AXISHK
asked on
AD Replication
A remote TESTDC001 has problem replicating with DC01. The following message is logged with "repladmin /showrepl"
Warning: KCC could not add this REPLICA link due to error.
However, on DC01, the replication from TESTDC001 is success. DC01 & TESTDC001 are in different site. Any idea ?
DC=ForestDnsZones,DC=abc,D
cn\TESTDC001 via RPC
DC object GUID: b0d311bf-7cc4-48a9-92f5-6e
Last attempt @ 2014-04-16 23:29:29 was successful.
Warning: KCC could not add this REPLICA link due to error.
However, on DC01, the replication from TESTDC001 is success. DC01 & TESTDC001 are in different site. Any idea ?
DC=ForestDnsZones,DC=abc,D
cn\TESTDC001 via RPC
DC object GUID: b0d311bf-7cc4-48a9-92f5-6e
Last attempt @ 2014-04-16 23:29:29 was successful.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, TESTDC001 has problem replicating with DC01. We have demote DC02 and promote a new DC04. DC01 and DC04 can be replicated with each other with no problem. However, we still have problem for TESTDC001 in remote site. Any idea ? Tks
* Connecting to directory service on server testdc001.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: cn\TESTDC001
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... TESTDC001 passed test Connectivity
Doing primary tests
Testing server: cn\TESTDC001
Starting test: Replications
* Replications Check
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
TESTDC001: Current time is 2014-04-17 23:54:18.
DC=ForestDnsZones,DC=abc,D
Last replication recieved from DC02 at 2014-04-14 10:08:18.
Last replication recieved from DC01 at 2014-04-14 10:23:12.
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=DomainDnsZones,DC=abc,D
Last replication recieved from DC02 at 2014-04-14 10:08:01.
Last replication recieved from DC01 at 2014-04-14 10:23:10.
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration
Last replication recieved from DC02 at 2014-04-14 10:08:01.
Last replication recieved from DC01 at 2014-04-14 10:23:10.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=abc,DC
Last replication recieved from DC02 at 2014-04-14 10:08:00.
Last replication recieved from DC01 at 2014-04-14 10:23:10.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=abc,DC=com,DC=hk
Last replication recieved from DC02 at 2014-04-14 10:08:19.
Last replication recieved from DC01 at 2014-04-14 10:23:08.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
......................... TESTDC001 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC TESTDC001.
* Security Permissions Check for
DC=ForestDnsZones,DC=abc,D
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=abc,D
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=abc,DC
(Configuration,Version 2)
* Security Permissions Check for
DC=abc,DC=com,DC=hk
(Domain,Version 2)
......................... TESTDC001 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\TESTDC001\netlogon
Verified share \\TESTDC001\sysvol
......................... TESTDC001 passed test NetLogons
Starting test: Advertising
The DC TESTDC001 is advertising itself as a DC and having a DS.
The DC TESTDC001 is advertising as an LDAP server
The DC TESTDC001 is advertising as having a writeable directory
The DC TESTDC001 is advertising as a Key Distribution Center
The DC TESTDC001 is advertising as a time server
The DS TESTDC001 is advertising as a GC.
......................... TESTDC001 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC01,CN=Server
st-Site-Name,CN=Sites,CN=C
[DC01] DsBindWithSpnEx() failed with error -2146893022,
¿¿¿¿¿¿¿¿¿¿.
Warning: DC01 is the Schema Owner, but is not responding to DS RPC Bin
d.
[DC01] LDAP bind failed with error 8341,
¿¿¿¿¿¿¿¿¿¿¿¿.
Warning: DC01 is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=DC01,CN=Server
st-Site-Name,CN=Sites,CN=C
Warning: DC01 is the Domain Owner, but is not responding to DS RPC Bin
d.
