Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Active Directory
 Windows 2008 DC Replication Problems		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

hunglikethor
Welcome Newcomer

USA
4 Posts
Status: offline
Posted - 08/13/2008 :  9:49:06 PM  Show Profile  Visit hunglikethor's Homepage  Reply with Quote
I have a native Windows 2003 R2 SP2 active directory domain with 3 Windows 2003 R2 SP2 DCs and one Windows 2008 32 bit DC. The Windows 2008 DC is having replication problems (AD FRS, DFSR). If left on its own it finally replicates after about 10 hours. If The Windows 2003 R2 DCs replicate with no issues, and replicate to the Windows 2008 Dc without issue. It is only the Windows 2008 DC to other Windows 2003 R2 DCs which is the issue. The Windows 2008 DC is also a DFSR file server, and has trouble establishing link to the other Windows 2003 R2 DFSR servers for the first 10 hours after reboot.

If I implement the suggested steps user "Dapas" does in " http://web2.minasi.com/forum/topic.asp?TOPIC_ID=22452 " on the Windows 2008 Dc and restart the ntfrs and dfsr services I am able to get the Windows 2008 DC to replicate FRS and DFSR. I could write a batch file that performs the needed steps after rebbot, but theri must be a better way.

I have consulted Microsoft on this and the folks in India are clueless. If user "Dapas" could shed some more light on this problem (or anyone else for that matter) much appreciated. How might I contact network se v-11tcai ?

results of "repadmin /showreps" on the Windows 2008 DC are shown below for reference prior to successful replication:

C:\Users\Administrator.000>repadmin /showreps
TimeWarnerOrange\BLOWJOB
DC Options: (none)
Site Options: IS_GROUP_CACHING_ENABLED
DC object GUID: 58b70d3a-2a55-4c94-9d09-a3ae4ebdfee0
DC invocationID: 9db29937-6846-493e-aa7c-866ab409a767

==== INBOUND NEIGHBORS ======================================

DC=mmicmanhomenet,DC=local
LakeForest\KASHMIR via RPC
DC object GUID: 0f68070c-073b-41e0-9a45-8baf1761f94d
Last attempt @ 2008-08-13 18:45:37 failed, result 1396 (0x574):
Logon Failure: The target account name is incorrect.
19 consecutive failure(s).
Last success @ 2008-08-13 13:51:38.
Orange\NEO via RPC
DC object GUID: 523651bf-a4c1-44a2-b0f6-c70b60b4785e
Last attempt @ 2008-08-13 18:45:38 failed, result 1396 (0x574):
Logon Failure: The target account name is incorrect.
19 consecutive failure(s).
Last success @ 2008-08-13 13:51:38.
TimeWarnerOrange\NOQUARTER via RPC
DC object GUID: 5c295bd8-1ed4-4c0d-97a8-2869929a632d
Last attempt @ 2008-08-13 18:46:59 was successful.

CN=Configuration,DC=mmicmanhomenet,DC=local
TimeWarnerOrange\NOQUARTER via RPC
DC object GUID: 5c295bd8-1ed4-4c0d-97a8-2869929a632d
Last attempt @ 2008-08-13 18:45:38 was successful.
Orange\NEO via RPC
DC object GUID: 523651bf-a4c1-44a2-b0f6-c70b60b4785e
Last attempt @ 2008-08-13 18:45:38 failed, result 1396 (0x574):
Logon Failure: The target account name is incorrect.
18 consecutive failure(s).
Last success @ 2008-08-13 13:51:37.
LakeForest\KASHMIR via RPC
DC object GUID: 0f68070c-073b-41e0-9a45-8baf1761f94d
Last attempt @ 2008-08-13 18:45:38 failed, result 1396 (0x574):
Logon Failure: The target account name is incorrect.
18 consecutive failure(s).
Last success @ 2008-08-13 13:51:38.

CN=Schema,CN=Configuration,DC=mmicmanhomenet,DC=local
TimeWarnerOrange\NOQUARTER via RPC
DC object GUID: 5c295bd8-1ed4-4c0d-97a8-2869929a632d
Last attempt @ 2008-08-13 18:45:38 was successful.
LakeForest\KASHMIR via RPC
DC object GUID: 0f68070c-073b-41e0-9a45-8baf1761f94d
Last attempt @ 2008-08-13 18:45:38 failed, result 1396 (0x574):
Logon Failure: The target account name is incorrect.
18 consecutive failure(s).
Last success @ 2008-08-13 13:51:38.
Orange\NEO via RPC
DC object GUID: 523651bf-a4c1-44a2-b0f6-c70b60b4785e
Last attempt @ 2008-08-13 18:45:38 failed, result 1396 (0x574):
Logon Failure: The target account name is incorrect.
18 consecutive failure(s).
Last success @ 2008-08-13 13:51:38.

