Have you seen this troubleshooting guide? It has a section on fixing
Access
Denied replication errors and suggests that Kerberos errors are a likely
cause. As well as the suggestions it makes I would check the system time
on
your DC's to ensure they are the same.
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/adogd12.mspx
hi
yes, i did this already. it removed a lot of the problems, but i still
get
issues. for example: dcdiag on dc called seastar
Testing server: Default-First-Site-Name\SEASTAR
Starting test: Replications
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: CN=Schema,CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.20.
The last success occurred at 2004-04-07 11:57.13.
1098 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:29.13.
1099 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:27.56.
1372 failures have occurred since the last success.
repadmin /showreps
Default-First-Site-Name\SPGS2
DSA Options : IS_GC
objectGuid : b7f6d4fb-d025-4037-b9a6-c7ac68b949ca
invocationID: 8446edab-c917-49d8-9c37-5132059d9527
==== INBOUND NEIGHBORS ======================================
CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 11:56.03.
1099 consecutive failure(s).
CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:22.52.
1099 consecutive failure(s).
DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:21.29.
1104 consecutive failure(s).
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
C:\Documents and Settings\Administrator.SPGAD>
These dcs spgs1 (and on the other server we see spgsql) are no more.
they
were probably demoted poorly. everything looks good in netdiag.
daben
You need to do a metadata cleanup to remove the non-existent DC from
Active
Directory.
http://support.microsoft.com/?id=216498
Hi
I have a small AD. 2 DCs running Win2k and about 10 workstations
running WinXP Pro. Here are the basic services run on each DC:
DC1 (Exchange 2k, DNS, RAS, IIS)
DC2 (SQL Server, DNS, DHCP, RAS)
I am behind a firewall (Cisco PIX)
Recently I have seen nothing but errors in replication between the 2
servers. I think my DNS settings are good.
There may be some legacy issues with DCs that were brought online by
another sysadmin who did not demote them correctly. repadmin
/showreps shows an entry for a removed (non-existant) DC on inbound
neighbors. dcdiag shows "The replication generated an error (5):" I
have tried various solutions but am a little unsure what to do now.
Can someone help with a little time and back and forth to try to
track
this?
thanks
daben