Warning: DC01 is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=DC01,CN=Server
Site-Name,CN=Sites,CN=Conf
Warning: DC01 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC01 is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=DC01,CN=Server
Site-Name,CN=Sites,CN=Conf
Warning: DC01 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC01 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC01,CN=Server
,CN=Default-First-Site-Nam
Warning: DC01 is the Infrastructure Update Owner, but is not respondin
g to DS RPC Bind.
Warning: DC01 is the Infrastructure Update Owner, but is not respondin
g to LDAP Bind.
......................... TESTDC001 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 17603 to 1073741823
* DC01.abc.com.hk is the RID Master
......................... TESTDC001 failed test RidManager
Starting test: MachineAccount
Checking machine account for DC TESTDC001 on DC TESTDC001.
* SPN found :LDAP/testdc001.abc.com.hk
* SPN found :LDAP/testdc001.abc.com.hk
* SPN found :LDAP/TESTDC001
* SPN found :LDAP/testdc001.abc.com.hk
* SPN found :LDAP/b0d311bf-7cc4-48a9-9
k
* SPN found :E3514235-4B06-11D1-AB04-0
f5-6e88d580e7a1/abc.com.hk
* SPN found :HOST/testdc001.abc.com.hk
* SPN found :HOST/testdc001.abc.com.hk
* SPN found :HOST/TESTDC001
* SPN found :HOST/testdc001.abc.com.hk
* SPN found :GC/testdc001.abc.com.hk/a
......................... TESTDC001 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... TESTDC001 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
TESTDC001 is in domain DC=abc,DC=com,DC=hk
Checking for CN=TESTDC001,OU=Domain Controllers,DC=abc,DC=com,
domain DC=abc,DC=com,DC=hk on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=TESTDC001,CN=S
=Configuration,DC=abc,DC=c
k on 1 servers
Object is up-to-date on all servers.
......................... TESTDC001 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... TESTDC001 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/17/2014 13:07:07
(Event String could not be retrieved)
......................... TESTDC001 failed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:48
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:48
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:49
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:49
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:49
(Event String could not be retrieved)
......................... TESTDC001 failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 22:54:53
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/17/2014 23:03:05
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:05:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:06:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:08:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:36:48
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:54:19
(Event String could not be retrieved)
......................... TESTDC001 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=TESTDC001,OU=Domain Controllers,DC=abc,DC=com,
CN=TESTDC001,CN=Servers,CN
C=hk
are correct.
The system object reference (frsComputerReferenceBL)
CN=TESTDC001,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=abc,D
and backlink on CN=TESTDC001,OU=Domain Controllers,DC=abc,DC=com,
are correct.
The system object reference (serverReferenceBL)
CN=TESTDC001,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=abc,D
and backlink on
CN=NTDS Settings,CN=TESTDC001,CN=S
n,DC=abc,DC=com,DC=hk
are correct.
......................... TESTDC001 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : abc
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom
Running enterprise tests on : abc.com.hk
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
Skipping site cn, this site is outside the scope provided by the
command line arguments provided.
......................... abc.com.hk passed test Intersite
Starting test: FsmoCheck
GC Name: \\testdc001.abc.com.hk
Locator Flags: 0xe00001fc
PDC Name: \\DC01.abc.com.hk
Locator Flags: 0xe000037d
Time Server Name: \\testdc001.abc.com.hk
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\DC01.abc.com.hk
Locator Flags: 0xe000037d
KDC Name: \\testdc001.abc.com.hk
Locator Flags: 0xe00001fc
......................... abc.com.hk passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
E:\SUPPORT\TOOLS>
* Connecting to directory service on server testdc001.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: cn\TESTDC001
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... TESTDC001 passed test Connectivity
Doing primary tests
Testing server: cn\TESTDC001
Starting test: Replications
* Replications Check
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
TESTDC001: Current time is 2014-04-17 23:54:18.
DC=ForestDnsZones,DC=abc,D
Last replication recieved from DC02 at 2014-04-14 10:08:18.
Last replication recieved from DC01 at 2014-04-14 10:23:12.
