Urgent Help dns, clock issues nightmare
As of now im not sure what is going on, echange server is not connecting, can only connect to computers using ip because the name gives me a clocl not syncronized error. please help
You have more than one problem then. Time can, obviously, be fixed easily enough but in a domain environment it should be synchronising with a DC.
It's likely time is wrong because something else is. What have you set your DNS servers (ipconfig) to?
It's likely time is wrong because something else is. What have you set your DNS servers (ipconfig) to?
Principal Support Engineer
CERTIFIED EXPERT
When you connect via name, you're most likely using Kerberos authentication, which requires pretty strict time sync (within five minutes by default) between the machine you're connecting from and the one you're connecting to. When you connect via IP address, you're using NTLM authentication, which doesn't care about the time.
So, where is the time incorrect? Like Chris says, your domain-joined machines should all be configured to get their time from Active Directory.
So, where is the time incorrect? Like Chris says, your domain-joined machines should all be configured to get their time from Active Directory.
That is the problem all the times are correct, the Primary dc is in a vmware server that had an old dns itself, i corrected this a few days ago and all was working fine, now i cant strart dns on primary dc becasue it fails. the sais dc cannot be contacted, and also exchange is disconected i think i hope is because of this
Check about IPV6 (disable it) and also check the network adapters and the DNS entries for the server
The main DC gives me this error when i try to open DNS, The server (domainName) could not be contacted the error was access denied would you like to add it anyway?
Windows was unable to determine whether new Group Policy settings defined by a network administrator should be enforced for this user or computer because this computer's clock is not synchronized with the clock of one of the domain controllers for the domain. Because of this issue, this computer system may not be in compliance with the network administrator’s requirements, and users of this system may not be able to use some functionality on the network. Windows will periodically attempt to retry this operation, and it is possible that either this system or the domain controller will correct the time settings without intervention by an administrator, so the problem will be corrected.
If this issue persists for more than an hour, checking the local system's clock settings to ensure they are accurate and are synchronized with the clocks on the network's domain controllers is one way to resolve this problem. A network administrator may be required to resolve the issue if correcting the local time settings does not address the problem.
If this issue persists for more than an hour, checking the local system's clock settings to ensure they are accurate and are synchronized with the clocks on the network's domain controllers is one way to resolve this problem. A network administrator may be required to resolve the issue if correcting the local time settings does not address the problem.
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.cdgcorp.lo
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>nslook
12.2.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.2.12
Non-authoritative answer:
Name: y-group.com
Address: 198.71.232.3
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>nslook
12.2.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.2.12
Non-authoritative answer:
Name: y-group.com
Address: 198.71.232.3
DNS server i have the two one ending in 12 ( wich has the problem is the primary) and one ending in 17 which is allowing me at least to browse
one note im not sure if it has to do with anything the 3 servers giving me issues are all in a VMware environment,
This is nuts, the three servers connected to the VMWARE server are not responding unless direct ip, the other 2 physical servers are working just fine.
Time is ok on all this, later this week i changed the dns on the vm host to the new because the old server had died. but it was fine till this morning. the old server has no record anywere
I got the Ns lookup fixed i made him point to the secondary dc and dns and at least now i can print. but still no exchange
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC-02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: BrickellLocation\DC-02
Starting test: Connectivity
......................... DC-02 passed test Connectivity
Doing primary tests
Testing server: BrickellLocation\DC-02
Starting test: Advertising
......................... DC-02 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC-02 passed test FrsEvent
Starting test: DFSREvent
......................... DC-02 passed test DFSREvent
Starting test: SysVolCheck
......................... DC-02 passed test SysVolCheck
Starting test: KccEvent
......................... DC-02 passed test KccEvent
Starting test: KnowsOfRoleHolders
[YDC01] DsBindWithSpnEx() failed with error 1398,
There is a time and/or date difference between the client and server..
Warning: YDC01 is the Schema Owner, but is not responding to DS RPC
Bind.
[YDC01] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: YDC01 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: YDC01 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: YDC01 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: YDC01 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: YDC01 is the PDC Owner, but is not responding to LDAP Bind.
Warning: YDC01 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: YDC01 is the Rid Owner, but is not responding to LDAP Bind.
