unable to synchronize DCs

  • Thread starter Thread starter Rich C
  • Start date Start date
R

Rich C

Scenario: PDC DC runs Win 2k, Exchange 2k
second server runs Win 2k and is a DC. I get 1358 errors
and after trying all the things I could find in the online
knowledge base, I cannot get these two to synch. I have
set the time, I have changed the DNS to dynamic updates,
without success. I want to remove that computer as a DC,
but it won't let me. Any clues?
 
Rich C said:
Scenario: PDC DC runs Win 2k, Exchange 2k
second server runs Win 2k and is a DC. I get 1358 errors
and after trying all the things I could find in the online
knowledge base, I cannot get these two to synch. I have
set the time, I have changed the DNS to dynamic updates,
without success. I want to remove that computer as a DC,
but it won't let me. Any clues?
Click to expand...

Almost all such problem are really DNS based. Either of the DCs
might have it's "CLIENT" settings messed up, or the DNS might not
be dynamic (you have checked the latter.)

Each DC (and other servers) NIC should set it's CLIENT settings to ONLY the
INTERNAL Dynamic DNS.

If you changed any of the above, be sure to restart NetLogon on affected
DCs.

Also note, you might prefer to just make sure you are SP4 (maybe SP3) and
use "DCPromo /Forceremoval" to remove that DC -- of course you will also
have to manually clean up AD (ntdsutil metadata cleanup) sooner or later....
 
Thank you for your reply. Here is something that I did
not say in my original message. The primary DC was an
upgrade from NT4 and I added Exchange to this server after
I added the new server to the domain and switched to AD
with the connector. In the disjointed DC, I am not asked
if I want to add a mailbox if I add a user. Could this be
that the schema was never modified on THIS DC?? Could
that be affecting this.
 
Do you mean are both pointed to themselves? yes. DC1
points to 127.0.0.1 and so does DC2. Does this make a
difference?
 
Do you mean are both pointed to themselves? yes. DC1
points to 127.0.0.1 and so does DC2. Does this make a
difference?
Click to expand...

If they are DNS servers for the zone supporting the Domain then YES,
that is correct -- and normal.

They MUST point to ONLY the "Internal, Dynamic DNS server (set)",
whether they are servers in that set or not.

They must NOT point to any other DNS server or you will get unpredictable
and erratic errors and problems in both authentication of clients and
replication.
 
Thank you for your reply. Here is something that I did
not say in my original message. The primary DC was an
upgrade from NT4 and I added Exchange to this server after
Click to expand...

There is really no "primary DC" in Win2000. (There is a "PDC
Emulator" for support of NT BDCs and other purposes.)
I added the new server to the domain and switched to AD
with the connector. In the disjointed DC, I am not asked
if I want to add a mailbox if I add a user. Could this be
that the schema was never modified on THIS DC?? Could
that be affecting this.
Click to expand...

No, but it is a SYMPTOM of the problem. Failure to synchronize
the schema indicates a general failure of replication is likely and that
is almost always a DNS based problem.
 
well, my DNS on the single ethernet adapter is set to
127.0.0.1, so that is fine. What would I look for IN
DNS to say that things were incorrect? Could this have
anything to do with the original Forest Prep or Domain
Prep? If so, how could I propagate changes on the role
master, to this particular DC?
 
well, my DNS on the single ethernet adapter is set to
127.0.0.1, so that is fine. What would I look for IN
DNS to say that things were incorrect? Could this have
anything to do with the original Forest Prep or Domain
Prep? If so, how could I propagate changes on the role
master, to this particular DC?
Click to expand...

Well you would have a bunch of _UNDERScore subdomains in your zone,
e.g., _MSDCS, _SITES, etc.

Easier is to run DCDiag on every DC. Send the output to a text file
(there's a lot)
and search for FAIL, WARN, IGNORE.
 
Back
Top