PDC Is not replicating !!

[Guest]

Hi there,
I have been trying to sort out this issue since last week.

Here is my scenerio. After I have ghosted my PDC and BDC server and load it
in to my new server. After rebooted my new server the replication is not
running at all.

I wil not able to browse the server host name but Im able to browse the PDC
Via IPaddress
Error: \\server01 is not accessible
Logon Failure: The targer account name is incorrect


I have issue command repadmin / showrep

Error:

C:\WINNT\Profiles\Administrator>repadmin /showreps
Redbus\SERVER01
DSA Options : IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
objectGuid : b8897f54-1bf0-479e-97e0-a6cb7ec1e107
invocationID: b8897f54-1bf0-479e-97e0-a6cb7ec1e107

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=server,DC=dr
Redbus\SERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result 8457:
Can't retrieve message string 8457 (0x2109), error 1815.
Last success @ 2005-08-30 07:49.17.
86 consecutive failure(s).

CN=Configuration,DC=server,DC=dr
Redbus\SERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result 8457:
Can't retrieve message string 8457 (0x2109), error 1815.
Last success @ 2005-08-30 08:02.15.
189 consecutive failure(s).

DC=server,DC=dr
Redbus\SERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result 8457:
Can't retrieve message string 8457 (0x2109), error 1815.
Last success @ 2005-08-30 07:58.02.
123 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=server,DC=dr
Redbus\SERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624

CN=Configuration,DC=server,DC=dr
Redbus\SERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624

DC=server,DC=dr
Redbus\SERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
--------------------------------------------------------------------------------------
Event Log on SERVER01:

---------------------
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 07/09/2005
Time: 11:52:09
User: N/A
Computer:SERVER01
Description:
The File Replication Service is having trouble enabling replication from
SERVER02 to SERVER01 for c:\winnt\sysvol\domain using the DNS name
server02.server.dr. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name server02.server.dr from this
computer.
[2] FRS is not running on server02.server.dr.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.

 

[Ace Fekay [MVP]]

In

Hi there,
I have been trying to sort out this issue since last week.

Here is my scenerio. After I have ghosted my PDC and BDC server and
load it in to my new server. After rebooted my new server the
replication is not running at all.

I wil not able to browse the server host name but Im able to browse
the PDC Via IPaddress
Error: \\server01 is not accessible
Logon Failure: The targer account name is incorrect

Ghosting can be tricky unless done correctly. Let me understand what you are
saying, Did you ghost two Windows 2000 domain controllers and stored the
image somewhere and then put those images on those two new servers? Or did
you Ghost one of them over?

If so, are these two new servers on the same network as the original domain
controllers? If so, are all four up and running on the same network? If so,
did you change the IP addresses of the servers you ghosted over too?

Or are they in a separate test or lab network? Or are they replacement
servers? If replacement servers, did you take the original ones offline?

If both servers have been ghosted over, then I am to assume at least one of
them is running DNS. If on a test network away from the production network,
make sure you are pointing to the domain controller that has DNS installed
on it for it's DNS IP address in the network card properties.

Browsing is based on NetBIOS functionality and not DNS. Curious, can you
ping the servers by their FQDN (server01.server.dr and server02.server.dr)?


--
Regards,
Ace

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

Hi Ace,

I think I have fix the replicating issue.
somehow I have another error in the event log.

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 07/09/2005
Time: 17:45:06
User: N/A
Computer: HEDGECONNECT01
Description:
The File Replication Service is having trouble enabling replication from
SERVER02 to SERVERT01 for c:\winnt\sysvol\domain using the DNS name
server02.server.dr. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name server02.server.dr from this
computer.
[2] FRS is not running on server02.server.dr.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: 00 00 00 00 ....

 

[Ace Fekay [MVP]]

In

Hi Ace,

I think I have fix the replicating issue.
somehow I have another error in the event log.

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 07/09/2005
Time: 17:45:06
User: N/A
Computer: HEDGECONNECT01
Description:
The File Replication Service is having trouble enabling replication
from SERVER02 to SERVERT01 for c:\winnt\sysvol\domain using the DNS
name server02.server.dr. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name server02.server.dr
from this computer.
[2] FRS is not running on server02.server.dr.
[3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the
problem is fixed you will see another event log message indicating
that the connection has been established.
Data:
0000: 00 00 00 00 ....

I'm glad you believe you fixed the issue, but the above error is evident
that the problem still exists.

Can you answer my previous questions so I can understand exactly what you
did?

Can you also provide an unedited ipconfig /all from both machines please?

