Replication Errors

G

Guest

I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the Global
Catalog.
Since this morning DC1 seems to have a problem replicating to DC2 and DC3 in
the same domain.

The error I get on DC1 is as follows:
Source: NTDS KCC
Error Event ID 1311
"The Directory Service consistency checker has determined that either,
(a)there is not enough physical connectivity published via the Acrtive
Directory Sites and Services Manager to create a spanning tree to connecting
all the sites containing the Partition DC=xxx,DC=ca, or (b) replication
cannot be performed with one or more critical servers in order for changes to
propogate across all sites (most often being due to the servers being
unreachable)
I also get Error Event ID 1265 which says "The RPC server is to busy to
complete this operation."

The errors I get on DC2 and DC3 are:
Event ID 1126: "unable to establish connection with the Global Catalog."
Event ID 1655: "the attempt to communicate with global catalog \\DC.xxx.ca
failed with the following status. The RPC Server is to busy to complete this
operation.

No changes were made to any of the DC's before this problem occured.
No DC's were demoted and their time are all in sync.
I tried making DC3 a GC, but I still have users that cannot be
authenticated, and none can connect to the web via my proxy server.

Can you please help?????
 
G

Glenn L

These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?

Also, run dcdiag on each DC.
post the results here.
 
G

Guest

Hi Glenn,

All the DC's are within 1min of each other, and I have rebooted all the DC's
a number of times. I ran dcdiag and here are the results:

DC1
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP required

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

DC2
Domain Controller Diagnosis

Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..

DC3
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it would
not allow me

Thanks

Johan
 
G

Glenn L

Johan,
Does r101ns02 hold any FSMO roles or do anything else besides DC work?
The quickest way back to health for r101ns02 is to force demote it, do a
metadata cleanup of r101ns02 using KB216498, then repromote it.

If you execute repadmin /showreps from r101ns02, do you get the LDAP bind
error?
Execute repadmin /showreps from R101NS01 and R101NS05, are they getting
replication from R101NS02?

If you want to continue to troubleshoot, then the next step is to reset the
machine account password of the DC with the domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
Aftger you reset the password and initiate the reboot, be sure to force
replication between R101NS01 and R101NS05

--
Glenn L
CCNA, MCSE 2000/2003 + Security

Johan said:
Hi Glenn,

All the DC's are within 1min of each other, and I have rebooted all the
DC's
a number of times. I ran dcdiag and here are the results:

DC1
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP required

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

DC2
Domain Controller Diagnosis

Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..

DC3
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it would
not allow me

Thanks

Johan

Glenn L said:
These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?

Also, run dcdiag on each DC.
post the results here.
 
G

Guest

Hi Glen,

Yes, R101NS02 is the Infrastructure Update Master, and it did not bind when
I ran repadmin /showreps. Here are the results:

R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error 82
(local error)

R101NS01 and R101NS05 seemed to have worked fine, and they show they were
successful with R101NS02.
I couldn't capture this info for you, could not find the /switch

Thanks

Johan

I

Glenn L said:
Johan,
Does r101ns02 hold any FSMO roles or do anything else besides DC work?
The quickest way back to health for r101ns02 is to force demote it, do a
metadata cleanup of r101ns02 using KB216498, then repromote it.

If you execute repadmin /showreps from r101ns02, do you get the LDAP bind
error?
Execute repadmin /showreps from R101NS01 and R101NS05, are they getting
replication from R101NS02?

If you want to continue to troubleshoot, then the next step is to reset the
machine account password of the DC with the domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
Aftger you reset the password and initiate the reboot, be sure to force
replication between R101NS01 and R101NS05

--
Glenn L
CCNA, MCSE 2000/2003 + Security

Johan said:
Hi Glenn,

All the DC's are within 1min of each other, and I have rebooted all the
DC's
a number of times. I ran dcdiag and here are the results:

DC1
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP required

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

DC2
Domain Controller Diagnosis

Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..

DC3
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it would
not allow me

Thanks

Johan

Glenn L said:
These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?

Also, run dcdiag on each DC.
post the results here.



--
Glenn L
CCNA, MCSE 2000/2003 + Security

I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the
Global
Catalog.
Since this morning DC1 seems to have a problem replicating to DC2 and
DC3
in
the same domain.

