Replication Problems

[TOM]

I have 2 DC's in a child domain both running AD integrated
DNS. 1 DC, DC1, is a bridgehead server and DC2 is just a
DC. Both are GC's, DC1 holds the RID, PDC roles. DC2 holds
the infrastructure role. These two DC's just replaced 2
W2k Dc's. The problem is I dont think that replication is
working correctly. I am getting event ID 1864 in DC1 and
in DC2 when I run dcdiag it states that the ISTG is not
running and RPC server is not responding and that DC2 is
not responding to directory requests. I also get this in
DCdiag:
Testing server: CHILD\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org could not be resolved to an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name
(d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org)
couldn't be resolved, the server name
(DC2.child.parent.org) resolved to the IP address
(192.168.5.7) and was pingable. Check that the
IP address is
registered correctly with the DNS server.
......................... DC2 failed test
Connectivity

My question is (A) How do I resolve this? and (B) How can
I verify that replication is actually occurring
correctly? I have run replmon and I do not see any
errors?! Please help Thanks

 

[Herb Martin]

I have 2 DC's in a child domain both running AD integrated
DNS. 1 DC, DC1, is a bridgehead server and DC2 is just a
DC. Both are GC's, DC1 holds the RID, PDC roles. DC2 holds
the infrastructure role. These two DC's just replaced 2
W2k Dc's. The problem is I dont think that replication is
working correctly. I am getting event ID 1864 in DC1 and
in DC2 when I run dcdiag it states that the ISTG is not
running and RPC server is not responding and that DC2 is
not responding to directory requests. I also get this in
DCdiag:
Testing server: CHILD\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org could not be resolved to an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name
(d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org)
couldn't be resolved, the server name
(DC2.child.parent.org) resolved to the IP address
(192.168.5.7) and was pingable. Check that the
IP address is
registered correctly with the DNS server.
......................... DC2 failed test
Connectivity

My question is (A) How do I resolve this?

Most replication problems are DNS based but you may
have some actual service problems if the RPC server is
not working correctly. (DNS described below*)

Sometimes running DCDiag /FIX on each DC will help but
it is NOT exhaustive:

DCDiag /fix

and (B) How can
I verify that replication is actually occurring
correctly? I have run replmon and I do not see any
errors?! Please help Thanks

ReplMon or RepAdmin (may have to find these in the
Support Tools or ResKit download from Microsoft.)

You might also perform Repair Installs or even DCPromo
'cycle' (non-DC back to DC) the DCs, one at a time of course.

In any case fix the DNS (which is probably also in error):

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
[/QUOTE]

 

[Ryan Hanisco]

Tom,

You'll need to give us some info about your sites, subnets, and physical
connections. This looks like a DNS problem... but to give you anything
more specific about the topology and relationship to the parent domain.

 

[TOM]

Thanks for your reply,

I am getting a DNS error in netdiag on DC1 and DC2. Here
is the one from DC1:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

-----Original Message-----

We are a child domain with 2 DC's as I said and we
replicate with HQ which is on a 192.168.1.x subnet. We are
on a 192.168.5.x subnet. We are on a high spped connection
and there are three sites, us, HQ and other. I have my DNS
servers both pointing at themselves (DC1 and DC2) and they
replicate to DC's in our domain(we are a child domain). I
did set the bridgehead server myself (DC1) and now I have
read that KCC should have done that. How can I make KCC
pick the bridgehead? I really dont know what can be
wrong, how can I fix this?

 

[TOM]

Also, in our child domain we have one Forward lookup zone
for our domain and a reverse lookup zone for our domain.
These are the only two zones on our DNS servers.