Thanks

Ace

 

[Guest]

Hi Ace,
Do you have a messenger on?

Here are the step I have done.

1. Ghosted 2 domain controller from HP DL320 G2 to G3 Server.
2. Manage to change the Driver issue to boot the server.
3. IP address all remain the same.
4. Istall rollup service pack 1
5. I manage to ping each other with IP address and hostname.
6 Issue DCDIAG on PDC
C:\WINNT\Profiles\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Redbus\SERVER01
Starting test: Connectivity
......................... SERVER01 passed test Connectivity

Doing primary tests

Testing server: Redbus\SERVER01
Starting test: Replications
......................... SERVER01 passed test Replications
Starting test: NCSecDesc
......................... SERVER01 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER01 passed test NetLogons
Starting test: Advertising
......................... SERVER01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER01 passed test RidManager
Starting test: MachineAccount
......................... SERVER01 passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [SERVER01]
......................... SERVER01 failed test Services
Starting test: ObjectsReplicated
......................... SERVER01 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER01 passed test frssysvol
Starting test: kccevent
......................... SERVER01 passed test kccevent
Starting test: systemlog
......................... SERVER01 passed test systemlog

Running enterprise tests on : server.dr
Starting test: Intersite
......................... server.dr passed test Intersite
Starting test: FsmoCheck
......................... server.dr passed test FsmoCheck

7. DCDIAG on BDC

C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Redbus\SERVER02
Starting test: Connectivity
......................... SERVER02 passed test Connectivity

Doing primary tests

Testing server: Redbus\SERVER02
Starting test: Replications
[SERVER01] DsBind() failed with error -2146893022,
Win32 Error -2146893022.
......................... SERVER02 passed test Replications
Starting test: NCSecDesc
......................... SERVER02 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER02 passed test NetLogons
Starting test: Advertising
Warning: SERVER02 is not advertising as a time server.
......................... SERVER02 failed test Advertising
Starting test: KnowsOfRoleHolders
Warning: SERVER01 is the Schema Owner, but is not responding to DS
RPC Bind.
[SERVER01] LDAP bind failed with error 31,
Win32 Error 31.
Warning: SERVER01 is the Schema Owner, but is not responding to
LDAP Bind.
Warning: SERVER01 is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: SERVER01 is the Domain Owner, but is not responding to
LDAP Bind.
Warning: SERVER01 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: SERVER01 is the PDC Owner, but is not responding to LDAP
Bind.
Warning: SERVER01 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: SERVER01 is the Rid Owner, but is not responding to LDAP
Bind.
Warning: SERVER01 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: SERVER01 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... SERVER02 failed test KnowsOfRoleHolders
Starting test: RidManager
[SERVER02] DsBindWithCred() failed with error -2146893022. Win32
Error -2146893022
......................... SERVER02 failed test RidManager
Starting test: MachineAccount
......................... SERVER02 passed test MachineAccount
Starting test: Services
w32time Service is stopped on [SERVER02]
......................... SERVER02 failed test Services
Starting test: ObjectsReplicated
......................... SERVER02 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER02 passed test frssysvol
Starting test: kccevent
......................... SERVER02 passed test kccevent
Starting test: systemlog
......................... SERVER02 passed test systemlog

Running enterprise tests on : SERVER.dr
Starting test: Intersite
......................... SERVER.dr passed test Intersite
Starting test: FsmoCheck
......................... SERVER.dr passed test FsmoCheck


Hope It helps you to solve my issue..
Many Thanks.




Basically I have check all ipconfig /all. Everything is normal. However
when my BDC try to browse the PDC via hostname. It come out error message.

In

Hi Ace,

I think I have fix the replicating issue.
somehow I have another error in the event log.

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 07/09/2005
Time: 17:45:06
User: N/A
Computer: HEDGECONNECT01
Description:
The File Replication Service is having trouble enabling replication
from SERVER02 to SERVERT01 for c:\winnt\sysvol\domain using the DNS
name server02.server.dr. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name server02.server.dr
from this computer.
[2] FRS is not running on server02.server.dr.
[3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the
problem is fixed you will see another event log message indicating
that the connection has been established.
Data:
0000: 00 00 00 00 ....

I'm glad you believe you fixed the issue, but the above error is evident
that the problem still exists.

Can you answer my previous questions so I can understand exactly what you
did?

Can you also provide an unedited ipconfig /all from both machines please?

Thanks

Ace

 

[Jorge_de_Almeida_Pinto]

Hi there,
I have been trying to sort out this issue since last week.

