DFS file replication

  • Thread starter Thread starter Simon B. Nielsen
  • Start date Start date
S

Simon B. Nielsen

I've setup file replication between 2 servers - both domain controllers for
the same domain. First I created a root share and then a root replica -
everything went smooth. It has been running perfectly for a 1½ years until a
few weeks ago when the replication all of the sudden stopped from happening.

I've checked replication policy and both are set to participate in automatic
replication. Looking through the event log I found the following:

---
The File Replication Service is having trouble enabling replication from
NLBDC02 to NLBDC01 for c:\winnt\sysvol\domain using the DNS name
nlbdc02.nlbdom.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name nlbdc02.nlbdom.local from
this computer.
[2] FRS is not running on nlbdc02.nlbdom.local.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
---

I started checking both servers. FRS is running on both and they can resolve
eachother. That leaves only the 3rd option which I cannot really check but
no computers or users have been added/deleted or modified during the last
few months at least.

What the hell can be wrong? Does anyone know if a recent patch has screwed
up DFS or something because nothing I do seems to work.

Best regards...

Simon
 
Looks like there is some problem with DNS. Check the DNS event log.
Can you please run the diagnostic tools netdiag.exe and dcdiag.exe in each
of the domain controllers and check if there are any errors reported?
These tools are available as part of the resource kit.
 
OK could not get DCDiag.exe to run - kept getting the following pop-up: The
procedure entry point DsIsMangledDnW could not be located in the dynamic
link library NTDSAPI.dll.

I tried reinstalling ADMINPAK.msi from both the service pack folder and from
the CD, but nothing helped.

Here's what NetDiag.exe returned:

Server1:
C:\Program Files\Resource Kit>netdiag

........................................

Computer Name: NLBDC01
DNS Host Name: nlbdc01.nlbdom.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB823559
KB823980
Q147222
Q295688
Q816093
Q818043


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : PUBLIC

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc01
IP Address . . . . . . . . : 10.50.10.15
Subnet Mask. . . . . . . . : 255.255.255.0
IP Address . . . . . . . . : 10.50.10.11
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.50.10.50
Dns Servers. . . . . . . . : 10.50.10.11


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : {CA714B64-CCA0-470C-BA57-9FB619DA3A4E}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc01
IP Address . . . . . . . . : 10.50.10.101
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 127.0.0.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.50.10.11'
and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'127.0.0.1' a
nd other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully


Server2:
C:\Program Files\Resource Kit>netdiag

........................................

Computer Name: NLBDC02
DNS Host Name: nlbdc02.nlbdom.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB823559
KB823980
Q147222
Q295688
Q816093
Q818043


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Public Virtual

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc02
IP Address . . . . . . . . : 10.50.10.15
Subnet Mask. . . . . . . . : 255.255.255.0
IP Address . . . . . . . . : 10.50.10.12
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.50.10.50
Primary WINS Server. . . . : 10.50.10.11
Dns Servers. . . . . . . . : 10.50.10.11


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.50.10.11'
and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to nlbdc01.nlbdom.local (10.50.10.11).
[SEC_E_W
RONG_PRINCIPAL]


Trust relationship test. . . . . . : Passed
Secure channel for domain 'NLBDOM' is to '\\nlbdc01.nlbdom.local'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'nlbdc01.nlbdom.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully


Ramya Priya said:
Looks like there is some problem with DNS. Check the DNS event log.
Can you please run the diagnostic tools netdiag.exe and dcdiag.exe in each
of the domain controllers and check if there are any errors reported?
These tools are available as part of the resource kit.

Simon B. Nielsen said:
I've setup file replication between 2 servers - both domain controllers for
the same domain. First I created a root share and then a root replica -
everything went smooth. It has been running perfectly for a 1½ years
Click to expand...
until
a
few weeks ago when the replication all of the sudden stopped from happening.

