Sign in with
Sign up | Sign in
Your question

Replication Errors

Tags:
Last response: in Windows 2000/NT
Share
Anonymous
January 5, 2005 11:57:01 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the Global
Catalog.
Since this morning DC1 seems to have a problem replicating to DC2 and DC3 in
the same domain.

The error I get on DC1 is as follows:
Source: NTDS KCC
Error Event ID 1311
"The Directory Service consistency checker has determined that either,
(a)there is not enough physical connectivity published via the Acrtive
Directory Sites and Services Manager to create a spanning tree to connecting
all the sites containing the Partition DC=xxx,DC=ca, or (b) replication
cannot be performed with one or more critical servers in order for changes to
propogate across all sites (most often being due to the servers being
unreachable)
I also get Error Event ID 1265 which says "The RPC server is to busy to
complete this operation."

The errors I get on DC2 and DC3 are:
Event ID 1126: "unable to establish connection with the Global Catalog."
Event ID 1655: "the attempt to communicate with global catalog \\DC.xxx.ca
failed with the following status. The RPC Server is to busy to complete this
operation.

No changes were made to any of the DC's before this problem occured.
No DC's were demoted and their time are all in sync.
I tried making DC3 a GC, but I still have users that cannot be
authenticated, and none can connect to the web via my proxy server.

Can you please help?????

More about : replication errors

Anonymous
January 6, 2005 2:00:59 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?

Also, run dcdiag on each DC.
post the results here.



--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Johan" <johan@rona.ca> wrote in message
news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
>I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the Global
> Catalog.
> Since this morning DC1 seems to have a problem replicating to DC2 and DC3
> in
> the same domain.
>
> The error I get on DC1 is as follows:
> Source: NTDS KCC
> Error Event ID 1311
> "The Directory Service consistency checker has determined that either,
> (a)there is not enough physical connectivity published via the Acrtive
> Directory Sites and Services Manager to create a spanning tree to
> connecting
> all the sites containing the Partition DC=xxx,DC=ca, or (b) replication
> cannot be performed with one or more critical servers in order for changes
> to
> propogate across all sites (most often being due to the servers being
> unreachable)
> I also get Error Event ID 1265 which says "The RPC server is to busy to
> complete this operation."
>
> The errors I get on DC2 and DC3 are:
> Event ID 1126: "unable to establish connection with the Global Catalog."
> Event ID 1655: "the attempt to communicate with global catalog \\DC.xxx.ca
> failed with the following status. The RPC Server is to busy to complete
> this
> operation.
>
> No changes were made to any of the DC's before this problem occured.
> No DC's were demoted and their time are all in sync.
> I tried making DC3 a GC, but I still have users that cannot be
> authenticated, and none can connect to the web via my proxy server.
>
> Can you please help?????
>
Anonymous
January 6, 2005 2:11:02 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Glenn,

All the DC's are within 1min of each other, and I have rebooted all the DC's
a number of times. I ran dcdiag and here are the results:

DC1
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP required

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

DC2
Domain Controller Diagnosis

Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..

DC3
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it would
not allow me

Thanks

Johan

"Glenn L" wrote:

> These are typiccally a kerberos time skew issue.
> Verify all DCs are withing 5 minutes of each other.
> If that does not take care of things, have you rebooted DC1?
>
> Also, run dcdiag on each DC.
> post the results here.
>
>
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Johan" <johan@rona.ca> wrote in message
> news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
> >I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the Global
> > Catalog.
> > Since this morning DC1 seems to have a problem replicating to DC2 and DC3
> > in
> > the same domain.
> >
> > The error I get on DC1 is as follows:
> > Source: NTDS KCC
> > Error Event ID 1311
> > "The Directory Service consistency checker has determined that either,
> > (a)there is not enough physical connectivity published via the Acrtive
> > Directory Sites and Services Manager to create a spanning tree to
> > connecting
> > all the sites containing the Partition DC=xxx,DC=ca, or (b) replication
> > cannot be performed with one or more critical servers in order for changes
> > to
> > propogate across all sites (most often being due to the servers being
> > unreachable)
> > I also get Error Event ID 1265 which says "The RPC server is to busy to
> > complete this operation."
> >
> > The errors I get on DC2 and DC3 are:
> > Event ID 1126: "unable to establish connection with the Global Catalog."
> > Event ID 1655: "the attempt to communicate with global catalog \\DC.xxx.ca
> > failed with the following status. The RPC Server is to busy to complete
> > this
> > operation.
> >
> > No changes were made to any of the DC's before this problem occured.
> > No DC's were demoted and their time are all in sync.
> > I tried making DC3 a GC, but I still have users that cannot be
> > authenticated, and none can connect to the web via my proxy server.
> >
> > Can you please help?????
> >
>
>
>
Related resources
Can't find your answer ? Ask !
Anonymous
January 6, 2005 9:56:34 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Johan,
Does r101ns02 hold any FSMO roles or do anything else besides DC work?
The quickest way back to health for r101ns02 is to force demote it, do a
metadata cleanup of r101ns02 using KB216498, then repromote it.

If you execute repadmin /showreps from r101ns02, do you get the LDAP bind
error?
Execute repadmin /showreps from R101NS01 and R101NS05, are they getting
replication from R101NS02?

If you want to continue to troubleshoot, then the next step is to reset the
machine account password of the DC with the domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
Aftger you reset the password and initiate the reboot, be sure to force
replication between R101NS01 and R101NS05

