Hi

I have 2 DC in different network segment/vpn and they just have let
replicate.

ServerA is the master domain controller where is has DNS (primary) service
and Exchange installed. ServerB has DNS service and as secondary that is the
DNS from ServerA.

I can ping the ip address of ServerA at ServerB but I can't ping by it's
name. When I do \\ServerA\sysvol or \\ServerA\netlogon it gives me the
following message:
This event log message will appear once per connection, After the problem is
fixed you will
see another event log message indicating that the connection has been
established.

But when I write ">repadmin /showreps" at command line in ServerA it tells
me that is replicating with ServerB but when I do the opposite it tells that
ServerB isn't replicating with ServerA since xxx date.
=========

At the event viewer it appears the following messages:
1) The DNS server list of restricted interfaces contains IP addresses that
are not configured for use
at the server computer.
Use the DNS manager server properties, interfaces dialog, to verify and
reset the IP addresses the
DNS server should listen on. For more information, see "To restrict a DNS
server to listen only
on selected addresses" in the online Help.

2) The File Replication Service is having trouble enabling replication from
ServerA to
ServerB for c:\winnt\sysvol\domain using the DNS name ServerA.domain.com.
FRS will keep
retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name ServerA.domain.com from this
computer.
[2] FRS is not running on ServerA.domain.com.
[3] The topology information in the Active Directory for this replica has
not yet replicated to
all the Domain Controllers.
==========

When I try to force replication from command line at ServerB the following
message appears:

Command:
C:\>repadmin /replicate ServerA ServerB /force

repadmin running command /replicate against server ServerA.domain.com

DsBindWithCred to ServerA.domain.com failed with status 1722 (0x6ba):
Can't retrieve message string 1722 (0x6ba), error 1815.

Hopping for help...
Thanks in advance
Ricky

Hello Ricky,

Please post an unedited ipconfig /all from both DC's here. Also did you run
dcdiag and netdiag? If you have any errors please post also the complete
output here.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> repadmin running command /replicate against server ServerA.domain.com
>

HI RIcky

The major reason for when we get this error message:
DsBindWithCred to ServerA.domain.com failed with status 1722 (0x6ba):
> Can't retrieve message string 1722 (0x6ba), error 1815

Is break in the secure channel

You have also mentioned that itsn ot replicating from xxx number of days
how many number of days its acutally
in windows 2000 it has to be less then 60 days and in windows 2003 less
then 90 days
otehrwise it will through the tombstone error mesage
--

Hope this information will help you

Cheers
Tarun


"Ricky" wrote:

> Hi
>
> I have 2 DC in different network segment/vpn and they just have let
> replicate.
>
> ServerA is the master domain controller where is has DNS (primary) service
> and Exchange installed. ServerB has DNS service and as secondary that is the
> DNS from ServerA.
>
> I can ping the ip address of ServerA at ServerB but I can't ping by it's
> name. When I do \\ServerA\sysvol or \\ServerA\netlogon it gives me the
> following message:
> This event log message will appear once per connection, After the problem is
> fixed you will
> see another event log message indicating that the connection has been
> established.
>
> But when I write ">repadmin /showreps" at command line in ServerA it tells
> me that is replicating with ServerB but when I do the opposite it tells that
> ServerB isn't replicating with ServerA since xxx date.
> =========
>
> At the event viewer it appears the following messages:
> 1) The DNS server list of restricted interfaces contains IP addresses that
> are not configured for use
> at the server computer.
> Use the DNS manager server properties, interfaces dialog, to verify and
> reset the IP addresses the
> DNS server should listen on. For more information, see "To restrict a DNS
> server to listen only
> on selected addresses" in the online Help.
>
> 2) The File Replication Service is having trouble enabling replication from
> ServerA to
> ServerB for c:\winnt\sysvol\domain using the DNS name ServerA.domain.com.
> FRS will keep
> retrying.
> Following are some of the reasons you would see this warning.
>
> [1] FRS can not correctly resolve the DNS name ServerA.domain.com from this
> computer.
> [2] FRS is not running on ServerA.domain.com.
> [3] The topology information in the Active Directory for this replica has
> not yet replicated to
> all the Domain Controllers.
> ==========
>
> When I try to force replication from command line at ServerB the following
> message appears:
>
> Command:
> C:\>repadmin /replicate ServerA ServerB /force
>
> repadmin running command /replicate against server ServerA.domain.com
>
> DsBindWithCred to ServerA.domain.com failed with status 1722 (0x6ba):
> Can't retrieve message string 1722 (0x6ba), error 1815.
>
> Hopping for help...
> Thanks in advance
> Ricky
>
>
>

Hi Rciky

the major reason for getting the error sBindWithCred to ServerA.domain.com
failed with status 1722 (0x6ba):
> Can't retrieve message string 1722 (0x6ba), error 1815
is broken Secure channel
als check from how long the Replication is broken if its more then 60 days
(win2k) then will be in tombstone stage and you will get the error for the
same

also get the dcdiag nad netdiag for more information..
--

Hope this information will help you

Cheers
Tarun


"Ricky" wrote:

> Hi
>
> I have 2 DC in different network segment/vpn and they just have let
> replicate.
>
> ServerA is the master domain controller where is has DNS (primary) service
> and Exchange installed. ServerB has DNS service and as secondary that is the
> DNS from ServerA.
>
> I can ping the ip address of ServerA at ServerB but I can't ping by it's
> name. When I do \\ServerA\sysvol or \\ServerA\netlogon it gives me the
> following message:
> This event log message will appear once per connection, After the problem is
> fixed you will
> see another event log message indicating that the connection has been
> established.
>
> But when I write ">repadmin /showreps" at command line in ServerA it tells
> me that is replicating with ServerB but when I do the opposite it tells that
> ServerB isn't replicating with ServerA since xxx date.
> =========
>
> At the event viewer it appears the following messages:
> 1) The DNS server list of restricted interfaces contains IP addresses that
> are not configured for use
> at the server computer.
> Use the DNS manager server properties, interfaces dialog, to verify and
> reset the IP addresses the
> DNS server should listen on. For more information, see "To restrict a DNS
> server to listen only
> on selected addresses" in the online Help.
>
> 2) The File Replication Service is having trouble enabling replication from
> ServerA to
> ServerB for c:\winnt\sysvol\domain using the DNS name ServerA.domain.com.
> FRS will keep
> retrying.
> Following are some of the reasons you would see this warning.
>
> [1] FRS can not correctly resolve the DNS name ServerA.domain.com from this
> computer.
> [2] FRS is not running on ServerA.domain.com.
> [3] The topology information in the Active Directory for this replica has
> not yet replicated to
> all the Domain Controllers.
> ==========
>
> When I try to force replication from command line at ServerB the following
> message appears:
>
> Command:
> C:\>repadmin /replicate ServerA ServerB /force
>
> repadmin running command /replicate against server ServerA.domain.com
>
> DsBindWithCred to ServerA.domain.com failed with status 1722 (0x6ba):
> Can't retrieve message string 1722 (0x6ba), error 1815.
>
> Hopping for help...
> Thanks in advance
> Ricky
>
>
>