I've checked replication policy and both are set to participate in automatic
replication. Looking through the event log I found the following:

---
The File Replication Service is having trouble enabling replication from
NLBDC02 to NLBDC01 for c:\winnt\sysvol\domain using the DNS name
nlbdc02.nlbdom.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name nlbdc02.nlbdom.local from
this computer.
[2] FRS is not running on nlbdc02.nlbdom.local.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
---

I started checking both servers. FRS is running on both and they can resolve
eachother. That leaves only the 3rd option which I cannot really check but
no computers or users have been added/deleted or modified during the last
few months at least.

What the hell can be wrong? Does anyone know if a recent patch has screwed
up DFS or something because nothing I do seems to work.

Best regards...

Simon
Click to expand...
Click to expand...
 
This is clearly due to one of the following problems with DNS
1.Was there any new computer added into the domain with the same name as
that of DC?
2.Check if there are any invalid DNS records using the DNS snap in
(Star->Programs->Administrative Tools->DNS)
Go to Forward lookup zones and check the list of host records.
If there are any invalid entries, delete them
3.Check if both the name servers are listed i.e both the DNS servers should
be listed as name servers
4.Right click the domain name - Choose Scavenge Stale resource records and
Update server files and re start the DNS (menu - All tasks - Restart)
5.Check if there is a event log from MRxSmb in any of the ADS - System event
log with ID 3034
If so, check
http://support.microsoft.com/default.aspx?scid=kb;en-us;263208
""Connecting with Incorrect Computer Name Results in 3034 Warning""
5.Use the nslookup utility to check if the name lookup is correct - KB
article 200525
6.Check if the time is synchronized between both the ADS
6.Restart primary ADS and then the other ADS







Simon B. Nielsen said:
Got DCDiag to run as well:

Server1*******************************
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NLBDC01
Starting test: Connectivity
......................... NLBDC01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NLBDC01
Starting test: Replications
[Replications Check,NLBDC01] A recent replication attempt failed:
From NLBDC02 to NLBDC01
Naming Context: CN=Schema,CN=Configuration,DC=nlbdom,DC=local
The replication generated an error (1723):
The RPC server is too busy to complete this operation.
The failure occurred at 2003-07-30 14:58.23.
The last success occurred at 2003-06-10 13:54.57.
1207 failures have occurred since the last success.
Check load and resouce usage on NLBDC02.
[Replications Check,NLBDC01] A recent replication attempt failed:
From NLBDC02 to NLBDC01
Naming Context: CN=Configuration,DC=nlbdom,DC=local
The replication generated an error (1723):
The RPC server is too busy to complete this operation.
The failure occurred at 2003-07-30 14:58.23.
The last success occurred at 2003-06-10 13:55.40.
1207 failures have occurred since the last success.
Check load and resouce usage on NLBDC02.
[Replications Check,NLBDC01] A recent replication attempt failed:
From NLBDC02 to NLBDC01
Naming Context: DC=nlbdom,DC=local
The replication generated an error (1723):
The RPC server is too busy to complete this operation.
The failure occurred at 2003-07-30 14:58.23.
The last success occurred at 2003-06-10 13:58.00.
1207 failures have occurred since the last success.
Check load and resouce usage on NLBDC02.
......................... NLBDC01 passed test Replications
Starting test: NCSecDesc
......................... NLBDC01 passed test NCSecDesc
Starting test: NetLogons
......................... NLBDC01 passed test NetLogons
Starting test: Advertising
......................... NLBDC01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NLBDC01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NLBDC01 passed test RidManager
Starting test: MachineAccount
......................... NLBDC01 passed test MachineAccount
Starting test: Services
......................... NLBDC01 passed test Services
Starting test: ObjectsReplicated
......................... NLBDC01 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NLBDC01 passed test frssysvol
Starting test: kccevent
......................... NLBDC01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 07/30/2003 15:03:03
Event String: Driver HP LaserJet 1200 Series PCL 6 required for
An Error Event occured. EventID: 0x00000452
Time Generated: 07/30/2003 15:03:03
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 07/30/2003 15:18:42
Event String: Driver HP LaserJet 1200 Series PCL 6 required for
An Error Event occured. EventID: 0x00000452
Time Generated: 07/30/2003 15:18:42
Event String: The printer could not be installed.
......................... NLBDC01 failed test systemlog

