Replication problems in AD

D

daben

Hi

I have a small AD. 2 DCs running Win2k and about 10 workstations
running WinXP Pro. Here are the basic services run on each DC:

DC1 (Exchange 2k, DNS, RAS, IIS)

DC2 (SQL Server, DNS, DHCP, RAS)

I am behind a firewall (Cisco PIX)

Recently I have seen nothing but errors in replication between the 2
servers. I think my DNS settings are good.

There may be some legacy issues with DCs that were brought online by
another sysadmin who did not demote them correctly. repadmin
/showreps shows an entry for a removed (non-existant) DC on inbound
neighbors. dcdiag shows "The replication generated an error (5):" I
have tried various solutions but am a little unsure what to do now.

Can someone help with a little time and back and forth to try to track
this?

thanks
daben
 
D

daben

hi

yes, i did this already. it removed a lot of the problems, but i still get
issues. for example: dcdiag on dc called seastar

Testing server: Default-First-Site-Name\SEASTAR
Starting test: Replications
[Replications Check,SEASTAR] A recent replication attempt failed:
From SPGS2 to SEASTAR
Naming Context: CN=Schema,CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.20.
The last success occurred at 2004-04-07 11:57.13.
1098 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt failed:
From SPGS2 to SEASTAR
Naming Context: CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:29.13.
1099 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt failed:
From SPGS2 to SEASTAR
Naming Context: DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:27.56.
1372 failures have occurred since the last success.


repadmin /showreps
Default-First-Site-Name\SPGS2
DSA Options : IS_GC
objectGuid : b7f6d4fb-d025-4037-b9a6-c7ac68b949ca
invocationID: 8446edab-c917-49d8-9c37-5132059d9527

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 11:56.03.
1099 consecutive failure(s).

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:22.52.
1099 consecutive failure(s).

DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:21.29.
1104 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

C:\Documents and Settings\Administrator.SPGAD>


These dcs spgs1 (and on the other server we see spgsql) are no more. they
were probably demoted poorly. everything looks good in netdiag.

daben
 
S

Simon Geary

Have you seen this troubleshooting guide? It has a section on fixing Access
Denied replication errors and suggests that Kerberos errors are a likely
cause. As well as the suggestions it makes I would check the system time on
your DC's to ensure they are the same.
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/adogd12.mspx

daben said:
hi

yes, i did this already. it removed a lot of the problems, but i still get
issues. for example: dcdiag on dc called seastar

Testing server: Default-First-Site-Name\SEASTAR
Starting test: Replications
[Replications Check,SEASTAR] A recent replication attempt failed:
From SPGS2 to SEASTAR
Naming Context: CN=Schema,CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.20.
The last success occurred at 2004-04-07 11:57.13.
1098 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt failed:
From SPGS2 to SEASTAR
Naming Context: CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:29.13.
1099 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt failed:
From SPGS2 to SEASTAR
Naming Context: DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:27.56.
1372 failures have occurred since the last success.


repadmin /showreps
Default-First-Site-Name\SPGS2
DSA Options : IS_GC
objectGuid : b7f6d4fb-d025-4037-b9a6-c7ac68b949ca
invocationID: 8446edab-c917-49d8-9c37-5132059d9527

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 11:56.03.
1099 consecutive failure(s).

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:22.52.
1099 consecutive failure(s).

DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:21.29.
1104 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

C:\Documents and Settings\Administrator.SPGAD>


These dcs spgs1 (and on the other server we see spgsql) are no more. they
were probably demoted poorly. everything looks good in netdiag.

daben





Simon Geary said:
You need to do a metadata cleanup to remove the non-existent DC from
Active
Directory.
http://support.microsoft.com/?id=216498
Click to expand...
Click to expand...
 
D

Digital Doug

Was one of your DCs down for a little while? A cursory review of the error
listing shows all three DC contexts in error with an error code 5 ---may
indicated a machine password mismatch..
If I remember correctly, DC backups are no good after 60 days due to
automatic password changes of the machine accounts.

Digital Doug
 
D

daben

thanks, i will take a look at this. i just checked the times on the 2 dcs.
i remember reading that time was a big thing with AD. the 2 dcs are off by
7mins in time. i thought that in AD time was always set to the dc, i guess
dcs themselves dont do this? can i point one dc at the other and then have
that one connect to nist or some other external time server?


