Replication Problem

J

James

Hello,

Currently I have 2 DC under one child domain. Whenever I try to replicate
either server's AD using "AD sites and services" I get the following error:

"The following error has occurred during the attempt to synchronize the
domain controllers access is denied"

DNS server is running normally. Both servers are on the same LAN.

Both are Windows 2000 SP4 servers. Thank you in advance.
 
H

Herb Martin

James said:
Hello,

Currently I have 2 DC under one child domain. Whenever I try to replicate
either server's AD using "AD sites and services" I get the following
error:

"The following error has occurred during the attempt to synchronize the
domain controllers access is denied"

DNS server is running normally. Both servers are on the same LAN.

Both are Windows 2000 SP4 servers. Thank you in advance.
Click to expand...

Are you using Terminal Services to reach the computer where you run
the AD Sites and Services MMC? Sometimes there are issues with that.

Do these DCs replicate normally?

Check with a complete "DCDiag /c" and search for FAIL or WARN
messages by saving the output to a file.
 
J

James

Thanks for the quick reply. These two DC's have been running fine until 2
weeks ago.

I ran dcdiag and the only errors I see are





Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

.......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.









Are you using Terminal Services to reach the computer where you run
Click to expand...
 
H

Herb Martin

James said:
Thanks for the quick reply. These two DC's have been running fine until 2
weeks ago.

I ran dcdiag and the only errors I see are
Click to expand...


So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and firewalls
or filters that might be preventing communication between DCs.

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.









Are you using Terminal Services to reach the computer where you run
Click to expand...
the AD Sites and Services MMC? Sometimes there are issues with that.

Do these DCs replicate normally?

Check with a complete "DCDiag /c" and search for FAIL or WARN messages
Click to expand...
by saving the output to a file.


Herb Martin, MCSE, MVP

(phone on web site)
Click to expand...
Click to expand...
 
J

James

Thanks again:

I ran netDiag with the /fix option, no errors were found. And I also ran
dcDiag for a second time and both are listed below. I can ping any domain
controller from any place across the WAN. Our firewalls do not block any
ports across our WAN.

DC Diag:


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Acct\NT3
Starting test: Connectivity
......................... NT3 passed test Connectivity

Doing primary tests

Testing server: Acct\NT3
Starting test: Replications
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Acct,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=pottsville,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=kenosha,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=lansing,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=chicago,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 16:27.23.
The last success occurred at 2007-03-04 07:47.16.
457 failures have occurred since the last success.
......................... NT3 passed test Replications
Starting test: NCSecDesc
......................... NT3 passed test NCSecDesc
Starting test: NetLogons
......................... NT3 passed test NetLogons
Starting test: Advertising
......................... NT3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT3 passed test RidManager
Starting test: MachineAccount
......................... NT3 passed test MachineAccount
Starting test: Services
......................... NT3 passed test Services
Starting test: ObjectsReplicated
......................... NT3 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NT3 passed test frssysvol
Starting test: kccevent
......................... NT3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:14:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:09
(Event String could not be retrieved)


An Error Event occured. EventID: 0x00000452
Time Generated: 03/22/2007 16:16:47
Event String: The printer could not be installed.
......................... NT3 failed test systemlog

Running enterprise tests on : Corp.local
Starting test: Intersite
......................... Corp.local passed test Intersite
Starting test: FsmoCheck
......................... Corp.local passed test FsmoCheck








Net Diag





Herb Martin said:
James said:
Thanks for the quick reply. These two DC's have been running fine until 2
weeks ago.

I ran dcdiag and the only errors I see are
Click to expand...


So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and firewalls
or filters that might be preventing communication between DCs.

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.









Currently I have 2 DC under one child domain. Whenever I try to
Click to expand...
replicate either server's AD using "AD sites and services" I get the



"The following error has occurred during the attempt to synchronize
Click to expand...
the domain controllers access is denied"

DNS server is running normally. Both servers are on the same LAN.

Both are Windows 2000 SP4 servers. Thank you in advance.

Are you using Terminal Services to reach the computer where you run
Click to expand...
the AD Sites and Services MMC? Sometimes there are issues with that.

Do these DCs replicate normally?

Check with a complete "DCDiag /c" and search for FAIL or WARN messages
Click to expand...
by saving the output to a file.


Herb Martin, MCSE, MVP

(phone on web site)
Click to expand...
Click to expand...
Click to expand...
 
