Ace
Before you or other MVP/guru answers try to help me out about the homework
you've advice me to do just let me say thanks to this newsgroup but above
that Congratulate the people who help others like me.
Thanks guys
The answers are below your questions... Please see it and correct them if
necessary.
Thanks
===================
Answers:
It appears B can't get changes from A, D, E and F due to RPC server not
available. Whenever I see that, it hints at a few things:
- Firewall rules are blocking necessary traffic
Answer: I've notice by doing a telnet to ports 137 (no connection), 139,
135, 138 (no connection), 445, 389, 636 (no connection), 3268, 3269 (no
connection), 88, 53, 1512 (no connection), 3389 from ServerB to ServerA
- Host name is not registered in DNS, therefore not resolving
Answer: I think the DNS is registered but can you tell me how can I make
sure that information is correct?
- The DC's GUID is not resolvable possibly because it's not registered in
DNS SRVs
Answer: How can I verify this information?
Check the firewall rules please. Anything blocking it between Sites?
Answer: No
Is there any local firewalls installed?
Answer: It exists a ISA 2004 proxy but it isn't used to do firewall
How about antivirus blocking temp folder executables and creation of temp
files? McAfee does that.
Answer: We have Trend Micro
Is your AV configured to exclude/ignore the NTDS and Sysvol folders?
Answer: Yes
Were the default C: drive permissions ever altered?
Answer: No
Any errors in any of the Event viewer logs on Server B?
Answer: Yes, they are several errors at event viewer on ServerB
DNS Server: (event id 409)
The DNS server list of restricted interfaces contains IP addresses that are
not configured for use at the server computer.
Use the DNS manager server properties, interfaces dialog, to verify and
reset the IP addresses the DNS server should listen on. For more
information, see "To restrict a DNS server to listen only on selected
addresses" in the online Help.
File Replication Service: (event id 13508)
he File Replication Service is having trouble enabling replication from
ServerA to ServerB for c:\winnt\sysvol\domain using the DNS name
ServerA.domain.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name ServerA.domain.com from this
computer.
[2] FRS is not running on ServerA.domain.com.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is
fixed you will see another event log message indicating that the connection
has been established.
File Replication Service: (event id 13562)
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller ServerB.domain.com
for FRS replica set configuration information.
The nTDSConnection object cn=ServerA,cn=ntds
settings,cn=ServerB,cn=servers,cn=ServerRegionB,cn=sites,cn=configuration,dc=domain,dc=com
is conflicting with cn=ServerA\
cnf:0fa651c9-522d-446e-90db-a4cf75549246,cn=ntds
settings,cn=ServerB,cn=servers,cn=ServerB,cn=sites,cn=configuration,dc=domain,dc=com.
Using cn=ServerA,cn=ntds
settings,cn=ServerB,cn=servers,cn=ServerRegionB,cn=sites,cn=configuration,dc=domain,dc=com
Are there any EventID #53258, Source=MSDTC errors?
Answer: No, there isn't any eventID 53258 but I have this:
Directory Service: (event id NTDS KCC 1265)
The attempt to establish a replication link with parameters
Partition: CN=Schema,CN=Configuration,DC=domain,DC=com
Source DSA DN: CN=NTDS
Settings,CN=ServerRegionDR,CN=Servers,CN=DR,CN=Sites,CN=Configuration,DC=domain,DC=com
Source DSA Address: d655b9b7-1ee1-4ae6-a57a-b406d3ce018f._msdcs.domain.com
Inter-site Transport (if any): CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=domain,DC=com
failed with the following status:
The RPC server is unavailable.
The record data is the status code. This operation will be retried.
Please post all the EventID #s and the Source names from all servers. Even
if they don't appear to be AD errors, post them anyway. To give you an
example, the MSDTC 53258's don't appear to be DC related, but they actually
are.
How about the other servers?
ServerC - Directory Service: (event id 1265)
The attempt to establish a replication link for the following writable
directory partition failed.