Hi
Post here the results for
dcdiag /v /e /c

--

===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"Ricky" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
>
> I have 2 DC in different network segment/vpn and they just have let
> replicate.
>
> ServerA is the master domain controller where is has DNS (primary) service
> and Exchange installed. ServerB has DNS service and as secondary that is
> the DNS from ServerA.
>
> I can ping the ip address of ServerA at ServerB but I can't ping by it's
> name. When I do \\ServerA\sysvol or \\ServerA\netlogon it gives me the
> following message:
> This event log message will appear once per connection, After the problem
> is fixed you will
> see another event log message indicating that the connection has been
> established.
>
> But when I write ">repadmin /showreps" at command line in ServerA it tells
> me that is replicating with ServerB but when I do the opposite it tells
> that ServerB isn't replicating with ServerA since xxx date.
> =========
>
> At the event viewer it appears the following messages:
> 1) The DNS server list of restricted interfaces contains IP addresses that
> are not configured for use
> at the server computer.
> Use the DNS manager server properties, interfaces dialog, to verify and
> reset the IP addresses the
> DNS server should listen on. For more information, see "To restrict a DNS
> server to listen only
> on selected addresses" in the online Help.
>
> 2) The File Replication Service is having trouble enabling replication
> from ServerA to
> ServerB for c:\winnt\sysvol\domain using the DNS name ServerA.domain.com.
> FRS will keep
> retrying.
> Following are some of the reasons you would see this warning.
>
> [1] FRS can not correctly resolve the DNS name ServerA.domain.com from
> this computer.
> [2] FRS is not running on ServerA.domain.com.
> [3] The topology information in the Active Directory for this replica has
> not yet replicated to
> all the Domain Controllers.
> ==========
>
> When I try to force replication from command line at ServerB the following
> message appears:
>
> Command:
> C:\>repadmin /replicate ServerA ServerB /force
>
> repadmin running command /replicate against server ServerA.domain.com
>
> DsBindWithCred to ServerA.domain.com failed with status 1722 (0x6ba):
> Can't retrieve message string 1722 (0x6ba), error 1815.
>
> Hopping for help...
> Thanks in advance
> Ricky
>

Hi

Here's the result from the command "dcdiag /v /e /c"

=====================================================

Testing server: ServerRegionC\ServerC
Starting test: Connectivity
* Active Directory LDAP Services Check
Server ServerC resolved to this IP address 192.168.100.250,
but the address couldn't be reached(pinged), so check the network.
The error returned was: Error due to lack of resources.
This error more often means that the targeted server is
shutdown or disconnected from the network
......................... ServerC failed test Connectivity

Doing primary tests

Testing server: ServerRegionA\ServerA
Skipping all tests, because server ServerA is
not responding to directory service requests

Testing server: ServerRegionB\ServerB
Starting test: Replications
* Replications Check
[Replications Check,ServerB] A recent replication attempt failed:

From ServerA to ServerB
Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-11-02 15:44.00.
The last success occurred at 2007-09-10 21:25.43.
10652 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ServerB] A recent replication attempt failed:

From ServerA to ServerB
Naming Context: CN=Configuration,DC=domain,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-11-02 15:43.14.
The last success occurred at 2007-09-10 21:25.19.
10655 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ServerB] A recent replication attempt failed:

From ServerA to ServerB
Naming Context: DC=domain,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-11-02 15:42.28.
The last success occurred at 2007-09-07 21:24.08.
10656 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ServerB] A recent replication attempt failed:

From ServerA to ServerB
Naming Context: DC=domain,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2007-11-02 15:42.51.
The last success occurred at 2007-09-10 17:23.20.
10690 failures have occurred since the last success.
The source remains down. Please check the machine.
......................... ServerB passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=domain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=domain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ServerB passed test Topology

Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
CN=Schema,CN=Conf
iguration,DC=domain,DC=com.
* Performing upstream (of target) analysis.
Upstream topology is disconnected for
CN=Schema,CN=Configuration,DC=domain
,DC=com.
Home server ServerB can't get changes from these servers:
ServerRegionD/ServerD
ServerRegionE/ServerE
ServerRegionF/ServerF
* Performing downstream (of target) analysis.

Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=domain
dt,DC=com.
These servers can't get changes from home server ServerB:
ServerRegionD/ServerD
ServerRegionE/ServerE
ServerRegionF/ServerF
* Analyzing the alive system replication topology for
CN=Configuration,
DC=domain,DC=com.

=====================================================

What can you tell me about this?


"Jorge Silva" <(E-Mail Removed)> wrote in message
news:%23q$$(E-Mail Removed)...
> Hi
> Post here the results for
> dcdiag /v /e /c
>
> --
>
> ===================================
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
> ===================================
>
> "Ricky" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi
>>
>> I have 2 DC in different network segment/vpn and they just have let
>> replicate.
>>
>> ServerA is the master domain controller where is has DNS (primary)
>> service and Exchange installed. ServerB has DNS service and as secondary
>> that is the DNS from ServerA.
>>
>> I can ping the ip address of ServerA at ServerB but I can't ping by it's
>> name. When I do \\ServerA\sysvol or \\ServerA\netlogon it gives me the
>> following message:
>> This event log message will appear once per connection, After the problem
>> is fixed you will
>> see another event log message indicating that the connection has been
>> established.
>>
>> But when I write ">repadmin /showreps" at command line in ServerA it
>> tells me that is replicating with ServerB but when I do the opposite it
>> tells that ServerB isn't replicating with ServerA since xxx date.
>> =========
>>
>> At the event viewer it appears the following messages:
>> 1) The DNS server list of restricted interfaces contains IP addresses
>> that are not configured for use
>> at the server computer.
>> Use the DNS manager server properties, interfaces dialog, to verify and
>> reset the IP addresses the
>> DNS server should listen on. For more information, see "To restrict a
>> DNS server to listen only
>> on selected addresses" in the online Help.
>>
>> 2) The File Replication Service is having trouble enabling replication
>> from ServerA to
>> ServerB for c:\winnt\sysvol\domain using the DNS name ServerA.domain.com.
>> FRS will keep
>> retrying.
>> Following are some of the reasons you would see this warning.
>>
>> [1] FRS can not correctly resolve the DNS name ServerA.domain.com from
>> this computer.
>> [2] FRS is not running on ServerA.domain.com.
>> [3] The topology information in the Active Directory for this replica has
>> not yet replicated to
>> all the Domain Controllers.
>> ==========
>>
>> When I try to force replication from command line at ServerB the
>> following message appears:
>>
>> Command:
>> C:\>repadmin /replicate ServerA ServerB /force
>>
>> repadmin running command /replicate against server ServerA.domain.com
>>
>> DsBindWithCred to ServerA.domain.com failed with status 1722 (0x6ba):
>> Can't retrieve message string 1722 (0x6ba), error 1815.
>>
>> Hopping for help...
>> Thanks in advance
>> Ricky
>>
>
>