J

James

Nothing besides replication failures which stratred two weeks ago.



"Jorge de Almeida Pinto [MVP - DS]"
 
J

Jorge de Almeida Pinto [MVP - DS]

it is hard to believe that "nothing" is causing repl errors....

anyone change/add/remove anything?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
James said:
Nothing besides replication failures which stratred two weeks ago.



"Jorge de Almeida Pinto [MVP - DS]"
what happened 2 weeks ago?

any event IDs with errors in the DS log?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
Click to expand...
Click to expand...
 
K

Kurt

James said:
Thanks again:

I ran netDiag with the /fix option, no errors were found. And I also ran
dcDiag for a second time and both are listed below. I can ping any domain
controller from any place across the WAN. Our firewalls do not block any
ports across our WAN.

DC Diag:


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Acct\NT3
Starting test: Connectivity
......................... NT3 passed test Connectivity

Doing primary tests

Testing server: Acct\NT3
Starting test: Replications
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Acct,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=pottsville,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=kenosha,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=lansing,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=chicago,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 16:27.23.
The last success occurred at 2007-03-04 07:47.16.
457 failures have occurred since the last success.
......................... NT3 passed test Replications
Starting test: NCSecDesc
......................... NT3 passed test NCSecDesc
Starting test: NetLogons
......................... NT3 passed test NetLogons
Starting test: Advertising
......................... NT3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT3 passed test RidManager
Starting test: MachineAccount
......................... NT3 passed test MachineAccount
Starting test: Services
......................... NT3 passed test Services
Starting test: ObjectsReplicated
......................... NT3 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NT3 passed test frssysvol
Starting test: kccevent
......................... NT3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:14:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:09
(Event String could not be retrieved)


An Error Event occured. EventID: 0x00000452
Time Generated: 03/22/2007 16:16:47
Event String: The printer could not be installed.
......................... NT3 failed test systemlog

Running enterprise tests on : Corp.local
Starting test: Intersite
......................... Corp.local passed test Intersite
Starting test: FsmoCheck
......................... Corp.local passed test FsmoCheck








Net Diag





Herb Martin said:
James said:
Thanks for the quick reply. These two DC's have been running fine until 2
weeks ago.

I ran dcdiag and the only errors I see are
Click to expand...

So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and firewalls
or filters that might be preventing communication between DCs.

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.










Hello,
Currently I have 2 DC under one child domain. Whenever I try to
replicate either server's AD using "AD sites and services" I get the
following
error:
"The following error has occurred during the attempt to synchronize
the domain controllers access is denied"
DNS server is running normally. Both servers are on the same LAN.
Both are Windows 2000 SP4 servers. Thank you in advance.
Are you using Terminal Services to reach the computer where you run
the AD Sites and Services MMC? Sometimes there are issues with that.
Do these DCs replicate normally?
Check with a complete "DCDiag /c" and search for FAIL or WARN messages
by saving the output to a file.
Click to expand...
Click to expand...
Click to expand...

As Herb suggested, it is uncanny that this happened right at the DST
thing. "net time" on both DCs shows identical times?

....kurt
 
J

James

Both servers show the same time and time zone. It looks like this problem
surfaced around the same time we applied the DST fix form Microsoft. I went
over the settings and both server still show the same time zone and both
have identical correct settings.


Kurt said:
James said:
Thanks again:

I ran netDiag with the /fix option, no errors were found. And I also ran
dcDiag for a second time and both are listed below. I can ping any domain
controller from any place across the WAN. Our firewalls do not block any
ports across our WAN.

DC Diag:


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Acct\NT3
Starting test: Connectivity
......................... NT3 passed test Connectivity

Doing primary tests

Testing server: Acct\NT3
Starting test: Replications
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Acct,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=pottsville,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=kenosha,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=lansing,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=chicago,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 16:27.23.
The last success occurred at 2007-03-04 07:47.16.
457 failures have occurred since the last success.
......................... NT3 passed test Replications
Starting test: NCSecDesc
......................... NT3 passed test NCSecDesc
Starting test: NetLogons
......................... NT3 passed test NetLogons
Starting test: Advertising
......................... NT3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT3 passed test RidManager
Starting test: MachineAccount
......................... NT3 passed test MachineAccount
Starting test: Services
......................... NT3 passed test Services
Starting test: ObjectsReplicated
......................... NT3 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NT3 passed test frssysvol
Starting test: kccevent
......................... NT3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:14:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:09
(Event String could not be retrieved)


An Error Event occured. EventID: 0x00000452
Time Generated: 03/22/2007 16:16:47
Event String: The printer could not be installed.
......................... NT3 failed test systemlog

Running enterprise tests on : Corp.local
Starting test: Intersite
......................... Corp.local passed test Intersite
Starting test: FsmoCheck
......................... Corp.local passed test FsmoCheck








Net Diag





Herb Martin said:
Thanks for the quick reply. These two DC's have been running fine until
2 weeks ago.

