How to solve AD replication problem ?

[emma]

Dear All,

I got 2 DC running in a.com domain,Both DC is in the same
site.i ran dcdiag and netdiag tools and what i found was
that "A recent replication attempt failed: from DC2 to
DC1", and second error message i got was that "The File
replication Service is having trouble enabling replication
from DC2 to DC1 for c:\winnt\sysvol\domain using the DNS
name DC2.a.com.FRS will keep trying" and third error i got
was "The RPC server is too busy to complete this
operation". All this i got from when i ran dcdiag from
DC1, but none error on DC2. For the 3rd error i try out
the command net time i found on microsoft website but
still nothing happen. For the 2nd error , i m supposed to
run file replication utility named ntfrsutl.exe, but i
couldnt find that utility on the support tools, even on
microsoft website also i did not manage to find it. And i
think the 1st error got to do with 2nd and 3rd unless i
can solve them first. Ping, NS lookup do not have any
problem. Hope you guys can give me advice on how to solve
this problem. I'm really really stuck and hope for a
helping hand. Thank you very much.

 

[Cary Shultz [A.D. MVP]]

Emma,

Here is the link to FRSDIAG:

http://www.microsoft.com/downloads/...8e-8553-4de7-811a-562563eb5ebf&DisplayLang=en

Be very aware of the requirements. I am not able to find the utility that
you mentioned, either. Do not specifically recall if that is a valid
utility ( wanna say that it is ). I will look in my collection to see. Is
it spelled correctly? Should it be ntfrsutil.exe?

If the link above does not work then let me know as I have it downloaded and
will simply e-mail you the file. It is something like 380kb so hopefully
the size should not be a problem.

Have you looked at repadmin - which is part of the Support Tools? Try
repadmin /showreps. This might help you. It seems like the incoming
connection object representing DC02 on DC01 is not there. This could be a
KCC problem ( maybe the Intra-Site Topology Generator ). But I am not so
sure about that as the KCC does a very good job with the information that it
has. So it is probably higher up the food chain that that. Just a thought,
though.

Here come the usual questions, so please forgive me if you have done all
this already!

1) You did do ping already! Good! But, did you ping via all three ways (
IP Address, NetBIOS name, DNS name )? Actually, there is another one that
we will get to in a second.

2) nslookup resolved everything just fine. This could be good. I would
still take a look at DNS, though. Have you used any other DNS tools? There
is something called DNSLint that might be of help. Take a look at the
following links:

To download the utility and a how to use:
http://support.microsoft.com/default.aspx?scid=kb;en-us;321045&Product=win2000

How to use DNSLint to troubleshoot AD Replication issues
http://support.microsoft.com/default.aspx?scid=kb;en-us;321046&Product=win2000

In this article there is that other method of pinging that I referenced in
#1

3) in your DNS MMC in the FLZ I assume that you have all four subfolders (
_msdcs, _sites, _tcp and _udp ).

4) take a look at the following MSKB Article. It might just be what the
doctor ordered:
http://support.microsoft.com/?kbid=249256

And it mentions that utility that you can not find. I think that either you
made a typo ( you have ntfrsutl when it should be ntfrsutil - you are
missing the "i" ) or you are not finding it due to a path issue!

Emma, this hopefully will get you on your way!

Cary

 

[emma]

Thanks Cary,
I found the dnslint tool is very useful, i used it and i
saw the problem was actually related to DNS, so i managed
to solve the RPC problem, that error did not come out
anymore, but i can see that with that dnslint tool i can
know more about my DNS behaviour, now with that also,
there are other errors come out actually, it stated "Glue
(A) records are missing for the following CNAME records",
Now i'm trying to figure out where to glue that thing in
DNS record, Do u have any clue about it?About that tool i
guess if the problem stated coming with the solution on
how to go about it, i guess would be much more better,
But i guess now i have to really Check my DNS problem, all
the DNS involved. Thanks again Cary

regards
emma

 

[emma]

Thanks Cary for your help, but in here i dont see how to
get your attachment, i only can read this post but no
attachment along.

