Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Group Policy and Replication issues w/2 server Win2003 AD

Group Policy and Replication issues w/2 server Win2003 AD

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Group Policy and Replication issues w/2 server Win2003 AD

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
tdu911   03-20-2006 at 08:35:04 PM

Hi:

Two servers: MAIN and TEST on a DOMAIN running Windows 2003.
- Group Policy doesn't work. Problem has always existed
- Replication is broken. Problem started last weekend when MAIN was rebooted

MAIN:
- fresh install of 2003, domain newly created
- getting group policy errors when trying to launch group policy editor
- is the operations master
- netdiag seems reasonably okay
- dcdiag gives replication latency error warning, and fails frsevent test
- EVENTLOG: SCLGNTFY 1002 errors / can't access GP via dompol, i get a snap-in error
- EVENTLOG: NTFRS 13508 errors (trouble enabling replication from TEST to MAIN for c:windowssysvoldomain using the DNS name test.domain.local.
- dns has no reverse lookup zone

TEST:
- was on another domain, and forcefully demoted and readded to current domain
- may have entries still pointing to old domain ('OLD')
- can't access GP via dompol, get a 'the specified domain either does not exist or could not be contacted'
- netdiag seems reasonably okay
- EVENTLOG: DNS 4007: unable to open zone olddomain.local in AD from the application directory partition
- EVENTLOG: KERBEROS 4: kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/main.domain.local.
- EVENTLOG: NTDS Replication 1863 errors
- EVENTLOG: USERENV 1030 and 1058 errors, gives 'Access is denied.'
- sysvol permissions SEEM okay, but i get 'logon failure: the target account name is incorrect' when trying
to access it by MAINSYSVOLdomainpolicies. domainsysvoldomainpolicies works fine.
- dcdiag wields a series of errors relating to replication errors due to a 1256, and the aforementioned 'target name incorrect'


THOUGHTS:
- i suspect there are rogue entries to OLDDOMAIN on TEST. i don't know how to use ntdsutil to track them down
- SYSVOL permissions SEEM okay
- could just be a shared password key for the domain not working

I did my best to cover all my bases, and have been googling for the past week or so. I don't feel comfortable enough rooting through AD on my own via the command-line to weed out any OLD domain entries that I know exist on the TEST server.

Add a reply
Sponsored Links
Register or log in to remove.
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Group Policy and Replication issues w/2 server Win2003 AD
Go to:

There are 565 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.768 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them