Warning: YDC01 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: YDC01 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... DC-02 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC-02 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=cdgco
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=cdgco
......................... DC-02 failed test NCSecDesc
Starting test: NetLogons
......................... DC-02 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC-02 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: DC=ForestDnsZones,DC=cdgco
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2005-08-17 03:47:24.
The last success occurred at 2005-08-16 09:47:24.
18 failures have occurred since the last success.
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: DC=DomainDnsZones,DC=cdgco
The replication generated an error (1398):
There is a time and/or date difference between the client and server
.
The failure occurred at 2005-08-17 03:54:02.
The last success occurred at 2005-08-16 09:47:24.
20 failures have occurred since the last success.
Kerberos Error.
Check that the system time between the two servers is sufficiently.
close. Also check that the time service is functioning correctly
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1398):
There is a time and/or date difference between the client and server
.
The failure occurred at 2005-08-17 03:47:24.
The last success occurred at 2005-08-16 09:47:24.
18 failures have occurred since the last success.
Kerberos Error.
Check that the system time between the two servers is sufficiently.
close. Also check that the time service is functioning correctly
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: CN=Configuration,DC=cdgcor
The replication generated an error (1398):
There is a time and/or date difference between the client and server
.
The failure occurred at 2005-08-17 03:47:24.
The last success occurred at 2005-08-16 09:47:24.
18 failures have occurred since the last success.
Kerberos Error.
Check that the system time between the two servers is sufficiently.
close. Also check that the time service is functioning correctly
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: DC=cdgcorp,DC=local
The replication generated an error (1398):
There is a time and/or date difference between the client and server
.
The failure occurred at 2005-08-17 03:47:24.
The last success occurred at 2005-08-16 09:47:24.
18 failures have occurred since the last success.
Kerberos Error.
Check that the system time between the two servers is sufficiently.
close. Also check that the time service is functioning correctly
......................... DC-02 failed test Replications
Starting test: RidManager
......................... DC-02 failed test RidManager
Starting test: Services
......................... DC-02 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:26
Event String:
Driver RICOH Class Driver required for printer RICOH Class Driver is
unknown. Contact the administrator to install the driver before you log in agai
n.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:27
Event String:
Driver Brother HL-5050 required for printer Brother HL-5050 is unkno
wn. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:28
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:28
Event String:
Driver Microsoft Print To PDF required for printer Microsoft Print t
o PDF is unknown. Contact the administrator to install the driver before you log
in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:30
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microso
ft XPS Document Writer is unknown. Contact the administrator to install the driv
er before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:31
Event String:
Driver Send to Microsoft OneNote 16 Driver required for printer Send
To OneNote 2016 is unknown. Contact the administrator to install the driver bef
ore you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:17
Event String:
Driver RICOH Class Driver required for printer RICOH Class Driver is
unknown. Contact the administrator to install the driver before you log in agai
n.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:17
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microso
ft XPS Document Writer is unknown. Contact the administrator to install the driv
er before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:18
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:20
Event String:
Driver Brother HL-5050 required for printer Brother HL-5050 is unkno
wn. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:21
Event String:
Driver Microsoft Print To PDF required for printer Microsoft Print t
o PDF is unknown. Contact the administrator to install the driver before you log
in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:21
Event String:
Driver Send to Microsoft OneNote 16 Driver required for printer Send
To OneNote 2016 is unknown. Contact the administrator to install the driver bef
ore you log in again.
......................... DC-02 failed test SystemLog
Starting test: VerifyReferences
......................... DC-02 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : cdgcorp
Starting test: CheckSDRefDom
......................... cdgcorp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... cdgcorp passed test CrossRefValidation
Running enterprise tests on : cdgcorp.local
Starting test: LocatorCheck
......................... cdgcorp.local passed test LocatorCheck
Starting test: Intersite
......................... cdgcorp.local passed test Intersite
C:\Windows\system32>
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC-02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: BrickellLocation\DC-02
Starting test: Connectivity
......................... DC-02 passed test Connectivity
Doing primary tests
Testing server: BrickellLocation\DC-02
Starting test: Advertising
......................... DC-02 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC-02 passed test FrsEvent
Starting test: DFSREvent
......................... DC-02 passed test DFSREvent
Starting test: SysVolCheck
......................... DC-02 passed test SysVolCheck
Starting test: KccEvent
......................... DC-02 passed test KccEvent
Starting test: KnowsOfRoleHolders
[YDC01] DsBindWithSpnEx() failed with error 1398,
There is a time and/or date difference between the client and server..
