Archived from groups: microsoft.public.win2000.active_directory (More info?)
Hello,
I have a Windows 2000 domain scatered over several sites. In is a single
domain in the forest. Each site has two DCs in it. We have setup the
iner-site replication topology in Sites and Services snap-in and everything
works fine.
About two mounth ago on of the servers has been shout-down, that server was
the bridge-head server in it site. The KDC has not moved the bridge-head to
the second DC in that site. Now, two mounth later I have restarted the
server.
The problem: The DC does not replicate with other DCs in the domain. The
ReplMon tool show an "Access Denied" problem.
I have searched in the MSDN and google for that problem and found a few
articles but none of them solved the problem.
I have tried the following solutions:
* Disable the KDC service, restart the server and use netdom to reset the DC
secure-channel with other DC. This did not solve the problem but it solved
the intra-site replication. So now the two DCs replicate between them-selves
but not with over DCs.
* run RepAdmin tool with /SyncAll switch and /Sync switch
Other sympthoms:
When I use "net time \\otherDC" the result is "Access Denied", when I use
"net time \\X.X.X.X" (The IP of OtherDC) the command complete successfully.
Possible Solutions:
* Backup the Active Directory database in other site and restore only the
Domain Controllers OU. I hope this will resync the computer account
passwords and the replication will restart to work
* Demote the bridge-head server in the problematic site (possible with
/force_removal), remove any leftover objects in the domain and promote the
DC again.
Please help me to understand what went wrong and how can I reinitiate the
repliation to that site.
Thank you very much,
Ido.
Hello,
I have a Windows 2000 domain scatered over several sites. In is a single
domain in the forest. Each site has two DCs in it. We have setup the
iner-site replication topology in Sites and Services snap-in and everything
works fine.
About two mounth ago on of the servers has been shout-down, that server was
the bridge-head server in it site. The KDC has not moved the bridge-head to
the second DC in that site. Now, two mounth later I have restarted the
server.
The problem: The DC does not replicate with other DCs in the domain. The
ReplMon tool show an "Access Denied" problem.
I have searched in the MSDN and google for that problem and found a few
articles but none of them solved the problem.
I have tried the following solutions:
* Disable the KDC service, restart the server and use netdom to reset the DC
secure-channel with other DC. This did not solve the problem but it solved
the intra-site replication. So now the two DCs replicate between them-selves
but not with over DCs.
* run RepAdmin tool with /SyncAll switch and /Sync switch
Other sympthoms:
When I use "net time \\otherDC" the result is "Access Denied", when I use
"net time \\X.X.X.X" (The IP of OtherDC) the command complete successfully.
Possible Solutions:
* Backup the Active Directory database in other site and restore only the
Domain Controllers OU. I hope this will resync the computer account
passwords and the replication will restart to work
* Demote the bridge-head server in the problematic site (possible with
/force_removal), remove any leftover objects in the domain and promote the
DC again.
Please help me to understand what went wrong and how can I reinitiate the
repliation to that site.
Thank you very much,
Ido.
Facebook
Twitter
Instagram