DC=ForestDnsZones,DC=mmicmanhomenet,DC=local
LakeForest\KASHMIR via RPC
DC object GUID: 0f68070c-073b-41e0-9a45-8baf1761f94d
Last attempt @ 2008-08-13 18:45:37 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
18 consecutive failure(s).
Last success @ 2008-08-13 13:51:38.
TimeWarnerOrange\NOQUARTER via RPC
DC object GUID: 5c295bd8-1ed4-4c0d-97a8-2869929a632d
Last attempt @ 2008-08-13 18:45:38 was successful.
Orange\NEO via RPC
DC object GUID: 523651bf-a4c1-44a2-b0f6-c70b60b4785e
Last attempt @ 2008-08-13 18:45:38 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
18 consecutive failure(s).
Last success @ 2008-08-13 13:51:38.

DC=DomainDnsZones,DC=mmicmanhomenet,DC=local
LakeForest\KASHMIR via RPC
DC object GUID: 0f68070c-073b-41e0-9a45-8baf1761f94d
Last attempt @ 2008-08-13 18:45:37 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
18 consecutive failure(s).
Last success @ 2008-08-13 13:51:39.
TimeWarnerOrange\NOQUARTER via RPC
DC object GUID: 5c295bd8-1ed4-4c0d-97a8-2869929a632d
Last attempt @ 2008-08-13 18:45:38 was successful.
Orange\NEO via RPC
DC object GUID: 523651bf-a4c1-44a2-b0f6-c70b60b4785e
Last attempt @ 2008-08-13 18:45:38 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
18 consecutive failure(s).
Last success @ 2008-08-13 13:51:39.

Source: LakeForest\KASHMIR
******* 18 CONSECUTIVE FAILURES since 2008-08-13 13:51:39
Last error: 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.

Source: Orange\NEO
******* 18 CONSECUTIVE FAILURES since 2008-08-13 13:51:39
Last error: 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.

C:\Users\Administrator.000>

wkasdo
Moderator

Netherlands
6140 Posts
Status: offline
Posted - 08/14/2008 :  02:33:29 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
This output strongly suggests connectivity problems.
- primary suspect is DNS config. Did you run dcdiag for the new DC?
- firewalls could also cause trouble.

Go to Top of Page

hunglikethor
Welcome Newcomer

USA
4 Posts
Status: offline
Posted - 08/15/2008 :  12:02:24 PM  Show Profile  Visit hunglikethor's Homepage  Reply with Quote
connections inbound to Windows 2008 DC no problem; it is outbound which is the issue. I disabled Windows Firewall on ALL other domain controllers (Windows 2003 R2 SP2 DCs) and same problem occurs. if I wait ~ 10 hours the problem corrects itself. If I implement the solution discussed in http://web2.minasi.com/forum/topic.asp?TOPIC_ID=22452 two-way replication (AD, FRS, DFSR) is restored.

Note this problem does NOT occur after reboot of the Windows 2003 R2 SP2 DCs, only the Windows 2008 DC. the DNS client of hte Windows 2008 DC points to the PDC role holder (64-bit Windows 2003 R2 SP2) DC.
Go to Top of Page

hunglikethor
Welcome Newcomer

USA
4 Posts
Status: offline
Posted - 08/15/2008 :  12:04:07 PM  Show Profile  Visit hunglikethor's Homepage  Reply with Quote
FYI DFSR Event log errors:

The DFS Replication service encountered an error communicating with partner NEO for replication group MainShare.

Partner DNS address: neo.mmicmanhomenet.local

Optional data if available:
Partner WINS Address: neo
Partner IP Address: 192.168.1.107

The service will retry the connection periodically.

Additional Information:
Error: 5 (Access is denied.)
Connection ID: 48E25AF4-01AF-40AE-BD1A-9DCBF8526504
Replication Group ID: 1AE593A6-6F07-455E-B87D-3704C9295E32
Go to Top of Page

wkasdo
Moderator

Netherlands
6140 Posts
Status: offline
Posted - 08/15/2008 :  5:00:20 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Our friend in the thread you linked to had a bad DNS setup for some time, and didn't want to boot his machines. Still, root cause was bad DNS, which is 80% of AD trouble anyway. So it wouldn't hurt to make sure your DNS is ok, with all records registered.
Go to Top of Page

hunglikethor
Welcome Newcomer

USA
4 Posts
Status: offline
Posted - 08/16/2008 :  12:46:14 PM  Show Profile  Visit hunglikethor's Homepage  Reply with Quote
Found problem; needed hotfix. http://support.microsoft.com/kb/939820/en-us

Needed to apply to ALL Windows 2003 R2 SP2 domain controllers. After that AD replication was fine on Windows 2008 DC
Go to Top of Page

wkasdo
Moderator

Netherlands
6140 Posts
Status: offline
Posted - 08/16/2008 :  3:57:17 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Wow. I never would have guessed. So did you actually "You have performed an authoritative restoration on the Users container in the Active Directory directory service.", as stated in the article?
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2009 Mark Minasi Go To Top Of Page
This page was generated in 0.3 seconds. Snitz Forums 2000