica.bergq
istcompany.com
Get list of DCs in domain 'northamerica.bergquistcompany.com' from '\\chdc1.nor
hamerica.bergquistcompany.com'.
          chdc1.northamerica.bergquistcompany.com [PDC] [DS] Site: Chanhassen
          cfdc1.northamerica.bergquistcompany.com       [DS] Site: CannonFalls
           chef.northamerica.bergquistcompany.com       [DS] Site: Torrington
           KYLE.northamerica.bergquistcompany.com       [DS] Site: Torrington
      brickrock.northamerica.bergquistcompany.com       [DS] Site: Brandon
          ALVIN.northamerica.bergquistcompany.com       [DS] Site: Brandon
           PDC2.northamerica.bergquistcompany.com       [DS] Site: Prescott
    ch-riverbed.northamerica.bergquistcompany.com
    cf-riverbed.northamerica.bergquistcompany.com
    br-riverbed.northamerica.bergquistcompany.com
    pr-riverbed.northamerica.bergquistcompany.com
          BRDC1.northamerica.bergquistcompany.com       [DS] Site: Brandon
          BFDC1.northamerica.bergquistcompany.com       [DS] Site: BigFork
The command completed successfully


@ ram_kerala it consistently shows Source:
 BQDC2             15d.18h:50m:00s    6 /  14   42  (1908) Could not find the do
main controller for this domain.
Destination: CHDC1  (child domain)
This is a new error on BQDC2 today: 1908 A pointer device did not report a valid unit of angular measurement.
Another interesting thing is on BQDC1 (other parent DC I have 2 BQDC1 in DNS (see attached) and only BQDC2 listed once on BQDC2 DNS.

@ MaheshPM - validation works
dcdiag.txt
Capture.JPG
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39715094
I haven't had much time to review the Dcdiag in detail but I did notice some errors.

1) have there been any changes in the parent domain recently?
2)  Check your sercuity logs on your parent DC for kerbose errors?
3) please upload the results of the following command from the parent and child domain:
repadmin /showrepl >c:\repl.txt
4) upload a screen shot of your all your msdc dns records for your parents and child domains.
5) How long has this issue be going on?
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39715161
There are many errors in Dcdiag test results and probably need to run dcdiag /fix

Example :  C:\Windows\system32>dcdiag /s:reskit-DC1 \administrator password /e


[ http://technet.microsoft.com/en-us/library/cc961811.aspx]

But recommend to wait for other experts opinion.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39715380
What OS are all of your DC's running?
What is your domain & functional levels?
What is server CFDC1?
Can you please upload a screen shot of your AD DNS records?
0
 

Author Comment

by:bergquistcompany
ID: 39715725
@compdigit44
1) no changes recently but we would like to eventually replace one of the child DCs as it's 2003 and we'd like to get to 2012.
2)  Zero errors in security
3) see attached error on child reference to parent 1908 no DC
4) attached
5) unfortunately it's intermittent

@ ram_kerala ok thanks for the suggestion I'll see what others say

@ compdigit44 some DCs are 2003 some are 2012 we are wanting to get them all to 2012.  CFDC1 is a child level DC at one of our branch office.  All our branch offices have DCs.  See capture.jpg and mixed mode given the environment has both versions
repl.txt
replchild.txt
Capture.JPG
0
 

Author Comment

by:bergquistcompany
ID: 39716751
Also if it helps this morning in addition to the repadmin /replsummary showing source BQDC2 (2nd parent) and destination CHDC1 (child) 1908 could not find the domain controller for this domain.

Note: BQDC1 points to self for DNS primary and BQDC2 as secondary.  BQDC2 is reverse of that.  Forwarders on BQDC1 are ISP and forwarders on BQDC2 are other internal DCs.

BQDC2 shows this error which is new in system log: Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.

CHDC1 shows this error
The attempt to establish a replication link for the following writable directory partition failed.
 
Directory partition:
CN=Schema,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller:
CN=NTDS Settings,CN=BQDC1,CN=Servers,CN=Chanhassen,CN=Sites,CN=Configuration,DC=bergquistcompany,DC=com
Source domain controller address:
04a482b6-a285-4268-936a-893180b61841._msdcs.bergquistcompany.com
Intersite transport (if any):
 
 
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.  
 
User Action
Verify if the source domain controller is accessible or network connectivity is available.
 
Additional Data
Error value:
1908 Could not find the domain controller for this domain.

For more information, see Help and Support Center at
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39717004
Your DNS configu on the servers seems correct. It is the best practice to point AD DNS server to themselves and then to another server. Please note, you should never us a loop back address for the primary DNS server IP.

 Let do the following, on BQDC2 type the following commands at the command prompt:
1) ipconfig /flusdns
2) netsh ip delete arpcache
3) dcdiag /fix
4) net stop netlogon
5) net start netlogon
6) Rerun the repadmin /showrepl command in both domain and post the results

Let us know how you make out!!!!
0
 

Author Comment

by:bergquistcompany
ID: 39717222
Thank you so much for your help thus far
1. done
2. changed to netsh interface ip delete arpcache....ok
3. Below are results:          REPLICATION LATENCY WARNING ERROR: Expected  
        notificationtion link is missing.  Source CHDC1
4-5. Done
6. Clean for BQDC2 and lots of errors for CHDC1

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = BQDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Chanhassen\BQDC2
      Starting test: Connectivity
         ......................... BQDC2 passed test Connectivity