The error I get on DC1 is as follows:
Source: NTDS KCC
Error Event ID 1311
"The Directory Service consistency checker has determined that either,
(a)there is not enough physical connectivity published via the Acrtive
Directory Sites and Services Manager to create a spanning tree to
connecting
all the sites containing the Partition DC=xxx,DC=ca, or (b) replication
cannot be performed with one or more critical servers in order for
changes
to
propogate across all sites (most often being due to the servers being
unreachable)
I also get Error Event ID 1265 which says "The RPC server is to busy to
complete this operation."

The errors I get on DC2 and DC3 are:
Event ID 1126: "unable to establish connection with the Global
Catalog."
Event ID 1655: "the attempt to communicate with global catalog
\\DC.xxx.ca
failed with the following status. The RPC Server is to busy to complete
this
operation.

No changes were made to any of the DC's before this problem occured.
No DC's were demoted and their time are all in sync.
I tried making DC3 a GC, but I still have users that cannot be
authenticated, and none can connect to the web via my proxy server.

Can you please help?????
 
G

Glenn L

what is the network configuration or R101NS02? Do an IPCONFIG /ALL


--
Glenn L
CCNA, MCSE 2000/2003 + Security

Johan said:
Hi Glen,

Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
when
I ran repadmin /showreps. Here are the results:

R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error 82
(local error)

R101NS01 and R101NS05 seemed to have worked fine, and they show they were
successful with R101NS02.
I couldn't capture this info for you, could not find the /switch

Thanks

Johan

I

Glenn L said:
Johan,
Does r101ns02 hold any FSMO roles or do anything else besides DC work?
The quickest way back to health for r101ns02 is to force demote it, do a
metadata cleanup of r101ns02 using KB216498, then repromote it.

If you execute repadmin /showreps from r101ns02, do you get the LDAP bind
error?
Execute repadmin /showreps from R101NS01 and R101NS05, are they getting
replication from R101NS02?

If you want to continue to troubleshoot, then the next step is to reset
the
machine account password of the DC with the domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
Aftger you reset the password and initiate the reboot, be sure to force
replication between R101NS01 and R101NS05

--
Glenn L
CCNA, MCSE 2000/2003 + Security

Johan said:
Hi Glenn,

All the DC's are within 1min of each other, and I have rebooted all the
DC's
a number of times. I ran dcdiag and here are the results:

DC1
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP required

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

DC2
Domain Controller Diagnosis

Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..

DC3
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
would
not allow me

Thanks

Johan

:

These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?

Also, run dcdiag on each DC.
post the results here.



--
Glenn L
CCNA, MCSE 2000/2003 + Security

I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the
Global
Catalog.
Since this morning DC1 seems to have a problem replicating to DC2
and
DC3
in
the same domain.

The error I get on DC1 is as follows:
Source: NTDS KCC
Error Event ID 1311
"The Directory Service consistency checker has determined that
either,
(a)there is not enough physical connectivity published via the
Acrtive
Directory Sites and Services Manager to create a spanning tree to
connecting
all the sites containing the Partition DC=xxx,DC=ca, or (b)
replication
cannot be performed with one or more critical servers in order for
changes
to
propogate across all sites (most often being due to the servers
being
unreachable)
I also get Error Event ID 1265 which says "The RPC server is to busy
to
complete this operation."

The errors I get on DC2 and DC3 are:
Event ID 1126: "unable to establish connection with the Global
Catalog."
Event ID 1655: "the attempt to communicate with global catalog
\\DC.xxx.ca
failed with the following status. The RPC Server is to busy to
complete
this
operation.

No changes were made to any of the DC's before this problem occured.
No DC's were demoted and their time are all in sync.
I tried making DC3 a GC, but I still have users that cannot be
authenticated, and none can connect to the web via my proxy server.

Can you please help?????
 