Warning: YDC01 is the Schema Owner, but is not responding to DS RPC
Bind.
[YDC01] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: YDC01 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: YDC01 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: YDC01 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: YDC01 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: YDC01 is the PDC Owner, but is not responding to LDAP Bind.
Warning: YDC01 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: YDC01 is the Rid Owner, but is not responding to LDAP Bind.
Warning: YDC01 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: YDC01 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... DC-02 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC-02 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=cdgco
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=cdgco
......................... DC-02 failed test NCSecDesc
Starting test: NetLogons
......................... DC-02 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC-02 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: DC=ForestDnsZones,DC=cdgco
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2005-08-17 03:47:24.
The last success occurred at 2005-08-16 09:47:24.
18 failures have occurred since the last success.
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: DC=DomainDnsZones,DC=cdgco
The replication generated an error (1398):
There is a time and/or date difference between the client and server
.
The failure occurred at 2005-08-17 03:54:02.
The last success occurred at 2005-08-16 09:47:24.
20 failures have occurred since the last success.
Kerberos Error.
Check that the system time between the two servers is sufficiently.
close. Also check that the time service is functioning correctly
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1398):
There is a time and/or date difference between the client and server
.
The failure occurred at 2005-08-17 03:47:24.
The last success occurred at 2005-08-16 09:47:24.
18 failures have occurred since the last success.
Kerberos Error.
Check that the system time between the two servers is sufficiently.
close. Also check that the time service is functioning correctly
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: CN=Configuration,DC=cdgcor
The replication generated an error (1398):
There is a time and/or date difference between the client and server
.
The failure occurred at 2005-08-17 03:47:24.
The last success occurred at 2005-08-16 09:47:24.
18 failures have occurred since the last success.
Kerberos Error.
Check that the system time between the two servers is sufficiently.
close. Also check that the time service is functioning correctly
[Replications Check,DC-02] A recent replication attempt failed:
From YDC01 to DC-02
Naming Context: DC=cdgcorp,DC=local
The replication generated an error (1398):
There is a time and/or date difference between the client and server
.
The failure occurred at 2005-08-17 03:47:24.
The last success occurred at 2005-08-16 09:47:24.
18 failures have occurred since the last success.
Kerberos Error.
Check that the system time between the two servers is sufficiently.
close. Also check that the time service is functioning correctly
......................... DC-02 failed test Replications
Starting test: RidManager
......................... DC-02 failed test RidManager
Starting test: Services
......................... DC-02 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:26
Event String:
Driver RICOH Class Driver required for printer RICOH Class Driver is
unknown. Contact the administrator to install the driver before you log in agai
n.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:27
Event String:
Driver Brother HL-5050 required for printer Brother HL-5050 is unkno
wn. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:28
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:28
Event String:
Driver Microsoft Print To PDF required for printer Microsoft Print t
o PDF is unknown. Contact the administrator to install the driver before you log
in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:30
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microso
ft XPS Document Writer is unknown. Contact the administrator to install the driv
er before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 03:35:31
Event String:
Driver Send to Microsoft OneNote 16 Driver required for printer Send
To OneNote 2016 is unknown. Contact the administrator to install the driver bef
ore you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:17
Event String:
Driver RICOH Class Driver required for printer RICOH Class Driver is
unknown. Contact the administrator to install the driver before you log in agai
n.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:17
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microso
ft XPS Document Writer is unknown. Contact the administrator to install the driv
er before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:18
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:20
Event String:
Driver Brother HL-5050 required for printer Brother HL-5050 is unkno
wn. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:21
Event String:
Driver Microsoft Print To PDF required for printer Microsoft Print t
o PDF is unknown. Contact the administrator to install the driver before you log
in again.
An error event occurred. EventID: 0x00000457
Time Generated: 08/17/2005 04:27:21
Event String:
Driver Send to Microsoft OneNote 16 Driver required for printer Send
To OneNote 2016 is unknown. Contact the administrator to install the driver bef
ore you log in again.