Running enterprise tests on : nlbdom.local
Starting test: Intersite
......................... nlbdom.local passed test Intersite
Starting test: FsmoCheck
......................... nlbdom.local passed test FsmoCheck


Server2*******************************
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NLBDC02
Starting test: Connectivity
......................... NLBDC02 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NLBDC02
Starting test: Replications
[Replications Check,NLBDC02] A recent replication attempt failed:
From NLBDC01 to NLBDC02
Naming Context: CN=Schema,CN=Configuration,DC=nlbdom,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2003-07-30 15:45.58.
The last success occurred at 2003-06-10 13:47.05.
1207 failures have occurred since the last success.
[NLBDC01] DsBind() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,NLBDC02] A recent replication attempt failed:
From NLBDC01 to NLBDC02
Naming Context: CN=Configuration,DC=nlbdom,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2003-07-30 15:45.58.
The last success occurred at 2003-06-10 13:54.18.
1207 failures have occurred since the last success.
[Replications Check,NLBDC02] A recent replication attempt failed:
From NLBDC01 to NLBDC02
Naming Context: DC=nlbdom,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2003-07-30 15:45.58.
The last success occurred at 2003-06-10 13:57.32.
1509 failures have occurred since the last success.
......................... NLBDC02 passed test Replications
Starting test: NCSecDesc
......................... NLBDC02 passed test NCSecDesc
Starting test: NetLogons
......................... NLBDC02 passed test NetLogons
Starting test: Advertising
......................... NLBDC02 passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: NLBDC01 is the Schema Owner, but is not responding to DS
RPC Bind.
[NLBDC01] LDAP bind failed with error 31,
A device attached to the system is not functioning..
Warning: NLBDC01 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: NLBDC01 is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: NLBDC01 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: NLBDC01 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: NLBDC01 is the PDC Owner, but is not responding to LDAP
Bind.
Warning: NLBDC01 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: NLBDC01 is the Rid Owner, but is not responding to LDAP
Bind.
Warning: NLBDC01 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: NLBDC01 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... NLBDC02 failed test KnowsOfRoleHolders
Starting test: RidManager
[NLBDC02] DsBindWithCred() failed with error -2146893022. The
target principal name is incorrect.
......................... NLBDC02 failed test RidManager
Starting test: MachineAccount
......................... NLBDC02 passed test MachineAccount
Starting test: Services
......................... NLBDC02 passed test Services
Starting test: ObjectsReplicated
......................... NLBDC02 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NLBDC02 passed test frssysvol
Starting test: kccevent
......................... NLBDC02 passed test kccevent
Starting test: systemlog
......................... NLBDC02 passed test systemlog

Running enterprise tests on : nlbdom.local
Starting test: Intersite
......................... nlbdom.local passed test Intersite
Starting test: FsmoCheck
......................... nlbdom.local passed test FsmoCheck




Simon B. Nielsen said:
OK could not get DCDiag.exe to run - kept getting the following pop-up: The
procedure entry point DsIsMangledDnW could not be located in the dynamic
link library NTDSAPI.dll.

I tried reinstalling ADMINPAK.msi from both the service pack folder and from
the CD, but nothing helped.

Here's what NetDiag.exe returned:

Server1:
C:\Program Files\Resource Kit>netdiag

.......................................

Computer Name: NLBDC01
DNS Host Name: nlbdc01.nlbdom.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB823559
KB823980
Q147222
Q295688
Q816093
Q818043


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : PUBLIC

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc01
IP Address . . . . . . . . : 10.50.10.15
Subnet Mask. . . . . . . . : 255.255.255.0
IP Address . . . . . . . . : 10.50.10.11
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.50.10.50
Dns Servers. . . . . . . . : 10.50.10.11


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : {CA714B64-CCA0-470C-BA57-9FB619DA3A4E}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc01
IP Address . . . . . . . . : 10.50.10.101
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 127.0.0.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.50.10.11'
and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'127.0.0.1' a
nd other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully


Server2:
C:\Program Files\Resource Kit>netdiag

.......................................

