AD Replication stopped after virus attack

  • Thread starter Thread starter Bill Johnson
  • Start date Start date
B

Bill Johnson

In order to contain the virus attack we just had, our comm
guys shut down ports between routers. My manager also just
shut off the two domain controllers in the US subdomain. I
was on vacation and it was 5 days until they told me what
they did. Anyway, I brought the servers back up and
replication has not taken place since the servers were
taken down. Neither one will run dcdiag or netdiags. They
come up with DNS errors. Event logs report application
1000 userenv, Directory Service 1265 NTDS KCC. I have
tried to force replication from the root domain
controller, but that is not working either. I need
somewhere else to turn. Please point me to something else
I can try.
 
Review the 1265 errors and look for the failure status. In many cases these
errors are due to a DNS lookup failure. If that is the reason given in the
error then you will need to t-shoot dns. Verify that the host record, guid
record and srv records are registered for all DCs. What error do you get if
you try to force replication or what errors do you get if you run repadmin
/showreps?

What error do you receive when you try to run dcdiag and netdiag?

--
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Our datacomm guys did the same thing. Replication was
pretty much hosed until they opened the port back up. Our
datacomm guys changed their ACLs to allow our DCs to talk
across the WAN. Here is a trick, create a manual
connection object and then you should be able to do a
manual replication. The KCC will remained boned up until
the ports are opened back up.
 
The errors that I am getting doing repadmin /showreps:

DC=europe,DC=.....
Munich\MUNADDC10 via RPC
objectGuid:......
Last attempt @ 2003-08-28 08:52.32 failed, result 1722:
The RPC server is unavailable.
Last success @ 2003-08-18 23:50.15.
150 consecutive failure(s).

The errors when I run dcdiag
It is reporting the same 1722 error with the RPC server
unavailable....

Netdiag is reporting that DNS entries for this DC are not
registered correctly on DNS server 141.xxx.xxx.xxx. Please
wait for 30 minutes for DNS server replication. [FATAL] No
DNS servers have the DNS records for this DC registered.


I only included the errors that each is giving. I know
that some ports remain closed until we are completely
patched against viruses.

Thanks,
Bill
 
Back
Top