-----Original Message-----
Thanks for your reply,

I am getting a DNS error in netdiag on DC1 and DC2. Here
is the one from DC1:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

-----Original Message-----

We are a child domain with 2 DC's as I said and we
replicate with HQ which is on a 192.168.1.x subnet. We are
on a 192.168.5.x subnet. We are on a high spped connection
and there are three sites, us, HQ and other. I have my DNS
servers both pointing at themselves (DC1 and DC2) and they
replicate to DC's in our domain(we are a child domain). I
did set the bridgehead server myself (DC1) and now I have
read that KCC should have done that. How can I make KCC
pick the bridgehead? I really dont know what can be
wrong, how can I fix this?

Tom,

You'll need to give us some info about your sites, subnets, and physical
connections. This looks like a DNS problem... but to give you anything
more specific about the topology and relationship to the parent domain.

to

an


.

.

 

[Herb Martin]

The reverse zone(s) are pretty much irrelevant to AD.

See my response elsewhere this thread....


--
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


--
Herb Martin

Also, in our child domain we have one Forward lookup zone
for our domain and a reverse lookup zone for our domain.
These are the only two zones on our DNS servers.

-----Original Message-----
Thanks for your reply,

I am getting a DNS error in netdiag on DC1 and DC2. Here
is the one from DC1:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

-----Original Message-----

We are a child domain with 2 DC's as I said and we
replicate with HQ which is on a 192.168.1.x subnet. We are
on a 192.168.5.x subnet. We are on a high spped connection
and there are three sites, us, HQ and other. I have my DNS
servers both pointing at themselves (DC1 and DC2) and they
replicate to DC's in our domain(we are a child domain). I
did set the bridgehead server myself (DC1) and now I have
read that KCC should have done that. How can I make KCC
pick the bridgehead? I really dont know what can be
wrong, how can I fix this?

Tom,

You'll need to give us some info about your sites, subnets, and physical
connections. This looks like a DNS problem... but to give you anything
more specific about the topology and relationship to the parent domain.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

I have 2 DC's in a child domain both running AD integrated
DNS. 1 DC, DC1, is a bridgehead server and DC2 is just a
DC. Both are GC's, DC1 holds the RID, PDC roles. DC2 holds
the infrastructure role. These two DC's just replaced 2
W2k Dc's. The problem is I dont think that replication is
working correctly. I am getting event ID 1864 in DC1 and
in DC2 when I run dcdiag it states that the ISTG is not
running and RPC server is not responding and that DC2 is
not responding to directory requests. I also get this in
DCdiag:
Testing server: CHILD\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org could not be resolved

to

an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name
(d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org)
couldn't be resolved, the server name
(DC2.child.parent.org) resolved to the IP address
(192.168.5.7) and was pingable. Check that the
IP address is
registered correctly with the DNS server.
......................... DC2 failed test
Connectivity

My question is (A) How do I resolve this? and (B) How can
I verify that replication is actually occurring
correctly? I have run replmon and I do not see any
errors?! Please help Thanks



.

.

 

[ptwilliams]

Follow Herb's advice re. reregistering in DNS.

Good to see you again Herb!!! Nice holiday/ consulting job???


So you're not holding a zone for the parent DNS domain? You should be
really. You should probably delegate the sub-domain from the parent to your
DNS servers. You should also hold a secondary copy of the parent domain's
DNS.

One your DCs (DNS servers) add a secondary zone that is the parent domain's
zone.
Once you've followed Herb's instructions and re-registered all the DCs in
DNS, flush the event log, restart DNS and then run netdiag /test:dns and
nltest /dsgetdc:domain-name.com. If the results aren't all good, post them
again...

How can I make KCC pick the bridgehead? I really don't know what can be
wrong, how can I fix this?

Undo the option to make the machine a preferred bridgehead and wait fifteen
minutes for the KCCs on each server to run. You can force this using sites
and services (check replication topology -context sensitive menu item) or
replmon.

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Also, in our child domain we have one Forward lookup zone
for our domain and a reverse lookup zone for our domain.
These are the only two zones on our DNS servers.