Here is my scenerio. After I have ghosted my PDC and BDC
server and load it
in to my new server. After rebooted my new server the
replication is not
running at all.

I wil not able to browse the server host name but Im able to
browse the PDC
Via IPaddress
Error: \server01 is not accessible
Logon Failure: The targer account name is incorrect


I have issue command repadmin / showrep

Error:

C:WINNTProfilesAdministrator>repadmin /showreps
RedbusSERVER01
DSA Options : IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
objectGuid : b8897f54-1bf0-479e-97e0-a6cb7ec1e107
invocationID: b8897f54-1bf0-479e-97e0-a6cb7ec1e107

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result
8457:
Can't retrieve message string 8457 (0x2109), error
1815.
Last success @ 2005-08-30 07:49.17.
86 consecutive failure(s).

CN=Configuration,DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result
8457:
Can't retrieve message string 8457 (0x2109), error
1815.
Last success @ 2005-08-30 08:02.15.
189 consecutive failure(s).

DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result
8457:
Can't retrieve message string 8457 (0x2109), error
1815.
Last success @ 2005-08-30 07:58.02.
123 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624

CN=Configuration,DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624

DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
--------------------------------------------------------------
------------------------
Event Log on SERVER01:

---------------------
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 07/09/2005
Time: 11:52:09
User: N/A
Computer:SERVER01
Description:
The File Replication Service is having trouble enabling
replication from
SERVER02 to SERVER01 for c:winntsysvoldomain using the DNS
name
server02.server.dr. FRS will keep retrying.
Following are some of the reasons you would see this warning.


[1] FRS can not correctly resolve the DNS name
server02.server.dr from this
computer.
[2] FRS is not running on server02.server.dr.
[3] The topology information in the Active Directory for this
replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After
the problem
is fixed you will see another event log message indicating
that the
connection has been established.

--------------------------------------------------------------

you have been caught by the USN rollback problem!

Read more at:
MS-KBQ875495_How to detect and recover from a USN rollback in Windows
Server 2003

MS-KBQ885875_How to detect and recover from a USN rollback in Windows
2000 Server

Windows 2000/2003 DCs should NEVER, NEVER, NEVER be imaged for
backup/restore purposes! Imaging is NOT AD aware backup/restore
solution and thus not MS approoved!
A W2K3 pre-SP1 hotfix, a W2K post-SP4 hotfix and W2K3 SP1 will stop
DCs replicating by disabling replication when USN rollback is
detected. As I know the detection is not guaranteed, but when it
detects it does that to prevent further damage.

I assume you first shutdown one DC, images that one, brought it up
again, shutdown the other DC, imaged that one and brought it up again.
And afterwards you restored the images. Is that correct?

The kb articles contain the solution and in your case (if you have 2
DCs) it means demoting one of the DCs, cleaning up metadata and
promoting it again to a DC. At least if this is your production
environment!

If you used imaging to copy your production environment into a lab
environment follow the following procedure. Be aware to use this at
your own risk, do not use it in a production environment as a
backup/restore procedure:
* Shutdown ALL the DCs at the same time in the production environment
* Image ALL the DCs
* Start ALL the DCs after all imaging has been done
* Copy the images of the DCs to the lab network
* Restore the images of the DCs on the lab network to its
corresponding hardware
* Do NOT connect the lab network with the production network
* Be aware that SID issues might occur is old images are used for the
DCs (meaning that a certain does not yet exist in the domain while it
has already been used in some ACL on another server)

AGAIN:
* be carefull with what you do and use this at your own risk!!!
* DO NOT USE THIS FOR YOUR PRODUCTION ENVIRONMENT AS A BACKUP AND
RESTORE PROCEDURE!!!

 

[Ace Fekay [MVP]]

In

Hi Ace,
Do you have a messenger on?

Here are the step I have done.

