AD Replication

[will]

Please help.

I can't replicate between my two domain controller. When I
rry to force replication in Sites and services, I get
access is denied.

The only thing I changed was renaming the admin account,
which I don't think should affect.
It has been working fine.

Any ideas?

 

[Will]

Sussed it,...
Authenticated users was missing on "access the server from
the network" on Domian controller policy.

 

[S.J.Haribabu]

Hi Will,

Troubleshooting Access Denied Replication Errors
=============================================
This error indicates that the local domain controller failed to
authenticate against its replication partner when creating the replication
link or when trying to replicate over an existing link. This typically
happens when the domain controller has been disconnected from the rest of
the network for a long time and its computer account password is not
synchronized with the computer account password that is stored in the
Active Directory of its replication partner.

Procedures for Troubleshooting Access Denied Replication Errors
===========================================================
1.
Confirm naming context permissions on direct replication partners by using
the dcdiag /test:ntsec command. Verify replication is functioning. If
replication is not functioning properly, continue with the next step.

2.
Confirm that the Enterprise Domain Controllers group contains the "access
this computer from network" right. If you have to add this right, ensure
the domain has applied group policy before proceeding. Verify replication
is functioning. If replication is not functioning properly, continue with
the next step.

3.
Stop the KDC on the local domain controller.

4.
Purge the ticket cache on the local domain controller.

5.
Verify that the domain controller is in the Domain Controllers OU, the
default domain controllers GPO is linked to the OU, and the "access this
computer from network" policy is effective in this domain.

6.
Reset the computer account password on the PDC emulator.

7.
Synchronize the domain naming context of the replication partner with the
PDC emulator.

8.
If the repadmin /showreps command shows no replication partner, see "Link
Sites for Replication" in this guide for procedures to create a replication
link.

9.
Synchronize replication from a source domain controller.

10.
Start the KDC on the local domain controller.

11.
If you get a new "access denied" error message, you must create a
temporary connection link between the domain controller and its replication
partner for the naming contexts.

Will, For more information look at
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/ac
tivedirectory/maintain/opsguide/part1/adogd12.mspx#XSLTsection124121120120

Thanks,

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.