-----Original Message-----
Thanks for your reply,

I am getting a DNS error in netdiag on DC1 and DC2. Here
is the one from DC1:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

-----Original Message-----

We are a child domain with 2 DC's as I said and we
replicate with HQ which is on a 192.168.1.x subnet. We are
on a 192.168.5.x subnet. We are on a high spped connection
and there are three sites, us, HQ and other. I have my DNS
servers both pointing at themselves (DC1 and DC2) and they
replicate to DC's in our domain(we are a child domain). I
did set the bridgehead server myself (DC1) and now I have
read that KCC should have done that. How can I make KCC
pick the bridgehead? I really dont know what can be
wrong, how can I fix this?

Tom,

You'll need to give us some info about your sites, subnets, and physical
connections. This looks like a DNS problem... but to give you anything
more specific about the topology and relationship to the parent domain.

to

an


.

.

 

[TOM]

Thanks for the replies everyone! Okay that advice
resolved the replication issues. Thanks. I do believe
that DNS is somehow causing this, how can I get resolve
this error (from Netdiag):

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS server 192.168.5.6,
ERROR_TIMEOUT.

PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.20
' and other DCs also have some of the names registered.

-----Original Message-----
Follow Herb's advice re. reregistering in DNS.

Good to see you again Herb!!! Nice holiday/ consulting job???


So you're not holding a zone for the parent DNS domain? You should be
really. You should probably delegate the sub-domain from the parent to your
DNS servers. You should also hold a secondary copy of the parent domain's
DNS.

One your DCs (DNS servers) add a secondary zone that is the parent domain's
zone.
Once you've followed Herb's instructions and re- registered all the DCs in
DNS, flush the event log, restart DNS and then run netdiag /test:dns and
nltest /dsgetdc:domain-name.com. If the results aren't all good, post them
again...

How can I make KCC pick the bridgehead? I really don't know what can be
wrong, how can I fix this?

Undo the option to make the machine a preferred bridgehead and wait fifteen
minutes for the KCCs on each server to run. You can force this using sites
and services (check replication topology -context sensitive menu item) or
replmon.

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Also, in our child domain we have one Forward lookup zone
for our domain and a reverse lookup zone for our domain.
These are the only two zones on our DNS servers.

-----Original Message-----
Thanks for your reply,

I am getting a DNS error in netdiag on DC1 and DC2. Here
is the one from DC1:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

-----Original Message-----

We are a child domain with 2 DC's as I said and we
replicate with HQ which is on a 192.168.1.x subnet. We are
on a 192.168.5.x subnet. We are on a high spped connection
and there are three sites, us, HQ and other. I have my DNS
servers both pointing at themselves (DC1 and DC2) and they
replicate to DC's in our domain(we are a child domain). I
did set the bridgehead server myself (DC1) and now I have
read that KCC should have done that. How can I make KCC
pick the bridgehead? I really dont know what can be
wrong, how can I fix this?

Tom,

You'll need to give us some info about your sites, subnets, and physical
connections. This looks like a DNS problem... but to give you anything
more specific about the topology and relationship to the parent domain.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

I have 2 DC's in a child domain both running AD integrated
DNS. 1 DC, DC1, is a bridgehead server and DC2 is just a
DC. Both are GC's, DC1 holds the RID, PDC roles. DC2 holds
the infrastructure role. These two DC's just replaced 2
W2k Dc's. The problem is I dont think that replication is
working correctly. I am getting event ID 1864 in DC1 and
in DC2 when I run dcdiag it states that the ISTG is not
running and RPC server is not responding and that DC2 is
not responding to directory requests. I also get this in
DCdiag:
Testing server: CHILD\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org could not be resolved

to

an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name
(d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org)
couldn't be resolved, the server name
(DC2.child.parent.org) resolved to the IP address
(192.168.5.7) and was pingable. Check that the
IP address is
registered correctly with the DNS server.
......................... DC2 failed test
Connectivity

My question is (A) How do I resolve this? and (B) How can
I verify that replication is actually occurring
correctly? I have run replmon and I do not see any
errors?! Please help Thanks



.