--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Johan" <johan@rona.ca> wrote in message
news:FADD81D1-1D26-4BF5-8D95-5EF5924D6A35@microsoft.com...
> Hi Glenn,
>
> All the DC's are within 1min of each other, and I have rebooted all the
> DC's
> a number of times. I ran dcdiag and here are the results:
>
> DC1
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: SSC\R101NS01
> Starting test: Connectivity
> ......................... R101NS01 passed test Connectivity
>
> Doing primary tests
>
> Testing server: SSC\R101NS01
> Starting test: Replications
> ......................... R101NS01 passed test Replications
> Starting test: NCSecDesc
> ......................... R101NS01 passed test NCSecDesc
> Starting test: NetLogons
> ......................... R101NS01 passed test NetLogons
> Starting test: Advertising
> ......................... R101NS01 passed test Advertising
> Starting test: KnowsOfRoleHolders
> ......................... R101NS01 passed test KnowsOfRoleHolders
> Starting test: RidManager
> ......................... R101NS01 passed test RidManager
> Starting test: MachineAccount
> ......................... R101NS01 passed test MachineAccount
> Starting test: Services
> ......................... R101NS01 passed test Services
> Starting test: ObjectsReplicated
> ......................... R101NS01 passed test ObjectsReplicated
> Starting test: frssysvol
> There are errors after the SYSVOL has been shared.
> The SYSVOL can prevent the AD from starting.
> ......................... R101NS01 passed test frssysvol
> Starting test: kccevent
> ......................... R101NS01 passed test kccevent
> Starting test: systemlog
> An Error Event occured. EventID: 0x00000457
> Time Generated: 01/06/2005 07:09:11
> Event String: Driver Xerox Phaser 790 required for printer
>
> An Error Event occured. EventID: 0x00000452
> Time Generated: 01/06/2005 07:09:11
> Event String: The printer could not be installed.
> An Error Event occured. EventID: 0x00000457
> Time Generated: 01/06/2005 07:09:14
> Event String: Driver Xerox Phaser 790 required for printer
>
> An Error Event occured. EventID: 0x00000452
> Time Generated: 01/06/2005 07:09:14
> Event String: The printer could not be installed.
> An Error Event occured. EventID: 0x00000457
> Time Generated: 01/06/2005 07:09:24
> Event String: Driver HP DesignJet 450C (E/A0) by HP required
>
> An Error Event occured. EventID: 0x00000452
> Time Generated: 01/06/2005 07:09:24
> Event String: The printer could not be installed.
> ......................... R101NS01 failed test systemlog
>
> Running enterprise tests on : rona.ca
> Starting test: Intersite
> ......................... rona.ca passed test Intersite
> Starting test: FsmoCheck
> ......................... rona.ca passed test FsmoCheck
>
> DC2
> Domain Controller Diagnosis
>
> Performing initial setup:
> [r101ns02] LDAP bind failed with error 31,
> A device attached to the system is not functioning..
>
> DC3
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: SSC\R101NS05
> Starting test: Connectivity
> ......................... R101NS05 passed test Connectivity
>
> Doing primary tests
>
> Testing server: SSC\R101NS05
> Starting test: Replications
> ......................... R101NS05 passed test Replications
> Starting test: NCSecDesc
> ......................... R101NS05 passed test NCSecDesc
> Starting test: NetLogons
> ......................... R101NS05 passed test NetLogons
> Starting test: Advertising
> ......................... R101NS05 passed test Advertising
> Starting test: KnowsOfRoleHolders
> ......................... R101NS05 passed test KnowsOfRoleHolders
> Starting test: RidManager
> ......................... R101NS05 passed test RidManager
> Starting test: MachineAccount
> ......................... R101NS05 passed test MachineAccount
> Starting test: Services
> ......................... R101NS05 passed test Services
> Starting test: ObjectsReplicated
> ......................... R101NS05 passed test ObjectsReplicated
> Starting test: frssysvol
> There are errors after the SYSVOL has been shared.
> The SYSVOL can prevent the AD from starting.
> ......................... R101NS05 passed test frssysvol
> Starting test: kccevent
> ......................... R101NS05 passed test kccevent
> Starting test: systemlog
> ......................... R101NS05 passed test systemlog
>
> Running enterprise tests on : rona.ca
> Starting test: Intersite
> ......................... rona.ca passed test Intersite
> Starting test: FsmoCheck
> ......................... rona.ca passed test FsmoCheck
>
> I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it would
> not allow me
>
> Thanks
>
> Johan
>
> "Glenn L" wrote:
>
>> These are typiccally a kerberos time skew issue.
>> Verify all DCs are withing 5 minutes of each other.
>> If that does not take care of things, have you rebooted DC1?
>>
>> Also, run dcdiag on each DC.
>> post the results here.
>>
>>
>>
>> --
>> Glenn L
>> CCNA, MCSE 2000/2003 + Security
>>
>> "Johan" <johan@rona.ca> wrote in message
>> news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
>> >I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the
>> >Global
>> > Catalog.
>> > Since this morning DC1 seems to have a problem replicating to DC2 and
>> > DC3
>> > in
>> > the same domain.
>> >
>> > The error I get on DC1 is as follows:
>> > Source: NTDS KCC
>> > Error Event ID 1311
>> > "The Directory Service consistency checker has determined that either,
>> > (a)there is not enough physical connectivity published via the Acrtive
>> > Directory Sites and Services Manager to create a spanning tree to
>> > connecting
>> > all the sites containing the Partition DC=xxx,DC=ca, or (b) replication
>> > cannot be performed with one or more critical servers in order for
>> > changes
>> > to
>> > propogate across all sites (most often being due to the servers being
>> > unreachable)
>> > I also get Error Event ID 1265 which says "The RPC server is to busy to
>> > complete this operation."
>> >
>> > The errors I get on DC2 and DC3 are:
>> > Event ID 1126: "unable to establish connection with the Global
>> > Catalog."
>> > Event ID 1655: "the attempt to communicate with global catalog
>> > \\DC.xxx.ca
>> > failed with the following status. The RPC Server is to busy to complete
>> > this
>> > operation.
>> >
>> > No changes were made to any of the DC's before this problem occured.
>> > No DC's were demoted and their time are all in sync.
>> > I tried making DC3 a GC, but I still have users that cannot be
>> > authenticated, and none can connect to the web via my proxy server.
>> >
>> > Can you please help?????
>> >
>>
>>
>>
Anonymous
January 7, 2005 4:39:02 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Glen,

Yes, R101NS02 is the Infrastructure Update Master, and it did not bind when
I ran repadmin /showreps. Here are the results:

R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error 82
(local error)

R101NS01 and R101NS05 seemed to have worked fine, and they show they were
successful with R101NS02.
I couldn't capture this info for you, could not find the /switch

Thanks

Johan

I

"Glenn L" wrote:

> Johan,
> Does r101ns02 hold any FSMO roles or do anything else besides DC work?
> The quickest way back to health for r101ns02 is to force demote it, do a
> metadata cleanup of r101ns02 using KB216498, then repromote it.
>
> If you execute repadmin /showreps from r101ns02, do you get the LDAP bind
> error?
> Execute repadmin /showreps from R101NS01 and R101NS05, are they getting
> replication from R101NS02?
>
