AD Replication Problem..HELP!!!

[Min]

All of a sudden , AD replication between 2 DCs became unsuccessful..It's
been running without any problem for 2 yrs..

I have the following error messages on the one of DCs..Server#1 with FSMO

1. error 8524 is reported when I run Replication Monitor..(Server#1 to
Server#2)
"Replication Failure: The reason is: The DSA operation is unable to proceed
because of a DNS lookup failure."
2. In the system event log(Directory Service):

Nothing is logged as an error..NO ERROR log

And this error on the other DCs..Server#2

1. No error is reported in Replication Monitor..(Server#2 to Server#1)

2.In the system event log(Directory Service):

error 1586.."The checkpoint with the PDC was unsuccessful...."


Besides, I noticed the weird things likein the Replication Monitor for
Server#2, click on 'properties'-->'server flags' tab of the server, then
found the followings


- (X) Server is the Primary Domain Controller for the domain ******WHICH IS
NOT TRUE...IT WAS DC BEFORE...IT'S BEEN DC..
- Server is a Global Catalog server in the forest
- Active Directory is supported on this computer
- The Key Distribution Service(KDC) is running on this computer
- This computer is running W32 Time Service
- Writes to the Active Directory on this server are allowed..

So, the first line is NOT correct..and I don't know how this server get
demoted..It is supposed to be a DC..It has been DC last time..
I just wonder whether I.P address change(not private I.P...but public I.P
that mapped to the server) was changed about the same time this
happened...but I.P change came after replication failed..

Any idea and help would be greatly appreciated...

Thanks in advance..

Min

 

[stevta [MSFT]]

Point both DC's to the DNS server. The one you change run
net stop netlogon
ipcong /flushdns
ipconfig /registerdns
net start netlogon

Record any events in the system event log. Also run a
DCdiag /v and a netdiag /v.

These errors will help us determine the nature of the
problem if using DNS server does not fix it.
Steve

 

[Min]

Hi Steve,

thanks for your kind reply...
I did everything you said...

net stop netlogon
ipcong /flushdns
ipconfig /registerdns
net start netlogon

Then I got the below system event log:
ID: 5782 ...Source:NETLOGON

"Dynamic registration or deregistration of one or more DNS records failed
with the following error:
No DNS servers configured for local system."

Here's also what I got when I do 'DCdiag /v'

**********Start here***************
DC Diagnosis

Performing initial setup:
* Verifing that the local machine server2, is a DC.
* Connecting to directory service on server server2.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\SERVER2
Starting test: Connectivity
* Active Directory LDAP Services Check
SERVER2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(1940c529-2b53-49c2-b6aa-0bc58e47e4e9._msdcs.CHILD.DOMAIN.com)
couldn't be resolved, the server name (SERVER2.DOMAIN.com)
resolved to the IP address (192.168.171.51) and was pingable.
Check
that the IP address is registered correctly with the DNS server.
......................... SERVER2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER2
Skipping all tests, because server SERVER2 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels

Running enterprise tests on : CHILD.DOMAIN.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... CHILD.DOMAIN.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\SERVER2.DOMAIN.com
Locator Flags: 0xe00001fc
PDC Name: \\SERVER1.DOMAIN.com
Locator Flags: 0xe00001fd
Time Server Name: \\SERVER2.DOMAIN.com
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\SERVER2.DOMAIN.com
Locator Flags: 0xe00001fc
KDC Name: \\SERVER2.DOMAIN.com
Locator Flags: 0xe00001fc
......................... CHILD.DOMAIN.com passed test FsmoCheck

*************End here***************

I haven't tried Netdiag yet..

any idea?..looks like DNS problem...where do I further look into to
resolve?? DNS service...

Note: Active Directory Integrated DNS service is running on both DCs...so, 2
DCs are also serving as DNS servers for the domain...

Thanks..

 

[Min]

Hi Stevta,

I have figured it out and fixed the problem already..
yap..it is DNS screw-up..
someone in my company or somehow removed 'Register this connection's
addresses in DNS' checkbox in 'DNS' tab of TCP/IP advanced properties box..
I put it back and do 'net stop netlogon......ipconfig /flushdns....ipconfig
/registerdns...net start netlogon' again..and finally i found the entries
registered in DNS servers which I didn't see earlier(I was only able to see
one DCs..SERVER1 before)...
And now all replications are running good..

Thanks for your valuable advice..