I understand that the glue is IP address, but sometime i
wonder can the microsoft programmer make other people life
easier by stating that it's IP is missing, but nevermind,
i guess they must have good reason to put the word glue
there, Now my wonder is to look where shall i put the
missing IP coz in my DNS i already put the host ip and the
name of the domain ctrller.

Hope to know how to get your attachment Cary. Thanks

regards
emma

 

[Cary Shultz [A.D. MVP]]

Emma,

OE6 SP1 stripped the attachments. They were .htm files so that, I guess, is
considered dangerous by OE6. Here they are again. This time I took the
..htm file and saved it as a .txt file. Since that could also be dangerous I
saved them yet again as a .exx file. When you receive them simply save them
as a .txt file.

HTH,

Cary

 

[Cary Shultz [A.D. MVP]]

Emma,

I am going to try again. OE6 SP1 is stripping the attachments.

=====================================================================

DNSLint ReportDNSLint Report
System Date: Sat Nov 29 13:44:31 2003
Command run:
dnslint /ad 192.168.10.30 /r c:\dnslint\w2kserver01.htm /s 192.168.10.30

Root of Active Directory Forest:
nkdsolutions.com
Active Directory Forest Replication GUIDs Found:

DC: W2KSERVER01
GUID: 2c606c3c-4215-4b8e-b62e-1eaefa5b1b85

DC: W2KSERVER02
GUID: 07214b6b-c2cb-4340-9c03-13fc8f5ca46f


Total GUIDs found: 2

The following 2 DNS servers were checked for records related to AD forest
replication:
DNS server: w2kserver01.nkdsolutions.com
IP Address: 192.168.10.30
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: w2kserver01.nkdsolutions.com
Hostmaster: admin.nkdsolutions.com
Zone serial number: 60
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds

Additional authoritative (NS) records from server:
w2kserver02.nkdsolutions.com 192.168.10.250
w2kserver01.nkdsolutions.com 192.168.10.30


Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 2c606c3c-4215-4b8e-b62e-1eaefa5b1b85._msdcs.nkdsolutions.com
Alias: w2kserver01.nkdsolutions.com
Glue: 192.168.10.30

CNAME: 07214b6b-c2cb-4340-9c03-13fc8f5ca46f._msdcs.nkdsolutions.com
Alias: w2kserver02.nkdsolutions.com
Glue: 192.168.10.250


Total number of CNAME records found on this server: 2

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0


DNS server: w2kserver02.nkdsolutions.com
IP Address: 192.168.10.250
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: w2kserver02.nkdsolutions.com
Hostmaster: admin.nkdsolutions.com
Zone serial number: 60
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds

Additional authoritative (NS) records from server:
w2kserver02.nkdsolutions.com 192.168.10.250
w2kserver01.nkdsolutions.com 192.168.10.30


Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 2c606c3c-4215-4b8e-b62e-1eaefa5b1b85._msdcs.nkdsolutions.com
Alias: w2kserver01.nkdsolutions.com
Glue: 192.168.10.30

CNAME: 07214b6b-c2cb-4340-9c03-13fc8f5ca46f._msdcs.nkdsolutions.com
Alias: w2kserver02.nkdsolutions.com
Glue: 192.168.10.250


Total number of CNAME records found on this server: 2

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0






Legend: warning, error
DNSLint developed by Tim Rains


========================================================================

 

[Guest]

Yes Cary, i managed to see your files, i printed out already , Thanks, i will compare it first to what i got, let me get this straight, yours are supposed an e.g of dns that do not have any error right

 

[Cary Shultz [A.D. MVP]]

Correct! There are two DCs ( w2kserver01 and w2kserver02 ) with the IP
Addresses of 192.168.10.30 and 192.168.10.250...

Yes Cary, i managed to see your files, i printed out already , Thanks, i

will compare it first to what i got, let me get this straight, yours are
supposed an e.g of dns that do not have any error right?