NTDS REPLICATION FAILURE ON JUST PROMOTED WIN2K DC

[Guest]

Weeks before server was DCPROPMO’ed it was built. Windows 2000 Server (SP4) and joined to the domain as a member server with DNS service installed and configured as a 2ndary zone for the Primary zone. DNS was resolving by name and IP. No problems.

Site and subnet were first created in AD and successfully replicated out to other DCs’ just prior to running DCPROMO on the new server.

DCPROMO'ed the New WIN2K member server to a DC into an existing Windows 2000 Domain and the promotion completed without errors and rebooted when prompted. We made it a GC and added the REP partners for the new server which replicated out to the remaining DC’s. No errors or issues.

The promotion was done unknowingly over 128K leased line at a remote office via Terminal Services Session. We thought the leased line was at least 256K-512K. Still no errors or failures occurred.

The users at the site can authenticate and work fine. DHCP server was successfully authorized for the site and scope successfully activated. Users are getting DHCP assigned IP’s and they registering with DNS. NETLOGON replicated and the login script was edited on the new server & it replicated to all the other DC’s (50+). When we stop/start the file replication service on the new DC & it says it’s recognized as a DC.

Replication is failing with the following errors and the errors continue to log.

DNS, Event ID: 4013
The DNS server was unable to open the Active Directory. This DNS server is configured to use directory service information and can not operate without access to the directory. The DNS server will wait for the directory to start. If the DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.

NTDS Replication, Event ID: 1557
This DRA has never completed a full synchronization of partition DC=Seaway,DC=America,DC=Sbfl,DC=com. It will not be advertised as an available directory until this condition is met. This server was recently installed from a source server. Please verify that that source server is still available to finish providing data to this system. The synchronization will be retried.

When we attempt to open the DNS MMC for this server while TS’ed into this new server we get the error “The server is unavailable†and “The specific DNS server cannot be contactedâ€. The DNS service is installed and the DNS service is running. The DNS service has been removed and re-added with the same result. Assuming once replication completes DNS errors will end.

Network team checked the firewall and say AD traffic isn't being blocked. OU and user accounts were created on the new DC and it replicated to the other DC’s.

Repadmin/showreps show no INBOUND CONNECTIONS and the OUTBOUND connection is for a server we set as a rep partner.

NTDS Replication, Event ID: 1557 & DNS, Event ID: 4013 continue to log.
Thank you for your help!

 

[Tiago]

there is probably a problem with DNS. check DNS
configuration and the sites and services configurations
(sites, replications, subnet etc...).

-----Original Message-----
Weeks before server was DCPROPMOâ?Ted it was built.

Windows 2000 Server (SP4) and joined to the domain as a
member server with DNS service installed and configured
as a 2ndary zone for the Primary zone. DNS was resolving
by name and IP. No problems.

Site and subnet were first created in AD and

successfully replicated out to other DCsâ?T just prior to
running DCPROMO on the new server.

DCPROMO'ed the New WIN2K member server to a DC into an

existing Windows 2000 Domain and the promotion completed
without errors and rebooted when prompted. We made it a
GC and added the REP partners for the new server which
replicated out to the remaining DCâ?Ts. No errors or
issues.

The promotion was done unknowingly over 128K leased line

at a remote office via Terminal Services Session. We
thought the leased line was at least 256K-512K. Still no
errors or failures occurred.

The users at the site can authenticate and work fine.

DHCP server was successfully authorized for the site and
scope successfully activated. Users are getting DHCP
assigned IPâ?Ts and they registering with DNS. NETLOGON
replicated and the login script was edited on the new
server & it replicated to all the other DCâ?Ts (50+).
When we stop/start the file replication service on the
new DC & it says itâ?Ts recognized as a DC.

Replication is failing with the following errors and the errors continue to log.

DNS, Event ID: 4013
The DNS server was unable to open the Active Directory.

This DNS server is configured to use directory service
information and can not operate without access to the
directory. The DNS server will wait for the directory to
start. If the DNS server is started but the appropriate
event has not been logged, then the DNS server is still
waiting for the directory to start.