G

Guest

Hi Glen,

The network config is as follows:

Host Name R101NS02
Primary DNS Suffix west.rona.ca
Node Type Hybrid
IP Routing Enabled No
WINS Proxy Enabled No
DNS suffix search list west.rona.ca
rona.ca

Ethernet Adapter Local Area Connecters
Connection-specific DNS suffix
Description AMD PCNET Family Ethernet Adapter
Physical Address 00-60-94-57-36-F1
DHCP Enabled No
IP address 10.1.1.29
Subnet Mask 255.255.254.0
Gateway 10.1.1.254
DNS Servers 10.1.1.30
10.1.1.29
Primary WINS server 10.1.1.30
Secondary WINS Server 10.1.1.29

I cannot map drives to this DC, and have been receiving event ID 3034
-MRxSmb errors in the systems log. I have also been receiving Event ID 3051
and event ID 5706 errors with regards to netlogon and sysvol. I did try and
copy these from R101NS05, but did not help.

Johan

Glenn L said:
what is the network configuration or R101NS02? Do an IPCONFIG /ALL


--
Glenn L
CCNA, MCSE 2000/2003 + Security

Johan said:
Hi Glen,

Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
when
I ran repadmin /showreps. Here are the results:

R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error 82
(local error)

R101NS01 and R101NS05 seemed to have worked fine, and they show they were
successful with R101NS02.
I couldn't capture this info for you, could not find the /switch

Thanks

Johan

I

Glenn L said:
Johan,
Does r101ns02 hold any FSMO roles or do anything else besides DC work?
The quickest way back to health for r101ns02 is to force demote it, do a
metadata cleanup of r101ns02 using KB216498, then repromote it.

If you execute repadmin /showreps from r101ns02, do you get the LDAP bind
error?
Execute repadmin /showreps from R101NS01 and R101NS05, are they getting
replication from R101NS02?

If you want to continue to troubleshoot, then the next step is to reset
the
machine account password of the DC with the domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
Aftger you reset the password and initiate the reboot, be sure to force
replication between R101NS01 and R101NS05

--
Glenn L
CCNA, MCSE 2000/2003 + Security

Hi Glenn,

All the DC's are within 1min of each other, and I have rebooted all the
DC's
a number of times. I ran dcdiag and here are the results:

DC1
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP required

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

DC2
Domain Controller Diagnosis

Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..

DC3
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
would
not allow me

Thanks

Johan

:

These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?

Also, run dcdiag on each DC.
post the results here.



--
Glenn L
CCNA, MCSE 2000/2003 + Security

I have 3 Domain Controllers, all are running W2K SP4. DC1 holds the
Global
Catalog.
Since this morning DC1 seems to have a problem replicating to DC2
and
DC3
in
the same domain.

The error I get on DC1 is as follows:
Source: NTDS KCC
Error Event ID 1311
"The Directory Service consistency checker has determined that
either,
(a)there is not enough physical connectivity published via the
Acrtive
Directory Sites and Services Manager to create a spanning tree to
connecting
all the sites containing the Partition DC=xxx,DC=ca, or (b)
replication
cannot be performed with one or more critical servers in order for
changes
to
propogate across all sites (most often being due to the servers
being
unreachable)
I also get Error Event ID 1265 which says "The RPC server is to busy
to
complete this operation."

The errors I get on DC2 and DC3 are:
Event ID 1126: "unable to establish connection with the Global
Catalog."
Event ID 1655: "the attempt to communicate with global catalog
\\DC.xxx.ca
failed with the following status. The RPC Server is to busy to
complete
this
operation.

No changes were made to any of the DC's before this problem occured.
No DC's were demoted and their time are all in sync.
I tried making DC3 a GC, but I still have users that cannot be
authenticated, and none can connect to the web via my proxy server.

Can you please help?????
 
G

Glenn L

What are the errors you get when you attempt to map a drive to this server?
What error do you get when you open ADUC or AD sites and services on
R101NS02?

I suggest you download and run mpsreports on R101NS02.
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd915706/MPSRPT_DirSvc.EXE
It produces a CAB file of all the reports it runs.
I'll look it over if you email it to me.

