| Author |
 Topic  |
|
|
Dapas
Welcome Newcomer
USA
13 Posts
Status: offline |
 Posted - 05/01/2007 : 09:29:15 AM
|
I have a replication problem that started when I was asked to cut power to our server room. We have 5 sites. Our main campus, and 4 elementary schools. The primary domain controller (global catalog server) is at our main campus, and each elementary school is a domain controller as well. All servers are Windows 2003, all have Active Directory, DNS, WINS, & DHCP. Each site, has it’s own subnet in Sites and Services. All sites were working flawlessly until I was asked to cut power due to construction to our server room on our main campus. I shut down all the servers in our server room for 3 hours, but I did not shut down the domain controllers at each of the elementary schools. As of that time, each of the elementary sites replicate with each other, but no longer replicate with the main campus, which is the primary site. All of the event logs from the primary site are fine, no errors. When I run Repadmin /showreps from the main campus, everything is fine. The same is not true at the elementary sites. Here is the output from one of the elementary sites:
c:\> repadmin /showreps
Richmond\CHARGER4
DC Options: (none)
Site Options: (none)
DC object GUID: 51ea52ef-3afb-4954-9345-2eb5237ef624
DC invocationID: 6cba6165-78c0-465a-97f6-282016f3acbb
==== INBOUND NEIGHBORS ======================================
DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Last attempt @ 2007-05-01 08:46:53 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
360 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Last attempt @ 2007-05-01 08:46:55 was successful.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Last attempt @ 2007-05-01 08:46:56 was successful.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Last attempt @ 2007-05-01 08:46:56 was successful.
CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Last attempt @ 2007-05-01 08:46:53 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
360 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Last attempt @ 2007-05-01 08:46:53 was successful.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Last attempt @ 2007-05-01 08:46:54 was successful.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Last attempt @ 2007-05-01 08:46:54 was successful.
CN=Schema,CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Last attempt @ 2007-05-01 08:46:54 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
360 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Last attempt @ 2007-05-01 08:46:54 was successful.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Last attempt @ 2007-05-01 08:46:54 was successful.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Last attempt @ 2007-05-01 08:46:54 was successful.
DC=DomainDnsZones,DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Last attempt @ 2007-05-01 08:46:53 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
360 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Last attempt @ 2007-05-01 08:46:56 was successful.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Last attempt @ 2007-05-01 08:46:56 was successful.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Last attempt @ 2007-05-01 08:46:56 was successful.
DC=ForestDnsZones,DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Last attempt @ 2007-05-01 08:46:53 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
360 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Last attempt @ 2007-05-01 08:46:56 was successful.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Last attempt @ 2007-05-01 08:46:56 was successful.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Last attempt @ 2007-05-01 08:46:56 was successful.
Source: MainCampus\SONIC
******* 360 CONSECUTIVE FAILURES since 2007-04-16 07:56:25
Last error: -2146893022 (0x80090322):
The target principal name is incorrect.
I also get this error in the system log of each of the elementary sites:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 5/1/2007
Time: 9:00:38 AM
User: N/A
Computer: CHARGER3
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/sonic.chariho.k12.ri.us. The target name used was CHARIHO\SONIC$. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CHARIHO.K12.RI.US), and the client realm. Please contact your system administrator.
I tried resetting the machine password as described in KB article 288167, but this didn’t work. I keep getting information that there is a duplicate name in DNS. Here is the output from that test:
DNS test . . . . . . . . . . . . . : Passed
Interface {7AB1787B-7661-4ACC-9A62-042B383A70A5}
DNS Domain:
DNS Servers: 10.3.1.10 10.100.100.100
IP Address: Expected registration with PDN (primary DNS domain name):
Hostname: Charger3.chariho.k12.ri.us.
Authoritative zone: chariho.k12.ri.us.
Primary DNS server: Charger3.chariho.k12.ri.us 10.3.1.10
Authoritative NS:10.3.1.10 10.4.1.10 10.6.1.10 10.5.1.10 10.100.100.100
Check the DNS registration for DCs entries on DNS server '10.3.1.10'
The Record is different on DNS server '10.3.1.10'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.3.1.10', no need to re-register.