Hello Ricky,

Again, please post an unedited ipconfig /all from the machines here. The
output shows that you have connection problems and we have to start with
the ip configuration of the machines. Also give some infos about the way
they are connected, switches routers etc.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi
>
> Here's the result from the command "dcdiag /v /e /c"
>
> =====================================================
>
> Testing server: ServerRegionC\ServerC
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> Server ServerC resolved to this IP address 192.168.100.250,
> but the address couldn't be reached(pinged), so check the
> network.
> The error returned was: Error due to lack of resources.
> This error more often means that the targeted server is
> shutdown or disconnected from the network
> ......................... ServerC failed test Connectivity
> Doing primary tests
>
> Testing server: ServerRegionA\ServerA
> Skipping all tests, because server ServerA is
> not responding to directory service requests
> Testing server: ServerRegionB\ServerB
> Starting test: Replications
> * Replications Check
> [Replications Check,ServerB] A recent replication attempt
> failed:
> From ServerA to ServerB
> Naming Context:
> CN=Schema,CN=Configuration,DC=domain,DC=com
> The replication generated an error (1722):
> The RPC server is unavailable.
> The failure occurred at 2007-11-02 15:44.00.
> The last success occurred at 2007-09-10 21:25.43.
> 10652 failures have occurred since the last success.
> The source remains down. Please check the machine.
> [Replications Check,ServerB] A recent replication attempt
> failed:
> From ServerA to ServerB
> Naming Context: CN=Configuration,DC=domain,DC=com
> The replication generated an error (1722):
> The RPC server is unavailable.
> The failure occurred at 2007-11-02 15:43.14.
> The last success occurred at 2007-09-10 21:25.19.
> 10655 failures have occurred since the last success.
> The source remains down. Please check the machine.
> [Replications Check,ServerB] A recent replication attempt
> failed:
> From ServerA to ServerB
> Naming Context: DC=domain,DC=com
> The replication generated an error (1722):
> The RPC server is unavailable.
> The failure occurred at 2007-11-02 15:42.28.
> The last success occurred at 2007-09-07 21:24.08.
> 10656 failures have occurred since the last success.
> The source remains down. Please check the machine.
> [Replications Check,ServerB] A recent replication attempt
> failed:
> From ServerA to ServerB
> Naming Context: DC=domain,DC=com
> The replication generated an error (1722):
> The RPC server is unavailable.
> The failure occurred at 2007-11-02 15:42.51.
> The last success occurred at 2007-09-10 17:23.20.
> 10690 failures have occurred since the last success.
> The source remains down. Please check the machine.
> ......................... ServerB passed test Replications
> Starting test: Topology
> * Configuration Topology Integrity Check
> * Analyzing the connection topology for
> CN=Schema,CN=Configuration,DC=domain,DC=com.
> * Performing upstream (of target) analysis.
> * Performing downstream (of target) analysis.
> * Analyzing the connection topology for
> CN=Configuration,DC=domain,DC=com.
> * Performing upstream (of target) analysis.
> * Performing downstream (of target) analysis.
> ......................... ServerB passed test Topology
> Starting test: CutoffServers
> * Configuration Topology Aliveness Check
> * Analyzing the alive system replication topology for
> CN=Schema,CN=Conf
> iguration,DC=domain,DC=com.
> * Performing upstream (of target) analysis.
> Upstream topology is disconnected for
> CN=Schema,CN=Configuration,DC=domain
> ,DC=com.
> Home server ServerB can't get changes from these servers:
> ServerRegionD/ServerD
> ServerRegionE/ServerE
> ServerRegionF/ServerF
> * Performing downstream (of target) analysis.
> Downstream topology is disconnected for
> CN=Schema,CN=Configuration,DC=domain
> dt,DC=com.
> These servers can't get changes from home server ServerB:
> ServerRegionD/ServerD
> ServerRegionE/ServerE
> ServerRegionF/ServerF
> * Analyzing the alive system replication topology for
> CN=Configuration,
> DC=domain,DC=com.
>
> =====================================================
>
> What can you tell me about this?
>
> "Jorge Silva" <(E-Mail Removed)> wrote in message
> news:%23q$$(E-Mail Removed)...
>
>> Hi
>> Post here the results for
>> dcdiag /v /e /c
>> --
>>
>> ===================================
>> I hope that the information above helps you.
>> Have a Nice day.
>> Jorge Silva
>> MCSE, MVP Directory Services
>> ===================================
>> "Ricky" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>
>>> Hi
>>>
>>> I have 2 DC in different network segment/vpn and they just have let
>>> replicate.
>>>
>>> ServerA is the master domain controller where is has DNS (primary)
>>> service and Exchange installed. ServerB has DNS service and as
>>> secondary that is the DNS from ServerA.
>>>
>>> I can ping the ip address of ServerA at ServerB but I can't ping by
>>> it's
>>> name. When I do \\ServerA\sysvol or \\ServerA\netlogon it gives me
>>> the
>>> following message:
>>> This event log message will appear once per connection, After the
>>> problem
>>> is fixed you will
>>> see another event log message indicating that the connection has
>>> been
>>> established.
>>> But when I write ">repadmin /showreps" at command line in ServerA it
>>> tells me that is replicating with ServerB but when I do the opposite
>>> it tells that ServerB isn't replicating with ServerA since xxx date.
>>> =========
>>>
>>> At the event viewer it appears the following messages:
>>> 1) The DNS server list of restricted interfaces contains IP
>>> addresses
>>> that are not configured for use
>>> at the server computer.
>>> Use the DNS manager server properties, interfaces dialog, to verify
>>> and
>>> reset the IP addresses the
>>> DNS server should listen on. For more information, see "To restrict
>>> a
>>> DNS server to listen only
>>> on selected addresses" in the online Help.
>>> 2) The File Replication Service is having trouble enabling
>>> replication
>>> from ServerA to
>>> ServerB for c:\winnt\sysvol\domain using the DNS name
>>> ServerA.domain.com.
>>> FRS will keep
>>> retrying.
>>> Following are some of the reasons you would see this warning.
>>> [1] FRS can not correctly resolve the DNS name ServerA.domain.com
>>> from
>>> this computer.
>>> [2] FRS is not running on ServerA.domain.com.
>>> [3] The topology information in the Active Directory for this
>>> replica has
>>> not yet replicated to
>>> all the Domain Controllers.
>>> ==========
>>> When I try to force replication from command line at ServerB the
>>> following message appears:
>>>
>>> Command:
>>> C:\>repadmin /replicate ServerA ServerB /force
>>> repadmin running command /replicate against server
>>> ServerA.domain.com
>>>
>>> DsBindWithCred to ServerA.domain.com failed with status 1722
>>> (0x6ba): Can't retrieve message string 1722 (0x6ba), error 1815.
>>>
>>> Hopping for help...
>>> Thanks in advance
>>> Ricky