Computer Name: NLBDC02
DNS Host Name: nlbdc02.nlbdom.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB823559
KB823980
Q147222
Q295688
Q816093
Q818043


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Public Virtual

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc02
IP Address . . . . . . . . : 10.50.10.15
Subnet Mask. . . . . . . . : 255.255.255.0
IP Address . . . . . . . . : 10.50.10.12
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.50.10.50
Primary WINS Server. . . . : 10.50.10.11
Dns Servers. . . . . . . . : 10.50.10.11


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.50.10.11'
and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to nlbdc01.nlbdom.local (10.50.10.11).
[SEC_E_W
RONG_PRINCIPAL]


Trust relationship test. . . . . . : Passed
Secure channel for domain 'NLBDOM' is to '\\nlbdc01.nlbdom.local'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'nlbdc01.nlbdom.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully


Ramya Priya said:
Looks like there is some problem with DNS. Check the DNS event log.
Can you please run the diagnostic tools netdiag.exe and dcdiag.exe in each
of the domain controllers and check if there are any errors reported?
These tools are available as part of the resource kit.

I've setup file replication between 2 servers - both domain controllers
for
the same domain. First I created a root share and then a root replica -
everything went smooth. It has been running perfectly for a 1½ years until
a
few weeks ago when the replication all of the sudden stopped from
happening.

I've checked replication policy and both are set to participate in
automatic
replication. Looking through the event log I found the following:

---
The File Replication Service is having trouble enabling replication from
NLBDC02 to NLBDC01 for c:\winnt\sysvol\domain using the DNS name
nlbdc02.nlbdom.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name nlbdc02.nlbdom.local from
this computer.
[2] FRS is not running on nlbdc02.nlbdom.local.
[3] The topology information in the Active Directory for this
Click to expand...
replica
has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
---

I started checking both servers. FRS is running on both and they can
resolve
eachother. That leaves only the 3rd option which I cannot really
Click to expand...
check
but
no computers or users have been added/deleted or modified during the last
few months at least.

What the hell can be wrong? Does anyone know if a recent patch has screwed
up DFS or something because nothing I do seems to work.

Best regards...

Simon
Click to expand...
Click to expand...
Click to expand...
 
If you get the event 3034 in any of the ADS, check
263142 Determining the Cause of an "MRxSmb 3034" Warning
http://support.microsoft.com/?id=263142



Ramya Priya said:
This is clearly due to one of the following problems with DNS
1.Was there any new computer added into the domain with the same name as
that of DC?
2.Check if there are any invalid DNS records using the DNS snap in
(Star->Programs->Administrative Tools->DNS)
Go to Forward lookup zones and check the list of host records.
If there are any invalid entries, delete them
3.Check if both the name servers are listed i.e both the DNS servers should
be listed as name servers
4.Right click the domain name - Choose Scavenge Stale resource records and
Update server files and re start the DNS (menu - All tasks - Restart)
5.Check if there is a event log from MRxSmb in any of the ADS - System event
log with ID 3034
If so, check
http://support.microsoft.com/default.aspx?scid=kb;en-us;263208
""Connecting with Incorrect Computer Name Results in 3034 Warning""
5.Use the nslookup utility to check if the name lookup is correct - KB
article 200525
6.Check if the time is synchronized between both the ADS
6.Restart primary ADS and then the other ADS







Simon B. Nielsen said:
Got DCDiag to run as well:

Server1*******************************
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NLBDC01
Starting test: Connectivity
......................... NLBDC01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NLBDC01
Starting test: Replications
[Replications Check,NLBDC01] A recent replication attempt failed:
From NLBDC02 to NLBDC01
Naming Context: CN=Schema,CN=Configuration,DC=nlbdom,DC=local
The replication generated an error (1723):
The RPC server is too busy to complete this operation.
The failure occurred at 2003-07-30 14:58.23.
The last success occurred at 2003-06-10 13:54.57.
1207 failures have occurred since the last success.
Check load and resouce usage on NLBDC02.
[Replications Check,NLBDC01] A recent replication attempt failed:
From NLBDC02 to NLBDC01
Naming Context: CN=Configuration,DC=nlbdom,DC=local
The replication generated an error (1723):
The RPC server is too busy to complete this operation.
The failure occurred at 2003-07-30 14:58.23.
The last success occurred at 2003-06-10 13:55.40.
1207 failures have occurred since the last success.
Check load and resouce usage on NLBDC02.
[Replications Check,NLBDC01] A recent replication attempt failed:
From NLBDC02 to NLBDC01
Naming Context: DC=nlbdom,DC=local
The replication generated an error (1723):
The RPC server is too busy to complete this operation.
The failure occurred at 2003-07-30 14:58.23.
The last success occurred at 2003-06-10 13:58.00.
1207 failures have occurred since the last success.
Check load and resouce usage on NLBDC02.
......................... NLBDC01 passed test Replications
Starting test: NCSecDesc
......................... NLBDC01 passed test NCSecDesc
Starting test: NetLogons
......................... NLBDC01 passed test NetLogons
Starting test: Advertising
......................... NLBDC01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NLBDC01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NLBDC01 passed test RidManager
Starting test: MachineAccount
......................... NLBDC01 passed test MachineAccount
Starting test: Services
......................... NLBDC01 passed test Services
Starting test: ObjectsReplicated
......................... NLBDC01 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NLBDC01 passed test frssysvol
Starting test: kccevent
......................... NLBDC01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 07/30/2003 15:03:03
Event String: Driver HP LaserJet 1200 Series PCL 6 required for
An Error Event occured. EventID: 0x00000452
Time Generated: 07/30/2003 15:03:03
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 07/30/2003 15:18:42
Event String: Driver HP LaserJet 1200 Series PCL 6 required for
An Error Event occured. EventID: 0x00000452
Time Generated: 07/30/2003 15:18:42
Event String: The printer could not be installed.
......................... NLBDC01 failed test systemlog

Running enterprise tests on : nlbdom.local
Starting test: Intersite
......................... nlbdom.local passed test Intersite
Starting test: FsmoCheck
......................... nlbdom.local passed test FsmoCheck


Server2*******************************
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NLBDC02
Starting test: Connectivity
......................... NLBDC02 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NLBDC02
Starting test: Replications
[Replications Check,NLBDC02] A recent replication attempt failed:
From NLBDC01 to NLBDC02
Naming Context: CN=Schema,CN=Configuration,DC=nlbdom,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2003-07-30 15:45.58.
The last success occurred at 2003-06-10 13:47.05.
1207 failures have occurred since the last success.
[NLBDC01] DsBind() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,NLBDC02] A recent replication attempt failed:
From NLBDC01 to NLBDC02
Naming Context: CN=Configuration,DC=nlbdom,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2003-07-30 15:45.58.
The last success occurred at 2003-06-10 13:54.18.
1207 failures have occurred since the last success.
[Replications Check,NLBDC02] A recent replication attempt failed:
From NLBDC01 to NLBDC02
Naming Context: DC=nlbdom,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2003-07-30 15:45.58.
The last success occurred at 2003-06-10 13:57.32.
1509 failures have occurred since the last success.
......................... NLBDC02 passed test Replications
Starting test: NCSecDesc
......................... NLBDC02 passed test NCSecDesc
Starting test: NetLogons
......................... NLBDC02 passed test NetLogons
Starting test: Advertising
......................... NLBDC02 passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: NLBDC01 is the Schema Owner, but is not responding to DS
RPC Bind.
[NLBDC01] LDAP bind failed with error 31,
A device attached to the system is not functioning..
Warning: NLBDC01 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: NLBDC01 is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: NLBDC01 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: NLBDC01 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: NLBDC01 is the PDC Owner, but is not responding to LDAP
Bind.
Warning: NLBDC01 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: NLBDC01 is the Rid Owner, but is not responding to LDAP
Bind.
Warning: NLBDC01 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: NLBDC01 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... NLBDC02 failed test KnowsOfRoleHolders
Starting test: RidManager
[NLBDC02] DsBindWithCred() failed with error -2146893022. The
target principal name is incorrect.
......................... NLBDC02 failed test RidManager
Starting test: MachineAccount
......................... NLBDC02 passed test MachineAccount
Starting test: Services
......................... NLBDC02 passed test Services
Starting test: ObjectsReplicated
......................... NLBDC02 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... NLBDC02 passed test frssysvol
Starting test: kccevent
......................... NLBDC02 passed test kccevent
Starting test: systemlog
......................... NLBDC02 passed test systemlog