I am pulling my hair out. I tried multiple KB articles to fix this problem but nothing is working. Any help would be greatly appreciated.
Thanks,
Dave Pasquazzi
|
|
|
Rhonda
Moderator
USA
470 Posts
Status: offline |
Posted - 05/01/2007 : 11:21:53 AM
|
| Hi Dapas, WOW that is an awful lot of information to digest...could you simply state the problem? Do the elementary school sites no longer replicate with the main? Normally we state the problem and then look at dumps like this. |
Setup and Deployment MVP
Follow my Tweet at RhondaLayfield |
 |
|
|
Dapas
Welcome Newcomer
USA
13 Posts
Status: offline |
Posted - 05/01/2007 : 12:36:44 PM
|
| To sum up the problem, the elementary school sites are no longer replicating with the main campus. They are only replicating among themselves. |
|
|
|
bobster
Old Timer
USA
448 Posts
Status: offline |
Posted - 05/04/2007 : 1:46:53 PM
|
| I would first check network connection to and from remote sites. You stated that "I was asked to cut power due to construction to our server room on our main campus", I am thinking there may have been a cable that may have been cut/nicked during the construction. Are you able to just ping any of the remote site servers? |
|
|
|
Dapas
Welcome Newcomer
USA
13 Posts
Status: offline |
Posted - 05/04/2007 : 4:02:41 PM
|
| Yes, I am able to ping all servers. Network connectivity is complete to all servers. I can ping all servers by ip address or by name. The problem is that from the main campus everything is perfectly normal, however, from the elementary sites (remote sites) back to the main campus there is a problem with replication. The elementay sites can all replicate with each other, but not back to the main campus. When I shut down our servers for the temporary power outage, I neglected to shut down our remote sites. The remote sites could no longer communicate with the FSMO master back at the main campus. Now, I can no longer communicate completely with the FSMO master. I attempted to reset the machine account password using KB article 288167 and KB 260575, but have had no success thus far. I get an acknowledgement that the password has been reset, but I still get the Kerberos errors in my log files. From the main campus I can get to the sysvol share on each elementary site, however, each elementary site can't get to the sysvol share on the main campus unless you use the ip address in place of the servers name. I read somewhere that this is a Kerberos problem. I also keep getting "Target principal name is incorrect" when I run the "repadmin /showreps" command. Please advise. |
|
|
|
bobster
Old Timer
USA
448 Posts
Status: offline |
Posted - 05/04/2007 : 4:18:50 PM
|
Try running repadmin.exe /showrepl /verbose /all /intersite > c:\resultfile.txt
Post the resultfile |
|
|
|
bobster
Old Timer
USA
448 Posts
Status: offline |
Posted - 05/04/2007 : 4:22:51 PM
|
| Scratch looks like you already posted repadmin results |
|
|
|
bobster
Old Timer
USA
448 Posts
Status: offline |
Posted - 05/04/2007 : 4:24:26 PM
|
| Yeah if you could run that, that should give us just a little more info then just the /showreps |
|
|
|
bobster
Old Timer
USA
448 Posts
Status: offline |
Posted - 05/04/2007 : 4:27:35 PM
|
Also from the remote site, run the following and post results.
netdom query fsmo |
|
|
|
bobster
Old Timer
USA
448 Posts
Status: offline |
Posted - 05/04/2007 : 4:35:54 PM
|
| Also, which server did you run netdom restpwd on? |
|
|
|
Dapas
Welcome Newcomer
USA
13 Posts
Status: offline |
Posted - 05/07/2007 : 1:54:02 PM
|
I ran netdom resetpwd on the elementary server (remote site).