Hi
The servers are connected through routers and the "ipconfig /all" for
ServerA is:

Windows IP Configuration
Host Name . . . . . . . . . . . . : ServerA
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0B-CD-E6-BD-A0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.50.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.50.254
DNS Servers . . . . . . . . . . . : 192.168.50.250
=====================================
The "ipconfig /all" for ServerB is:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : ServerB
Primary DNS Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-02-A5-ED-51-C8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.60.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.60.254
DNS Servers . . . . . . . . . . . : 192.168.60.250
192.168.50.250
Primary WINS Server . . . . . . . : 192.168.60.250

If it is necessary to put more information just tell me. I just one to be
able to solve this issue.

Thanks
Ricky

=====================================



"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:(E-Mail Removed)...
> Hello Ricky,
>
> Again, please post an unedited ipconfig /all from the machines here. The
> output shows that you have connection problems and we have to start with
> the ip configuration of the machines. Also give some infos about the way
> they are connected, switches routers etc.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
>
>> Hi
>>
>> Here's the result from the command "dcdiag /v /e /c"
>>
>> =====================================================
>>
>> Testing server: ServerRegionC\ServerC
>> Starting test: Connectivity
>> * Active Directory LDAP Services Check
>> Server ServerC resolved to this IP address 192.168.100.250,
>> but the address couldn't be reached(pinged), so check the
>> network.
>> The error returned was: Error due to lack of resources.
>> This error more often means that the targeted server is
>> shutdown or disconnected from the network
>> ......................... ServerC failed test Connectivity
>> Doing primary tests
>>
>> Testing server: ServerRegionA\ServerA
>> Skipping all tests, because server ServerA is
>> not responding to directory service requests
>> Testing server: ServerRegionB\ServerB
>> Starting test: Replications
>> * Replications Check
>> [Replications Check,ServerB] A recent replication attempt
>> failed:
>> From ServerA to ServerB
>> Naming Context:
>> CN=Schema,CN=Configuration,DC=domain,DC=com
>> The replication generated an error (1722):
>> The RPC server is unavailable.
>> The failure occurred at 2007-11-02 15:44.00.
>> The last success occurred at 2007-09-10 21:25.43.
>> 10652 failures have occurred since the last success.
>> The source remains down. Please check the machine.
>> [Replications Check,ServerB] A recent replication attempt
>> failed:
>> From ServerA to ServerB
>> Naming Context: CN=Configuration,DC=domain,DC=com
>> The replication generated an error (1722):
>> The RPC server is unavailable.
>> The failure occurred at 2007-11-02 15:43.14.
>> The last success occurred at 2007-09-10 21:25.19.
>> 10655 failures have occurred since the last success.
>> The source remains down. Please check the machine.
>> [Replications Check,ServerB] A recent replication attempt
>> failed:
>> From ServerA to ServerB
>> Naming Context: DC=domain,DC=com
>> The replication generated an error (1722):
>> The RPC server is unavailable.
>> The failure occurred at 2007-11-02 15:42.28.
>> The last success occurred at 2007-09-07 21:24.08.
>> 10656 failures have occurred since the last success.
>> The source remains down. Please check the machine.
>> [Replications Check,ServerB] A recent replication attempt
>> failed:
>> From ServerA to ServerB
>> Naming Context: DC=domain,DC=com
>> The replication generated an error (1722):
>> The RPC server is unavailable.
>> The failure occurred at 2007-11-02 15:42.51.
>> The last success occurred at 2007-09-10 17:23.20.
>> 10690 failures have occurred since the last success.
>> The source remains down. Please check the machine.
>> ......................... ServerB passed test Replications
>> Starting test: Topology
>> * Configuration Topology Integrity Check
>> * Analyzing the connection topology for
>> CN=Schema,CN=Configuration,DC=domain,DC=com.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> * Analyzing the connection topology for
>> CN=Configuration,DC=domain,DC=com.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> ......................... ServerB passed test Topology
>> Starting test: CutoffServers
>> * Configuration Topology Aliveness Check
>> * Analyzing the alive system replication topology for
>> CN=Schema,CN=Conf
>> iguration,DC=domain,DC=com.
>> * Performing upstream (of target) analysis.
>> Upstream topology is disconnected for
>> CN=Schema,CN=Configuration,DC=domain
>> ,DC=com.
>> Home server ServerB can't get changes from these servers:
>> ServerRegionD/ServerD
>> ServerRegionE/ServerE
>> ServerRegionF/ServerF
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for
>> CN=Schema,CN=Configuration,DC=domain
>> dt,DC=com.
>> These servers can't get changes from home server ServerB:
>> ServerRegionD/ServerD
>> ServerRegionE/ServerE
>> ServerRegionF/ServerF
>> * Analyzing the alive system replication topology for
>> CN=Configuration,
>> DC=domain,DC=com.
>>
>> =====================================================
>>
>> What can you tell me about this?
>>
>> "Jorge Silva" <(E-Mail Removed)> wrote in message
>> news:%23q$$(E-Mail Removed)...
>>
>>> Hi
>>> Post here the results for
>>> dcdiag /v /e /c
>>> --
>>>
>>> ===================================
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>> Jorge Silva
>>> MCSE, MVP Directory Services
>>> ===================================
>>> "Ricky" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>
>>>> Hi
>>>>
>>>> I have 2 DC in different network segment/vpn and they just have let
>>>> replicate.
>>>>
>>>> ServerA is the master domain controller where is has DNS (primary)
>>>> service and Exchange installed. ServerB has DNS service and as
>>>> secondary that is the DNS from ServerA.
>>>>
>>>> I can ping the ip address of ServerA at ServerB but I can't ping by
>>>> it's
>>>> name. When I do \\ServerA\sysvol or \\ServerA\netlogon it gives me
>>>> the
>>>> following message:
>>>> This event log message will appear once per connection, After the
>>>> problem
>>>> is fixed you will
>>>> see another event log message indicating that the connection has
>>>> been
>>>> established.
>>>> But when I write ">repadmin /showreps" at command line in ServerA it
>>>> tells me that is replicating with ServerB but when I do the opposite
>>>> it tells that ServerB isn't replicating with ServerA since xxx date.
>>>> =========
>>>>
>>>> At the event viewer it appears the following messages:
>>>> 1) The DNS server list of restricted interfaces contains IP
>>>> addresses
>>>> that are not configured for use
>>>> at the server computer.
>>>> Use the DNS manager server properties, interfaces dialog, to verify
>>>> and
>>>> reset the IP addresses the
>>>> DNS server should listen on. For more information, see "To restrict
>>>> a
>>>> DNS server to listen only
>>>> on selected addresses" in the online Help.
>>>> 2) The File Replication Service is having trouble enabling
>>>> replication
>>>> from ServerA to
>>>> ServerB for c:\winnt\sysvol\domain using the DNS name
>>>> ServerA.domain.com.
>>>> FRS will keep
>>>> retrying.
>>>> Following are some of the reasons you would see this warning.
>>>> [1] FRS can not correctly resolve the DNS name ServerA.domain.com
>>>> from
>>>> this computer.
>>>> [2] FRS is not running on ServerA.domain.com.
>>>> [3] The topology information in the Active Directory for this
>>>> replica has
>>>> not yet replicated to
>>>> all the Domain Controllers.
>>>> ==========
>>>> When I try to force replication from command line at ServerB the
>>>> following message appears:
>>>>
>>>> Command:
>>>> C:\>repadmin /replicate ServerA ServerB /force
>>>> repadmin running command /replicate against server
>>>> ServerA.domain.com
>>>>
>>>> DsBindWithCred to ServerA.domain.com failed with status 1722
>>>> (0x6ba): Can't retrieve message string 1722 (0x6ba), error 1815.
>>>>
>>>> Hopping for help...
>>>> Thanks in advance
>>>> Ricky
>
>