......................... DC-02 failed test SystemLog
Starting test: VerifyReferences
......................... DC-02 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : cdgcorp
Starting test: CheckSDRefDom
......................... cdgcorp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... cdgcorp passed test CrossRefValidation
Running enterprise tests on : cdgcorp.local
Starting test: LocatorCheck
......................... cdgcorp.local passed test LocatorCheck
Starting test: Intersite
......................... cdgcorp.local passed test Intersite
C:\Windows\system32>
Principal Support Engineer
CERTIFIED EXPERT
Are you certain that the time is synchronized between DC02 and YDC01? Because this seems to indicate that it's not:
Starting test: KnowsOfRoleHolders
[YDC01] DsBindWithSpnEx() failed with error 1398,
There is a time and/or date difference between the client and server..
Um. Why is the year 2005?
Move slowly here, you don't want your DCs to consider themselves to be 12 years out of date...
Move slowly here, you don't want your DCs to consider themselves to be 12 years out of date...
I get this after the time update
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC-02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: BrickellLocation\DC-02
Starting test: Connectivity
......................... DC-02 passed test Connectivity
Doing primary tests
Testing server: BrickellLocation\DC-02
Starting test: Advertising
......................... DC-02 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC-02 passed test FrsEvent
Starting test: DFSREvent
......................... DC-02 passed test DFSREvent
Starting test: SysVolCheck
......................... DC-02 passed test SysVolCheck
Starting test: KccEvent
......................... DC-02 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC-02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC-02 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=cdgco
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=cdgco
......................... DC-02 failed test NCSecDesc
Starting test: NetLogons
......................... DC-02 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC-02 passed test ObjectsReplicated
Starting test: Replications
......................... DC-02 passed test Replications
Starting test: RidManager
......................... DC-02 passed test RidManager
Starting test: Services
......................... DC-02 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0002719
Time Generated: 03/24/2017 16:31:46
Event String:
DCOM was unable to communicate with the computer xchangesrv.cdgcorp.
local using any of the configured protocols.
A warning event occurred. EventID: 0x00000024
Time Generated: 03/24/2017 16:31:52
Event String:
The time service has not synchronized the system time for 86400 seco
nds because none of the time service providers provided a usable time stamp. The
time service will not update the local system time until it is able to synchron
ize with a time source. If the local system is configured to act as a time serve
r for clients, it will stop advertising as a time source to clients. The time se
rvice will continue to retry and sync time with its time sources. Check system e
vent log for other W32time events for more details. Run 'w32tm /resync' to force
an instant time synchronization.
......................... DC-02 failed test SystemLog
Starting test: VerifyReferences
......................... DC-02 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : cdgcorp
Starting test: CheckSDRefDom
......................... cdgcorp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... cdgcorp passed test CrossRefValidation
Running enterprise tests on : cdgcorp.local
Starting test: LocatorCheck
......................... cdgcorp.local passed test LocatorCheck
Starting test: Intersite
......................... cdgcorp.local passed test Intersite
C:\Windows\system32>
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC-02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: BrickellLocation\DC-02
Starting test: Connectivity
......................... DC-02 passed test Connectivity
Doing primary tests
Testing server: BrickellLocation\DC-02
Starting test: Advertising
......................... DC-02 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC-02 passed test FrsEvent
Starting test: DFSREvent
......................... DC-02 passed test DFSREvent
Starting test: SysVolCheck
......................... DC-02 passed test SysVolCheck
Starting test: KccEvent
......................... DC-02 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC-02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC-02 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=cdgco
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=cdgco
......................... DC-02 failed test NCSecDesc
Starting test: NetLogons
......................... DC-02 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC-02 passed test ObjectsReplicated
Starting test: Replications
......................... DC-02 passed test Replications
Starting test: RidManager
......................... DC-02 passed test RidManager
Starting test: Services
......................... DC-02 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0002719
Time Generated: 03/24/2017 16:31:46
Event String:
DCOM was unable to communicate with the computer xchangesrv.cdgcorp.
local using any of the configured protocols.
A warning event occurred. EventID: 0x00000024
Time Generated: 03/24/2017 16:31:52
Event String:
The time service has not synchronized the system time for 86400 seco
nds because none of the time service providers provided a usable time stamp. The
time service will not update the local system time until it is able to synchron
ize with a time source. If the local system is configured to act as a time serve
r for clients, it will stop advertising as a time source to clients. The time se
rvice will continue to retry and sync time with its time sources. Check system e
vent log for other W32time events for more details. Run 'w32tm /resync' to force
an instant time synchronization.