NTDS Replication, Event ID: 1557
This DRA has never completed a full synchronization of

partition DC=Seaway,DC=America,DC=Sbfl,DC=com. It will
not be advertised as an available directory until this
condition is met. This server was recently installed from
a source server. Please verify that that source server
is still available to finish providing data to this
system. The synchronization will be retried.

When we attempt to open the DNS MMC for this server

while TSâ?Ted into this new server we get the error â?
oThe server is unavailableâ? and â?oThe specific DNS
server cannot be contactedâ?. The DNS service is
installed and the DNS service is running. The DNS
service has been removed and re-added with the same
result. Assuming once replication completes DNS errors
will end.

Network team checked the firewall and say AD traffic

isn't being blocked. OU and user accounts were created
on the new DC and it replicated to the other DCâ?Ts.

Repadmin/showreps show no INBOUND CONNECTIONS and the

OUTBOUND connection is for a server we set as a rep
partner.

 

[ptwilliams]

Repadmin/showreps show no INBOUND CONNECTIONS and the OUTBOUND connection
is for a server we set as a rep partner.

There should be at least one inbound connection object.

Did you define the outbound connection object yourself?? The advise is that
the KCC/ ISTG does this in an infrastructure with less than 100 sites.

Anyway, if it's not creating your connection objects, it's probably because
the correct SRV records aren't present. To resolve this, point the DC at
another DNS server, flush the client resolver, and restart netlogon. Wait.
Then force replication via replmon...

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Weeks before server was DCPROPMO'ed it was built. Windows 2000 Server (SP4)
and joined to the domain as a member server with DNS service installed and
configured as a 2ndary zone for the Primary zone. DNS was resolving by name
and IP. No problems.

Site and subnet were first created in AD and successfully replicated out to
other DCs' just prior to running DCPROMO on the new server.

DCPROMO'ed the New WIN2K member server to a DC into an existing Windows 2000
Domain and the promotion completed without errors and rebooted when
prompted. We made it a GC and added the REP partners for the new server
which replicated out to the remaining DC's. No errors or issues.

The promotion was done unknowingly over 128K leased line at a remote office
via Terminal Services Session. We thought the leased line was at least
256K-512K. Still no errors or failures occurred.

The users at the site can authenticate and work fine. DHCP server was
successfully authorized for the site and scope successfully activated.
Users are getting DHCP assigned IP's and they registering with DNS.
NETLOGON replicated and the login script was edited on the new server & it
replicated to all the other DC's (50+). When we stop/start the file
replication service on the new DC & it says it's recognized as a DC.

Replication is failing with the following errors and the errors continue to
log.

DNS, Event ID: 4013
The DNS server was unable to open the Active Directory. This DNS server is
configured to use directory service information and can not operate without
access to the directory. The DNS server will wait for the directory to
start. If the DNS server is started but the appropriate event has not been
logged, then the DNS server is still waiting for the directory to start.

NTDS Replication, Event ID: 1557
This DRA has never completed a full synchronization of partition
DC=Seaway,DC=America,DC=Sbfl,DC=com. It will not be advertised as an
available directory until this condition is met. This server was recently
installed from a source server. Please verify that that source server is
still available to finish providing data to this system. The synchronization
will be retried.

When we attempt to open the DNS MMC for this server while TS'ed into this
new server we get the error "The server is unavailable" and "The specific
DNS server cannot be contacted". The DNS service is installed and the DNS
service is running. The DNS service has been removed and re-added with the
same result. Assuming once replication completes DNS errors will end.

Network team checked the firewall and say AD traffic isn't being blocked.
OU and user accounts were created on the new DC and it replicated to the
other DC's.

Repadmin/showreps show no INBOUND CONNECTIONS and the OUTBOUND connection is
for a server we set as a rep partner.

NTDS Replication, Event ID: 1557 & DNS, Event ID: 4013 continue to log.
Thank you for your help!