Here are the results of the repadmin result file:
repadmin running command /showrepl against server localhost
Richmond\CHARGER4
DC Options: (none)
Site Options: (none)
DC object GUID: 51ea52ef-3afb-4954-9345-2eb5237ef624
DC invocationID: 6cba6165-78c0-465a-97f6-282016f3acbb
==== INBOUND NEIGHBORS ======================================
DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Address: b1ae620b-7e56-47a0-b658-8323205bcd16._msdcs.chariho.k12.ri.us
DC invocationID: 79470702-91c2-4ce8-b3ac-5e727df00148
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 12461158/OU, 12461158/PU
Last attempt @ 2007-05-07 12:46:59 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
508 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Address: c9728cee-f2d4-4ac8-abf2-4a6059a128fa._msdcs.chariho.k12.ri.us
DC invocationID: b50f506d-3563-4d25-9af4-d989d9e369e4
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 1641016/OU, 1641016/PU
Last attempt @ 2007-05-07 12:47:01 was successful.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Address: a85304ba-cee2-44cb-bed1-6ab106b621d3._msdcs.chariho.k12.ri.us
DC invocationID: 7d9642fc-ee66-4c9e-a2a1-731a51375a3e
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 507946/OU, 507946/PU
Last attempt @ 2007-05-07 12:47:01 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
95 consecutive failure(s).
Last success @ 2007-05-03 13:46:57.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Address: 019120d8-34b8-4fa8-8f28-ae63a8071b3f._msdcs.chariho.k12.ri.us
DC invocationID: 53c0e4f0-8158-4a6f-b86e-f935c009a85f
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 668818/OU, 668818/PU
Last attempt @ 2007-05-07 12:47:01 was successful.
CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Address: b1ae620b-7e56-47a0-b658-8323205bcd16._msdcs.chariho.k12.ri.us
DC invocationID: 79470702-91c2-4ce8-b3ac-5e727df00148
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 12461254/OU, 12461254/PU
Last attempt @ 2007-05-07 12:46:59 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
508 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Address: c9728cee-f2d4-4ac8-abf2-4a6059a128fa._msdcs.chariho.k12.ri.us
DC invocationID: b50f506d-3563-4d25-9af4-d989d9e369e4
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 1641012/OU, 1641012/PU
Last attempt @ 2007-05-07 12:47:00 was successful.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Address: a85304ba-cee2-44cb-bed1-6ab106b621d3._msdcs.chariho.k12.ri.us
DC invocationID: 7d9642fc-ee66-4c9e-a2a1-731a51375a3e
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 507949/OU, 507949/PU
Last attempt @ 2007-05-07 12:47:00 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
95 consecutive failure(s).
Last success @ 2007-05-03 13:46:56.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Address: 019120d8-34b8-4fa8-8f28-ae63a8071b3f._msdcs.chariho.k12.ri.us
DC invocationID: 53c0e4f0-8158-4a6f-b86e-f935c009a85f
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 668836/OU, 668836/PU
Last attempt @ 2007-05-07 12:47:00 was successful.
CN=Schema,CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Address: b1ae620b-7e56-47a0-b658-8323205bcd16._msdcs.chariho.k12.ri.us
DC invocationID: 79470702-91c2-4ce8-b3ac-5e727df00148
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 12461158/OU, 12461158/PU
Last attempt @ 2007-05-07 12:47:00 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
508 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Address: c9728cee-f2d4-4ac8-abf2-4a6059a128fa._msdcs.chariho.k12.ri.us
DC invocationID: b50f506d-3563-4d25-9af4-d989d9e369e4
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 1640952/OU, 1640952/PU
Last attempt @ 2007-05-07 12:47:00 was successful.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Address: a85304ba-cee2-44cb-bed1-6ab106b621d3._msdcs.chariho.k12.ri.us
DC invocationID: 7d9642fc-ee66-4c9e-a2a1-731a51375a3e
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 507839/OU, 507839/PU
Last attempt @ 2007-05-07 12:47:00 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
95 consecutive failure(s).