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=DomainDnsZones,DC=abc,D
Last replication recieved from DC02 at 2014-04-14 10:08:01.
Last replication recieved from DC01 at 2014-04-14 10:23:10.
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration
Last replication recieved from DC02 at 2014-04-14 10:08:01.
Last replication recieved from DC01 at 2014-04-14 10:23:10.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=abc,DC
Last replication recieved from DC02 at 2014-04-14 10:08:00.
Last replication recieved from DC01 at 2014-04-14 10:23:10.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=abc,DC=com,DC=hk
Last replication recieved from DC02 at 2014-04-14 10:08:19.
Last replication recieved from DC01 at 2014-04-14 10:23:08.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
......................... TESTDC001 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC TESTDC001.
* Security Permissions Check for
DC=ForestDnsZones,DC=abc,D
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=abc,D
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=abc,DC
(Configuration,Version 2)
* Security Permissions Check for
DC=abc,DC=com,DC=hk
(Domain,Version 2)
......................... TESTDC001 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\TESTDC001\netlogon
Verified share \\TESTDC001\sysvol
......................... TESTDC001 passed test NetLogons
Starting test: Advertising
The DC TESTDC001 is advertising itself as a DC and having a DS.
The DC TESTDC001 is advertising as an LDAP server
The DC TESTDC001 is advertising as having a writeable directory
The DC TESTDC001 is advertising as a Key Distribution Center
The DC TESTDC001 is advertising as a time server
The DS TESTDC001 is advertising as a GC.
......................... TESTDC001 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC01,CN=Server
st-Site-Name,CN=Sites,CN=C
[DC01] DsBindWithSpnEx() failed with error -2146893022,
¿¿¿¿¿¿¿¿¿¿.
Warning: DC01 is the Schema Owner, but is not responding to DS RPC Bin
d.
[DC01] LDAP bind failed with error 8341,
¿¿¿¿¿¿¿¿¿¿¿¿.
Warning: DC01 is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=DC01,CN=Server
st-Site-Name,CN=Sites,CN=C
Warning: DC01 is the Domain Owner, but is not responding to DS RPC Bin
d.
Warning: DC01 is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=DC01,CN=Server
Site-Name,CN=Sites,CN=Conf
Warning: DC01 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC01 is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=DC01,CN=Server
Site-Name,CN=Sites,CN=Conf
Warning: DC01 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC01 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC01,CN=Server
,CN=Default-First-Site-Nam
Warning: DC01 is the Infrastructure Update Owner, but is not respondin
g to DS RPC Bind.
Warning: DC01 is the Infrastructure Update Owner, but is not respondin
g to LDAP Bind.
......................... TESTDC001 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 17603 to 1073741823
* DC01.abc.com.hk is the RID Master
......................... TESTDC001 failed test RidManager
Starting test: MachineAccount
Checking machine account for DC TESTDC001 on DC TESTDC001.
* SPN found :LDAP/testdc001.abc.com.hk
* SPN found :LDAP/testdc001.abc.com.hk
* SPN found :LDAP/TESTDC001
* SPN found :LDAP/testdc001.abc.com.hk
* SPN found :LDAP/b0d311bf-7cc4-48a9-9
k
* SPN found :E3514235-4B06-11D1-AB04-0
f5-6e88d580e7a1/abc.com.hk
* SPN found :HOST/testdc001.abc.com.hk
* SPN found :HOST/testdc001.abc.com.hk
* SPN found :HOST/TESTDC001
* SPN found :HOST/testdc001.abc.com.hk
* SPN found :GC/testdc001.abc.com.hk/a
......................... TESTDC001 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... TESTDC001 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
TESTDC001 is in domain DC=abc,DC=com,DC=hk
Checking for CN=TESTDC001,OU=Domain Controllers,DC=abc,DC=com,
domain DC=abc,DC=com,DC=hk on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=TESTDC001,CN=S
=Configuration,DC=abc,DC=c
k on 1 servers
Object is up-to-date on all servers.