> If you want to continue to troubleshoot, then the next step is to reset the
> machine account password of the DC with the domain.
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
> Aftger you reset the password and initiate the reboot, be sure to force
> replication between R101NS01 and R101NS05
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Johan" <johan@rona.ca> wrote in message
> news:FADD81D1-1D26-4BF5-8D95-5EF5924D6A35@microsoft.com...
> > Hi Glenn,
> >
> > All the DC's are within 1min of each other, and I have rebooted all the
> > DC's
> > a number of times. I ran dcdiag and here are the results:
> >
> > DC1
> > Domain Controller Diagnosis
> >
> > Performing initial setup:
> > Done gathering initial info.
> >
> > Doing initial required tests
> >
> > Testing server: SSC\R101NS01
> > Starting test: Connectivity
> > ......................... R101NS01 passed test Connectivity
> >
> > Doing primary tests
> >
> > Testing server: SSC\R101NS01
> > Starting test: Replications
> > ......................... R101NS01 passed test Replications
> > Starting test: NCSecDesc
> > ......................... R101NS01 passed test NCSecDesc
> > Starting test: NetLogons
> > ......................... R101NS01 passed test NetLogons
> > Starting test: Advertising
> > ......................... R101NS01 passed test Advertising
> > Starting test: KnowsOfRoleHolders
> > ......................... R101NS01 passed test KnowsOfRoleHolders
> > Starting test: RidManager
> > ......................... R101NS01 passed test RidManager
> > Starting test: MachineAccount
> > ......................... R101NS01 passed test MachineAccount
> > Starting test: Services
> > ......................... R101NS01 passed test Services
> > Starting test: ObjectsReplicated
> > ......................... R101NS01 passed test ObjectsReplicated
> > Starting test: frssysvol
> > There are errors after the SYSVOL has been shared.
> > The SYSVOL can prevent the AD from starting.
> > ......................... R101NS01 passed test frssysvol
> > Starting test: kccevent
> > ......................... R101NS01 passed test kccevent
> > Starting test: systemlog
> > An Error Event occured. EventID: 0x00000457
> > Time Generated: 01/06/2005 07:09:11
> > Event String: Driver Xerox Phaser 790 required for printer
> >
> > An Error Event occured. EventID: 0x00000452
> > Time Generated: 01/06/2005 07:09:11
> > Event String: The printer could not be installed.
> > An Error Event occured. EventID: 0x00000457
> > Time Generated: 01/06/2005 07:09:14
> > Event String: Driver Xerox Phaser 790 required for printer
> >
> > An Error Event occured. EventID: 0x00000452
> > Time Generated: 01/06/2005 07:09:14
> > Event String: The printer could not be installed.
> > An Error Event occured. EventID: 0x00000457
> > Time Generated: 01/06/2005 07:09:24
> > Event String: Driver HP DesignJet 450C (E/A0) by HP required
> >
> > An Error Event occured. EventID: 0x00000452
> > Time Generated: 01/06/2005 07:09:24
> > Event String: The printer could not be installed.
> > ......................... R101NS01 failed test systemlog
> >
> > Running enterprise tests on : rona.ca
> > Starting test: Intersite
> > ......................... rona.ca passed test Intersite
> > Starting test: FsmoCheck
> > ......................... rona.ca passed test FsmoCheck
> >
> > DC2
> > Domain Controller Diagnosis
> >
> > Performing initial setup:
> > [r101ns02] LDAP bind failed with error 31,
> > A device attached to the system is not functioning..
> >
> > DC3
> > Domain Controller Diagnosis
> >
> > Performing initial setup:
> > Done gathering initial info.
> >
> > Doing initial required tests
> >
> > Testing server: SSC\R101NS05
> > Starting test: Connectivity
> > ......................... R101NS05 passed test Connectivity
> >
> > Doing primary tests
> >
> > Testing server: SSC\R101NS05
> > Starting test: Replications
> > ......................... R101NS05 passed test Replications
> > Starting test: NCSecDesc
> > ......................... R101NS05 passed test NCSecDesc
> > Starting test: NetLogons
> > ......................... R101NS05 passed test NetLogons
> > Starting test: Advertising
> > ......................... R101NS05 passed test Advertising
> > Starting test: KnowsOfRoleHolders
> > ......................... R101NS05 passed test KnowsOfRoleHolders
> > Starting test: RidManager
> > ......................... R101NS05 passed test RidManager
> > Starting test: MachineAccount
> > ......................... R101NS05 passed test MachineAccount
> > Starting test: Services
> > ......................... R101NS05 passed test Services
> > Starting test: ObjectsReplicated
> > ......................... R101NS05 passed test ObjectsReplicated
> > Starting test: frssysvol
> > There are errors after the SYSVOL has been shared.
> > The SYSVOL can prevent the AD from starting.
> > ......................... R101NS05 passed test frssysvol
> > Starting test: kccevent
> > ......................... R101NS05 passed test kccevent
> > Starting test: systemlog
> > ......................... R101NS05 passed test systemlog
> >
> > Running enterprise tests on : rona.ca
> > Starting test: Intersite
> > ......................... rona.ca passed test Intersite
> > Starting test: FsmoCheck
> > ......................... rona.ca passed test FsmoCheck
> >
> > I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it would
> > not allow me
> >
> > Thanks
> >
> > Johan
> >
> > "Glenn L" wrote:
> >
> >> These are typiccally a kerberos time skew issue.
> >> Verify all DCs are withing 5 minutes of each other.
> >> If that does not take care of things, have you rebooted DC1?
> >>
> >> Also, run dcdiag on each DC.
> >> post the results here.
> >>
> >>
> >>
> >> --
> >> Glenn L
> >> CCNA, MCSE 2000/2003 + Security
> >>
> >> "Johan" <johan@rona.ca> wrote in message
> >> news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
> >> >I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the
> >> >Global
> >> > Catalog.
> >> > Since this morning DC1 seems to have a problem replicating to DC2 and
> >> > DC3
> >> > in
> >> > the same domain.
> >> >
> >> > The error I get on DC1 is as follows:
> >> > Source: NTDS KCC
> >> > Error Event ID 1311
> >> > "The Directory Service consistency checker has determined that either,
> >> > (a)there is not enough physical connectivity published via the Acrtive
> >> > Directory Sites and Services Manager to create a spanning tree to
> >> > connecting
> >> > all the sites containing the Partition DC=xxx,DC=ca, or (b) replication
> >> > cannot be performed with one or more critical servers in order for
> >> > changes
> >> > to
> >> > propogate across all sites (most often being due to the servers being
> >> > unreachable)
> >> > I also get Error Event ID 1265 which says "The RPC server is to busy to
> >> > complete this operation."
> >> >
> >> > The errors I get on DC2 and DC3 are:
> >> > Event ID 1126: "unable to establish connection with the Global
> >> > Catalog."
> >> > Event ID 1655: "the attempt to communicate with global catalog
> >> > \\DC.xxx.ca
> >> > failed with the following status. The RPC Server is to busy to complete
> >> > this
> >> > operation.
> >> >
> >> > No changes were made to any of the DC's before this problem occured.
> >> > No DC's were demoted and their time are all in sync.
> >> > I tried making DC3 a GC, but I still have users that cannot be
> >> > authenticated, and none can connect to the web via my proxy server.
> >> >
> >> > Can you please help?????
> >> >
> >>
> >>
> >>
>
>
>
Anonymous
January 8, 2005 1:56:21 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