......................... DC-02 failed test SystemLog
Starting test: VerifyReferences
......................... DC-02 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : cdgcorp
Starting test: CheckSDRefDom
......................... cdgcorp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... cdgcorp passed test CrossRefValidation
Running enterprise tests on : cdgcorp.local
Starting test: LocatorCheck
......................... cdgcorp.local passed test LocatorCheck
Starting test: Intersite
......................... cdgcorp.local passed test Intersite
C:\Windows\system32>
Principal Support Engineer
CERTIFIED EXPERT
holy crap dc-02 has a wrong time and it completely eluded me. i changed it should i restart it?
There should be no need to restart it, but manually changing the time may not be enough to keep the issue from coming back (although if it were previously set to the year 2005, that may indeed be all you have to do).
Run w32tm /query /configuration on DC-02 and post the results here.
......................... cdgcorp.local passed test Intersite
C:\Windows\system32>w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.
C:\Windows\system32>w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombin
ResolvePeerBackoffMinutes:
ResolvePeerBackoffMaxTimes
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: DC_HostName.DomainName.com
NtpServer (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombin
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmicti
Enabled: 1 (Local)
InputProvider: 1 (Local)
C:\Windows\system32>w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.
C:\Windows\system32>w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombin
ResolvePeerBackoffMinutes:
ResolvePeerBackoffMaxTimes
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: DC_HostName.DomainName.com
NtpServer (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombin
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmicti
Enabled: 1 (Local)
InputProvider: 1 (Local)
Principal Support Engineer
CERTIFIED EXPERT
Type: NTP (Local)
Unless DC-02 is the PDC Emulator (it isn't, according to the dcdiag output), this value should be set to NT5DS rather than NTP. It can be set in the registry here:
HKLM\SYSTEM\CurrentControl
If you make that change, you'll need to restart the Windows Time service for it to take effect.
Principal Support Engineer
CERTIFIED EXPERT
It should be set to NT5DS on everything except the DC that holds the PDC Emulator FSMO role (which appears to be YDC01).
Principal Support Engineer
CERTIFIED EXPERT
Excellent. What does w32tm /query /configuration show on YDC01?
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\mnunez>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
***Error: Exchange is not a Directory Server. Must specify /s:<Directory
Server> or /n:<Naming Context> or nothing to use the local machine.
ERROR: Could not find home server.
C:\Users\mnunez>
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\mnunez>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
***Error: Exchange is not a Directory Server. Must specify /s:<Directory
Server> or /n:<Naming Context> or nothing to use the local machine.
ERROR: Could not find home server.
C:\Users\mnunez>
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombin
ResolvePeerBackoffMinutes:
ResolvePeerBackoffMaxTimes
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: DC_HostName.DomainName.com
NtpServer (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombin
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmicti
Enabled: 1 (Local)
InputProvider: 1 (Local)
C:\Windows\system32>
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombin
ResolvePeerBackoffMinutes:
ResolvePeerBackoffMaxTimes
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: DC_HostName.DomainName.com
NtpServer (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombin
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmicti
Enabled: 1 (Local)
InputProvider: 1 (Local)
C:\Windows\system32>
good lord i cant rdp again now i have this no longer the time.
The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.
I did a flush, restarted my computer and nothing.
The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.
I did a flush, restarted my computer and nothing.
Principal Support Engineer
CERTIFIED EXPERT
NtpServer: DC_HostName.DomainName.com(Local)
This will need to be changed on YDC01. That server needs to get time from a source outside of your environment, like a public NTP server. Microsoft runs one at time.windows.com, and there are a number of others out there. Go to this registry location:
HKLM\SYSTEM\CurrentControl
...and set it to this:
time.windows.com,0x9 time-a.nist.gov,0x9 time-b.nist.gov,0x9
If you know the names of specific NTP servers you'd prefer to use, feel free to substitute those, but leave the ,0x9's in there after each one.
