AD Sync problem

  • Thread starter Thread starter Greg
  • Start date Start date
G

Greg

We have 4 sites with a DC at each site. Replication
is set both ways but only works 1 way. The NY
which is a win 2000 PDC in mixed mode, can propagate
AD changes down to the other sites. The other
sites can not send AD changes back. I ran the diagnostic
below and this is what I discovered.

dcdiag /test:replications
Doing primary tests

From LRCSRVNY001 to LRCSRVMD001
Naming Context: CN=Schema,CN=Configuration,DC=allstar,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2008-03-29 13:03.16.



When you look at The DNS configuration on the LRCSRVNY001 server in DNS
under _msdcs,
it is not listed. Are there any dangers to
adding this entery under _msdcs. TIA
 
In
Greg said:
We have 4 sites with a DC at each site. Replication
is set both ways but only works 1 way. The NY
which is a win 2000 PDC in mixed mode, can propagate
AD changes down to the other sites. The other
sites can not send AD changes back. I ran the diagnostic
below and this is what I discovered.

dcdiag /test:replications
Doing primary tests

From LRCSRVNY001 to LRCSRVMD001
Naming Context: CN=Schema,CN=Configuration,DC=allstar,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure. The failure occurred at 2008-03-29 13:03.16.



When you look at The DNS configuration on the LRCSRVNY001 server in
DNS under _msdcs,
it is not listed. Are there any dangers to
adding this entery under _msdcs. TIA

Which DNS server(s) is the NY DC pointed to?

Are there multiple domains or are they all in one domain? I ask because you
mentioned that the NY site's DC is in mixed mode. This was somewhat
confusing beacuse the term defines Functional Levels for domains and
forests, but not a specific domain controller.

Are all DCs in the infrastructure (whether single or multiple domains) all
Windows 2000 or are there also Windows 2003 DCs?

Are there any blocked firewall ports between any of the locations? Keep in
mind, ALL UDP and TCP ports MUST be opened completely between locations.

What type of line is at each location? Are they digital lines, such as T1s,
or are they cable or ADSL? ADSL can be problemati due PPPoE's MTU
requirement being less than 1500.

Post any Eventlog errors on any of the DCs please. Post the EventID # and
Source name.

Is there a host record entry for LRCSRVNY001?

If you want to create an entry for LRCSRVNY001, you could try it, and it may
work, but the fact that it is not present poses a greater concern why it
never registered, hence my questioning.

To better assist, please post an ipconfig /all from each DC in your 4
locations. This will help us get a better 'view' of your network to help
come up with a possible resolution.

By the way, the term "PDC" is a legacy term from the NT4 days and don't
really apply to Windows 2000/2003/2008. In the later Windows versions, we
just call them domain controllers, or 'replica' domain controllers, or just
DCs. Keep in mind however there is a FSMO role that runs on one of the DCs
in each domain called the PDC Emulator. When the domain is in mixed mode,
the PDC emulator will support any NT4 BDCs that exist in an AD domain as
well as other functions. However in raised levels such as Windows 2000 or
2003 levels, NT4 BDC support disappears but it still supports other
functions such as time sync (extermely important for Kerberos), password
sync, and source fo the writable GPO DC, and others.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations
 
Back
Top