what is the network configuration or R101NS02? Do an IPCONFIG /ALL


--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Johan" <johan@rona.ca> wrote in message
news:34FA1ECD-B7DF-4CB1-84B8-B70F7792D559@microsoft.com...
> Hi Glen,
>
> Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
> when
> I ran repadmin /showreps. Here are the results:
>
> R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error 82
> (local error)
>
> R101NS01 and R101NS05 seemed to have worked fine, and they show they were
> successful with R101NS02.
> I couldn't capture this info for you, could not find the /switch
>
> Thanks
>
> Johan
>
> I
>
> "Glenn L" wrote:
>
>> Johan,
>> Does r101ns02 hold any FSMO roles or do anything else besides DC work?
>> The quickest way back to health for r101ns02 is to force demote it, do a
>> metadata cleanup of r101ns02 using KB216498, then repromote it.
>>
>> If you execute repadmin /showreps from r101ns02, do you get the LDAP bind
>> error?
>> Execute repadmin /showreps from R101NS01 and R101NS05, are they getting
>> replication from R101NS02?
>>
>> If you want to continue to troubleshoot, then the next step is to reset
>> the
>> machine account password of the DC with the domain.
>> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
>> Aftger you reset the password and initiate the reboot, be sure to force
>> replication between R101NS01 and R101NS05
>>
>> --
>> Glenn L
>> CCNA, MCSE 2000/2003 + Security
>>
>> "Johan" <johan@rona.ca> wrote in message
>> news:FADD81D1-1D26-4BF5-8D95-5EF5924D6A35@microsoft.com...
>> > Hi Glenn,
>> >
>> > All the DC's are within 1min of each other, and I have rebooted all the
>> > DC's
>> > a number of times. I ran dcdiag and here are the results:
>> >
>> > DC1
>> > Domain Controller Diagnosis
>> >
>> > Performing initial setup:
>> > Done gathering initial info.
>> >
>> > Doing initial required tests
>> >
>> > Testing server: SSC\R101NS01
>> > Starting test: Connectivity
>> > ......................... R101NS01 passed test Connectivity
>> >
>> > Doing primary tests
>> >
>> > Testing server: SSC\R101NS01
>> > Starting test: Replications
>> > ......................... R101NS01 passed test Replications
>> > Starting test: NCSecDesc
>> > ......................... R101NS01 passed test NCSecDesc
>> > Starting test: NetLogons
>> > ......................... R101NS01 passed test NetLogons
>> > Starting test: Advertising
>> > ......................... R101NS01 passed test Advertising
>> > Starting test: KnowsOfRoleHolders
>> > ......................... R101NS01 passed test
>> > KnowsOfRoleHolders
>> > Starting test: RidManager
>> > ......................... R101NS01 passed test RidManager
>> > Starting test: MachineAccount
>> > ......................... R101NS01 passed test MachineAccount
>> > Starting test: Services
>> > ......................... R101NS01 passed test Services
>> > Starting test: ObjectsReplicated
>> > ......................... R101NS01 passed test
>> > ObjectsReplicated
>> > Starting test: frssysvol
>> > There are errors after the SYSVOL has been shared.
>> > The SYSVOL can prevent the AD from starting.
>> > ......................... R101NS01 passed test frssysvol
>> > Starting test: kccevent
>> > ......................... R101NS01 passed test kccevent
>> > Starting test: systemlog
>> > An Error Event occured. EventID: 0x00000457
>> > Time Generated: 01/06/2005 07:09:11
>> > Event String: Driver Xerox Phaser 790 required for printer
>> >
>> > An Error Event occured. EventID: 0x00000452
>> > Time Generated: 01/06/2005 07:09:11
>> > Event String: The printer could not be installed.
>> > An Error Event occured. EventID: 0x00000457
>> > Time Generated: 01/06/2005 07:09:14
>> > Event String: Driver Xerox Phaser 790 required for printer
>> >
>> > An Error Event occured. EventID: 0x00000452
>> > Time Generated: 01/06/2005 07:09:14
>> > Event String: The printer could not be installed.
>> > An Error Event occured. EventID: 0x00000457
>> > Time Generated: 01/06/2005 07:09:24
>> > Event String: Driver HP DesignJet 450C (E/A0) by HP required
>> >
>> > An Error Event occured. EventID: 0x00000452
>> > Time Generated: 01/06/2005 07:09:24
>> > Event String: The printer could not be installed.
>> > ......................... R101NS01 failed test systemlog
>> >
>> > Running enterprise tests on : rona.ca
>> > Starting test: Intersite
>> > ......................... rona.ca passed test Intersite
>> > Starting test: FsmoCheck
>> > ......................... rona.ca passed test FsmoCheck
>> >
>> > DC2
>> > Domain Controller Diagnosis
>> >
>> > Performing initial setup:
>> > [r101ns02] LDAP bind failed with error 31,
>> > A device attached to the system is not functioning..
>> >
>> > DC3
>> > Domain Controller Diagnosis
>> >
>> > Performing initial setup:
>> > Done gathering initial info.
>> >
>> > Doing initial required tests
>> >
>> > Testing server: SSC\R101NS05
>> > Starting test: Connectivity
>> > ......................... R101NS05 passed test Connectivity
>> >
>> > Doing primary tests
>> >
>> > Testing server: SSC\R101NS05
>> > Starting test: Replications
>> > ......................... R101NS05 passed test Replications
>> > Starting test: NCSecDesc
>> > ......................... R101NS05 passed test NCSecDesc
>> > Starting test: NetLogons
>> > ......................... R101NS05 passed test NetLogons
>> > Starting test: Advertising
>> > ......................... R101NS05 passed test Advertising
>> > Starting test: KnowsOfRoleHolders
>> > ......................... R101NS05 passed test
>> > KnowsOfRoleHolders
>> > Starting test: RidManager
>> > ......................... R101NS05 passed test RidManager
>> > Starting test: MachineAccount
>> > ......................... R101NS05 passed test MachineAccount
>> > Starting test: Services
>> > ......................... R101NS05 passed test Services
>> > Starting test: ObjectsReplicated
>> > ......................... R101NS05 passed test
>> > ObjectsReplicated
>> > Starting test: frssysvol
>> > There are errors after the SYSVOL has been shared.
>> > The SYSVOL can prevent the AD from starting.
>> > ......................... R101NS05 passed test frssysvol
>> > Starting test: kccevent
>> > ......................... R101NS05 passed test kccevent
>> > Starting test: systemlog
>> > ......................... R101NS05 passed test systemlog
>> >
>> > Running enterprise tests on : rona.ca
>> > Starting test: Intersite
>> > ......................... rona.ca passed test Intersite
>> > Starting test: FsmoCheck
>> > ......................... rona.ca passed test FsmoCheck
>> >
>> > I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
>> > would
>> > not allow me
>> >
>> > Thanks
>> >
>> > Johan
>> >
>> > "Glenn L" wrote:
>> >
>> >> These are typiccally a kerberos time skew issue.
>> >> Verify all DCs are withing 5 minutes of each other.
>> >> If that does not take care of things, have you rebooted DC1?
>> >>
>> >> Also, run dcdiag on each DC.
>> >> post the results here.
>> >>
>> >>
>> >>
>> >> --
>> >> Glenn L
>> >> CCNA, MCSE 2000/2003 + Security
>> >>
>> >> "Johan" <johan@rona.ca> wrote in message
>> >> news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
>> >> >I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the
>> >> >Global
>> >> > Catalog.
>> >> > Since this morning DC1 seems to have a problem replicating to DC2
>> >> > and
>> >> > DC3
>> >> > in
>> >> > the same domain.
>> >> >
>> >> > The error I get on DC1 is as follows:
>> >> > Source: NTDS KCC
>> >> > Error Event ID 1311
>> >> > "The Directory Service consistency checker has determined that
>> >> > either,
>> >> > (a)there is not enough physical connectivity published via the
>> >> > Acrtive
>> >> > Directory Sites and Services Manager to create a spanning tree to
>> >> > connecting
>> >> > all the sites containing the Partition DC=xxx,DC=ca, or (b)
>> >> > replication
>> >> > cannot be performed with one or more critical servers in order for
>> >> > changes
>> >> > to
>> >> > propogate across all sites (most often being due to the servers
>> >> > being
>> >> > unreachable)
>> >> > I also get Error Event ID 1265 which says "The RPC server is to busy
>> >> > to
>> >> > complete this operation."
>> >> >
>> >> > The errors I get on DC2 and DC3 are:
>> >> > Event ID 1126: "unable to establish connection with the Global
>> >> > Catalog."
>> >> > Event ID 1655: "the attempt to communicate with global catalog
>> >> > \\DC.xxx.ca
>> >> > failed with the following status. The RPC Server is to busy to
>> >> > complete
>> >> > this
>> >> > operation.
>> >> >
>> >> > No changes were made to any of the DC's before this problem occured.
>> >> > No DC's were demoted and their time are all in sync.
>> >> > I tried making DC3 a GC, but I still have users that cannot be
>> >> > authenticated, and none can connect to the web via my proxy server.
>> >> >
>> >> > Can you please help?????
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
Anonymous
January 11, 2005 4:37:09 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Glen,

The network config is as follows:

Host Name R101NS02
Primary DNS Suffix west.rona.ca
Node Type Hybrid
IP Routing Enabled No
WINS Proxy Enabled No
DNS suffix search list west.rona.ca
rona.ca

Ethernet Adapter Local Area Connecters
Connection-specific DNS suffix
Description AMD PCNET Family Ethernet Adapter
Physical Address 00-60-94-57-36-F1
DHCP Enabled No
IP address 10.1.1.29
Subnet Mask 255.255.254.0
Gateway 10.1.1.254
DNS Servers 10.1.1.30
10.1.1.29
Primary WINS server 10.1.1.30
Secondary WINS Server 10.1.1.29

I cannot map drives to this DC, and have been receiving event ID 3034
-MRxSmb errors in the systems log. I have also been receiving Event ID 3051
and event ID 5706 errors with regards to netlogon and sysvol. I did try and
copy these from R101NS05, but did not help.

Johan

"Glenn L" wrote:

> what is the network configuration or R101NS02? Do an IPCONFIG /ALL
>
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Johan" <johan@rona.ca> wrote in message
> news:34FA1ECD-B7DF-4CB1-84B8-B70F7792D559@microsoft.com...
> > Hi Glen,
> >
> > Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
> > when
> > I ran repadmin /showreps. Here are the results:
> >
> > R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error 82
> > (local error)
> >
> > R101NS01 and R101NS05 seemed to have worked fine, and they show they were
> > successful with R101NS02.
> > I couldn't capture this info for you, could not find the /switch
> >
> > Thanks
> >
> > Johan
> >
> > I
> >
> > "Glenn L" wrote:
> >
> >> Johan,
> >> Does r101ns02 hold any FSMO roles or do anything else besides DC work?
> >> The quickest way back to health for r101ns02 is to force demote it, do a
> >> metadata cleanup of r101ns02 using KB216498, then repromote it.
> >>
> >> If you execute repadmin /showreps from r101ns02, do you get the LDAP bind
> >> error?
> >> Execute repadmin /showreps from R101NS01 and R101NS05, are they getting
> >> replication from R101NS02?
> >>
> >> If you want to continue to troubleshoot, then the next step is to reset
> >> the
> >> machine account password of the DC with the domain.
> >> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
> >> Aftger you reset the password and initiate the reboot, be sure to force
> >> replication between R101NS01 and R101NS05
> >>
> >> --
> >> Glenn L
> >> CCNA, MCSE 2000/2003 + Security
> >>
> >> "Johan" <johan@rona.ca> wrote in message
> >> news:FADD81D1-1D26-4BF5-8D95-5EF5924D6A35@microsoft.com...
> >> > Hi Glenn,
> >> >
> >> > All the DC's are within 1min of each other, and I have rebooted all the
> >> > DC's
> >> > a number of times. I ran dcdiag and here are the results:
> >> >
> >> > DC1
> >> > Domain Controller Diagnosis
> >> >
> >> > Performing initial setup:
> >> > Done gathering initial info.
> >> >
> >> > Doing initial required tests
> >> >
> >> > Testing server: SSC\R101NS01
> >> > Starting test: Connectivity
> >> > ......................... R101NS01 passed test Connectivity
> >> >
> >> > Doing primary tests
> >> >
> >> > Testing server: SSC\R101NS01
> >> > Starting test: Replications
> >> > ......................... R101NS01 passed test Replications
> >> > Starting test: NCSecDesc
> >> > ......................... R101NS01 passed test NCSecDesc
> >> > Starting test: NetLogons
> >> > ......................... R101NS01 passed test NetLogons
> >> > Starting test: Advertising
> >> > ......................... R101NS01 passed test Advertising
> >> > Starting test: KnowsOfRoleHolders
> >> > ......................... R101NS01 passed test
> >> > KnowsOfRoleHolders
> >> > Starting test: RidManager
> >> > ......................... R101NS01 passed test RidManager
> >> > Starting test: MachineAccount
> >> > ......................... R101NS01 passed test MachineAccount
> >> > Starting test: Services
> >> > ......................... R101NS01 passed test Services
> >> > Starting test: ObjectsReplicated
> >> > ......................... R101NS01 passed test
> >> > ObjectsReplicated
> >> > Starting test: frssysvol
> >> > There are errors after the SYSVOL has been shared.
> >> > The SYSVOL can prevent the AD from starting.
> >> > ......................... R101NS01 passed test frssysvol
> >> > Starting test: kccevent
> >> > ......................... R101NS01 passed test kccevent
> >> > Starting test: systemlog
> >> > An Error Event occured. EventID: 0x00000457
> >> > Time Generated: 01/06/2005 07:09:11
> >> > Event String: Driver Xerox Phaser 790 required for printer
> >> >
> >> > An Error Event occured. EventID: 0x00000452
> >> > Time Generated: 01/06/2005 07:09:11
> >> > Event String: The printer could not be installed.
> >> > An Error Event occured. EventID: 0x00000457
> >> > Time Generated: 01/06/2005 07:09:14
> >> > Event String: Driver Xerox Phaser 790 required for printer
> >> >
> >> > An Error Event occured. EventID: 0x00000452
> >> > Time Generated: 01/06/2005 07:09:14
> >> > Event String: The printer could not be installed.
> >> > An Error Event occured. EventID: 0x00000457
> >> > Time Generated: 01/06/2005 07:09:24
> >> > Event String: Driver HP DesignJet 450C (E/A0) by HP required
> >> >
> >> > An Error Event occured. EventID: 0x00000452
> >> > Time Generated: 01/06/2005 07:09:24
> >> > Event String: The printer could not be installed.
> >> > ......................... R101NS01 failed test systemlog
> >> >
> >> > Running enterprise tests on : rona.ca
> >> > Starting test: Intersite
> >> > ......................... rona.ca passed test Intersite
> >> > Starting test: FsmoCheck
> >> > ......................... rona.ca passed test FsmoCheck
> >> >
> >> > DC2
> >> > Domain Controller Diagnosis
> >> >
> >> > Performing initial setup:
> >> > [r101ns02] LDAP bind failed with error 31,
> >> > A device attached to the system is not functioning..
> >> >
> >> > DC3
> >> > Domain Controller Diagnosis
> >> >
> >> > Performing initial setup:
> >> > Done gathering initial info.
> >> >
> >> > Doing initial required tests
> >> >
> >> > Testing server: SSC\R101NS05
> >> > Starting test: Connectivity
> >> > ......................... R101NS05 passed test Connectivity
> >> >
> >> > Doing primary tests
> >> >
> >> > Testing server: SSC\R101NS05
> >> > Starting test: Replications
> >> > ......................... R101NS05 passed test Replications
> >> > Starting test: NCSecDesc
> >> > ......................... R101NS05 passed test NCSecDesc
> >> > Starting test: NetLogons
> >> > ......................... R101NS05 passed test NetLogons
> >> > Starting test: Advertising
> >> > ......................... R101NS05 passed test Advertising
> >> > Starting test: KnowsOfRoleHolders
> >> > ......................... R101NS05 passed test
> >> > KnowsOfRoleHolders
> >> > Starting test: RidManager
> >> > ......................... R101NS05 passed test RidManager
> >> > Starting test: MachineAccount
> >> > ......................... R101NS05 passed test MachineAccount
> >> > Starting test: Services
> >> > ......................... R101NS05 passed test Services
> >> > Starting test: ObjectsReplicated
> >> > ......................... R101NS05 passed test
> >> > ObjectsReplicated
> >> > Starting test: frssysvol
> >> > There are errors after the SYSVOL has been shared.
> >> > The SYSVOL can prevent the AD from starting.
> >> > ......................... R101NS05 passed test frssysvol
> >> > Starting test: kccevent
> >> > ......................... R101NS05 passed test kccevent
> >> > Starting test: systemlog
> >> > ......................... R101NS05 passed test systemlog
> >> >
> >> > Running enterprise tests on : rona.ca
> >> > Starting test: Intersite
> >> > ......................... rona.ca passed test Intersite
> >> > Starting test: FsmoCheck
> >> > ......................... rona.ca passed test FsmoCheck
> >> >
> >> > I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
> >> > would
> >> > not allow me
> >> >
> >> > Thanks
> >> >
> >> > Johan
> >> >
> >> > "Glenn L" wrote:
> >> >
> >> >> These are typiccally a kerberos time skew issue.
> >> >> Verify all DCs are withing 5 minutes of each other.
> >> >> If that does not take care of things, have you rebooted DC1?
> >> >>
> >> >> Also, run dcdiag on each DC.
> >> >> post the results here.
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Glenn L
> >> >> CCNA, MCSE 2000/2003 + Security
> >> >>
> >> >> "Johan" <johan@rona.ca> wrote in message
> >> >> news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
> >> >> >I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the
> >> >> >Global
> >> >> > Catalog.
> >> >> > Since this morning DC1 seems to have a problem replicating to DC2
> >> >> > and
> >> >> > DC3
> >> >> > in
> >> >> > the same domain.
> >> >> >
> >> >> > The error I get on DC1 is as follows:
> >> >> > Source: NTDS KCC
> >> >> > Error Event ID 1311
> >> >> > "The Directory Service consistency checker has determined that
> >> >> > either,
> >> >> > (a)there is not enough physical connectivity published via the
> >> >> > Acrtive
> >> >> > Directory Sites and Services Manager to create a spanning tree to
> >> >> > connecting
> >> >> > all the sites containing the Partition DC=xxx,DC=ca, or (b)
> >> >> > replication
> >> >> > cannot be performed with one or more critical servers in order for
> >> >> > changes
> >> >> > to
> >> >> > propogate across all sites (most often being due to the servers
> >> >> > being
> >> >> > unreachable)
> >> >> > I also get Error Event ID 1265 which says "The RPC server is to busy
> >> >> > to
> >> >> > complete this operation."
> >> >> >
> >> >> > The errors I get on DC2 and DC3 are:
> >> >> > Event ID 1126: "unable to establish connection with the Global
> >> >> > Catalog."
> >> >> > Event ID 1655: "the attempt to communicate with global catalog
> >> >> > \\DC.xxx.ca
> >> >> > failed with the following status. The RPC Server is to busy to
> >> >> > complete
> >> >> > this
> >> >> > operation.
> >> >> >
> >> >> > No changes were made to any of the DC's before this problem occured.
> >> >> > No DC's were demoted and their time are all in sync.
> >> >> > I tried making DC3 a GC, but I still have users that cannot be
> >> >> > authenticated, and none can connect to the web via my proxy server.
> >> >> >
> >> >> > Can you please help?????
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Anonymous
January 12, 2005 12:43:57 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

What are the errors you get when you attempt to map a drive to this server?
What error do you get when you open ADUC or AD sites and services on
R101NS02?

I suggest you download and run mpsreports on R101NS02.
http://download.microsoft.com/download/b/b/1/bb139fcb-4...
It produces a CAB file of all the reports it runs.
I'll look it over if you email it to me.