Simon Geary said:
Have you seen this troubleshooting guide? It has a section on fixing
Access
Denied replication errors and suggests that Kerberos errors are a likely
cause. As well as the suggestions it makes I would check the system time
on
your DC's to ensure they are the same.
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/adogd12.mspx

daben said:
hi

yes, i did this already. it removed a lot of the problems, but i still get
issues. for example: dcdiag on dc called seastar

Testing server: Default-First-Site-Name\SEASTAR
Starting test: Replications
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: CN=Schema,CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.20.
The last success occurred at 2004-04-07 11:57.13.
1098 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:29.13.
1099 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:27.56.
1372 failures have occurred since the last success.


repadmin /showreps
Default-First-Site-Name\SPGS2
DSA Options : IS_GC
objectGuid : b7f6d4fb-d025-4037-b9a6-c7ac68b949ca
invocationID: 8446edab-c917-49d8-9c37-5132059d9527

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 11:56.03.
1099 consecutive failure(s).

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:22.52.
1099 consecutive failure(s).

DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:21.29.
1104 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

C:\Documents and Settings\Administrator.SPGAD>


These dcs spgs1 (and on the other server we see spgsql) are no more.
they
were probably demoted poorly. everything looks good in netdiag.

daben





Simon Geary said:
You need to do a metadata cleanup to remove the non-existent DC from
Active
Directory.
http://support.microsoft.com/?id=216498

Hi

I have a small AD. 2 DCs running Win2k and about 10 workstations
running WinXP Pro. Here are the basic services run on each DC:

DC1 (Exchange 2k, DNS, RAS, IIS)

DC2 (SQL Server, DNS, DHCP, RAS)

I am behind a firewall (Cisco PIX)

Recently I have seen nothing but errors in replication between the 2
servers. I think my DNS settings are good.

There may be some legacy issues with DCs that were brought online by
another sysadmin who did not demote them correctly. repadmin
/showreps shows an entry for a removed (non-existant) DC on inbound
neighbors. dcdiag shows "The replication generated an error (5):" I
have tried various solutions but am a little unsure what to do now.

Can someone help with a little time and back and forth to try to track
this?

thanks
daben
Click to expand...
Click to expand...
Click to expand...
 
D

daben

replying to my own post.

my two dcs were 7mins off in time. i pointed one at the other who points at
NIST. now the replications are working. good lead:

i still get the odd behavior in repadmin /showreps

the inbound neighbor spgs1 is now replicating with seastar, at least if i
read it right. PROBLEM IS, there is no spgs1 anymore!

any thoughts?

thanks for your time
daben

daben said:
thanks, i will take a look at this. i just checked the times on the 2
dcs. i remember reading that time was a big thing with AD. the 2 dcs are
off by 7mins in time. i thought that in AD time was always set to the dc,
i guess dcs themselves dont do this? can i point one dc at the other and
then have that one connect to nist or some other external time server?


Simon Geary said:
Have you seen this troubleshooting guide? It has a section on fixing
Access
Denied replication errors and suggests that Kerberos errors are a likely
cause. As well as the suggestions it makes I would check the system time
on
your DC's to ensure they are the same.
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/adogd12.mspx

daben said:
hi

yes, i did this already. it removed a lot of the problems, but i still get
issues. for example: dcdiag on dc called seastar

Testing server: Default-First-Site-Name\SEASTAR
Starting test: Replications
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: CN=Schema,CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.20.
The last success occurred at 2004-04-07 11:57.13.
1098 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:29.13.
1099 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:27.56.
1372 failures have occurred since the last success.


repadmin /showreps
Default-First-Site-Name\SPGS2
DSA Options : IS_GC
objectGuid : b7f6d4fb-d025-4037-b9a6-c7ac68b949ca
invocationID: 8446edab-c917-49d8-9c37-5132059d9527

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 11:56.03.
1099 consecutive failure(s).

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:22.52.
1099 consecutive failure(s).

DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:21.29.
1104 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

C:\Documents and Settings\Administrator.SPGAD>


These dcs spgs1 (and on the other server we see spgsql) are no more.
they
were probably demoted poorly. everything looks good in netdiag.

daben





You need to do a metadata cleanup to remove the non-existent DC from
Active
Directory.
http://support.microsoft.com/?id=216498

Hi

I have a small AD. 2 DCs running Win2k and about 10 workstations
running WinXP Pro. Here are the basic services run on each DC:

DC1 (Exchange 2k, DNS, RAS, IIS)

DC2 (SQL Server, DNS, DHCP, RAS)

I am behind a firewall (Cisco PIX)

Recently I have seen nothing but errors in replication between the 2
servers. I think my DNS settings are good.

There may be some legacy issues with DCs that were brought online by
another sysadmin who did not demote them correctly. repadmin
/showreps shows an entry for a removed (non-existant) DC on inbound
neighbors. dcdiag shows "The replication generated an error (5):" I
have tried various solutions but am a little unsure what to do now.

Can someone help with a little time and back and forth to try to
track
this?

thanks
daben
Click to expand...
Click to expand...
Click to expand...
 