Directory partition:
DC=domain,DC=com
Source domain controller:
CN=NTDS
Settings,CN=ServerRegionA,CN=Servers,CN=ServerRegion,CN=Sites,CN=Configuration,DC=domain,DC=com
Source domain controller address:
012e04d1-94e4-4931-85e5-b083e9883cf7._msdcs.domain.com
Intersite transport (if any):
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC=com
This domain controller will be unable to replicate with the source domain
controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity
is available.
Additional Data
Error value:
1722 The RPC server is unavailable.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
=========
ServerC - Directory Service: (event id 1925)
The attempt to establish a replication link for the following writable
directory partition failed.
Directory partition:
DC=domain,DC=com
Source domain controller:
CN=NTDS
Settings,CN=ServerRegionA,CN=Servers,CN=ServerRegion,CN=Sites,CN=Configuration,DC=domain,DC=com
Source domain controller address:
012e04d1-94e4-4931-85e5-b083e9883cf7._msdcs.domain.com
Intersite transport (if any):
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC=com
This domain controller will be unable to replicate with the source domain
controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity
is available.
Additional Data
Error value:
1722 The RPC server is unavailable.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
========================
ServerC - Directory Service: (event id 1865; 1311 and 1566)
1566
The Knowledge Consistency Checker (KCC) has detected problems with the
following directory partition.
Directory partition:
CN=Configuration,DC=domain,DC=com
There is insufficient site connectivity information in Active Directory
Sites and Services for the KCC to create a spanning tree replication
topology. Or, one or more domain controllers with this directory partition
are unable to replicate the directory partition information. This is
probably due to inaccessible domain controllers.
User Action
Use Active Directory Sites and Services to perform one of the following
actions:
- Publish sufficient site connectivity information so that the KCC can
determine a route by which this directory partition can reach this site.
This is the preferred option.
- Add a Connection object to a domain controller that contains the directory
partition in this site from a domain controller that contains the same
directory partition in another site.
If neither of the Active Directory Sites and Services tasks correct this
condition, see previous events logged by the KCC that identify the
inaccessible domain controllers.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Try changing the first DNS entry on ServerB to 192.168.50.250 (which should
be ServerA's IP address) and restart ServerB.
Answer: It's already been done
Also...
Download and test port connectivity by using portqry from Microsoft:
http://support.microsoft.com/kb/832919
When you run the portqry commands, run them on different servers between
each other and write down the results, such as this result matrix I
created trying to find a replication issue for a customer I ran recently.
Notice I found there were issues with ServerA to ServerC, ServerE and to
ServerF replication. You can see that with the failures with the UDP 389
test. Please run it on yours and post your results please. The resulting
issue with the mess below were a combination of things. ServerA had
53258's. The KCC would also not reevaluate the topology. I deleted the
connection objects and created my own, but that still didn't work. I fixed
the MSDTC issue and deleted ALL connection objects to ServerA and had the
KCC reevaluate the topology and it finally worked.
======================
Test | Result
from ServerA to ServerB:
portqry -n ServerB.xyz.domain.com -p udp -e 389 | passed
portqry -n ServerB.xyz.domain.com -p tcp -e 389 | passed
from ServerA to ServerC:
portqry -n ServerC.abc.domain.com -p udp -e 389 | failed **
portqry -n ServerC.abc.domain.com -p tcp -e 389 | passed
from ServerA to ServerF:
portqry -n ServerF.abc.domain.com -p udp -e 389 | failed **
portqry -n ServerF.abc.domain.com -p tcp -e 389 | passed
from ServerC to ServerA:
portqry -n ServerA.xyz.domain.com -p udp -e 389 | failed **
portqry -n ServerA.xyz.domain.com -p tcp -e 389 | passed
from ServerC to ServerB:
portqry -n ServerB.xyz.domain.com -p udp -e 389 | passed
portqry -n ServerB.xyz.domain.com -p tcp -e 389 | passed
from ServerC to ServerD:
portqry -n ServerD.def.domain.com -p udp -e 389 | passed
portqry -n ServerD.def.domain.com -p tcp -e 389 | passed
from ServerA to ServerE:
portqry -n ServerE.def.domain.com -p udp -e 389 | failed **
portqry -n ServerE.def.domain.com -p tcp -e 389 | passed
======================
Good luck...