--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Johan" <johan@rona.ca> wrote in message
news:A624E873-0C0F-4FF8-B20F-4CD28076776B@microsoft.com...
> Hi Glen,
>
> The network config is as follows:
>
> Host Name R101NS02
> Primary DNS Suffix west.rona.ca
> Node Type Hybrid
> IP Routing Enabled No
> WINS Proxy Enabled No
> DNS suffix search list west.rona.ca
> rona.ca
>
> Ethernet Adapter Local Area Connecters
> Connection-specific DNS suffix
> Description AMD PCNET Family Ethernet Adapter
> Physical Address 00-60-94-57-36-F1
> DHCP Enabled No
> IP address 10.1.1.29
> Subnet Mask 255.255.254.0
> Gateway 10.1.1.254
> DNS Servers 10.1.1.30
> 10.1.1.29
> Primary WINS server 10.1.1.30
> Secondary WINS Server 10.1.1.29
>
> I cannot map drives to this DC, and have been receiving event ID 3034
> -MRxSmb errors in the systems log. I have also been receiving Event ID
> 3051
> and event ID 5706 errors with regards to netlogon and sysvol. I did try
> and
> copy these from R101NS05, but did not help.
>
> Johan
>
> "Glenn L" wrote:
>
>> what is the network configuration or R101NS02? Do an IPCONFIG /ALL
>>
>>
>> --
>> Glenn L
>> CCNA, MCSE 2000/2003 + Security
>>
>> "Johan" <johan@rona.ca> wrote in message
>> news:34FA1ECD-B7DF-4CB1-84B8-B70F7792D559@microsoft.com...
>> > Hi Glen,
>> >
>> > Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
>> > when
>> > I ran repadmin /showreps. Here are the results:
>> >
>> > R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error
>> > 82
>> > (local error)
>> >
>> > R101NS01 and R101NS05 seemed to have worked fine, and they show they
>> > were
>> > successful with R101NS02.
>> > I couldn't capture this info for you, could not find the /switch
>> >
>> > Thanks
>> >
>> > Johan
>> >
>> > I
>> >
>> > "Glenn L" wrote:
>> >
>> >> Johan,
>> >> Does r101ns02 hold any FSMO roles or do anything else besides DC work?
>> >> The quickest way back to health for r101ns02 is to force demote it, do
>> >> a
>> >> metadata cleanup of r101ns02 using KB216498, then repromote it.
>> >>
>> >> If you execute repadmin /showreps from r101ns02, do you get the LDAP
>> >> bind
>> >> error?
>> >> Execute repadmin /showreps from R101NS01 and R101NS05, are they
>> >> getting
>> >> replication from R101NS02?
>> >>
>> >> If you want to continue to troubleshoot, then the next step is to
>> >> reset
>> >> the
>> >> machine account password of the DC with the domain.
>> >> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
>> >> Aftger you reset the password and initiate the reboot, be sure to
>> >> force
>> >> replication between R101NS01 and R101NS05
>> >>
>> >> --
>> >> Glenn L
>> >> CCNA, MCSE 2000/2003 + Security
>> >>
>> >> "Johan" <johan@rona.ca> wrote in message
>> >> news:FADD81D1-1D26-4BF5-8D95-5EF5924D6A35@microsoft.com...
>> >> > Hi Glenn,
>> >> >
>> >> > All the DC's are within 1min of each other, and I have rebooted all
>> >> > the
>> >> > DC's
>> >> > a number of times. I ran dcdiag and here are the results:
>> >> >
>> >> > DC1
>> >> > Domain Controller Diagnosis
>> >> >
>> >> > Performing initial setup:
>> >> > Done gathering initial info.
>> >> >
>> >> > Doing initial required tests
>> >> >
>> >> > Testing server: SSC\R101NS01
>> >> > Starting test: Connectivity
>> >> > ......................... R101NS01 passed test Connectivity
>> >> >
>> >> > Doing primary tests
>> >> >
>> >> > Testing server: SSC\R101NS01
>> >> > Starting test: Replications
>> >> > ......................... R101NS01 passed test Replications
>> >> > Starting test: NCSecDesc
>> >> > ......................... R101NS01 passed test NCSecDesc
>> >> > Starting test: NetLogons
>> >> > ......................... R101NS01 passed test NetLogons
>> >> > Starting test: Advertising
>> >> > ......................... R101NS01 passed test Advertising
>> >> > Starting test: KnowsOfRoleHolders
>> >> > ......................... R101NS01 passed test
>> >> > KnowsOfRoleHolders
>> >> > Starting test: RidManager
>> >> > ......................... R101NS01 passed test RidManager
>> >> > Starting test: MachineAccount
>> >> > ......................... R101NS01 passed test
>> >> > MachineAccount
>> >> > Starting test: Services
>> >> > ......................... R101NS01 passed test Services
>> >> > Starting test: ObjectsReplicated
>> >> > ......................... R101NS01 passed test
>> >> > ObjectsReplicated
>> >> > Starting test: frssysvol
>> >> > There are errors after the SYSVOL has been shared.
>> >> > The SYSVOL can prevent the AD from starting.
>> >> > ......................... R101NS01 passed test frssysvol
>> >> > Starting test: kccevent
>> >> > ......................... R101NS01 passed test kccevent
>> >> > Starting test: systemlog
>> >> > An Error Event occured. EventID: 0x00000457
>> >> > Time Generated: 01/06/2005 07:09:11
>> >> > Event String: Driver Xerox Phaser 790 required for
>> >> > printer
>> >> >
>> >> > An Error Event occured. EventID: 0x00000452
>> >> > Time Generated: 01/06/2005 07:09:11
>> >> > Event String: The printer could not be installed.
>> >> > An Error Event occured. EventID: 0x00000457
>> >> > Time Generated: 01/06/2005 07:09:14
>> >> > Event String: Driver Xerox Phaser 790 required for
>> >> > printer
>> >> >
>> >> > An Error Event occured. EventID: 0x00000452
>> >> > Time Generated: 01/06/2005 07:09:14
>> >> > Event String: The printer could not be installed.
>> >> > An Error Event occured. EventID: 0x00000457
>> >> > Time Generated: 01/06/2005 07:09:24
>> >> > Event String: Driver HP DesignJet 450C (E/A0) by HP
>> >> > required
>> >> >
>> >> > An Error Event occured. EventID: 0x00000452
>> >> > Time Generated: 01/06/2005 07:09:24
>> >> > Event String: The printer could not be installed.
>> >> > ......................... R101NS01 failed test systemlog
>> >> >
>> >> > Running enterprise tests on : rona.ca
>> >> > Starting test: Intersite
>> >> > ......................... rona.ca passed test Intersite
>> >> > Starting test: FsmoCheck
>> >> > ......................... rona.ca passed test FsmoCheck
>> >> >
>> >> > DC2
>> >> > Domain Controller Diagnosis
>> >> >
>> >> > Performing initial setup:
>> >> > [r101ns02] LDAP bind failed with error 31,
>> >> > A device attached to the system is not functioning..
>> >> >
>> >> > DC3
>> >> > Domain Controller Diagnosis
>> >> >
>> >> > Performing initial setup:
>> >> > Done gathering initial info.
>> >> >
>> >> > Doing initial required tests
>> >> >
>> >> > Testing server: SSC\R101NS05
>> >> > Starting test: Connectivity
>> >> > ......................... R101NS05 passed test Connectivity
>> >> >
>> >> > Doing primary tests
>> >> >
>> >> > Testing server: SSC\R101NS05
>> >> > Starting test: Replications
>> >> > ......................... R101NS05 passed test Replications
>> >> > Starting test: NCSecDesc
>> >> > ......................... R101NS05 passed test NCSecDesc
>> >> > Starting test: NetLogons
>> >> > ......................... R101NS05 passed test NetLogons
>> >> > Starting test: Advertising
>> >> > ......................... R101NS05 passed test Advertising
>> >> > Starting test: KnowsOfRoleHolders
>> >> > ......................... R101NS05 passed test
>> >> > KnowsOfRoleHolders
>> >> > Starting test: RidManager
>> >> > ......................... R101NS05 passed test RidManager
>> >> > Starting test: MachineAccount
>> >> > ......................... R101NS05 passed test
>> >> > MachineAccount
>> >> > Starting test: Services
>> >> > ......................... R101NS05 passed test Services
>> >> > Starting test: ObjectsReplicated
>> >> > ......................... R101NS05 passed test
>> >> > ObjectsReplicated
>> >> > Starting test: frssysvol
>> >> > There are errors after the SYSVOL has been shared.
>> >> > The SYSVOL can prevent the AD from starting.
>> >> > ......................... R101NS05 passed test frssysvol
>> >> > Starting test: kccevent
>> >> > ......................... R101NS05 passed test kccevent
>> >> > Starting test: systemlog
>> >> > ......................... R101NS05 passed test systemlog
>> >> >
>> >> > Running enterprise tests on : rona.ca
>> >> > Starting test: Intersite
>> >> > ......................... rona.ca passed test Intersite
>> >> > Starting test: FsmoCheck
>> >> > ......................... rona.ca passed test FsmoCheck
>> >> >
>> >> > I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
>> >> > would
>> >> > not allow me
>> >> >
>> >> > Thanks
>> >> >
>> >> > Johan
>> >> >
>> >> > "Glenn L" wrote:
>> >> >
>> >> >> These are typiccally a kerberos time skew issue.
>> >> >> Verify all DCs are withing 5 minutes of each other.
>> >> >> If that does not take care of things, have you rebooted DC1?
>> >> >>
>> >> >> Also, run dcdiag on each DC.
>> >> >> post the results here.
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Glenn L
>> >> >> CCNA, MCSE 2000/2003 + Security
>> >> >>
>> >> >> "Johan" <johan@rona.ca> wrote in message
>> >> >> news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
>> >> >> >I have 3 Domain Controllers, all are running W2K SP4. DC1 holds
>> >> >> >the
>> >> >> >Global
>> >> >> > Catalog.
>> >> >> > Since this morning DC1 seems to have a problem replicating to DC2
>> >> >> > and
>> >> >> > DC3
>> >> >> > in
>> >> >> > the same domain.
>> >> >> >
>> >> >> > The error I get on DC1 is as follows:
>> >> >> > Source: NTDS KCC
>> >> >> > Error Event ID 1311
>> >> >> > "The Directory Service consistency checker has determined that
>> >> >> > either,
>> >> >> > (a)there is not enough physical connectivity published via the
>> >> >> > Acrtive
>> >> >> > Directory Sites and Services Manager to create a spanning tree to
>> >> >> > connecting
>> >> >> > all the sites containing the Partition DC=xxx,DC=ca, or (b)
>> >> >> > replication
>> >> >> > cannot be performed with one or more critical servers in order
>> >> >> > for
>> >> >> > changes
>> >> >> > to
>> >> >> > propogate across all sites (most often being due to the servers
>> >> >> > being
>> >> >> > unreachable)
>> >> >> > I also get Error Event ID 1265 which says "The RPC server is to
>> >> >> > busy
>> >> >> > to
>> >> >> > complete this operation."
>> >> >> >
>> >> >> > The errors I get on DC2 and DC3 are:
>> >> >> > Event ID 1126: "unable to establish connection with the Global
>> >> >> > Catalog."
>> >> >> > Event ID 1655: "the attempt to communicate with global catalog
>> >> >> > \\DC.xxx.ca
>> >> >> > failed with the following status. The RPC Server is to busy to
>> >> >> > complete
>> >> >> > this
>> >> >> > operation.
>> >> >> >
>> >> >> > No changes were made to any of the DC's before this problem
>> >> >> > occured.
>> >> >> > No DC's were demoted and their time are all in sync.
>> >> >> > I tried making DC3 a GC, but I still have users that cannot be
>> >> >> > authenticated, and none can connect to the web via my proxy
>> >> >> > server.
>> >> >> >
>> >> >> > Can you please help?????
>> >> >> >
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
Anonymous
January 12, 2005 1:07:06 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Glen,