"Ricky" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi
> The servers are connected through routers and the "ipconfig /all" for
> ServerA is:
>
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : ServerA
> Primary Dns Suffix . . . . . . . : domain.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : domain.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
> Physical Address. . . . . . . . . : 00-0B-CD-E6-BD-A0
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.50.250
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.50.254
> DNS Servers . . . . . . . . . . . : 192.168.50.250
> =====================================
> The "ipconfig /all" for ServerB is:
>
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : ServerB
> Primary DNS Suffix . . . . . . . : domain.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : domain.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
> Physical Address. . . . . . . . . : 00-02-A5-ED-51-C8
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.60.250
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.60.254
> DNS Servers . . . . . . . . . . . : 192.168.60.250
> 192.168.50.250
> Primary WINS Server . . . . . . . : 192.168.60.250
>
> If it is necessary to put more information just tell me. I just one to be
> able to solve this issue.
>
> Thanks
> Ricky


It appears B can't get changes from A, D, E and F due to RPC server not
available. Whenever I see that, it hints at a few things:

- Firewall rules are blocking necessary traffic
- Host name is not registered in DNS, therefore not resolving
- The DC's GUID is not resolvable possibly because it's not registered in
DNS SRVs

Check the firewall rules please. Anything blocking it between Sites?
Is there any local firewalls installed?
How about antivirus blocking temp folder executables and creation of temp
files? McAfee does that.
Is your AV configured to exclude/ignore the NTDS and Sysvol folders?
Were the default C: drive permissions ever altered?
Any errors in any of the Event viewer logs on Server B?
Are there any EventID #53258, Source=MSDTC errors?
How about the other servers?
Please post all the EventID #s and the Source names from all servers. Even
if they don't appear to be AD errors, post them anyway. To give you an
example, the MSDTC 53258's don't appear to be DC related, but they actually
are.

Try changing the first DNS entry on ServerB to 192.168.50.250 (which should
be ServerA's IP address) and restart ServerB.

Also...
Download and test port connectivity by using portqry from Microsoft:
http://support.microsoft.com/kb/832919

When you run the portqry commands, run them on different servers between
each other and write down the results, such as this result matrix I created
trying to find a replication issue for a customer I ran recently. Notice I
found there were issues with ServerA to ServerC, ServerE and to ServerF
replication. You can see that with the failures with the UDP 389 test.
Please run it on yours and post your results please. The resulting issue
with the mess below were a combination of things. ServerA had 53258's. The
KCC would also not reevaluate the topology. I deleted the connection objects
and created my own, but that still didn't work. I fixed the MSDTC issue and
deleted ALL connection objects to ServerA and had the KCC reevaluate the
topology and it finally worked.

======================
Test | Result

from ServerA to ServerB:
portqry -n ServerB.xyz.domain.com -p udp -e 389 | passed
portqry -n ServerB.xyz.domain.com -p tcp -e 389 | passed

from ServerA to ServerC:
portqry -n ServerC.abc.domain.com -p udp -e 389 | failed **
portqry -n ServerC.abc.domain.com -p tcp -e 389 | passed

from ServerA to ServerF:
portqry -n ServerF.abc.domain.com -p udp -e 389 | failed **
portqry -n ServerF.abc.domain.com -p tcp -e 389 | passed

from ServerC to ServerA:
portqry -n ServerA.xyz.domain.com -p udp -e 389 | failed **
portqry -n ServerA.xyz.domain.com -p tcp -e 389 | passed

from ServerC to ServerB:
portqry -n ServerB.xyz.domain.com -p udp -e 389 | passed
portqry -n ServerB.xyz.domain.com -p tcp -e 389 | passed

from ServerC to ServerD:
portqry -n ServerD.def.domain.com -p udp -e 389 | passed
portqry -n ServerD.def.domain.com -p tcp -e 389 | passed

from ServerA to ServerE:
portqry -n ServerE.def.domain.com -p udp -e 389 | failed **
portqry -n ServerE.def.domain.com -p tcp -e 389 | passed
======================

Good luck...