Last success @ 2007-05-03 13:46:56.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Address: 019120d8-34b8-4fa8-8f28-ae63a8071b3f._msdcs.chariho.k12.ri.us
DC invocationID: 53c0e4f0-8158-4a6f-b86e-f935c009a85f
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 668818/OU, 668818/PU
Last attempt @ 2007-05-07 12:47:00 was successful.
DC=DomainDnsZones,DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Address: b1ae620b-7e56-47a0-b658-8323205bcd16._msdcs.chariho.k12.ri.us
DC invocationID: 79470702-91c2-4ce8-b3ac-5e727df00148
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 12461158/OU, 12461158/PU
Last attempt @ 2007-05-07 12:46:59 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
508 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Address: a85304ba-cee2-44cb-bed1-6ab106b621d3._msdcs.chariho.k12.ri.us
DC invocationID: 7d9642fc-ee66-4c9e-a2a1-731a51375a3e
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 507830/OU, 507830/PU
Last attempt @ 2007-05-07 12:47:00 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
95 consecutive failure(s).
Last success @ 2007-05-03 13:46:57.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Address: c9728cee-f2d4-4ac8-abf2-4a6059a128fa._msdcs.chariho.k12.ri.us
DC invocationID: b50f506d-3563-4d25-9af4-d989d9e369e4
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 1640952/OU, 1640952/PU
Last attempt @ 2007-05-07 12:47:01 was successful.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Address: 019120d8-34b8-4fa8-8f28-ae63a8071b3f._msdcs.chariho.k12.ri.us
DC invocationID: 53c0e4f0-8158-4a6f-b86e-f935c009a85f
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 668818/OU, 668818/PU
Last attempt @ 2007-05-07 12:47:01 was successful.
DC=ForestDnsZones,DC=chariho,DC=k12,DC=ri,DC=us
MainCampus\SONIC via RPC
DC object GUID: b1ae620b-7e56-47a0-b658-8323205bcd16
Address: b1ae620b-7e56-47a0-b658-8323205bcd16._msdcs.chariho.k12.ri.us
DC invocationID: 79470702-91c2-4ce8-b3ac-5e727df00148
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 12461158/OU, 12461158/PU
Last attempt @ 2007-05-07 12:46:59 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
508 consecutive failure(s).
Last success @ 2007-04-16 07:56:25.
Charlestown\CHARGER3 via RPC
DC object GUID: a85304ba-cee2-44cb-bed1-6ab106b621d3
Address: a85304ba-cee2-44cb-bed1-6ab106b621d3._msdcs.chariho.k12.ri.us
DC invocationID: 7d9642fc-ee66-4c9e-a2a1-731a51375a3e
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 507830/OU, 507830/PU
Last attempt @ 2007-05-07 12:47:00 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
95 consecutive failure(s).
Last success @ 2007-05-03 13:46:57.
Ashaway\CHARGER5 via RPC
DC object GUID: c9728cee-f2d4-4ac8-abf2-4a6059a128fa
Address: c9728cee-f2d4-4ac8-abf2-4a6059a128fa._msdcs.chariho.k12.ri.us
DC invocationID: b50f506d-3563-4d25-9af4-d989d9e369e4
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 1640952/OU, 1640952/PU
Last attempt @ 2007-05-07 12:47:01 was successful.
HopeValley\CHARGER6 via RPC
DC object GUID: 019120d8-34b8-4fa8-8f28-ae63a8071b3f
Address: 019120d8-34b8-4fa8-8f28-ae63a8071b3f._msdcs.chariho.k12.ri.us
DC invocationID: 53c0e4f0-8158-4a6f-b86e-f935c009a85f
DO_SCHEDULED_SYNCS WRITEABLE COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 668818/OU, 668818/PU
Last attempt @ 2007-05-07 12:47:01 was successful.
==== KCC CONNECTION OBJECTS ============================================
Connection --
Connection name : e6e75c94-cde2-489c-a385-24c930c2bf7c
Server DNS name : charger4.chariho.k12.ri.us
Server DN name : CN=NTDS Settings,CN=CHARGER4,CN=Servers,CN=Richmond,CN=Sites,CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
Source: MainCampus\SONIC
******* 508 CONSECUTIVE FAILURES since 2007-04-16 07:56:25
Last error: -2146893022 (0x80090322):
The target principal name is incorrect.