Here it is the result of the tests you've told me to do. Thanks for tips.
from ServerA to ServerB
C:\>portqry -n ServerB.domain.com -p udp -e 389
Querying target system called:
serverB.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.60.250
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 11/03/2007 18:04:24 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=ServerB,CN=Servers,CN=ServerRegionB,CN=Sites
namingContexts: CN=Schema,CN=Configuration,DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1943210
supportedSASLMechanisms: GSSAPI
dnsHostName: serverB.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=ServerB,CN=Servers,CN=ServerRegionB,CN=Sites,CN=Configuration,DC
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
======== End of LDAP query response ========
UDP port 389 is LISTENING
C:\>
=======================
from ServerA to ServerB
C:\>portqry -n ServerB.domain.com -p tcp -e 389
Querying target system called:
serverB.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.60.250
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 11/03/2007 18:14:12 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverB,CN=Servers,CN=serverRegionB,CN=Site
namingContexts: CN=Schema,CN=Configuration,DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1943232
supportedSASLMechanisms: GSSAPI
dnsHostName: serverB.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverB,CN=Servers,CN=serverRegionB,CN=Sites,CN=Configuration,D
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
======== End of LDAP query response ========
==============================
==============================
from ServerA to ServerC:
C:\>portqry -n ServerC.domain.com -p udp -e 389
Querying target system called:
serverC.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.70.250
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 11/03/2007 18:18:51 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 2168772
supportedSASLMechanisms: GSSAPI
dnsHostName: serverC.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
UDP port 389 is LISTENING
C:\>
=======================
from ServerA to ServerC:
C:\>portqry -n serverC.domain.com -p tcp -e 389
Querying target system called:
serverC.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.70.250
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 11/03/2007 18:20:39 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 2168772
supportedSASLMechanisms: GSSAPI
dnsHostName: serverC.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
C:\>
=======================
=======================
from ServerA to ServerD:
C:\>portqry -n serverD.domain.com -p udp -e 389
Querying target system called:
serverD.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.80.250
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 11/03/2007 18:23:21 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverD,CN=Servers,CN=serverRegionD,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1894574
supportedSASLMechanisms: GSSAPI
dnsHostName: serverD.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverD,CN=Servers,CN=serverRegionD,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
UDP port 389 is LISTENING
C:\>
============================
from ServerA to ServerD:
C:\>portqry -n serverD.domain.com -p tcp -e 389
Querying target system called:
serverD.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.80.250
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 11/03/2007 18:24:17 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverD,CN=Servers,CN=serverRegionD,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1894575
supportedSASLMechanisms: GSSAPI
dnsHostName: serverD.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverD,CN=Servers,CN=serverRegionD,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
C:\>
======================================
======================================
from ServerC to ServerA:
C:\>portqry -n serverA.domain.com -p udp -e 389
Querying target system called:
serverA.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.50.250
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
============================
from ServerC to ServerA:
C:\>portqry -n serverA.domain.com -p tcp -e 389
Querying target system called:
serverA.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.50.250
TCP port 389 (ldap service): FILTERED
C:\>
===========================
===========================
from ServerC to ServerB:
C:\>portqry -n serverA.domain.com -p tcp -e 389
Querying target system called:
serverA.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.50.250
===============================
from ServerC to ServerB:
C:\>portqry -n serverB.domain.com -p tcp -e 389
Querying target system called:
serverB.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.60.250
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 11/03/2007 18:34:02 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS Settings,CN=ServerB,CN=Servers,CN=ServerRegionB,CN=Si
