Replication with 2 W2K DC's

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello All,

I have a domain with two DC's, both W2K, SP4, fully patched. Noticed odd
things on network, checked replication and found that I'm getting Access
Denied error message when trying to manually trigger a replicate now from AD
Sites and Services from either server to the other.

DNS is up and running without any visible issues. Both DC's are running DNS
and referencing themselves and both are GC's.

Any help would be greatly appreciated.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"STB" <STB@discussions.microsoft.com> wrote in message
news:97E1FE08-9113-4BF1-BB2F-72771970920C@microsoft.com...
> Hello All,
>
> I have a domain with two DC's, both W2K, SP4, fully patched. Noticed odd
> things on network, checked replication and found that I'm getting Access
> Denied error message when trying to manually trigger a replicate now from
AD
> Sites and Services from either server to the other.
>
> DNS is up and running without any visible issues. Both DC's are running
DNS
> and referencing themselves and both are GC's.
>

First thing, do you get any errors on
DCDiag of each DC?

Are you doing any of this in a Terminal
Server session?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb,

DCDIAG reveals what I see in Event Viewer for Directory Services. A recent
replication attempt failed: From X to X. The last success occured at
-2-08-2005. All tests say they pass, though. 600 failures have occurred
since the last success.

All of this diagnostic work is being down remotely through Terminal Services
(Admin Mode) connecting to the DC's in question.

-STB

"Herb Martin" wrote:

> "STB" <STB@discussions.microsoft.com> wrote in message
> news:97E1FE08-9113-4BF1-BB2F-72771970920C@microsoft.com...
> > Hello All,
> >
> > I have a domain with two DC's, both W2K, SP4, fully patched. Noticed odd
> > things on network, checked replication and found that I'm getting Access
> > Denied error message when trying to manually trigger a replicate now from
> AD
> > Sites and Services from either server to the other.
> >
> > DNS is up and running without any visible issues. Both DC's are running
> DNS
> > and referencing themselves and both are GC's.
> >
>
> First thing, do you get any errors on
> DCDiag of each DC?
>
> Are you doing any of this in a Terminal
> Server session?
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"STB" <STB@discussions.microsoft.com> wrote in message
news:13BDEC85-810F-429E-A2E5-036ABE530F90@microsoft.com...
> Herb,
>
> DCDIAG reveals what I see in Event Viewer for Directory Services. A
recent
> replication attempt failed: From X to X. The last success occured at
> -2-08-2005. All tests say they pass, though. 600 failures have occurred
> since the last success.

That's bad. It's usually a DNS problem and you
have only about a month to fix it -- 60 days is the
tombstone lifetime and after that you will have to
DCPromo 'cycle' (non-DC then back) to fix it.

In fact, you may even decide to do that anyway if
it turns out to be difficult to fix.

> All of this diagnostic work is being down remotely through Terminal
Services
> (Admin Mode) connecting to the DC's in question.

Tell us about your Sites, SiteLinks, Subnets, and
your WAN as well as DNS:


(Check this stuff) DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


--
Herb Martin


>
> -STB
>
> "Herb Martin" wrote:
>
> > "STB" <STB@discussions.microsoft.com> wrote in message
> > news:97E1FE08-9113-4BF1-BB2F-72771970920C@microsoft.com...
> > > Hello All,
> > >
> > > I have a domain with two DC's, both W2K, SP4, fully patched. Noticed
odd
> > > things on network, checked replication and found that I'm getting
Access
> > > Denied error message when trying to manually trigger a replicate now
from
> > AD
> > > Sites and Services from either server to the other.
> > >
> > > DNS is up and running without any visible issues. Both DC's are
running
> > DNS
> > > and referencing themselves and both are GC's.
> > >
> >
> > First thing, do you get any errors on
> > DCDiag of each DC?
> >
> > Are you doing any of this in a Terminal
> > Server session?
> >
> >
> >