I ran dcdiag and the only errors I see are

So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and
firewalls
or filters that might be preventing communication between DCs.


Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.










Hello,
Currently I have 2 DC under one child domain. Whenever I try to
replicate either server's AD using "AD sites and services" I get the
following
error:
"The following error has occurred during the attempt to synchronize
the domain controllers access is denied"
DNS server is running normally. Both servers are on the same LAN.
Both are Windows 2000 SP4 servers. Thank you in advance.
Are you using Terminal Services to reach the computer where you run
the AD Sites and Services MMC? Sometimes there are issues with that.
Do these DCs replicate normally?
Check with a complete "DCDiag /c" and search for FAIL or WARN messages
by saving the output to a file.
Click to expand...
Click to expand...

As Herb suggested, it is uncanny that this happened right at the DST
thing. "net time" on both DCs shows identical times?

...kurt
Click to expand...
 
H

Herb Martin

James said:
Both servers show the same time and time zone. It looks like this problem
surfaced around the same time we applied the DST fix form Microsoft. I
went over the settings and both server still show the same time zone and
both have identical correct settings.
Click to expand...

Yes, but if the time zone is somehow wrong on them then the appearance
of the time being the same means they are actually OUT OF SYNC.

Try clearning the Automatically adjust check box -- save -- then open
and reset it on each.

Try setting one DC with time from the other (or PDC Emulator) and see
if the time appears to change by an hour -- if so, you still have time zone
problems.

net time \\PDCorOtherDC /set

Kurt said:
James said:
Thanks again:

I ran netDiag with the /fix option, no errors were found. And I also ran
dcDiag for a second time and both are listed below. I can ping any
domain controller from any place across the WAN. Our firewalls do not
block any ports across our WAN.

DC Diag:


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Acct\NT3
Starting test: Connectivity
......................... NT3 passed test Connectivity

Doing primary tests

Testing server: Acct\NT3
Starting test: Replications
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Acct,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=pottsville,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=kenosha,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=lansing,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=chicago,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 16:27.23.
The last success occurred at 2007-03-04 07:47.16.
457 failures have occurred since the last success.
......................... NT3 passed test Replications
Starting test: NCSecDesc
......................... NT3 passed test NCSecDesc
Starting test: NetLogons
......................... NT3 passed test NetLogons
Starting test: Advertising
......................... NT3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT3 passed test RidManager
Starting test: MachineAccount
......................... NT3 passed test MachineAccount
Starting test: Services
......................... NT3 passed test Services
Starting test: ObjectsReplicated
......................... NT3 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NT3 passed test frssysvol
Starting test: kccevent
......................... NT3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:14:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:09
(Event String could not be retrieved)


An Error Event occured. EventID: 0x00000452
Time Generated: 03/22/2007 16:16:47
Event String: The printer could not be installed.
......................... NT3 failed test systemlog

Running enterprise tests on : Corp.local
Starting test: Intersite
......................... Corp.local passed test Intersite
Starting test: FsmoCheck
......................... Corp.local passed test FsmoCheck








Net Diag





Thanks for the quick reply. These two DC's have been running fine
until 2 weeks ago.

I ran dcdiag and the only errors I see are

So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and
firewalls
or filters that might be preventing communication between DCs.


Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.










Hello,
Currently I have 2 DC under one child domain. Whenever I try to
replicate either server's AD using "AD sites and services" I get the
following
error:
"The following error has occurred during the attempt to synchronize
the domain controllers access is denied"
DNS server is running normally. Both servers are on the same LAN.
Both are Windows 2000 SP4 servers. Thank you in advance.
Are you using Terminal Services to reach the computer where you run
the AD Sites and Services MMC? Sometimes there are issues with that.
Do these DCs replicate normally?
Check with a complete "DCDiag /c" and search for FAIL or WARN
messages
by saving the output to a file.
Click to expand...

