Replication with 2 W2K DC's

G

Guest

Hello All,

I have a domain with two DC's, both W2K, SP4, fully patched. Noticed odd
things on network, checked replication and found that I'm getting Access
Denied error message when trying to manually trigger a replicate now from AD
Sites and Services from either server to the other.

DNS is up and running without any visible issues. Both DC's are running DNS
and referencing themselves and both are GC's.

Any help would be greatly appreciated.
 
H

Herb Martin

STB said:
Hello All,

I have a domain with two DC's, both W2K, SP4, fully patched. Noticed odd
things on network, checked replication and found that I'm getting Access
Denied error message when trying to manually trigger a replicate now from AD
Sites and Services from either server to the other.

DNS is up and running without any visible issues. Both DC's are running DNS
and referencing themselves and both are GC's.
Click to expand...

First thing, do you get any errors on
DCDiag of each DC?

Are you doing any of this in a Terminal
Server session?
 
G

Guest

Herb,

DCDIAG reveals what I see in Event Viewer for Directory Services. A recent
replication attempt failed: From X to X. The last success occured at
-2-08-2005. All tests say they pass, though. 600 failures have occurred
since the last success.

All of this diagnostic work is being down remotely through Terminal Services
(Admin Mode) connecting to the DC's in question.

-STB
 
H

Herb Martin

STB said:
Herb,

DCDIAG reveals what I see in Event Viewer for Directory Services. A recent
replication attempt failed: From X to X. The last success occured at
-2-08-2005. All tests say they pass, though. 600 failures have occurred
since the last success.
Click to expand...

That's bad. It's usually a DNS problem and you
have only about a month to fix it -- 60 days is the
tombstone lifetime and after that you will have to
DCPromo 'cycle' (non-DC then back) to fix it.

In fact, you may even decide to do that anyway if
it turns out to be difficult to fix.
All of this diagnostic work is being down remotely through Terminal Services
(Admin Mode) connecting to the DC's in question.
Click to expand...

Tell us about your Sites, SiteLinks, Subnets, and
your WAN as well as DNS:


(Check this stuff) DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Replication Problems 8
Administrator Can't log into a DC unless the DC can see a GC 2
replication topology 11
Changing IP address fo DC's 1
Resuming Replication after 60 Days 7
AD Sites and Services wrong replication server 3
Replication issues with one of the child domain 1
Configuring 2 DC's for DNS resolution 4

Top