TransportType: IP
options: isGenerated overrideNotifyDefault
ReplicatesNC: CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
Reason: IntersiteTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=chariho,DC=k12,DC=ri,DC=us
Reason: IntersiteTopology
Replica link has been added.
ReplicatesNC: DC=ForestDnsZones,DC=chariho,DC=k12,DC=ri,DC=us
Reason: IntersiteTopology
Replica link has been added.
ReplicatesNC: DC=chariho,DC=k12,DC=ri,DC=us
Reason: IntersiteTopology
Replica link has been added.
enabledConnection: whenChanged: 20060627151500.0Z
whenCreated: 20060627151500.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
Connection --
Connection name : 74db0599-3ed5-42b6-bdd2-179ad315e5e3
Server DNS name : charger4.chariho.k12.ri.us
Server DN name : CN=NTDS Settings,CN=CHARGER4,CN=Servers,CN=Richmond,CN=Sites,CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
Source: Ashaway\CHARGER5
No Failures.
TransportType: IP
options: isGenerated overrideNotifyDefault
enabledConnection: whenChanged: 20070416135805.0Z
whenCreated: 20070416135805.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
Connection --
Connection name : 5c92db26-89c9-4795-b880-5ef61454ce0c
Server DNS name : charger4.chariho.k12.ri.us
Server DN name : CN=NTDS Settings,CN=CHARGER4,CN=Servers,CN=Richmond,CN=Sites,CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
Source: Charlestown\CHARGER3
******* 95 CONSECUTIVE FAILURES since 2007-05-03 13:46:57
Last error: -2146893022 (0x80090322):
The target principal name is incorrect.
TransportType: IP
options: isGenerated overrideNotifyDefault
enabledConnection: whenChanged: 20070423060152.0Z
whenCreated: 20070423060152.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
Connection --
Connection name : 71e81590-eb4a-454c-a063-5b20f6f35ac9
Server DNS name : charger4.chariho.k12.ri.us
Server DN name : CN=NTDS Settings,CN=CHARGER4,CN=Servers,CN=Richmond,CN=Sites,CN=Configuration,DC=chariho,DC=k12,DC=ri,DC=us
Source: HopeValley\CHARGER6
No Failures.
TransportType: IP
options: isGenerated overrideNotifyDefault
enabledConnection: whenChanged: 20070425100445.0Z
whenCreated: 20070425100445.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
4 connections found.
Partition Replication Schedule Loading:
00 01 02 03 04 05 06 07 08 09 10 11
0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3
Sun: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Sun: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Mon: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Mon: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Tue: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Tue: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Wed: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Wed: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Thu: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Thu: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Fri: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Fri: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Sat: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Sat: 130000001300000013000000130000001300000013000000130000001300000013000000130000001300000013000000
Here is the result of the Netdom Query FSMO:
C:\Program Files\Support Tools>netdom query fsmo
Schema owner sonic.chariho.k12.ri.us
Domain role owner sonic.chariho.k12.ri.us
PDC role sonic.chariho.k12.ri.us
RID pool manager sonic.chariho.k12.ri.us
Infrastructure owner sonic.chariho.k12.ri.us
The command completed successfully.
Sonic is the primary domain controller on the main campus.