Doing primary tests

   Testing server: Chanhassen\BQDC2
      Starting test: Advertising
         ......................... BQDC2 passed test Advertising
      Starting test: FrsEvent
         ......................... BQDC2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... BQDC2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... BQDC2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... BQDC2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... BQDC2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... BQDC2 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... BQDC2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... BQDC2 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... BQDC2 passed test ObjectsReplicated
      Starting test: Replications
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source CHDC1
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source CHDC1
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source CHDC1
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         ......................... BQDC2 passed test Replications
      Starting test: RidManager
         ......................... BQDC2 passed test RidManager
      Starting test: Services
         ......................... BQDC2 passed test Services
      Starting test: SystemLog
         ......................... BQDC2 passed test SystemLog
      Starting test: VerifyReferences
         ......................... BQDC2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : bergquistcompany
      Starting test: CheckSDRefDom
         ......................... bergquistcompany passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... bergquistcompany passed test
         CrossRefValidation

   Running enterprise tests on : bergquistcompany.com
      Starting test: LocatorCheck
         ......................... bergquistcompany.com passed test
         LocatorCheck
      Starting test: Intersite
         ......................... bergquistcompany.com passed test Intersite
showrepl-BQDC2.docx
showreplCHDC1.docx
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39717284
OK, run the save steps you did prior but this time run it on CHDC1
0
 

Author Comment

by:bergquistcompany
ID: 39717295
errors on step 3


C:\Documents and Settings\Administrator.CHDC1>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Chanhassen\CHDC1
      Starting test: Connectivity
         ......................... CHDC1 passed test Connectivity

Doing primary tests

   Testing server: Chanhassen\CHDC1
      Starting test: Replications
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: DC=ForestDnsZones,DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 11:08:13.
            The last success occurred at 2013-11-25 19:44:16.
            6345 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [BQDC2] DsBindWithSpnEx() failed with error -2146892976,
         The system detected a possible attempt to compromise security.  Please
ensure that you can contact the server that authenticated you..
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: CN=Schema,CN=Configuration,DC=bergquistcompany,DC=co
m
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 10:45:36.
            The last success occurred at 2013-11-25 19:23:32.
            869 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: CN=Configuration,DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 10:48:45.
            The last success occurred at 2013-11-25 19:23:30.
            1156 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: DC=BQAsia,DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 11:07:09.
            The last success occurred at 2013-11-25 19:37:37.
            1360 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 11:07:08.
            The last success occurred at 2013-11-25 19:41:35.
            4186 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,CHDC1] A recent replication attempt failed:
            From BQDC2 to CHDC1
            Naming Context: DC=eu,DC=bergquistcompany,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2013-12-13 11:01:17.
            The last success occurred at 2013-11-25 19:23:35.
            856 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... CHDC1 passed test Replications
      Starting test: NCSecDesc
         ......................... CHDC1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... CHDC1 passed test NetLogons
      Starting test: Advertising
         ......................... CHDC1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         [BQDC1] DsBindWithSpnEx() failed with error -2146892976,
         The system detected a possible attempt to compromise security.  Please
ensure that you can contact the server that authenticated you..
         Warning: BQDC1 is the Schema Owner, but is not responding to DS RPC Bin
d.
         [BQDC1] LDAP bind failed with error 8341,
         A directory service error has occurred..
         Warning: BQDC1 is the Schema Owner, but is not responding to LDAP Bind.

         Warning: BQDC2 is the Domain Owner, but is not responding to DS RPC Bin
d.
         [BQDC2] LDAP bind failed with error 8341,
         A directory service error has occurred..
         Warning: BQDC2 is the Domain Owner, but is not responding to LDAP Bind.

         ......................... CHDC1 failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... CHDC1 passed test RidManager
      Starting test: MachineAccount
         ......................... CHDC1 passed test MachineAccount
      Starting test: Services
         ......................... CHDC1 passed test Services
      Starting test: ObjectsReplicated
         ......................... CHDC1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... CHDC1 passed test frssysvol
      Starting test: frsevent
         ......................... CHDC1 passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 12/13/2013   11:03:58
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000786
            Time Generated: 12/13/2013   11:03:58
            Event String: The attempt to establish a replication link to a
         An Warning Event occured.  EventID: 0x80000786
            Time Generated: 12/13/2013   11:03:59
            Event String: The attempt to establish a replication link to a
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 12/13/2013   11:03:59
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 12/13/2013   11:04:00
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000786
            Time Generated: 12/13/2013   11:04:00
            Event String: The attempt to establish a replication link to a
         ......................... CHDC1 failed test kccevent
      Starting test: systemlog
         ......................... CHDC1 passed test systemlog
      Starting test: VerifyReferences
         ......................... CHDC1 passed test VerifyReferences

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : northamerica
      Starting test: CrossRefValidation
         ......................... northamerica passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... northamerica passed test CheckSDRefDom

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running enterprise tests on : bergquistcompany.com
      Starting test: Intersite
         ......................... bergquistcompany.com passed test Intersite
      Starting test: FsmoCheck
         ......................... bergquistcompany.com passed test FsmoCheck

C:\Documents and Settings\Administrator.CHDC1>
0
 

Author Comment

by:bergquistcompany
ID: 39717301
same repl errors as attached above for chdc1
0
 
LVL 19

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 39717309
Wow, this server hasn't successfully replicated since 11/25/13!!!

You could try to demote then repromo the server at the point.
0
 

Author Closing Comment

by:bergquistcompany
ID: 39728271
that worked thanks for all your help.
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now