.

.

 

[Herb Martin]

Thanks for the replies everyone! Okay that advice
resolved the replication issues. Thanks. I do believe
that DNS is somehow causing this, how can I get resolve
this error (from Netdiag):

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS server 192.168.5.6,
ERROR_TIMEOUT.

This one implies that 192.168.5.6 is listed IN THE ZONE
as an NS (DNS) server but is either down, has the DNS
service OFF, or the zone not configured.

DNS thinks it is one of the DNS Servers but that server
is not functioning. Thus the error when it Times-Out.

PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.20
' and other DCs also have some of the names registered.

--
Herb Martin

Thanks for the replies everyone! Okay that advice
resolved the replication issues. Thanks. I do believe
that DNS is somehow causing this, how can I get resolve
this error (from Netdiag):

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS server 192.168.5.6,
ERROR_TIMEOUT.

PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.20
' and other DCs also have some of the names registered.

-----Original Message-----
Follow Herb's advice re. reregistering in DNS.

Good to see you again Herb!!! Nice holiday/ consulting job???


So you're not holding a zone for the parent DNS domain? You should be
really. You should probably delegate the sub-domain from the parent to your
DNS servers. You should also hold a secondary copy of the parent domain's
DNS.

One your DCs (DNS servers) add a secondary zone that is the parent domain's
zone.
Once you've followed Herb's instructions and re- registered all the DCs in
DNS, flush the event log, restart DNS and then run netdiag /test:dns and
nltest /dsgetdc:domain-name.com. If the results aren't all good, post them
again...

How can I make KCC pick the bridgehead? I really don't know what can be
wrong, how can I fix this?

Undo the option to make the machine a preferred bridgehead and wait fifteen
minutes for the KCCs on each server to run. You can force this using sites
and services (check replication topology -context sensitive menu item) or
replmon.

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Also, in our child domain we have one Forward lookup zone
for our domain and a reverse lookup zone for our domain.
These are the only two zones on our DNS servers.

-----Original Message-----
Thanks for your reply,

I am getting a DNS error in netdiag on DC1 and DC2. Here
is the one from DC1:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.
-----Original Message-----

We are a child domain with 2 DC's as I said and we
replicate with HQ which is on a 192.168.1.x subnet. We are
on a 192.168.5.x subnet. We are on a high spped connection
and there are three sites, us, HQ and other. I have my DNS
servers both pointing at themselves (DC1 and DC2) and they
replicate to DC's in our domain(we are a child domain). I
did set the bridgehead server myself (DC1) and now I have
read that KCC should have done that. How can I make KCC
pick the bridgehead? I really dont know what can be
wrong, how can I fix this?




Tom,

You'll need to give us some info about your sites,
subnets, and physical
connections. This looks like a DNS problem... but to
give you anything
more specific about the topology and relationship to the
parent domain.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

message
I have 2 DC's in a child domain both running AD
integrated
DNS. 1 DC, DC1, is a bridgehead server and DC2 is just a
DC. Both are GC's, DC1 holds the RID, PDC roles. DC2
holds
the infrastructure role. These two DC's just replaced 2
W2k Dc's. The problem is I dont think that replication
is
working correctly. I am getting event ID 1864 in DC1
and
in DC2 when I run dcdiag it states that the ISTG is not
running and RPC server is not responding and that DC2 is
not responding to directory requests. I also get this in
DCdiag:
Testing server: CHILD\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org could not be resolved to
an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name
(d7f787fa-c111-4f3b-9b64-
695e79d36650._msdcs.parent.org)
couldn't be resolved, the server name
(DC2.child.parent.org) resolved to the IP
address
(192.168.5.7) and was pingable. Check that the
IP address is
registered correctly with the DNS server.
......................... DC2 failed test
Connectivity

My question is (A) How do I resolve this? and (B) How
can
I verify that replication is actually occurring
correctly? I have run replmon and I do not see any
errors?! Please help Thanks



.

.

.