|
|
|
|
bobster
Old Timer
USA
448 Posts
Status: offline |
Posted - 05/07/2007 : 2:40:06 PM
|
| By chance, has there been any firewall changes that may be blocking port 389? |
|
|
|
Dapas
Welcome Newcomer
USA
13 Posts
Status: offline |
Posted - 05/07/2007 : 2:59:11 PM
|
| No. Actually, our remote sites are insite our firewall. I thought the same thing at first, but everything is inside the firewall. |
|
|
|
Dapas
Welcome Newcomer
USA
13 Posts
Status: offline |
Posted - 05/10/2007 : 1:03:52 PM
|
| I couldn't wait any longer. I ended up calling Microsoft. Spent 19 hours on the phone over the past 3 days. Broken secure channel re-established after an unbelieveable fight. |
|
|
|
bobster
Old Timer
USA
448 Posts
Status: offline |
Posted - 05/10/2007 : 1:16:02 PM
|
| I would be interested in the steps they walked you through to fix this issue. Sounds like it was involved. |
|
|
|
Rhonda
Moderator
USA
470 Posts
Status: offline |
Posted - 05/10/2007 : 1:17:21 PM
|
| I want to hear what the fight was about..... |
Setup and Deployment MVP
Follow my Tweet at RhondaLayfield |
|
|
|
Dapas
Welcome Newcomer
USA
13 Posts
Status: offline |
Posted - 05/10/2007 : 3:04:27 PM
|
Here are the steps that were taken right from the case notes. I substituted the word computername for our domain controller.
RESOLUTION
============
-network se v-11tcai worked with customer on the dns issue
-dns resolution works fine now and all dns records for all dc's are represented
-now we can access every remote dc from main dc computername using \\server-name or \\ip-address
-but from every remote dc we can access main dc computername only by \\ip-address
-when try to access by \\computername, we get error: "\\computername is not accessible....logon failure: the target account name is incorrect".
-we can access computername from every remote dc by \\ip-address
-at this point we need to reset secure channel between computername and every remote dc in both ways
-since no reboot of any server is possible - we need to reset in both ways sec. channels using next procedure:
1-RDP to the server using /console switch: mstsc /console
2-download and install kerbtray.exe
3-stop kdc service
4-netdom resetpwd /server:goodDCname /userd:NetBIOSDomainName\administrator /passwordd:*
6-run "AT <time> /interactive cmd" to get interactive command prompt under system account
7-using interactive cmd, go to kerbtray.exe installation directory and run kerbtray.exe
8-purge all kerb. tickets from kerbtray in system try
9-force ad replication using dctoolbox, adss and repadmin /showreps
10-start stopped kdc service
-all 10 steps above was performed in both ways for every domain controller and ad replication started working, replication errors disappeared
-tested ad replication with repadmin and replmon
-issue was resolved
I did not actually fight with Microsoft. The fight was with the machines!
|
|
|
|
axelf911
Welcome Newcomer
1 Posts
Status: offline |
Posted - 05/15/2007 : 5:22:34 PM
|
Hi Dapas,
I'm so glad I was able to find your message posting. I too am having the same problem that you have and haven't found any decent solutions on the web except for yours. I have a couple of questions that perhaps you might be able to answer:
-You mention all 10 steps above was performed in both ways for every domain controller and ad replication started working
What do you mean by both ways? And did you do all the steps for each Domain Controller computer and then force replication, or did you force replication for each domain controller individually after finishing the steps? How would replication work for the computers that haven't gone through the steps yet?
-You mention that you could not restart the computers. If you could restart the computers, what would be the change in the steps?
-What is the purpose of Kerbtray.exe? In most Microsoft KB support articles, they mention about resetting the password using NetDOM, but nowhere do they mention about kerbtray program. Did that have something to do with not being able to restart the computer?
Axel |
|
|
|
Dapas
Welcome Newcomer
USA
13 Posts
Status: offline |
Posted - 05/16/2007 : 1:07:58 PM
|
Axel,
The steps I have posted are directly from Microsoft's case file notes. We didn't have the option to reboot the servers during the day, which is why we had to perform many extra steps. Each step was performed on each domain controller, then on the primary domain controller each time. We did force replication between the primary domain controller and the remote site after each was complete. In theory, we only needed to do each step once, provided you could reboot the servers. I will say that the first night we attempted this, I was able to reboot one of the remote sites and the primary domain controller, but it still didn't work. The purpose of Kerbtray was to eliminate the reboot process on the domain controllers. |
|
|
| |
Topic |
|
|
|
Replication Problems