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Ace

Before you or other MVP/guru answers try to help me out about the homework
you've advice me to do just let me say thanks to this newsgroup but above
that Congratulate the people who help others like me.

Thanks guys

The answers are below your questions... Please see it and correct them if
necessary.


Thanks

"Ace Fekay [MVP]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
> "Ricky" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Hi
>> The servers are connected through routers and the "ipconfig /all" for
>> ServerA is:
>>
>> Windows IP Configuration
>> Host Name . . . . . . . . . . . . : ServerA
>> Primary Dns Suffix . . . . . . . : domain.com
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : domain.com
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
>> Physical Address. . . . . . . . . : 00-0B-CD-E6-BD-A0
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.50.250
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.50.254
>> DNS Servers . . . . . . . . . . . : 192.168.50.250
>> =====================================
>> The "ipconfig /all" for ServerB is:
>>
>> Windows 2000 IP Configuration
>>
>> Host Name . . . . . . . . . . . . : ServerB
>> Primary DNS Suffix . . . . . . . : domain.com
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : domain.com
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
>> Physical Address. . . . . . . . . : 00-02-A5-ED-51-C8
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.60.250
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.60.254
>> DNS Servers . . . . . . . . . . . : 192.168.60.250
>> 192.168.50.250
>> Primary WINS Server . . . . . . . : 192.168.60.250
>>
>> If it is necessary to put more information just tell me. I just one to be
>> able to solve this issue.
>>
>> Thanks
>> Ricky
>
>
===================
Answers:

It appears B can't get changes from A, D, E and F due to RPC server not
available. Whenever I see that, it hints at a few things:

- Firewall rules are blocking necessary traffic
Answer: I've notice by doing a telnet to ports 137 (no connection), 139,
135, 138 (no connection), 445, 389, 636 (no connection), 3268, 3269 (no
connection), 88, 53, 1512 (no connection), 3389 from ServerB to ServerA

- Host name is not registered in DNS, therefore not resolving
Answer: I think the DNS is registered but can you tell me how can I make
sure that information is correct?

- The DC's GUID is not resolvable possibly because it's not registered in
DNS SRVs
Answer: How can I verify this information?

Check the firewall rules please. Anything blocking it between Sites?
Answer: No

Is there any local firewalls installed?
Answer: It exists a ISA 2004 proxy but it isn't used to do firewall

How about antivirus blocking temp folder executables and creation of temp
files? McAfee does that.
Answer: We have Trend Micro

Is your AV configured to exclude/ignore the NTDS and Sysvol folders?
Answer: Yes

Were the default C: drive permissions ever altered?
Answer: No

Any errors in any of the Event viewer logs on Server B?
Answer: Yes, they are several errors at event viewer on ServerB
DNS Server: (event id 409)
The DNS server list of restricted interfaces contains IP addresses that are
not configured for use at the server computer.
Use the DNS manager server properties, interfaces dialog, to verify and
reset the IP addresses the DNS server should listen on. For more
information, see "To restrict a DNS server to listen only on selected
addresses" in the online Help.

File Replication Service: (event id 13508)
he File Replication Service is having trouble enabling replication from
ServerA to ServerB for c:\winnt\sysvol\domain using the DNS name
ServerA.domain.com. FRS will keep retrying.

Following are some of the reasons you would see this warning.


[1] FRS can not correctly resolve the DNS name ServerA.domain.com from this
computer.

[2] FRS is not running on ServerA.domain.com.

[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.


This event log message will appear once per connection, After the problem is
fixed you will see another event log message indicating that the connection
has been established.

File Replication Service: (event id 13562)
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller ServerB.domain.com
for FRS replica set configuration information.


The nTDSConnection object cn=ServerA,cn=ntds
settings,cn=ServerB,cn=servers,cn=ServerRegionB,cn=sites,cn=configuration,dc=domain,dc=com
is conflicting with cn=ServerA\

cnf:0fa651c9-522d-446e-90db-a4cf75549246,cn=ntds
settings,cn=ServerB,cn=servers,cn=ServerB,cn=sites,cn=configuration,dc=domain,dc=com.
Using cn=ServerA,cn=ntds
settings,cn=ServerB,cn=servers,cn=ServerRegionB,cn=sites,cn=configuration,dc=domain,dc=com


Are there any EventID #53258, Source=MSDTC errors?

Answer: No, there isn't any eventID 53258 but I have this:

Directory Service: (event id NTDS KCC 1265)

The attempt to establish a replication link with parameters


Partition: CN=Schema,CN=Configuration,DC=domain,DC=com

Source DSA DN: CN=NTDS
Settings,CN=ServerRegionDR,CN=Servers,CN=DR,CN=Sites,CN=Configuration,DC=domain,DC=com

Source DSA Address: d655b9b7-1ee1-4ae6-a57a-b406d3ce018f._msdcs.domain.com

Inter-site Transport (if any): CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=domain,DC=com


failed with the following status:


The RPC server is unavailable.


The record data is the status code. This operation will be retried.

Please post all the EventID #s and the Source names from all servers. Even
if they don't appear to be AD errors, post them anyway. To give you an
example, the MSDTC 53258's don't appear to be DC related, but they actually
are.

How about the other servers?

ServerC - Directory Service: (event id 1265)

The attempt to establish a replication link for the following writable
directory partition failed.


Directory partition:

DC=domain,DC=com

Source domain controller:

CN=NTDS
Settings,CN=ServerRegionA,CN=Servers,CN=ServerRegion,CN=Sites,CN=Configuration,DC=domain,DC=com

Source domain controller address:

012e04d1-94e4-4931-85e5-b083e9883cf7._msdcs.domain.com

Intersite transport (if any):

CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC=com


This domain controller will be unable to replicate with the source domain
controller until this problem is corrected.


User Action

Verify if the source domain controller is accessible or network connectivity
is available.


Additional Data

Error value:

1722 The RPC server is unavailable.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

=========

ServerC - Directory Service: (event id 1925)

The attempt to establish a replication link for the following writable
directory partition failed.