Running enterprise tests on : nlbdom.local
Starting test: Intersite
......................... nlbdom.local passed test Intersite
Starting test: FsmoCheck
......................... nlbdom.local passed test FsmoCheck




Simon B. Nielsen said:
OK could not get DCDiag.exe to run - kept getting the following
Click to expand...
pop-up:
The
procedure entry point DsIsMangledDnW could not be located in the dynamic
link library NTDSAPI.dll.

I tried reinstalling ADMINPAK.msi from both the service pack folder
Click to expand...
and
from
the CD, but nothing helped.

Here's what NetDiag.exe returned:

Server1:
C:\Program Files\Resource Kit>netdiag

.......................................

Computer Name: NLBDC01
DNS Host Name: nlbdc01.nlbdom.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB823559
KB823980
Q147222
Q295688
Q816093
Q818043


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : PUBLIC

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc01
IP Address . . . . . . . . : 10.50.10.15
Subnet Mask. . . . . . . . : 255.255.255.0
IP Address . . . . . . . . : 10.50.10.11
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.50.10.50
Dns Servers. . . . . . . . : 10.50.10.11


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : {CA714B64-CCA0-470C-BA57-9FB619DA3A4E}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc01
IP Address . . . . . . . . : 10.50.10.101
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 127.0.0.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.50.10.11'
and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'127.0.0.1' a
nd other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C80E2265-36BB-4FFC-8B20-58FA0A98EE97}
NetBT_Tcpip_{CA714B64-CCA0-470C-BA57-9FB619DA3A4E}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully


Server2:
C:\Program Files\Resource Kit>netdiag

.......................................

Computer Name: NLBDC02
DNS Host Name: nlbdc02.nlbdom.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB823559
KB823980
Q147222
Q295688
Q816093
Q818043


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Public Virtual

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : nlbdc02
IP Address . . . . . . . . : 10.50.10.15
Subnet Mask. . . . . . . . : 255.255.255.0
IP Address . . . . . . . . : 10.50.10.12
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.50.10.50
Primary WINS Server. . . . : 10.50.10.11
Dns Servers. . . . . . . . : 10.50.10.11


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.50.10.11'
and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{446DA9F5-59E6-4E4A-8142-7B2B7A21422C}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to nlbdc01.nlbdom.local (10.50.10.11).
[SEC_E_W
RONG_PRINCIPAL]


Trust relationship test. . . . . . : Passed
Secure channel for domain 'NLBDOM' is to '\\nlbdc01.nlbdom.local'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'nlbdc01.nlbdom.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully


Looks like there is some problem with DNS. Check the DNS event log.
Can you please run the diagnostic tools netdiag.exe and dcdiag.exe
Click to expand...
in
each
of the domain controllers and check if there are any errors reported?
These tools are available as part of the resource kit.

I've setup file replication between 2 servers - both domain controllers
for
the same domain. First I created a root share and then a root replica -
everything went smooth. It has been running perfectly for a 1½ years
until
a
few weeks ago when the replication all of the sudden stopped from
happening.

I've checked replication policy and both are set to participate in
automatic
replication. Looking through the event log I found the following:
Click to expand...
replication
from
NLBDC02 to NLBDC01 for c:\winnt\sysvol\domain using the DNS name
nlbdc02.nlbdom.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name nlbdc02.nlbdom.local
from
this computer.
[2] FRS is not running on nlbdc02.nlbdom.local.
[3] The topology information in the Active Directory for this replica
has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the
problem
is fixed you will see another event log message indicating that the
connection has been established.
---

I started checking both servers. FRS is running on both and they can
resolve
eachother. That leaves only the 3rd option which I cannot really check
but
no computers or users have been added/deleted or modified during the
last
few months at least.

What the hell can be wrong? Does anyone know if a recent patch has
screwed
up DFS or something because nothing I do seems to work.

Best regards...

Simon
Click to expand...
Click to expand...
Click to expand...
 
Back
Top