......................... TESTDC001 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... TESTDC001 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/17/2014 13:07:07
(Event String could not be retrieved)
......................... TESTDC001 failed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:48
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:48
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:49
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:49
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/17/2014 23:51:49
(Event String could not be retrieved)
......................... TESTDC001 failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 22:54:53
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/17/2014 23:03:05
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:05:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:06:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:08:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:36:48
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/17/2014 23:54:19
(Event String could not be retrieved)
......................... TESTDC001 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=TESTDC001,OU=Domain Controllers,DC=abc,DC=com,
CN=TESTDC001,CN=Servers,CN
C=hk
are correct.
The system object reference (frsComputerReferenceBL)
CN=TESTDC001,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=abc,D
and backlink on CN=TESTDC001,OU=Domain Controllers,DC=abc,DC=com,
are correct.
The system object reference (serverReferenceBL)
CN=TESTDC001,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=abc,D
and backlink on
CN=NTDS Settings,CN=TESTDC001,CN=S
n,DC=abc,DC=com,DC=hk
are correct.
......................... TESTDC001 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : abc
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom
Running enterprise tests on : abc.com.hk
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
Skipping site cn, this site is outside the scope provided by the
command line arguments provided.
......................... abc.com.hk passed test Intersite
Starting test: FsmoCheck
GC Name: \\testdc001.abc.com.hk
Locator Flags: 0xe00001fc
PDC Name: \\DC01.abc.com.hk
Locator Flags: 0xe000037d
Time Server Name: \\testdc001.abc.com.hk
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\DC01.abc.com.hk
Locator Flags: 0xe000037d
KDC Name: \\testdc001.abc.com.hk
Locator Flags: 0xe00001fc
......................... abc.com.hk passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
E:\SUPPORT\TOOLS>
Hi,
Lots of error.
is all testDc and DC1 is in same network ?
Please run below command and share the result
DCDIAG /TEST:DNS
Lots of error.
is all testDc and DC1 is in same network ?
Please run below command and share the result
DCDIAG /TEST:DNS
ASKER
DC01 & DC04 are in the same site. The others are in the other site.
DC01 & DC04 don't have problem. THe problem is the DCs on the other size.
DC01.txt
TESTDC001-dump.txt
DC01 & DC04 don't have problem. THe problem is the DCs on the other size.
DC01.txt
TESTDC001-dump.txt
Hi,
Please check and make sure that time service is running on Test DC.
if its not running then
http://answers.microsoft.com/en-us/windows/forum/windows_vista-performance/windows-time-service-will-not-start/6bbea43f-5575-4e78-9b52-ac766632bfc2?auth=1
if already running then restart the service. and check the dns report.
if still not works then
http://support.microsoft.com/kb/816042
Please check and make sure that time service is running on Test DC.
if its not running then
http://answers.microsoft.com/en-us/windows/forum/windows_vista-performance/windows-time-service-will-not-start/6bbea43f-5575-4e78-9b52-ac766632bfc2?auth=1
if already running then restart the service. and check the dns report.
if still not works then
http://support.microsoft.com/kb/816042
ASKER
Yes, Window Time services has been restarted. I have attached a dcdiag on the TESTDC001.
We have checked the network connectivity but everything seems fine.
[some important extraction from the file]
Testing server: Default-First-Site-Name\ab
Starting test: Connectivity
* Active Directory LDAP Services Check
abc01.currentTime = 20140424033921.0Z
abc01.highestCommittedUSN = 486666939
abc01.isSynchronized = 1
abc01.isGlobalCatalogReady
[abc01] LDAP bind failed with error 8341,
¿¿¿¿¿¿¿¿¿¿¿¿.
