Replication issue!

J

Jim Singh

Iam having a replication issue with the 2 root dc's located in same root
domain but in different sites. I have custom ipsec policies in place between
these 2 Root DCs.

- Communication link is there, I can see and browse the 2 dc in offshore
site, but when i try to do a force replication through replmon it comes up
with "access denied" error.

-The second DC has been offline for about a month, which creates an issue of
stale comp. acct password and that requires a reset pwd of PDCE for
establishing secure channel. I have done that also but still getting the
same error.

-I have tried syncing the Domain CN from first DC to the 2 DC, it fails with
errors "DC cannot be found for specified domain" error. the cmd i use is:
repadmin /sync DC=domain,DC=xy,DC=com root-dc-03 GUID of PDCE

- I have tried to manually add the dir partitions from DC2 (offshore
site)but if fails with the error "dc not found for the domain". the cmd i
use is
repadmin /add DC=domain,DC=xy,DC=com root-dc-03.domain.xy.com
root-dc-01.domain.xy.com /u:domain\uid /pw:*

- after i restart the KDC, and try to sync or add the directory partitions,
the error i get is "access denied'

- The DNS connectivitiy is fine as I have tried to ping the root DC1 with
its GUID_.msdcs ..... from DC2 in offshore site.

- all the required ports are open (i.e. 389, 88,53,500 udc, 50 etc)

If anyone knows of any other solution i appreate it.

thx.
 
P

ptwilliams

First thing I'd do is point the off site DC at the main site DC for DNS.
Then I'd reregister DNS via a netlogon restart. Then I'd pull up Replmon,
flush the cache and try pulling from the main DC.

The stale password should have rectified itself, as it would have tried
using the old one. It's not usually needed to reset it manually, but I
suppose it won't harm either way.

I suppose, a time sync wouldn't hurt either...

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Iam having a replication issue with the 2 root dc's located in same root
domain but in different sites. I have custom ipsec policies in place between
these 2 Root DCs.

- Communication link is there, I can see and browse the 2 dc in offshore
site, but when i try to do a force replication through replmon it comes up
with "access denied" error.

-The second DC has been offline for about a month, which creates an issue of
stale comp. acct password and that requires a reset pwd of PDCE for
establishing secure channel. I have done that also but still getting the
same error.

-I have tried syncing the Domain CN from first DC to the 2 DC, it fails with
errors "DC cannot be found for specified domain" error. the cmd i use is:
repadmin /sync DC=domain,DC=xy,DC=com root-dc-03 GUID of PDCE

- I have tried to manually add the dir partitions from DC2 (offshore
site)but if fails with the error "dc not found for the domain". the cmd i
use is
repadmin /add DC=domain,DC=xy,DC=com root-dc-03.domain.xy.com
root-dc-01.domain.xy.com /u:domain\uid /pw:*

- after i restart the KDC, and try to sync or add the directory partitions,
the error i get is "access denied'

- The DNS connectivitiy is fine as I have tried to ping the root DC1 with
its GUID_.msdcs ..... from DC2 in offshore site.

- all the required ports are open (i.e. 389, 88,53,500 udc, 50 etc)

If anyone knows of any other solution i appreate it.

thx.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top