tes,CN=Configuration,DC=domain,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 1943259
supportedSASLMechanisms: GSSAPI
dnsHostName: serverB.domain.com
ldapServiceName: domain.com:
[email protected]
serverName: CN=serverB,CN=Servers,CN=serverRegionB,CN=Sites,CN=Configuration
,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
======== End of LDAP query response ========
C:\>
==============================
==============================
from ServerC to ServerD:
C:\>portqry -n taipas01cat.domain.com -p udp -e 389
Querying target system called:
taipas01cat.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.80.250
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
=================================
from ServerC to ServerD:
C:\>portqry -n serverD.domain.com -p tcp -e 389
Querying target system called:
serverD.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.80.250
TCP port 389 (ldap service): FILTERED
===================================
===================================
from ServerA to ServerE:
C:\>portqry -n serverE.domain.com -p udp -e 389
Querying target system called:
serverE.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.90.250
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 11/03/2007 18:48:13 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverE,CN=Servers,CN=serverRegionE,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 3153777
supportedSASLMechanisms: GSSAPI
dnsHostName: serverE.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverE,CN=Servers,CN=serverRegionE,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
UDP port 389 is LISTENING
C:\>
========================
from ServerA to ServerE:
C:\>portqry -n serverE.domain.com -p tcp -e 389
Querying target system called:
serverE.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.90.250
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 11/03/2007 19:07:38 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverE,CN=Servers,CN=serverRegionE,CN=Sites,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 3153819
supportedSASLMechanisms: GSSAPI
dnsHostName: coimbra01cat.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverE,CN=Servers,CN=serverRegionE,CN=Sites,CN=Configuration,DC=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
C:\>
========================
========================
from ServerB to ServerC:
C:\PortQryUI>portqry -n serverC.domain.com -p udp -e 389
Querying target system called:
serverC.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.70.250
querying...
UDP port 389 (unknown service): LISTENING or FILTERED
Using ephemeral source port
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 11/03/2007 19:22:24 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=serverC,CN=Servers,CN=serverRegionC,CN=Site
s,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 2168825
supportedSASLMechanisms: GSSAPI
dnsHostName: serverC.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,D
C=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
UDP port 389 is LISTENING
C:\PortQryUI>
==============================
from ServerB to ServerC:
C:\PortQryUI>portqry -n serverC.domain.com -p tcp -e 389
Querying target system called:
serverC.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.70.250
querying...
TCP port 389 (ldap service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 11/03/2007 19:23:11 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
dsServiceName: CN=NTDS
Settings,CN=ServerC,CN=Servers,CN=serverRegionC,CN=Site
s,CN=Configuration,DC=domain,DC=com
namingContexts: DC=domain,DC=com
defaultNamingContext: DC=domain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=com
rootDomainNamingContext: DC=domain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 2168825
supportedSASLMechanisms: GSSAPI
dnsHostName: serverC.domain.com
ldapServiceName: domain.com:
[email protected]
serverName:
CN=serverRegionC,CN=Servers,CN=serverRegionC,CN=Sites,CN=Configuration,D
C=domain,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
C:\PortQryUI>
==========================================
==========================================
from ServerB to ServerA:
C:\PortQryUI>portqry -n serverA.domain.com -p udp -e 389
Querying target system called:
serverA.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.50.250
querying...
UDP port 389 (unknown service): LISTENING or FILTERED
Using ephemeral source port
Sending LDAP query to UDP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
C:\PortQryUI>
================================
from ServerB to ServerA:
C:\PortQryUI>portqry -n serverA.domain.com -p tcp -e 389
Querying target system called:
serverA.domain.com
Attemcoming to resolve name to IP address...
Name resolved to 192.168.50.250
querying...
TCP port 389 (ldap service): FILTERED
C:\PortQryUI>
sBindWithCred to ServerA.domain.com