G
Guest
Hi all. Just a couple of q's re ADAM...
1) Is it possible to enforce 1 particular ADAM instance in a configuration set (CS) to be the master for replication to other instances? I have multiple ADAM instances in the CS, but every day I update one instance with data from AD. I need to ensure that this new information is replicated across, and not the old information written over the new stuff. I have set the CS to replicate every morning via ADSI Edit, but there seems to be no option for the direction of replication.
2) I do the ADAM update via a VBScript that removes the partition containing the data, re-creates the partition, then inserts AD info into the instance via ldifde. This is to ensure there is a clean state for the data insertion. Will the removal and replacement of the partition cause any problems within the configuration set? (ie replication issues?)
3) When checking the event logs for ADAM, I receive the following error every day on ALL servers containing an ADAM instance in this CS:
*****
Type: Error EventID: 1864
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
0
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
60
*****
This would seem that replication is not happening at all? I have used dsdiag.exe, but this reveals nothing of interest...
All servers also contain this warning in the ADAM logs:
*****
Type: Warning EventID:1911
The intrasite replication period for this site exceeds the intersite topology generator role election period. This may cause the intersite topology generator role to unnecessarily failover to another directory service in this site.
Site:
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={361EF577-8068-49BA-9230-3B4064F24080}
Unavailability period:
1425
Recommended period in minutes:
1500
User Action
To repair this problem, either set the intrasite replication schedule to its default value, or adjust the interSiteTopologyFailover attribute on this site's NTDS Site Settings object to the recommended period in minutes, which increases the intersite generator election period.
*****
If I take the recommended user action, won't this just affect the AD settings, and not ADAM specifically?
4) I have created another CS containing the same data as my original CS for backup purposes. These are running on totally seperate machines from the original CS (there are two instances in the backup). Both ADAM logs contain the above warning (EventID 1911). I have also come across an error creating a Service Point Connection (SPC) on the replica instance. The error message from the ADAM log is as follows:
*****
Type: Error EvendID: 2537
The directory server has failed to create the ADAM serviceConnectionPoint object in the Active Directory. This operation will be retried.
Additional Data
SCP object DN:
CN={d65d7275-97d3-448e-b82d-5d4cbdc696b9},CN=CMTEST,OU=Domain Controllers,DC=ip-phone,DC=acu,DC=edu,DC=au
Error value:
5 Access is denied.
Server error:
00000005: SecErr: DSID-03151D54, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Internal ID:
3390387
ADAM service account:
PATRICK\Administrator
User Action
If ADAM is running under a local service account, it will be unable to update the data in the Active Directory. Consider changing the ADAM service account to either NetworkService or a domain account.
If ADAM is running under a domain user account, make sure this account has sufficient rights to create the serviceConnectionPoint object.
ServiceConnectionPoint object publication can be disabled for this instance by setting msDS-DisableForInstances attribute on the SCP publication configuration object.
*****
The service account I am using is the same for all ADAM instances in both CS's. This instance is the only time I get this error. I have had no other issues using this account (it is a domain admin account). Would this indicate a permissions problem with the account on the machine causing the error, or is it something more sinister?
I think that's it!! Hopefully someone out there can shed some light on what is going on here...
Cheers,
K.
1) Is it possible to enforce 1 particular ADAM instance in a configuration set (CS) to be the master for replication to other instances? I have multiple ADAM instances in the CS, but every day I update one instance with data from AD. I need to ensure that this new information is replicated across, and not the old information written over the new stuff. I have set the CS to replicate every morning via ADSI Edit, but there seems to be no option for the direction of replication.
2) I do the ADAM update via a VBScript that removes the partition containing the data, re-creates the partition, then inserts AD info into the instance via ldifde. This is to ensure there is a clean state for the data insertion. Will the removal and replacement of the partition cause any problems within the configuration set? (ie replication issues?)
3) When checking the event logs for ADAM, I receive the following error every day on ALL servers containing an ADAM instance in this CS:
*****
Type: Error EventID: 1864
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
0
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
60
*****
This would seem that replication is not happening at all? I have used dsdiag.exe, but this reveals nothing of interest...
All servers also contain this warning in the ADAM logs:
*****
Type: Warning EventID:1911
The intrasite replication period for this site exceeds the intersite topology generator role election period. This may cause the intersite topology generator role to unnecessarily failover to another directory service in this site.
Site:
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={361EF577-8068-49BA-9230-3B4064F24080}
Unavailability period:
1425
Recommended period in minutes:
1500
User Action
To repair this problem, either set the intrasite replication schedule to its default value, or adjust the interSiteTopologyFailover attribute on this site's NTDS Site Settings object to the recommended period in minutes, which increases the intersite generator election period.
*****
If I take the recommended user action, won't this just affect the AD settings, and not ADAM specifically?
4) I have created another CS containing the same data as my original CS for backup purposes. These are running on totally seperate machines from the original CS (there are two instances in the backup). Both ADAM logs contain the above warning (EventID 1911). I have also come across an error creating a Service Point Connection (SPC) on the replica instance. The error message from the ADAM log is as follows:
*****
Type: Error EvendID: 2537
The directory server has failed to create the ADAM serviceConnectionPoint object in the Active Directory. This operation will be retried.
Additional Data
SCP object DN:
CN={d65d7275-97d3-448e-b82d-5d4cbdc696b9},CN=CMTEST,OU=Domain Controllers,DC=ip-phone,DC=acu,DC=edu,DC=au
Error value:
5 Access is denied.
Server error:
00000005: SecErr: DSID-03151D54, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Internal ID:
3390387
ADAM service account:
PATRICK\Administrator
User Action
If ADAM is running under a local service account, it will be unable to update the data in the Active Directory. Consider changing the ADAM service account to either NetworkService or a domain account.
If ADAM is running under a domain user account, make sure this account has sufficient rights to create the serviceConnectionPoint object.
ServiceConnectionPoint object publication can be disabled for this instance by setting msDS-DisableForInstances attribute on the SCP publication configuration object.
*****
The service account I am using is the same for all ADAM instances in both CS's. This instance is the only time I get this error. I have had no other issues using this account (it is a domain admin account). Would this indicate a permissions problem with the account on the machine causing the error, or is it something more sinister?
I think that's it!! Hopefully someone out there can shed some light on what is going on here...
Cheers,
K.