Directory partition:

DC=domain,DC=com

Source domain controller:

CN=NTDS
Settings,CN=ServerRegionA,CN=Servers,CN=ServerRegion,CN=Sites,CN=Configuration,DC=domain,DC=com

Source domain controller address:

012e04d1-94e4-4931-85e5-b083e9883cf7._msdcs.domain.com

Intersite transport (if any):

CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC=com


This domain controller will be unable to replicate with the source domain
controller until this problem is corrected.


User Action

Verify if the source domain controller is accessible or network connectivity
is available.


Additional Data

Error value:

1722 The RPC server is unavailable.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

========================

ServerC - Directory Service: (event id 1865; 1311 and 1566)

1566

The Knowledge Consistency Checker (KCC) has detected problems with the
following directory partition.


Directory partition:

CN=Configuration,DC=domain,DC=com


There is insufficient site connectivity information in Active Directory
Sites and Services for the KCC to create a spanning tree replication
topology. Or, one or more domain controllers with this directory partition
are unable to replicate the directory partition information. This is
probably due to inaccessible domain controllers.


User Action

Use Active Directory Sites and Services to perform one of the following
actions:

- Publish sufficient site connectivity information so that the KCC can
determine a route by which this directory partition can reach this site.
This is the preferred option.

- Add a Connection object to a domain controller that contains the directory
partition in this site from a domain controller that contains the same
directory partition in another site.


If neither of the Active Directory Sites and Services tasks correct this
condition, see previous events logged by the KCC that identify the
inaccessible domain controllers.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



Try changing the first DNS entry on ServerB to 192.168.50.250 (which should
be ServerA's IP address) and restart ServerB.
Answer: It's already been done


> Also...
> Download and test port connectivity by using portqry from Microsoft:
> http://support.microsoft.com/kb/832919
>
> When you run the portqry commands, run them on different servers between
> each other and write down the results, such as this result matrix I
> created trying to find a replication issue for a customer I ran recently.
> Notice I found there were issues with ServerA to ServerC, ServerE and to
> ServerF replication. You can see that with the failures with the UDP 389
> test. Please run it on yours and post your results please. The resulting
> issue with the mess below were a combination of things. ServerA had
> 53258's. The KCC would also not reevaluate the topology. I deleted the
> connection objects and created my own, but that still didn't work. I fixed
> the MSDTC issue and deleted ALL connection objects to ServerA and had the
> KCC reevaluate the topology and it finally worked.
>
> ======================
> Test | Result
>
> from ServerA to ServerB:
> portqry -n ServerB.xyz.domain.com -p udp -e 389 | passed
> portqry -n ServerB.xyz.domain.com -p tcp -e 389 | passed
>
> from ServerA to ServerC:
> portqry -n ServerC.abc.domain.com -p udp -e 389 | failed **
> portqry -n ServerC.abc.domain.com -p tcp -e 389 | passed
>
> from ServerA to ServerF:
> portqry -n ServerF.abc.domain.com -p udp -e 389 | failed **
> portqry -n ServerF.abc.domain.com -p tcp -e 389 | passed
>
> from ServerC to ServerA:
> portqry -n ServerA.xyz.domain.com -p udp -e 389 | failed **
> portqry -n ServerA.xyz.domain.com -p tcp -e 389 | passed
>
> from ServerC to ServerB:
> portqry -n ServerB.xyz.domain.com -p udp -e 389 | passed
> portqry -n ServerB.xyz.domain.com -p tcp -e 389 | passed
>
> from ServerC to ServerD:
> portqry -n ServerD.def.domain.com -p udp -e 389 | passed
> portqry -n ServerD.def.domain.com -p tcp -e 389 | passed
>
> from ServerA to ServerE:
> portqry -n ServerE.def.domain.com -p udp -e 389 | failed **
> portqry -n ServerE.def.domain.com -p tcp -e 389 | passed
> ======================
>
> Good luck...

Here it is the result of the tests you've told me to do. Thanks for tips.

from ServerA to ServerB

C:\>portqry -n ServerB.domain.com -p udp -e 389

Querying target system called:

serverB.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.60.250


UDP port 389 (unknown service): LISTENING or FILTERED

Sending LDAP query to UDP port 389...

LDAP query response:


currentdate: 11/03/2007 18:04:24 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=ServerB,CN=Servers,CN=ServerRegionB,CN=Sites
namingContexts: CN=Schema,CN=Configuration,DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1943210
supportedSASLMechanisms: GSSAPI
dnsHostName: serverB.domain.com
ldapServiceName: domain.com:serverB$@domain.com
serverName:
CN=ServerB,CN=Servers,CN=ServerRegionB,CN=Sites,CN=Configuration,DC
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE

======== End of LDAP query response ========
UDP port 389 is LISTENING

C:\>
=======================

from ServerA to ServerB

C:\>portqry -n ServerB.domain.com -p tcp -e 389

Querying target system called:

serverB.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.60.250


TCP port 389 (ldap service): LISTENING

Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 11/03/2007 18:14:12 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverB,CN=Servers,CN=serverRegionB,CN=Site
namingContexts: CN=Schema,CN=Configuration,DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1943232
supportedSASLMechanisms: GSSAPI
dnsHostName: serverB.domain.com
ldapServiceName: domain.com:serverB$@domain.com
serverName:
CN=serverB,CN=Servers,CN=serverRegionB,CN=Sites,CN=Configuration,D
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE

======== End of LDAP query response ========
==============================
==============================

from ServerA to ServerC:

C:\>portqry -n ServerC.domain.com -p udp -e 389

Querying target system called:

serverC.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.70.250


UDP port 389 (unknown service): LISTENING or FILTERED

Sending LDAP query to UDP port 389...

LDAP query response:


currentdate: 11/03/2007 18:18:51 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 2168772
supportedSASLMechanisms: GSSAPI
dnsHostName: serverC.domain.com
ldapServiceName: domain.com:serverC$@domain.com
serverName:
CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2

======== End of LDAP query response ========

UDP port 389 is LISTENING


C:\>
=======================

from ServerA to ServerC:

C:\>portqry -n serverC.domain.com -p tcp -e 389

Querying target system called:

serverC.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.70.250


TCP port 389 (ldap service): LISTENING

Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 11/03/2007 18:20:39 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 2168772
supportedSASLMechanisms: GSSAPI
dnsHostName: serverC.domain.com
ldapServiceName: domain.com:serverC$@domain.com
serverName:
CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2

======== End of LDAP query response ========

C:\>
=======================
=======================

from ServerA to ServerD:

C:\>portqry -n serverD.domain.com -p udp -e 389

Querying target system called:

serverD.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.80.250


UDP port 389 (unknown service): LISTENING or FILTERED

Sending LDAP query to UDP port 389...

LDAP query response:


currentdate: 11/03/2007 18:23:21 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverD,CN=Servers,CN=serverRegionD,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1894574
supportedSASLMechanisms: GSSAPI
dnsHostName: serverD.domain.com
ldapServiceName: domain.com:serverD$@domain.com
serverName:
CN=serverD,CN=Servers,CN=serverRegionD,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2


======== End of LDAP query response ========

UDP port 389 is LISTENING


C:\>
============================

from ServerA to ServerD:

C:\>portqry -n serverD.domain.com -p tcp -e 389

Querying target system called:

serverD.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.80.250


TCP port 389 (ldap service): LISTENING

Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 11/03/2007 18:24:17 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverD,CN=Servers,CN=serverRegionD,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1894575
supportedSASLMechanisms: GSSAPI
dnsHostName: serverD.domain.com
ldapServiceName: domain.com:serverD$@domain.com
serverName:
CN=serverD,CN=Servers,CN=serverRegionD,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2


======== End of LDAP query response ========

C:\>

======================================
======================================

from ServerC to ServerA:

C:\>portqry -n serverA.domain.com -p udp -e 389

Querying target system called:

serverA.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.50.250


UDP port 389 (unknown service): LISTENING or FILTERED

Sending LDAP query to UDP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query
============================

from ServerC to ServerA:

C:\>portqry -n serverA.domain.com -p tcp -e 389

Querying target system called:

serverA.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.50.250


TCP port 389 (ldap service): FILTERED

C:\>

===========================
===========================

from ServerC to ServerB:

C:\>portqry -n serverA.domain.com -p tcp -e 389

Querying target system called:

serverA.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.50.250
===============================

from ServerC to ServerB:

C:\>portqry -n serverB.domain.com -p tcp -e 389

Querying target system called:

serverB.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.60.250


TCP port 389 (ldap service): LISTENING

Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 11/03/2007 18:34:02 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS Settings,CN=ServerB,CN=Servers,CN=ServerRegionB,CN=Si
tes,CN=Configuration,DC=domain,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1943259
supportedSASLMechanisms: GSSAPI
dnsHostName: serverB.domain.com
ldapServiceName: domain.com:serverB$@domain.com
serverName: CN=serverB,CN=Servers,CN=serverRegionB,CN=Sites,CN=Configuration
,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE


======== End of LDAP query response ========

C:\>
==============================
==============================

from ServerC to ServerD:

C:\>portqry -n taipas01cat.domain.com -p udp -e 389

Querying target system called:

taipas01cat.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.80.250


UDP port 389 (unknown service): LISTENING or FILTERED

Sending LDAP query to UDP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query
=================================

from ServerC to ServerD:

C:\>portqry -n serverD.domain.com -p tcp -e 389

Querying target system called:

serverD.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.80.250


TCP port 389 (ldap service): FILTERED
===================================
===================================


from ServerA to ServerE:

C:\>portqry -n serverE.domain.com -p udp -e 389

Querying target system called:

serverE.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.90.250


UDP port 389 (unknown service): LISTENING or FILTERED

Sending LDAP query to UDP port 389...

LDAP query response:


currentdate: 11/03/2007 18:48:13 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverE,CN=Servers,CN=serverRegionE,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 3153777
supportedSASLMechanisms: GSSAPI
dnsHostName: serverE.domain.com
ldapServiceName: domain.com:serverE$@domain.com
serverName:
CN=serverE,CN=Servers,CN=serverRegionE,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2


======== End of LDAP query response ========

UDP port 389 is LISTENING


C:\>

========================

from ServerA to ServerE:

C:\>portqry -n serverE.domain.com -p tcp -e 389

Querying target system called:

serverE.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.90.250


TCP port 389 (ldap service): LISTENING

Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 11/03/2007 19:07:38 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverE,CN=Servers,CN=serverRegionE,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 3153819
supportedSASLMechanisms: GSSAPI
dnsHostName: coimbra01cat.domain.com
ldapServiceName: domain.com:serverE$@domain.com
serverName:
CN=serverE,CN=Servers,CN=serverRegionE,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2


======== End of LDAP query response ========

C:\>
========================
========================

from ServerB to ServerC:

C:\PortQryUI>portqry -n serverC.domain.com -p udp -e 389

Querying target system called:

serverC.domain.com

Attemcoming to resolve name to IP address...


Name resolved to 192.168.70.250

querying...

UDP port 389 (unknown service): LISTENING or FILTERED

Using ephemeral source port
Sending LDAP query to UDP port 389...

LDAP query response:


currentdate: 11/03/2007 19:22:24 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverC,CN=Servers,CN=serverRegionC,CN=Site
s,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 2168825
supportedSASLMechanisms: GSSAPI
dnsHostName: serverC.domain.com
ldapServiceName: domain.com:serverC$@domain.com
serverName:
CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,D
C=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2


======== End of LDAP query response ========

UDP port 389 is LISTENING


C:\PortQryUI>
==============================

from ServerB to ServerC:

C:\PortQryUI>portqry -n serverC.domain.com -p tcp -e 389

Querying target system called:

serverC.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.70.250

querying...

TCP port 389 (ldap service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 11/03/2007 19:23:11 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=ServerC,CN=Servers,CN=serverRegionC,CN=Site
s,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 2168825
supportedSASLMechanisms: GSSAPI
dnsHostName: serverC.domain.com
ldapServiceName: domain.com:serverC$@domain.com
serverName:
CN=serverRegionC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,D
C=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2


======== End of LDAP query response ========

C:\PortQryUI>

==========================================
==========================================

from ServerB to ServerA:

C:\PortQryUI>portqry -n serverA.domain.com -p udp -e 389

Querying target system called:

serverA.domain.com

Attemcoming to resolve name to IP address...


Name resolved to 192.168.50.250

querying...

UDP port 389 (unknown service): LISTENING or FILTERED

Using ephemeral source port
Sending LDAP query to UDP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query

C:\PortQryUI>

================================

from ServerB to ServerA:

C:\PortQryUI>portqry -n serverA.domain.com -p tcp -e 389

Querying target system called:

serverA.domain.com

Attemcoming to resolve name to IP address...

Name resolved to 192.168.50.250

querying...

TCP port 389 (ldap service): FILTERED

C:\PortQryUI>













> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations
>
>
>
>
>