--
Glenn L
CCNA, MCSE 2000/2003 + Security

Johan said:
Hi Glen,

The network config is as follows:

Host Name R101NS02
Primary DNS Suffix west.rona.ca
Node Type Hybrid
IP Routing Enabled No
WINS Proxy Enabled No
DNS suffix search list west.rona.ca
rona.ca

Ethernet Adapter Local Area Connecters
Connection-specific DNS suffix
Description AMD PCNET Family Ethernet Adapter
Physical Address 00-60-94-57-36-F1
DHCP Enabled No
IP address 10.1.1.29
Subnet Mask 255.255.254.0
Gateway 10.1.1.254
DNS Servers 10.1.1.30
10.1.1.29
Primary WINS server 10.1.1.30
Secondary WINS Server 10.1.1.29

I cannot map drives to this DC, and have been receiving event ID 3034
-MRxSmb errors in the systems log. I have also been receiving Event ID
3051
and event ID 5706 errors with regards to netlogon and sysvol. I did try
and
copy these from R101NS05, but did not help.

Johan

Glenn L said:
what is the network configuration or R101NS02? Do an IPCONFIG /ALL


--
Glenn L
CCNA, MCSE 2000/2003 + Security

Johan said:
Hi Glen,

Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
when
I ran repadmin /showreps. Here are the results:

R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error
82
(local error)

R101NS01 and R101NS05 seemed to have worked fine, and they show they
were
successful with R101NS02.
I couldn't capture this info for you, could not find the /switch

Thanks

Johan

I

:

Johan,
Does r101ns02 hold any FSMO roles or do anything else besides DC work?
The quickest way back to health for r101ns02 is to force demote it, do
a
metadata cleanup of r101ns02 using KB216498, then repromote it.

If you execute repadmin /showreps from r101ns02, do you get the LDAP
bind
error?
Execute repadmin /showreps from R101NS01 and R101NS05, are they
getting
replication from R101NS02?

If you want to continue to troubleshoot, then the next step is to
reset
the
machine account password of the DC with the domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
Aftger you reset the password and initiate the reboot, be sure to
force
replication between R101NS01 and R101NS05

--
Glenn L
CCNA, MCSE 2000/2003 + Security

Hi Glenn,

All the DC's are within 1min of each other, and I have rebooted all
the
DC's
a number of times. I ran dcdiag and here are the results:

DC1
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test
MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for
printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for
printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP
required

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

DC2
Domain Controller Diagnosis

Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..

DC3
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test
MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
would
not allow me

Thanks

Johan

:

These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?

Also, run dcdiag on each DC.
post the results here.



--
Glenn L
CCNA, MCSE 2000/2003 + Security

I have 3 Domain Controllers, all are running W2K SP4. DC1 holds
the
Global
Catalog.
Since this morning DC1 seems to have a problem replicating to DC2
and
DC3
in
the same domain.

The error I get on DC1 is as follows:
Source: NTDS KCC
Error Event ID 1311
"The Directory Service consistency checker has determined that
either,
(a)there is not enough physical connectivity published via the
Acrtive
Directory Sites and Services Manager to create a spanning tree to
connecting
all the sites containing the Partition DC=xxx,DC=ca, or (b)
replication
cannot be performed with one or more critical servers in order
for
changes
to
propogate across all sites (most often being due to the servers
being
unreachable)
I also get Error Event ID 1265 which says "The RPC server is to
busy
to
complete this operation."

The errors I get on DC2 and DC3 are:
Event ID 1126: "unable to establish connection with the Global
Catalog."
Event ID 1655: "the attempt to communicate with global catalog
\\DC.xxx.ca
failed with the following status. The RPC Server is to busy to
complete
this
operation.

No changes were made to any of the DC's before this problem
occured.
No DC's were demoted and their time are all in sync.
I tried making DC3 a GC, but I still have users that cannot be
authenticated, and none can connect to the web via my proxy
server.

Can you please help?????
 
G

Guest

Hi Glen,

Thanks for your help, but I managed to sort out my problem. I had so many
network issues that I decided to phone Microsoft directly. They ran a
mpsreports on R101NS02 and found that the secure channel had been broken.
They downloaded a fix which solved the problem.

Thanks

Johan

Glenn L said:
What are the errors you get when you attempt to map a drive to this server?
What error do you get when you open ADUC or AD sites and services on
R101NS02?

I suggest you download and run mpsreports on R101NS02.
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd915706/MPSRPT_DirSvc.EXE
It produces a CAB file of all the reports it runs.
I'll look it over if you email it to me.