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
Principal Support Engineer
CERTIFIED EXPERT
That's a significant problem. It means that your domain controllers have been unable to replicate with each other for a very long time. How many total DCs do you have in the domain?
two, i inherit this job from another admin, and i have run into some weird stuff in here. should i turn one off maybe dc 02, i run the last script in the exchange server
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>netdom
List of domain controllers with accounts in the domain:
DC01
DC02
The command completed successfully.
C:\Windows\system32>
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>netdom
List of domain controllers with accounts in the domain:
DC01
DC02
The command completed successfully.
C:\Windows\system32>
Principal Support Engineer
CERTIFIED EXPERT
Exchange isn't installed on one of the DCs, is it? I believe you said that it's on a different server, but I want to be sure.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>REPADM
BrickellLocation\YDC01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 62d3b9b6-5b3d-419a-bd88-69
DSA invocationID: 3e22d92f-9798-4b5e-a8c7-eb
==== INBOUND NEIGHBORS ==========================
DC=cdgcorp,DC=local
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 18:07:15 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
68 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
CN=Configuration,DC=cdgcor
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
10 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
CN=Schema,CN=Configuration
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
9 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
DC=ForestDnsZones,DC=cdgco
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
9 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
DC=DomainDnsZones,DC=cdgco
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
9 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
Source: BrickellLocation\DC-02
******* 67 CONSECUTIVE FAILURES since 2017-03-24 13:24:43
Last error: 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
C:\Windows\system32>w32tm /monitor
YDC01.cdgcorp.local *** PDC ***[[::1]:123]:
ICMP: 0ms delay
NTP: +0.0000000s offset from YDC01.cdgcorp.local
RefID: time-a.nist.gov [129.6.15.28]
Stratum: 2
DC-02.cdgcorp.local[192.16
ICMP: 0ms delay
NTP: -744.1300266s offset from YDC01.cdgcorp.local
RefID: 'LOCL' [0x4C434F4C]
Stratum: 1
Warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs across
NTP implementations and may not be using IP addresses.
C:\Windows\system32>w32tm /resync
Sending resync command to local computer
The command completed successfully.
C:\Windows\system32>
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>REPADM
BrickellLocation\YDC01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 62d3b9b6-5b3d-419a-bd88-69
DSA invocationID: 3e22d92f-9798-4b5e-a8c7-eb
==== INBOUND NEIGHBORS ==========================
DC=cdgcorp,DC=local
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 18:07:15 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
68 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
CN=Configuration,DC=cdgcor
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
10 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
CN=Schema,CN=Configuration
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
9 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
DC=ForestDnsZones,DC=cdgco
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
9 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
DC=DomainDnsZones,DC=cdgco
BrickellLocation\DC-02 via RPC
DSA object GUID: df94fcba-4bb0-4a7f-85cd-c4
Last attempt @ 2017-03-24 17:46:40 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
9 consecutive failure(s).
Last success @ 2017-03-24 13:24:43.
Source: BrickellLocation\DC-02
******* 67 CONSECUTIVE FAILURES since 2017-03-24 13:24:43
Last error: 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
C:\Windows\system32>w32tm /monitor
YDC01.cdgcorp.local *** PDC ***[[::1]:123]:
ICMP: 0ms delay
NTP: +0.0000000s offset from YDC01.cdgcorp.local
RefID: time-a.nist.gov [129.6.15.28]
Stratum: 2
DC-02.cdgcorp.local[192.16
ICMP: 0ms delay
NTP: -744.1300266s offset from YDC01.cdgcorp.local
RefID: 'LOCL' [0x4C434F4C]
Stratum: 1
Warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs across
NTP implementations and may not be using IP addresses.
C:\Windows\system32>w32tm /resync
Sending resync command to local computer
The command completed successfully.
C:\Windows\system32>
Principal Support Engineer
CERTIFIED EXPERT
There's no need to do anything in Exchange - this is strictly Active Directory we're working with at the moment. Once the metadata cleanup has been completed, Exchange should be able to locate the only remaining global catalog (YDC01) and use it for authentication.
Principal Support Engineer
CERTIFIED EXPERT
Dcdiag won't run on a server that isn't a domain controller. Which version of Exchange are you running?
Principal Support Engineer
CERTIFIED EXPERT
Can you restart the Microsoft Exchange Active Directory Topology service on that server?
Gain unlimited access to on-demand training courses with an Experts Exchange subscription.
Get AccessWhy Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions