I have just started with a new company that is having a gamut of issues with AD, the previous sysadmin was in the process of changing some our servers over to Linux Distros...sigh.
Anyway, the remote IT manager has hired a Microsoft guy (me)so that is what they're getting. But before I transition some of the servers back to MS2003 server I would like to get the Domain controllers speaking to each other properly.
I have run various command lines to diagnose the issue but the main sticking point that I always seem to come back to is this. The RPC is unavailable (or was), it does point me to the DNS Server but I have checked all the information in the DNS and all IP addresses and hosts files seem to be correct as far as I can tell.
I have gone into active directory sites and services, deleted the auto-generated connections remade them and still no replication.
Here is the DCDIAG: (I've changed the names obviously)
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: MYDOMAIN\DC123
Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS
......................... DC123 passed test Connectivity
Doing primary tests
Testing server: MYDOMAIN\DC123
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
DC123: Current time is 2010-02-03 09:51:16.
CN=Schema,CN=Configuration,DC=mydomain,DC=com
Last replication received from DC999 at 2009-11-13 17:52:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=MYDOMAIN,DC=com
Last replication received from DC999 at 2009-11-13 17:52:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=mydomain,DC=com
Last replication received from DC999 at 2009-11-13 19:02:02.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... DC123 passed test Replications
Starting test: NCSecDesc
......................... DC123 passed test NCSecDesc
Starting test: NetLogons
......................... DC123 passed test NetLogons
Starting test: Advertising
......................... DC123 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC123 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC123 passed test RidManager
Starting test: MachineAccount
......................... DC123 passed test MachineAccount
Starting test: Services
......................... DC123 passed test Services
Starting test: ObjectsReplicated
......................... DC123 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC123 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... DC123 failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x80000785
Time Generated: 02/03/2010 09:47:04
Event String: The attempt to establish a replication link for
......................... DC123 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000416
Time Generated: 02/03/2010 09:28:18
Event String: The DHCP/BINL service on the local machine,
An Error Event occured. EventID: 0x00000457
Time Generated: 02/03/2010 09:33:48
(Event String could not be retrieved)
......................... DC123 failed test systemlog
Starting test: VerifyReferences
......................... DC123 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on: Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : MYDOMAIN
Starting test: CrossRefValidation
......................... MYDOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... MYDOMAIN passed test CheckSDRefDom
Running enterprise tests on : MYDOMAIN.com
Starting test: Intersite
......................... MYDOMAIN.com passed test Intersite
Starting test: FsmoCheck
......................... MYDOMAIN.com passed test FsmoCheck
DC123 is Operations master (has the DNS) and DC999 is Secondary, both are running Server2003. The operations master hasn't synced properly in over three months. :s
Any ideas, suggestions, tips or tricks would be really helpful. Should I transfer roles to the Secondary Domain Controller and rebuild?
Thanks in advance for your help!
Bookmarks