Ima Bum
asked on
Why can't Users in One Site connect to their Shares in Another site ?
Users in One Site cannot resolve the Server "shares" in another Site unless an IP is used, so mapped drives are not connecting.
So, an example would be, I can map a drive with the following unc \\10.10.20.11\sharename
Forest 2003 Functional level
Servers 2008 R2
No sure why the Forest Domain has not been upgraded to match the servers.
I can ping and resolve the server though, so it's not a DNS issue.
I inherited this challenge, and don't have a lot of history in terms of "why" this is happening or when it started, just it's "not" working. Thanks for any feedback.
... running a dcdiag I get the following:
So, an example would be, I can map a drive with the following unc \\10.10.20.11\sharename
Forest 2003 Functional level
Servers 2008 R2
No sure why the Forest Domain has not been upgraded to match the servers.
I can ping and resolve the server though, so it's not a DNS issue.
I inherited this challenge, and don't have a lot of history in terms of "why" this is happening or when it started, just it's "not" working. Thanks for any feedback.
... running a dcdiag I get the following:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ARIZONA
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: ARIZONA-AZ\ARIZONA
Starting test: Connectivity
......................... ARIZONA passed test Connectivity
Doing primary tests
Testing server: ARIZONA-AZ\ARIZONA
Starting test: Advertising
......................... ARIZONA passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ARIZONA passed test FrsEvent
Starting test: DFSREvent
......................... ARIZONA passed test DFSREvent
Starting test: SysVolCheck
......................... ARIZONA passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x8000061E
Time Generated: 12/04/2019 13:09:15
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 12/04/2019 13:09:15
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 12/04/2019 13:09:15
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 12/04/2019 13:09:15
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 12/04/2019 13:09:15
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 12/04/2019 13:09:15
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 12/04/2019 13:09:15
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 12/04/2019 13:09:15
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 12/04/2019 13:09:15
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 12/04/2019 13:09:15
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 12/04/2019 13:09:15
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 12/04/2019 13:09:15
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
......................... ARIZONA failed test KccEvent
Starting test: KnowsOfRoleHolders
[FILE] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: FILE is the Schema Owner, but is not responding to DS RPC
Bind.
[FILE] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: FILE is the Schema Owner, but is not responding to LDAP Bind.
Warning: FILE is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: FILE is the Domain Owner, but is not responding to LDAP Bind.
Warning: FILE is the PDC Owner, but is not responding to DS RPC Bind.
Warning: FILE is the PDC Owner, but is not responding to LDAP Bind.
Warning: FILE is the Rid Owner, but is not responding to DS RPC Bind.
Warning: FILE is the Rid Owner, but is not responding to LDAP Bind.
Warning: FILE is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: FILE is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... ARIZONA failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ARIZONA passed test MachineAccount
Starting test: NCSecDesc
......................... ARIZONA passed test NCSecDesc
Starting test: NetLogons
[ARIZONA] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... ARIZONA failed test NetLogons
Starting test: ObjectsReplicated
......................... ARIZONA passed test ObjectsReplicated
Starting test: Replications
[Replications Check,ARIZONA] A recent replication attempt failed:
From FILE to ARIZONA
Naming Context: DC=ForestDnsZones,DC=AAAAAAABBB,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-12-04 13:04:13.
The last success occurred at 2019-10-26 20:22:03.
3713 failures have occurred since the last success.
[Replications Check,ARIZONA] A recent replication attempt failed:
From FILE to ARIZONA
Naming Context: DC=DomainDnsZones,DC=AAAAAAABBB,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-12-04 13:04:13.
The last success occurred at 2019-10-26 20:22:03.
3713 failures have occurred since the last success.
[Replications Check,ARIZONA] A recent replication attempt failed:
From FILE to ARIZONA
Naming Context: CN=Schema,CN=Configuration,DC=AAAAAAABBB,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2019-12-04 13:04:13.
The last success occurred at 2019-10-26 20:22:03.
3713 failures have occurred since the last success.
[Replications Check,ARIZONA] A recent replication attempt failed:
From FILE to ARIZONA
Naming Context: CN=Configuration,DC=AAAAAAABBB,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2019-12-04 13:04:13.
The last success occurred at 2019-10-26 20:22:03.
3713 failures have occurred since the last success.
[Replications Check,ARIZONA] A recent replication attempt failed:
From FILE to ARIZONA
Naming Context: DC=AAAAAAABBB,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2019-12-04 13:04:13.
The last success occurred at 2019-10-26 20:22:03.
3713 failures have occurred since the last success.