As Herb suggested, it is uncanny that this happened right at the DST
thing. "net time" on both DCs shows identical times?

...kurt
Click to expand...
Click to expand...
 
J

James

I ran Net Time and one of the DC's time is off by 7 munites!




Kurt said:
James said:
Thanks again:

I ran netDiag with the /fix option, no errors were found. And I also ran
dcDiag for a second time and both are listed below. I can ping any domain
controller from any place across the WAN. Our firewalls do not block any
ports across our WAN.

DC Diag:


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Acct\NT3
Starting test: Connectivity
......................... NT3 passed test Connectivity

Doing primary tests

Testing server: Acct\NT3
Starting test: Replications
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Acct,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=pottsville,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=kenosha,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=lansing,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=chicago,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 16:27.23.
The last success occurred at 2007-03-04 07:47.16.
457 failures have occurred since the last success.
......................... NT3 passed test Replications
Starting test: NCSecDesc
......................... NT3 passed test NCSecDesc
Starting test: NetLogons
......................... NT3 passed test NetLogons
Starting test: Advertising
......................... NT3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT3 passed test RidManager
Starting test: MachineAccount
......................... NT3 passed test MachineAccount
Starting test: Services
......................... NT3 passed test Services
Starting test: ObjectsReplicated
......................... NT3 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NT3 passed test frssysvol
Starting test: kccevent
......................... NT3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:14:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:09
(Event String could not be retrieved)


An Error Event occured. EventID: 0x00000452
Time Generated: 03/22/2007 16:16:47
Event String: The printer could not be installed.
......................... NT3 failed test systemlog

Running enterprise tests on : Corp.local
Starting test: Intersite
......................... Corp.local passed test Intersite
Starting test: FsmoCheck
......................... Corp.local passed test FsmoCheck








Net Diag





Herb Martin said:
Thanks for the quick reply. These two DC's have been running fine until
2 weeks ago.

I ran dcdiag and the only errors I see are

So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and
firewalls
or filters that might be preventing communication between DCs.


Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.










Hello,
Currently I have 2 DC under one child domain. Whenever I try to
replicate either server's AD using "AD sites and services" I get the
following
error:
"The following error has occurred during the attempt to synchronize
the domain controllers access is denied"
DNS server is running normally. Both servers are on the same LAN.
Both are Windows 2000 SP4 servers. Thank you in advance.
Are you using Terminal Services to reach the computer where you run
the AD Sites and Services MMC? Sometimes there are issues with that.
Do these DCs replicate normally?
Check with a complete "DCDiag /c" and search for FAIL or WARN messages
by saving the output to a file.
Click to expand...
Click to expand...

As Herb suggested, it is uncanny that this happened right at the DST
thing. "net time" on both DCs shows identical times?

...kurt
Click to expand...
 
J

James

Please also note that the parent domain is in a different time zone.


James said:
Both servers show the same time and time zone. It looks like this problem
surfaced around the same time we applied the DST fix form Microsoft. I
went over the settings and both server still show the same time zone and
both have identical correct settings.


Kurt said:
James said:
Thanks again:

I ran netDiag with the /fix option, no errors were found. And I also ran
dcDiag for a second time and both are listed below. I can ping any
domain controller from any place across the WAN. Our firewalls do not
block any ports across our WAN.

DC Diag:


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Acct\NT3
Starting test: Connectivity
......................... NT3 passed test Connectivity

Doing primary tests

Testing server: Acct\NT3
Starting test: Replications
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Acct,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=pottsville,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=kenosha,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=lansing,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=chicago,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 16:27.23.
The last success occurred at 2007-03-04 07:47.16.
457 failures have occurred since the last success.
......................... NT3 passed test Replications
Starting test: NCSecDesc
......................... NT3 passed test NCSecDesc
Starting test: NetLogons
......................... NT3 passed test NetLogons
Starting test: Advertising
......................... NT3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT3 passed test RidManager
Starting test: MachineAccount
......................... NT3 passed test MachineAccount
Starting test: Services
......................... NT3 passed test Services
Starting test: ObjectsReplicated
......................... NT3 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NT3 passed test frssysvol
Starting test: kccevent
......................... NT3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:14:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:09
(Event String could not be retrieved)


An Error Event occured. EventID: 0x00000452
Time Generated: 03/22/2007 16:16:47
Event String: The printer could not be installed.
......................... NT3 failed test systemlog

Running enterprise tests on : Corp.local
Starting test: Intersite
......................... Corp.local passed test Intersite
Starting test: FsmoCheck
......................... Corp.local passed test FsmoCheck








Net Diag





Thanks for the quick reply. These two DC's have been running fine
until 2 weeks ago.