Thanks for your help, but I managed to sort out my problem. I had so many
network issues that I decided to phone Microsoft directly. They ran a
mpsreports on R101NS02 and found that the secure channel had been broken.
They downloaded a fix which solved the problem.

Thanks

Johan

"Glenn L" wrote:

> What are the errors you get when you attempt to map a drive to this server?
> What error do you get when you open ADUC or AD sites and services on
> R101NS02?
>
> I suggest you download and run mpsreports on R101NS02.
> http://download.microsoft.com/download/b/b/1/bb139fcb-4...
> It produces a CAB file of all the reports it runs.
> I'll look it over if you email it to me.
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Johan" <johan@rona.ca> wrote in message
> news:A624E873-0C0F-4FF8-B20F-4CD28076776B@microsoft.com...
> > Hi Glen,
> >
> > The network config is as follows:
> >
> > Host Name R101NS02
> > Primary DNS Suffix west.rona.ca
> > Node Type Hybrid
> > IP Routing Enabled No
> > WINS Proxy Enabled No
> > DNS suffix search list west.rona.ca
> > rona.ca
> >
> > Ethernet Adapter Local Area Connecters
> > Connection-specific DNS suffix
> > Description AMD PCNET Family Ethernet Adapter
> > Physical Address 00-60-94-57-36-F1
> > DHCP Enabled No
> > IP address 10.1.1.29
> > Subnet Mask 255.255.254.0
> > Gateway 10.1.1.254
> > DNS Servers 10.1.1.30
> > 10.1.1.29
> > Primary WINS server 10.1.1.30
> > Secondary WINS Server 10.1.1.29
> >
> > I cannot map drives to this DC, and have been receiving event ID 3034
> > -MRxSmb errors in the systems log. I have also been receiving Event ID
> > 3051
> > and event ID 5706 errors with regards to netlogon and sysvol. I did try
> > and
> > copy these from R101NS05, but did not help.
> >
> > Johan
> >
> > "Glenn L" wrote:
> >
> >> what is the network configuration or R101NS02? Do an IPCONFIG /ALL
> >>
> >>
> >> --
> >> Glenn L
> >> CCNA, MCSE 2000/2003 + Security
> >>
> >> "Johan" <johan@rona.ca> wrote in message
> >> news:34FA1ECD-B7DF-4CB1-84B8-B70F7792D559@microsoft.com...
> >> > Hi Glen,
> >> >
> >> > Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
> >> > when
> >> > I ran repadmin /showreps. Here are the results:
> >> >
> >> > R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error
> >> > 82
> >> > (local error)
> >> >
> >> > R101NS01 and R101NS05 seemed to have worked fine, and they show they
> >> > were
> >> > successful with R101NS02.
> >> > I couldn't capture this info for you, could not find the /switch
> >> >
> >> > Thanks
> >> >
> >> > Johan
> >> >
> >> > I
> >> >
> >> > "Glenn L" wrote:
> >> >
> >> >> Johan,
> >> >> Does r101ns02 hold any FSMO roles or do anything else besides DC work?
> >> >> The quickest way back to health for r101ns02 is to force demote it, do
> >> >> a
> >> >> metadata cleanup of r101ns02 using KB216498, then repromote it.
> >> >>
> >> >> If you execute repadmin /showreps from r101ns02, do you get the LDAP
> >> >> bind
> >> >> error?
> >> >> Execute repadmin /showreps from R101NS01 and R101NS05, are they
> >> >> getting
> >> >> replication from R101NS02?
> >> >>
> >> >> If you want to continue to troubleshoot, then the next step is to
> >> >> reset
> >> >> the
> >> >> machine account password of the DC with the domain.
> >> >> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
> >> >> Aftger you reset the password and initiate the reboot, be sure to
> >> >> force
> >> >> replication between R101NS01 and R101NS05
> >> >>
> >> >> --
> >> >> Glenn L
> >> >> CCNA, MCSE 2000/2003 + Security
> >> >>
> >> >> "Johan" <johan@rona.ca> wrote in message
> >> >> news:FADD81D1-1D26-4BF5-8D95-5EF5924D6A35@microsoft.com...
> >> >> > Hi Glenn,
> >> >> >
> >> >> > All the DC's are within 1min of each other, and I have rebooted all
> >> >> > the
> >> >> > DC's
> >> >> > a number of times. I ran dcdiag and here are the results:
> >> >> >
> >> >> > DC1
> >> >> > Domain Controller Diagnosis
> >> >> >
> >> >> > Performing initial setup:
> >> >> > Done gathering initial info.
> >> >> >
> >> >> > Doing initial required tests
> >> >> >
> >> >> > Testing server: SSC\R101NS01
> >> >> > Starting test: Connectivity
> >> >> > ......................... R101NS01 passed test Connectivity
> >> >> >
> >> >> > Doing primary tests
> >> >> >
> >> >> > Testing server: SSC\R101NS01
> >> >> > Starting test: Replications
> >> >> > ......................... R101NS01 passed test Replications
> >> >> > Starting test: NCSecDesc
> >> >> > ......................... R101NS01 passed test NCSecDesc
> >> >> > Starting test: NetLogons
> >> >> > ......................... R101NS01 passed test NetLogons
> >> >> > Starting test: Advertising
> >> >> > ......................... R101NS01 passed test Advertising
> >> >> > Starting test: KnowsOfRoleHolders
> >> >> > ......................... R101NS01 passed test
> >> >> > KnowsOfRoleHolders
> >> >> > Starting test: RidManager
> >> >> > ......................... R101NS01 passed test RidManager
> >> >> > Starting test: MachineAccount
> >> >> > ......................... R101NS01 passed test
> >> >> > MachineAccount
> >> >> > Starting test: Services
> >> >> > ......................... R101NS01 passed test Services
> >> >> > Starting test: ObjectsReplicated
> >> >> > ......................... R101NS01 passed test
> >> >> > ObjectsReplicated
> >> >> > Starting test: frssysvol
> >> >> > There are errors after the SYSVOL has been shared.
> >> >> > The SYSVOL can prevent the AD from starting.
> >> >> > ......................... R101NS01 passed test frssysvol
> >> >> > Starting test: kccevent
> >> >> > ......................... R101NS01 passed test kccevent
> >> >> > Starting test: systemlog
> >> >> > An Error Event occured. EventID: 0x00000457
> >> >> > Time Generated: 01/06/2005 07:09:11
> >> >> > Event String: Driver Xerox Phaser 790 required for
> >> >> > printer
> >> >> >
> >> >> > An Error Event occured. EventID: 0x00000452
> >> >> > Time Generated: 01/06/2005 07:09:11
> >> >> > Event String: The printer could not be installed.
> >> >> > An Error Event occured. EventID: 0x00000457
> >> >> > Time Generated: 01/06/2005 07:09:14