1. Ghosted 2 domain controller from HP DL320 G2 to G3 Server.
2. Manage to change the Driver issue to boot the server.
3. IP address all remain the same.
4. Istall rollup service pack 1
5. I manage to ping each other with IP address and hostname.
6 Issue DCDIAG on PDC
C:\WINNT\Profiles\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Redbus\SERVER01
Starting test: Connectivity
......................... SERVER01 passed test Connectivity

Doing primary tests

Testing server: Redbus\SERVER01
Starting test: Replications
......................... SERVER01 passed test Replications
Starting test: NCSecDesc
......................... SERVER01 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER01 passed test NetLogons
Starting test: Advertising
......................... SERVER01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER01 passed test
KnowsOfRoleHolders Starting test: RidManager
......................... SERVER01 passed test RidManager
Starting test: MachineAccount
......................... SERVER01 passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [SERVER01]
......................... SERVER01 failed test Services
Starting test: ObjectsReplicated
......................... SERVER01 passed test
ObjectsReplicated Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER01 passed test frssysvol
Starting test: kccevent
......................... SERVER01 passed test kccevent
Starting test: systemlog
......................... SERVER01 passed test systemlog

Running enterprise tests on : server.dr
Starting test: Intersite
......................... server.dr passed test Intersite
Starting test: FsmoCheck
......................... server.dr passed test FsmoCheck

7. DCDIAG on BDC

C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Redbus\SERVER02
Starting test: Connectivity
......................... SERVER02 passed test Connectivity

Doing primary tests

Testing server: Redbus\SERVER02
Starting test: Replications
[SERVER01] DsBind() failed with error -2146893022,
Win32 Error -2146893022.
......................... SERVER02 passed test Replications
Starting test: NCSecDesc
......................... SERVER02 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER02 passed test NetLogons
Starting test: Advertising
Warning: SERVER02 is not advertising as a time server.
......................... SERVER02 failed test Advertising
Starting test: KnowsOfRoleHolders
Warning: SERVER01 is the Schema Owner, but is not responding
to DS RPC Bind.
[SERVER01] LDAP bind failed with error 31,
Win32 Error 31.
Warning: SERVER01 is the Schema Owner, but is not responding
to LDAP Bind.
Warning: SERVER01 is the Domain Owner, but is not responding
to DS RPC Bind.
Warning: SERVER01 is the Domain Owner, but is not responding
to LDAP Bind.
Warning: SERVER01 is the PDC Owner, but is not responding to
DS RPC Bind.
Warning: SERVER01 is the PDC Owner, but is not responding to
LDAP Bind.
Warning: SERVER01 is the Rid Owner, but is not responding to
DS RPC Bind.
Warning: SERVER01 is the Rid Owner, but is not responding to
LDAP Bind.
Warning: SERVER01 is the Infrastructure Update Owner, but is
not responding to DS RPC Bind.
Warning: SERVER01 is the Infrastructure Update Owner, but is
not responding to LDAP Bind.
......................... SERVER02 failed test
KnowsOfRoleHolders Starting test: RidManager
[SERVER02] DsBindWithCred() failed with error -2146893022.
Win32 Error -2146893022
......................... SERVER02 failed test RidManager
Starting test: MachineAccount
......................... SERVER02 passed test MachineAccount
Starting test: Services
w32time Service is stopped on [SERVER02]
......................... SERVER02 failed test Services
Starting test: ObjectsReplicated
......................... SERVER02 passed test
ObjectsReplicated Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER02 passed test frssysvol
Starting test: kccevent
......................... SERVER02 passed test kccevent
Starting test: systemlog
......................... SERVER02 passed test systemlog

Running enterprise tests on : SERVER.dr
Starting test: Intersite
......................... SERVER.dr passed test Intersite
Starting test: FsmoCheck
......................... SERVER.dr passed test FsmoCheck


Hope It helps you to solve my issue..
Many Thanks.




Basically I have check all ipconfig /all. Everything is normal.
However when my BDC try to browse the PDC via hostname. It come out
error message.

Check Jorge's post. I tend to agree with Jorge that it's a USN issue because
of the way you probably ghosted it, and/or the new servers are on the same
network as the original servers (which you can't do).

Ace

 

[Guest]

I'm Sorry, Im just getting a lil confuse.
Currently I have 29 DC and 2 dc is the main DC for the rest of the DC to
connect as trusted domain. Basically the 27 DC is trusted the 2 main DC which
having some problem.

I really have no idea how and what is the safe way to tackle the problem.
I really need step by step advice. I cant afford to screw up either one
server on the replication DC. I have ACE server installed.

Hi there,
I have been trying to sort out this issue since last week.

Here is my scenerio. After I have ghosted my PDC and BDC
server and load it
in to my new server. After rebooted my new server the
replication is not
running at all.

I wil not able to browse the server host name but Im able to
browse the PDC
Via IPaddress
Error: \server01 is not accessible
Logon Failure: The targer account name is incorrect


I have issue command repadmin / showrep

Error:

C:WINNTProfilesAdministrator>repadmin /showreps
RedbusSERVER01
DSA Options : IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
objectGuid : b8897f54-1bf0-479e-97e0-a6cb7ec1e107
invocationID: b8897f54-1bf0-479e-97e0-a6cb7ec1e107

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result
8457:
Can't retrieve message string 8457 (0x2109), error
1815.
Last success @ 2005-08-30 07:49.17.
86 consecutive failure(s).