I ran dcdiag and the only errors I see are

So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and
firewalls
or filters that might be preventing communication between DCs.


Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.










Hello,
Currently I have 2 DC under one child domain. Whenever I try to
replicate either server's AD using "AD sites and services" I get the
following
error:
"The following error has occurred during the attempt to synchronize
the domain controllers access is denied"
DNS server is running normally. Both servers are on the same LAN.
Both are Windows 2000 SP4 servers. Thank you in advance.
Are you using Terminal Services to reach the computer where you run
the AD Sites and Services MMC? Sometimes there are issues with that.
Do these DCs replicate normally?
Check with a complete "DCDiag /c" and search for FAIL or WARN
messages
by saving the output to a file.
Click to expand...

As Herb suggested, it is uncanny that this happened right at the DST
thing. "net time" on both DCs shows identical times?

...kurt
Click to expand...
Click to expand...
 
J

James

Problem has been resolved. A domain controller under the parent domain was
update and was not rebooted after the update. I could have not found out the
problem without your help. Thank you very much :)



Herb Martin said:
James said:
Both servers show the same time and time zone. It looks like this problem
surfaced around the same time we applied the DST fix form Microsoft. I
went over the settings and both server still show the same time zone and
both have identical correct settings.
Click to expand...

Yes, but if the time zone is somehow wrong on them then the appearance
of the time being the same means they are actually OUT OF SYNC.

Try clearning the Automatically adjust check box -- save -- then open
and reset it on each.

Try setting one DC with time from the other (or PDC Emulator) and see
if the time appears to change by an hour -- if so, you still have time
zone
problems.

net time \\PDCorOtherDC /set

Kurt said:
James wrote:
Thanks again:

I ran netDiag with the /fix option, no errors were found. And I also
ran dcDiag for a second time and both are listed below. I can ping any
domain controller from any place across the WAN. Our firewalls do not
block any ports across our WAN.

DC Diag:


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Acct\NT3
Starting test: Connectivity
......................... NT3 passed test Connectivity

Doing primary tests

Testing server: Acct\NT3
Starting test: Replications
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Acct,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=pottsville,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=kenosha,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=lansing,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=chicago,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 16:27.23.
The last success occurred at 2007-03-04 07:47.16.
457 failures have occurred since the last success.
......................... NT3 passed test Replications
Starting test: NCSecDesc
......................... NT3 passed test NCSecDesc
Starting test: NetLogons
......................... NT3 passed test NetLogons
Starting test: Advertising
......................... NT3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT3 passed test RidManager
Starting test: MachineAccount
......................... NT3 passed test MachineAccount
Starting test: Services
......................... NT3 passed test Services
Starting test: ObjectsReplicated
......................... NT3 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NT3 passed test frssysvol
Starting test: kccevent
......................... NT3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:14:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:09
(Event String could not be retrieved)


An Error Event occured. EventID: 0x00000452
Time Generated: 03/22/2007 16:16:47
Event String: The printer could not be installed.
......................... NT3 failed test systemlog

Running enterprise tests on : Corp.local
Starting test: Intersite
......................... Corp.local passed test Intersite
Starting test: FsmoCheck
......................... Corp.local passed test FsmoCheck








Net Diag





Thanks for the quick reply. These two DC's have been running fine
until 2 weeks ago.

I ran dcdiag and the only errors I see are

So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and
firewalls
or filters that might be preventing communication between DCs.


Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.










Hello,
Currently I have 2 DC under one child domain. Whenever I try to
replicate either server's AD using "AD sites and services" I get
the
following
error:
"The following error has occurred during the attempt to synchronize
the domain controllers access is denied"
DNS server is running normally. Both servers are on the same LAN.
Both are Windows 2000 SP4 servers. Thank you in advance.
Are you using Terminal Services to reach the computer where you run
the AD Sites and Services MMC? Sometimes there are issues with that.
Do these DCs replicate normally?
Check with a complete "DCDiag /c" and search for FAIL or WARN
messages
by saving the output to a file.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)





As Herb suggested, it is uncanny that this happened right at the DST
thing. "net time" on both DCs shows identical times?