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
* Active Directory LDAP Services Check
The host a192b72c-096a-46da-aa96-b7
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(a192b72c-096a-46da-aa96-b
resolved, the server name (DC02.abc.com.hk) resolved to the IP address
(10.0.23.30) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... DC02 failed test Connectivity
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=abc01,CN=Serve
[abc01] DsBindWithSpnEx() failed with error -2146893022,
¿¿¿¿¿¿¿¿¿¿.
Warning: abc01 is the Schema Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=abc01,CN=Serve
Warning: abc01 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=abc01,CN=Serve
Warning: abc01 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=abc01,CN=Serve
Warning: abc01 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=abc01,CN=Serve
Warning: abc01 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... cnDC01 failed test KnowsOfRoleHolders
TESTDC01.txt
We have checked the network connectivity but everything seems fine.
[some important extraction from the file]
Testing server: Default-First-Site-Name\ab
Starting test: Connectivity
* Active Directory LDAP Services Check
abc01.currentTime = 20140424033921.0Z
abc01.highestCommittedUSN = 486666939
abc01.isSynchronized = 1
abc01.isGlobalCatalogReady
[abc01] LDAP bind failed with error 8341,
¿¿¿¿¿¿¿¿¿¿¿¿.
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
* Active Directory LDAP Services Check
The host a192b72c-096a-46da-aa96-b7
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(a192b72c-096a-46da-aa96-b
resolved, the server name (DC02.abc.com.hk) resolved to the IP address
(10.0.23.30) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... DC02 failed test Connectivity
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=abc01,CN=Serve
[abc01] DsBindWithSpnEx() failed with error -2146893022,
¿¿¿¿¿¿¿¿¿¿.
Warning: abc01 is the Schema Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=abc01,CN=Serve
Warning: abc01 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=abc01,CN=Serve
Warning: abc01 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=abc01,CN=Serve
Warning: abc01 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=abc01,CN=Serve
Warning: abc01 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... cnDC01 failed test KnowsOfRoleHolders
TESTDC01.txt
Hi,
Seems DNS issue,
1. ping a192b72c-096a-46da-aa96-b7
if unable to ping then go the sites and services, explore server DC02, then go to property of NTDS setting. copy the DNS alias and ping it.
if you are able to ping then you need to delete the a192b72c-096a-46da-aa96-b7
then again run the report. also run the DCDIAG /Test:dns.
Seems DNS issue,
1. ping a192b72c-096a-46da-aa96-b7
if unable to ping then go the sites and services, explore server DC02, then go to property of NTDS setting. copy the DNS alias and ping it.
if you are able to ping then you need to delete the a192b72c-096a-46da-aa96-b7
then again run the report. also run the DCDIAG /Test:dns.
ASKER
Try to demote TESTDC001. Perform metacleanup and perform promote again. However, still can't fix the problem.
Some important message from log,
Warning: abc01 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Domain Owner, but is not responding to LDAP Bind.
Warning: abc01 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
\\abc01.abc.com.hk for the domain abc failed because the Domain Controller
did not have an account TESTDC001$ needed to set
up the session by this computer TESTDC001.
Dump.png
Dump2.txt
Some important message from log,
Warning: abc01 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: abc01 is the Domain Owner, but is not responding to LDAP Bind.
Warning: abc01 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
\\abc01.abc.com.hk for the domain abc failed because the Domain Controller
did not have an account TESTDC001$ needed to set
up the session by this computer TESTDC001.
Dump.png
Dump2.txt
Hi,
keep the NIC DNS setting of testdc01, same as set for other DC. (FSMO role holder DC IP)
then restart the netlogin service on both server. Then Try the replication and then run the dcdiag.
keep the NIC DNS setting of testdc01, same as set for other DC. (FSMO role holder DC IP)
then restart the netlogin service on both server. Then Try the replication and then run the dcdiag.
ASKER
DNS binding for the DC is the same as the DC holding the FSMO. Tks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Will schedule to demote this current server and reconfigure a new one. Tks
1. since how long it has been not replicated ?
2. share the DCDIAG /V result from effected DC.
3. do you have any error in event log.