CN=Configuration,DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result
8457:
Can't retrieve message string 8457 (0x2109), error
1815.
Last success @ 2005-08-30 08:02.15.
189 consecutive failure(s).

DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
Last attempt @ 2005-09-07 13:48.44 failed, result
8457:
Can't retrieve message string 8457 (0x2109), error
1815.
Last success @ 2005-08-30 07:58.02.
123 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624

CN=Configuration,DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624

DC=server,DC=dr
RedbusSERVER02 via RPC
objectGuid: d5d0d348-64d0-4789-890d-3a77e8bd5624
--------------------------------------------------------------
------------------------
Event Log on SERVER01:

---------------------
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 07/09/2005
Time: 11:52:09
User: N/A
Computer:SERVER01
Description:
The File Replication Service is having trouble enabling
replication from
SERVER02 to SERVER01 for c:winntsysvoldomain using the DNS
name
server02.server.dr. FRS will keep retrying.
Following are some of the reasons you would see this warning.


[1] FRS can not correctly resolve the DNS name
server02.server.dr from this
computer.
[2] FRS is not running on server02.server.dr.
[3] The topology information in the Active Directory for this
replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After
the problem
is fixed you will see another event log message indicating
that the
connection has been established.

--------------------------------------------------------------

you have been caught by the USN rollback problem!

Read more at:
MS-KBQ875495_How to detect and recover from a USN rollback in Windows
Server 2003

MS-KBQ885875_How to detect and recover from a USN rollback in Windows
2000 Server

Windows 2000/2003 DCs should NEVER, NEVER, NEVER be imaged for
backup/restore purposes! Imaging is NOT AD aware backup/restore
solution and thus not MS approoved!
A W2K3 pre-SP1 hotfix, a W2K post-SP4 hotfix and W2K3 SP1 will stop
DCs replicating by disabling replication when USN rollback is
detected. As I know the detection is not guaranteed, but when it
detects it does that to prevent further damage.

I assume you first shutdown one DC, images that one, brought it up
again, shutdown the other DC, imaged that one and brought it up again.
And afterwards you restored the images. Is that correct?

The kb articles contain the solution and in your case (if you have 2
DCs) it means demoting one of the DCs, cleaning up metadata and
promoting it again to a DC. At least if this is your production
environment!

If you used imaging to copy your production environment into a lab
environment follow the following procedure. Be aware to use this at
your own risk, do not use it in a production environment as a
backup/restore procedure:
* Shutdown ALL the DCs at the same time in the production environment
* Image ALL the DCs
* Start ALL the DCs after all imaging has been done
* Copy the images of the DCs to the lab network
* Restore the images of the DCs on the lab network to its
corresponding hardware
* Do NOT connect the lab network with the production network
* Be aware that SID issues might occur is old images are used for the
DCs (meaning that a certain does not yet exist in the domain while it
has already been used in some ACL on another server)

AGAIN:
* be carefull with what you do and use this at your own risk!!!
* DO NOT USE THIS FOR YOUR PRODUCTION ENVIRONMENT AS A BACKUP AND
RESTORE PROCEDURE!!!

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-PDC-replicating-ftopict418400.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1398237

 

[Ace Fekay [MVP]]

In

I'm Sorry, Im just getting a lil confuse.
Currently I have 29 DC and 2 dc is the main DC for the rest of the DC
to connect as trusted domain. Basically the 27 DC is trusted the 2
main DC which having some problem.

I really have no idea how and what is the safe way to tackle the
problem.
I really need step by step advice. I cant afford to screw up either
one server on the replication DC. I have ACE server installed.

Interesting. You have a total of 29 DCs in your domain. If you are only
ghosting two of them for a test/lab network (assuming totally off the
production network), and you followed the steps the Jorge layed out to ghost
them, then you have more work to do. You will need to also perform a
metadata cleanup to remove the other 27 DCs that will NOT be on the test/lab
network. AD will still have them referenced in the ghosted DCs to replicate
to, because AD believes they still exist.

Here's how to perform a metadata cleanup to remove the other 27 DCs from the
test/lab DCs that you ghosted. You will need to delete them one at a time.

216498 - HOW TO Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion:
http://support.microsoft.com/?id=216498

Ace