D

daben

Hi Doug

Well, it seems like time synch is a big problem (which I now fixed and
I can now get Replicate Now to work in ADS&S). But as I replied early
today I still get these phantom DCs which are nowhere around and do
not show up with ntdutils method. Any thoughts?

thanks
daben
 
S

Simon Geary

The time must be synchronised because Kerberos authentication will not work
if there is more than a 5 minute time difference. This seems to have been
the cause of your replication problem so it's good news that it is now fixed
but your solution, although one that works, is not the recommended time
service hierarchy for Active Directory. DC's should get their time from the
PDC Emulator in the domain, which in turn gets the time from the PDC
Emulator in the forest root domain. The only server synchronising with an
external time source should be the PDC Emulator in the forest root domain so
you may want to do a bit more work on this. This kb explains the process
http://support.microsoft.com/?id=224799

As for the non-existent DC's in Active Directory, the only way to get rid of
these is to do a metadata cleanup as per the 216498 article. I know you have
already tried this but it is the only way to go. Give it another try and
post back with any specific problems you have with it. Many people use this
process and it always works in the end.

daben said:
replying to my own post.

my two dcs were 7mins off in time. i pointed one at the other who points at
NIST. now the replications are working. good lead:

i still get the odd behavior in repadmin /showreps

the inbound neighbor spgs1 is now replicating with seastar, at least if i
read it right. PROBLEM IS, there is no spgs1 anymore!

any thoughts?

thanks for your time
daben

daben said:
thanks, i will take a look at this. i just checked the times on the 2
dcs. i remember reading that time was a big thing with AD. the 2 dcs are
off by 7mins in time. i thought that in AD time was always set to the dc,
i guess dcs themselves dont do this? can i point one dc at the other and
then have that one connect to nist or some other external time server?


Simon Geary said:
Have you seen this troubleshooting guide? It has a section on fixing
Access
Denied replication errors and suggests that Kerberos errors are a likely
cause. As well as the suggestions it makes I would check the system time
on
your DC's to ensure they are the same.
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/adogd12.mspx

hi

yes, i did this already. it removed a lot of the problems, but i still
get
issues. for example: dcdiag on dc called seastar

Testing server: Default-First-Site-Name\SEASTAR
Starting test: Replications
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: CN=Schema,CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.20.
The last success occurred at 2004-04-07 11:57.13.
1098 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: CN=Configuration,DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:29.13.
1099 failures have occurred since the last success.
[Replications Check,SEASTAR] A recent replication attempt
failed:
From SPGS2 to SEASTAR
Naming Context: DC=spg,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2004-05-22 16:56.19.
The last success occurred at 2004-04-07 12:27.56.
1372 failures have occurred since the last success.


repadmin /showreps
Default-First-Site-Name\SPGS2
DSA Options : IS_GC
objectGuid : b7f6d4fb-d025-4037-b9a6-c7ac68b949ca
invocationID: 8446edab-c917-49d8-9c37-5132059d9527

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 11:56.03.
1099 consecutive failure(s).

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:22.52.
1099 consecutive failure(s).

DC=spg,DC=local
Default-First-Site-Name\SPGS1
DEL:b447e6da-c544-4419-b39a-0b0193fa85ec (deleted DSA) via RPC
objectGuid: 41d7d34b-9d6d-40e6-bd8e-34f5efe74053
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8
Last attempt @ 2004-05-22 16:49.25 failed, result 5:
Access is denied.
Last success @ 2004-04-07 12:21.29.
1104 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

CN=Configuration,DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

DC=spg,DC=local
Default-First-Site-Name\SEASTAR via RPC
objectGuid: 98bf6af6-fadc-4c4e-847a-cbed1259e5e8

C:\Documents and Settings\Administrator.SPGAD>


These dcs spgs1 (and on the other server we see spgsql) are no more.
they
were probably demoted poorly. everything looks good in netdiag.

daben





You need to do a metadata cleanup to remove the non-existent DC from
Active
Directory.
http://support.microsoft.com/?id=216498

Hi

I have a small AD. 2 DCs running Win2k and about 10 workstations
running WinXP Pro. Here are the basic services run on each DC:

DC1 (Exchange 2k, DNS, RAS, IIS)

DC2 (SQL Server, DNS, DHCP, RAS)

I am behind a firewall (Cisco PIX)

Recently I have seen nothing but errors in replication between the 2
servers. I think my DNS settings are good.

There may be some legacy issues with DCs that were brought online by
another sysadmin who did not demote them correctly. repadmin
/showreps shows an entry for a removed (non-existant) DC on inbound
neighbors. dcdiag shows "The replication generated an error (5):" I
have tried various solutions but am a little unsure what to do now.

Can someone help with a little time and back and forth to try to
track
this?

thanks
daben
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Create outbound replication partner 1
AD user replication 6
AD replication problem with removed DC 1
Replication problem 2
Replication Problems 8
replication problem 3
Connection Objects Get Disappearing or Does Not Generate Automatic 2
Enable back File Replication between DCs 1

Top