...kurt
Click to expand...
Click to expand...
Click to expand...
 
H

Herb Martin

James said:
I ran Net Time and one of the DC's time is off by 7 munites!
Click to expand...

Time must be within 5 minutes (Kerberos default) for them to sync
or clients to authenticate.

In practice this means that time should be accurate WITHIN 2 1/2 minutes
on every machines.

Just reset it -- 7 minutes isn't far off.

Kurt said:
James said:
Thanks again:

I ran netDiag with the /fix option, no errors were found. And I also ran
dcDiag for a second time and both are listed below. I can ping any
domain controller from any place across the WAN. Our firewalls do not
block any ports across our WAN.

DC Diag:


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Acct\NT3
Starting test: Connectivity
......................... NT3 passed test Connectivity

Doing primary tests

Testing server: Acct\NT3
Starting test: Replications
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Acct,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: CN=Configuration,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=pottsville,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=kenosha,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.29.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=lansing,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=chicago,DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 15:59.28.
The last success occurred at 2007-03-04 07:47.16.
438 failures have occurred since the last success.
[Replications Check,NT3] A recent replication attempt failed:
From NT1 to NT3
Naming Context: DC=Corp,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-03-22 16:27.23.
The last success occurred at 2007-03-04 07:47.16.
457 failures have occurred since the last success.
......................... NT3 passed test Replications
Starting test: NCSecDesc
......................... NT3 passed test NCSecDesc
Starting test: NetLogons
......................... NT3 passed test NetLogons
Starting test: Advertising
......................... NT3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT3 passed test RidManager
Starting test: MachineAccount
......................... NT3 passed test MachineAccount
Starting test: Services
......................... NT3 passed test Services
Starting test: ObjectsReplicated
......................... NT3 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NT3 passed test frssysvol
Starting test: kccevent
......................... NT3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:14:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168F
Time Generated: 03/22/2007 16:16:09
(Event String could not be retrieved)


An Error Event occured. EventID: 0x00000452
Time Generated: 03/22/2007 16:16:47
Event String: The printer could not be installed.
......................... NT3 failed test systemlog

Running enterprise tests on : Corp.local
Starting test: Intersite
......................... Corp.local passed test Intersite
Starting test: FsmoCheck
......................... Corp.local passed test FsmoCheck








Net Diag





Thanks for the quick reply. These two DC's have been running fine
until 2 weeks ago.

I ran dcdiag and the only errors I see are

So you are failing replication whether you force it or not. But it
doesn't look like you included the entire DCDiag.

Try checking DNS (NetDiag /fix might help on all DCs); time (the real
time not the display time since we just did that DST thing), and
firewalls
or filters that might be preventing communication between DCs.


Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests


Testing server: Corp\NT1

Starting test: Connectivity

......................... NT1 passed test Connectivity

Doing primary tests


Testing server: acct\NT1

Starting test: Replications

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: DC=Acct,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.

[Replications Check,NT1] A recent replication attempt failed:

From NT3 to NT1

Naming Context: CN=Schema,CN=Configuration,DC=Corp,DC=local

The replication generated an error (5):

Access is denied.

The failure occurred at 2007-03-22 13:50.30.

The last success occurred at 2007-03-04 06:52.20.

419 failures have occurred since the last success.










Hello,
Currently I have 2 DC under one child domain. Whenever I try to
replicate either server's AD using "AD sites and services" I get the
following
error:
"The following error has occurred during the attempt to synchronize
the domain controllers access is denied"
DNS server is running normally. Both servers are on the same LAN.
Both are Windows 2000 SP4 servers. Thank you in advance.
Are you using Terminal Services to reach the computer where you run
the AD Sites and Services MMC? Sometimes there are issues with that.
Do these DCs replicate normally?
Check with a complete "DCDiag /c" and search for FAIL or WARN
messages
by saving the output to a file.
Click to expand...

As Herb suggested, it is uncanny that this happened right at the DST
thing. "net time" on both DCs shows identical times?

...kurt
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Target Principal Name is incorrect 0
HELP? replication permissions 3
Replication Issues 1
Replication problem 1
Active Directory Replication Problem... 0
Replication Problem 2
AD Replication error 4
Slow Logons and Can't open files 0

Top