--
Glenn L
CCNA, MCSE 2000/2003 + Security

Johan said:
Hi Glen,

The network config is as follows:

Host Name R101NS02
Primary DNS Suffix west.rona.ca
Node Type Hybrid
IP Routing Enabled No
WINS Proxy Enabled No
DNS suffix search list west.rona.ca
rona.ca

Ethernet Adapter Local Area Connecters
Connection-specific DNS suffix
Description AMD PCNET Family Ethernet Adapter
Physical Address 00-60-94-57-36-F1
DHCP Enabled No
IP address 10.1.1.29
Subnet Mask 255.255.254.0
Gateway 10.1.1.254
DNS Servers 10.1.1.30
10.1.1.29
Primary WINS server 10.1.1.30
Secondary WINS Server 10.1.1.29

I cannot map drives to this DC, and have been receiving event ID 3034
-MRxSmb errors in the systems log. I have also been receiving Event ID
3051
and event ID 5706 errors with regards to netlogon and sysvol. I did try
and
copy these from R101NS05, but did not help.

Johan

Glenn L said:
what is the network configuration or R101NS02? Do an IPCONFIG /ALL


--
Glenn L
CCNA, MCSE 2000/2003 + Security

Hi Glen,

Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
when
I ran repadmin /showreps. Here are the results:

R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error
82
(local error)

R101NS01 and R101NS05 seemed to have worked fine, and they show they
were
successful with R101NS02.
I couldn't capture this info for you, could not find the /switch

Thanks

Johan

I

:

Johan,
Does r101ns02 hold any FSMO roles or do anything else besides DC work?
The quickest way back to health for r101ns02 is to force demote it, do
a
metadata cleanup of r101ns02 using KB216498, then repromote it.

If you execute repadmin /showreps from r101ns02, do you get the LDAP
bind
error?
Execute repadmin /showreps from R101NS01 and R101NS05, are they
getting
replication from R101NS02?

If you want to continue to troubleshoot, then the next step is to
reset
the
machine account password of the DC with the domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
Aftger you reset the password and initiate the reboot, be sure to
force
replication between R101NS01 and R101NS05

--
Glenn L
CCNA, MCSE 2000/2003 + Security

Hi Glenn,

All the DC's are within 1min of each other, and I have rebooted all
the
DC's
a number of times. I ran dcdiag and here are the results:

DC1
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test
MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for
printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for
printer

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP
required

An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

DC2
Domain Controller Diagnosis

Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..

DC3
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity

Doing primary tests

Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test
MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog

Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck

I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
would
not allow me

Thanks

Johan

:

These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?

Also, run dcdiag on each DC.
post the results here.



--
Glenn L
CCNA, MCSE 2000/2003 + Security

I have 3 Domain Controllers, all are running W2K SP4. DC1 holds
the
Global
Catalog.
Since this morning DC1 seems to have a problem replicating to DC2
and
DC3
in
the same domain.

The error I get on DC1 is as follows:
Source: NTDS KCC
Error Event ID 1311
"The Directory Service consistency checker has determined that
either,
(a)there is not enough physical connectivity published via the
Acrtive
Directory Sites and Services Manager to create a spanning tree to
connecting
all the sites containing the Partition DC=xxx,DC=ca, or (b)
replication
cannot be performed with one or more critical servers in order
for
changes
to
propogate across all sites (most often being due to the servers
being
unreachable)
I also get Error Event ID 1265 which says "The RPC server is to
busy
to
complete this operation."

The errors I get on DC2 and DC3 are:
Event ID 1126: "unable to establish connection with the Global
Catalog."
Event ID 1655: "the attempt to communicate with global catalog
\\DC.xxx.ca
failed with the following status. The RPC Server is to busy to
complete
this
operation.

No changes were made to any of the DC's before this problem
occured.
No DC's were demoted and their time are all in sync.
I tried making DC3 a GC, but I still have users that cannot be
authenticated, and none can connect to the web via my proxy
server.

Can you please help?????
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Replication errors 6
replication problem 3
AD Replication and RPC 3
reviving ad after first dc crashed 3
Site Replication 1
Replacing a W2K Domain Controller 1
95/98 log on problem. Weird... 1
AD Sites 4

Top