> >> >> > Event String: Driver Xerox Phaser 790 required for
> >> >> > printer
> >> >> >
> >> >> > An Error Event occured. EventID: 0x00000452
> >> >> > Time Generated: 01/06/2005 07:09:14
> >> >> > Event String: The printer could not be installed.
> >> >> > An Error Event occured. EventID: 0x00000457
> >> >> > Time Generated: 01/06/2005 07:09:24
> >> >> > Event String: Driver HP DesignJet 450C (E/A0) by HP
> >> >> > required
> >> >> >
> >> >> > An Error Event occured. EventID: 0x00000452
> >> >> > Time Generated: 01/06/2005 07:09:24
> >> >> > Event String: The printer could not be installed.
> >> >> > ......................... R101NS01 failed test systemlog
> >> >> >
> >> >> > Running enterprise tests on : rona.ca
> >> >> > Starting test: Intersite
> >> >> > ......................... rona.ca passed test Intersite
> >> >> > Starting test: FsmoCheck
> >> >> > ......................... rona.ca passed test FsmoCheck
> >> >> >
> >> >> > DC2
> >> >> > Domain Controller Diagnosis
> >> >> >
> >> >> > Performing initial setup:
> >> >> > [r101ns02] LDAP bind failed with error 31,
> >> >> > A device attached to the system is not functioning..
> >> >> >
> >> >> > DC3
> >> >> > Domain Controller Diagnosis
> >> >> >
> >> >> > Performing initial setup:
> >> >> > Done gathering initial info.
> >> >> >
> >> >> > Doing initial required tests
> >> >> >
> >> >> > Testing server: SSC\R101NS05
> >> >> > Starting test: Connectivity
> >> >> > ......................... R101NS05 passed test Connectivity
> >> >> >
> >> >> > Doing primary tests
> >> >> >
> >> >> > Testing server: SSC\R101NS05
> >> >> > Starting test: Replications
> >> >> > ......................... R101NS05 passed test Replications
> >> >> > Starting test: NCSecDesc
> >> >> > ......................... R101NS05 passed test NCSecDesc
> >> >> > Starting test: NetLogons
> >> >> > ......................... R101NS05 passed test NetLogons
> >> >> > Starting test: Advertising
> >> >> > ......................... R101NS05 passed test Advertising
> >> >> > Starting test: KnowsOfRoleHolders
> >> >> > ......................... R101NS05 passed test
> >> >> > KnowsOfRoleHolders
> >> >> > Starting test: RidManager
> >> >> > ......................... R101NS05 passed test RidManager
> >> >> > Starting test: MachineAccount
> >> >> > ......................... R101NS05 passed test
> >> >> > MachineAccount
> >> >> > Starting test: Services
> >> >> > ......................... R101NS05 passed test Services
> >> >> > Starting test: ObjectsReplicated
> >> >> > ......................... R101NS05 passed test
> >> >> > ObjectsReplicated
> >> >> > Starting test: frssysvol
> >> >> > There are errors after the SYSVOL has been shared.
> >> >> > The SYSVOL can prevent the AD from starting.
> >> >> > ......................... R101NS05 passed test frssysvol
> >> >> > Starting test: kccevent
> >> >> > ......................... R101NS05 passed test kccevent
> >> >> > Starting test: systemlog
> >> >> > ......................... R101NS05 passed test systemlog
> >> >> >
> >> >> > Running enterprise tests on : rona.ca
> >> >> > Starting test: Intersite
> >> >> > ......................... rona.ca passed test Intersite
> >> >> > Starting test: FsmoCheck
> >> >> > ......................... rona.ca passed test FsmoCheck
> >> >> >
> >> >> > I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
> >> >> > would
> >> >> > not allow me
> >> >> >
> >> >> > Thanks
> >> >> >
> >> >> > Johan
> >> >> >
> >> >> > "Glenn L" wrote:
> >> >> >
> >> >> >> These are typiccally a kerberos time skew issue.
> >> >> >> Verify all DCs are withing 5 minutes of each other.
> >> >> >> If that does not take care of things, have you rebooted DC1?
> >> >> >>
> >> >> >> Also, run dcdiag on each DC.
> >> >> >> post the results here.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> Glenn L
> >> >> >> CCNA, MCSE 2000/2003 + Security
> >> >> >>
> >> >> >> "Johan" <johan@rona.ca> wrote in message
> >> >> >> news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
> >> >> >> >I have 3 Domain Controllers, all are running W2K SP4. DC1 holds
> >> >> >> >the
> >> >> >> >Global
> >> >> >> > Catalog.
> >> >> >> > Since this morning DC1 seems to have a problem replicating to DC2
> >> >> >> > and
> >> >> >> > DC3
> >> >> >> > in
> >> >> >> > the same domain.
> >> >> >> >
> >> >> >> > The error I get on DC1 is as follows:
> >> >> >> > Source: NTDS KCC
> >> >> >> > Error Event ID 1311
> >> >> >> > "The Directory Service consistency checker has determined that
> >> >> >> > either,
> >> >> >> > (a)there is not enough physical connectivity published via the
> >> >> >> > Acrtive
> >> >> >> > Directory Sites and Services Manager to create a spanning tree to
> >> >> >> > connecting
> >> >> >> > all the sites containing the Partition DC=xxx,DC=ca, or (b)
> >> >> >> > replication
> >> >> >> > cannot be performed with one or more critical servers in order
> >> >> >> > for
> >> >> >> > changes
> >> >> >> > to
> >> >> >> > propogate across all sites (most often being due to the servers
> >> >> >> > being
> >> >> >> > unreachable)
> >> >> >> > I also get Error Event ID 1265 which says "The RPC server is to
> >> >> >> > busy
> >> >> >> > to
> >> >> >> > complete this operation."
> >> >> >> >
> >> >> >> > The errors I get on DC2 and DC3 are:
> >> >> >> > Event ID 1126: "unable to establish connection with the Global
> >> >> >> > Catalog."
> >> >> >> > Event ID 1655: "the attempt to communicate with global catalog
> >> >> >> > \\DC.xxx.ca
> >> >> >> > failed with the following status. The RPC Server is to busy to
> >> >> >> > complete
> >> >> >> > this
> >> >> >> > operation.
> >> >> >> >
> >> >> >> > No changes were made to any of the DC's before this problem
> >> >> >> > occured.
> >> >> >> > No DC's were demoted and their time are all in sync.
> >> >> >> > I tried making DC3 a GC, but I still have users that cannot be
> >> >> >> > authenticated, and none can connect to the web via my proxy
> >> >> >> > server.
> >> >> >> >
> >> >> >> > Can you please help?????
> >> >> >> >
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
!