......................... ARIZONA failed test Replications
Starting test: RidManager
......................... ARIZONA failed test RidManager
Starting test: Services
......................... ARIZONA passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:12:45
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:17:46
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:22:47
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:27:49
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:32:50
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 12:34:43
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ARIZONA$. The target name used was DNS/ARIZONA.AAAAAAABBB.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:37:51
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 12:41:50
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ARIZONA$. The target name used was cifs/ARIZONA.AAAAAAABBB.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 12:42:51
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ARIZONA$. The target name used was LDAP/ARIZONA.AAAAAAABBB.local/AAAAAAABBB.local@AAAAAAABBB.LOCAL. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 12:42:51
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ARIZONA$. The target name used was ldap/ARIZONA.AAAAAAABBB.local/AAAAAAABBB.local@AAAAAAABBB.LOCAL. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:42:52
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:47:53
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 12:48:48
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ARIZONA$. The target name used was ldap/ARIZONA.AAAAAAABBB.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 12:49:13
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server file$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/bbab76ab-b026-4dc4-a529-f5a4fd9fae8b/AAAAAAABBB.local@AAAAAAABBB.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 12:50:33
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ARIZONA$. The target name used was LDAP/ARIZONA. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:52:54
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 12:57:55
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 13:00:32
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server file$. The target name used was cifs/FILE. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 13:00:49
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server file$. The target name used was AAAAAAABBB\FILE$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 13:01:34
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ARIZONA$. The target name used was MSSQLSvc/ARIZONA.AAAAAAABBB.local:alamode08. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 13:02:57
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x000003EE
Time Generated: 12/04/2019 13:07:58
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 13:11:46
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server file$. The target name used was LDAP/bbab76ab-b026-4dc4-a529-f5a4fd9fae8b._msdcs.AAAAAAABBB.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/04/2019 13:11:46
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server file$. The target name used was ldap/file.AAAAAAABBB.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAAAAAABBB.LOCAL) is different from the client domain (AAAAAAABBB.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
......................... ARIZONA failed test SystemLog
Starting test: VerifyReferences
......................... ARIZONA passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : AAAAAAABBB
Starting test: CheckSDRefDom
......................... AAAAAAABBB passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... AAAAAAABBB passed test CrossRefValidation
Running enterprise tests on : AAAAAAABBB.local
Starting test: LocatorCheck
......................... AAAAAAABBB.local passed test LocatorCheck
Starting test: Intersite
......................... AAAAAAABBB.local passed test Intersite
if the application has admin rights mapped drive letters do not work becuase the user context changed and the mappings do not apply for the admin user context.
a way out could be to create a new mapping in the application itself.
Sara
a way out could be to create a new mapping in the application itself.
Sara
ASKER
The Server is not tombstoned.
I can still ping the server by it's friendly name.
I can ping -a and resolve it.
nslookup using both friendly name or IP address works.
I still can't map network drives though using the server's name.
AD has the same errors/issues.
since this is a Win2008 server.
I'm considering, running DCPROMO , demoting the server.
then running DCPROMO again and promoting it.
since the Forest and Domain are still running at Win2003 and the only two servers in the domain are Domain Controllers running Win2008 R2, I'm thinking, I might as well promoto them to Win 2008 R2
I can still ping the server by it's friendly name.
I can ping -a and resolve it.
nslookup using both friendly name or IP address works.
I still can't map network drives though using the server's name.
AD has the same errors/issues.
since this is a Win2008 server.
I'm considering, running DCPROMO , demoting the server.
then running DCPROMO again and promoting it.
since the Forest and Domain are still running at Win2003 and the only two servers in the domain are Domain Controllers running Win2008 R2, I'm thinking, I might as well promoto them to Win 2008 R2
You really didn't answer any of my questions besides stating that the DC is not tombstoned.
Describe your topology.
What's the result of the dcdiag commands?
What's the result of the repadmin command?
What errors did you see looking in the event logs?
Attempting to demote a DC while replication is not working will not work. You would have to force a demotion and then clean up metadata, and that removed DC could never be connected to the domain again. Also don't change the Forest Functional Level until replication is working.
I would also recommend the use of PortQry (from MS) to test whether specific ports are open between DCs.
Describe your topology.
What's the result of the dcdiag commands?
What's the result of the repadmin command?
What errors did you see looking in the event logs?
Attempting to demote a DC while replication is not working will not work. You would have to force a demotion and then clean up metadata, and that removed DC could never be connected to the domain again. Also don't change the Forest Functional Level until replication is working.
I would also recommend the use of PortQry (from MS) to test whether specific ports are open between DCs.
ASKER
To be able to see my other server, I was able to get that working by using this article.
https://u-tools.com/help/PlanCleanup.asp
https://u-tools.com/help/PlanCleanup.asp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What's your topology like? How many DCs do you have and where are they located (in which site(s))?
Run dcdiag from an elevated command prompt. You will want to run it on each DC, or use the /e switch so you can see the results from the point of view of each DC. Also run
dcdiag /v /test:dns
repadmin /showrepl (/showreps on 2003, if I remember correctly)
Look in Event Viewer for relevant errors.
Hopefully your DC hasn't been tombstoned. The default tombstone lifetime for 2003 was 60 days. You can run the following to see what your domain is set to (blank result means 60 days) - change the distinguishedName to match your domain:
Open in new window