Problems with replication and cross-ref obecjts

  • Thread starter Thread starter Pawe³ Mylka
  • Start date Start date
P

Pawe³ Mylka

I have problem with repliaction and when I put dcdiag with -e -v option I
can find something like that:

Starting test: CrossRefValidation
For the partition (DC=ForestDnsZones,DC=domaina,DC=xx) we

encountered the following error retrieving the cross-ref's

(CN=778e0f7b-344f-42e2-9dbf-bff1b8891402,CN=Partitions,CN=Configuration,DC=domaina,DC=xx)

information:
LDAP Error 0x52b (1323).
......................... ForestDnsZones failed test
CrossRefValidation

Does anyone can maybe know what LDAP Error 0x52b (1323).
means


regards
Pawe³ Mylka
 
Pawe³ Mylka said:
I have problem with repliaction and when I put dcdiag with -e -v option I
can find something like that:

Starting test: CrossRefValidation
For the partition (DC=ForestDnsZones,DC=domaina,DC=xx) we

encountered the following error retrieving the cross-ref's

(CN=778e0f7b-344f-42e2-9dbf-bff1b8891402,CN=Partitions,CN=Configuration,DC=domaina,DC=xx)

information:
LDAP Error 0x52b (1323).
......................... ForestDnsZones failed test
CrossRefValidation

Does anyone can maybe know what LDAP Error 0x52b (1323).
means
Click to expand...

I will jump here in this thread becouse I work on this issue with Pawel
on other forum.

Pawel, I've reviewed Your data which You send me off-line and this
output and I have to ask You - are You sure that everything is OK with
name resolution and DC's DNS registration? I din't fin d any mangled
attributes in Your cross-ref ldif output which You send to me.

Try to fix _msdcs zone using netdiag /fix command on the child domain
controllers.

I think that following procedure outlined in this post by Paul WIlliams
may resolve Your problem:

http://tinyurl.com/buowd
 
Hello, I am not quite sure at the moment when I read link which you send me.
At the beginning then I was trying resolve the problem i make netdiaf /fix
on all dc, but this not help. I have checked and all entries was registered
in dns.
But maybe GC don't see correcly situalion because don't have information (in
site and services mmc) about all dc server from subdomain.

I have to check it once more, But I will give you some more explenation:

The sitiation has come after i added sites to my networks. I have added site
and after that in global catalog server (there is one in all network, I know
this is wrong, but after set sites i wonted set more GC, I am new employe
and I want make some i hope good changes in our AD) disapird 3 DC servers
from subdomains (but only on main domain dc's). I have three subdomain and
in all subdomain i can see all server ok, i can repliace beetween subdomains
also.

In AD on main domin is also one DC from subdomin without computer name and
with wrong DNS alias on NDTS connection object.

I hope you understand me at the moment.

I can replicate from main domain do subdomian but I can't replicate from
subdomain do main domain.
I din't fin d any mangled
attributes in Your cross-ref ldif output which You send to me.
Click to expand...

Maybe because dns in main domain is not AD integrated (i planning to
integrate this with Ad in next step, now I can't becouse of external some
external thinks, it's not depend on me :()

I hope you have much more clear view of situation.

regards
Pawe³ Mylka
 
Pawel Mylka wrote:

(..)
The sitiation has come after i added sites to my networks. I have added site
and after that in global catalog server (there is one in all network, I know
this is wrong, but after set sites i wonted set more GC, I am new employe
and I want make some i hope good changes in our AD) disapird 3 DC servers
from subdomains (but only on main domain dc's). I have three subdomain and
in all subdomain i can see all server ok, i can repliace beetween subdomains
also.

In AD on main domin is also one DC from subdomin without computer name and
with wrong DNS alias on NDTS connection object.
Click to expand...

Do You have connections between the sites? If not, try to create
connection objects between these sites.

I hope you understand me at the moment.

I can replicate from main domain do subdomian but I can't replicate from
subdomain do main domain.
(...)

Maybe because dns in main domain is not AD integrated (i planning to
integrate this with Ad in next step, now I can't becouse of external some
external thinks, it's not depend on me :()

I hope you have much more clear view of situation.
Click to expand...

If Your root domain DNS is not AD integrated is it accepting dynamic
updates? Are You sure that You have all needed records in _msdcs zone
for root zone?

Try to integrate this zone with AD and enable dynamic updates, then
re-register DNS entries.

Try to use dnslint.exe to diagnose possible DNS problems.
 
The problem is that I can't integrate dns with AD :(.

Ok I will use dnslint onec more, maybe I have miss something before.:) It's
really seems that problem is located in dns.

Two additional question
1.) How Can i Add manuly dc disapired server (from subdomain) in main domain
DC normaly located in mmc site and serverces?? should I add repadmin comand
line tool??

2.) Do you have dok where is all say what exacly should be in _msdns,
ForestDNS, DomainDNS in win2k3??

The connection beetwen site exists.



regards
Pawe³ Mylka
 
Pawel said:
The problem is that I can't integrate dns with AD :(.
Click to expand...

But is it supporting dynamic updates?

Ok I will use dnslint onec more, maybe I have miss something before.:) It's
really seems that problem is located in dns.
Click to expand...

Yup, be sure to duble check:
- registration of DCs
- registration of your GC
- registered GUIDs (if they are the same as actuall DCs GUIDs)

Check %systemroot%\system32\config\netlogon.dns file for possible failed
entries marked with ';' sign on the beginning of line.


Two additional question
1.) How Can i Add manuly dc disapired server (from subdomain) in main domain
DC normaly located in mmc site and serverces?? should I add repadmin comand
line tool??
Click to expand...

Why this server disapeared? It was deleted or crashed. Is it still in
the domain as DC and is it working properly?

2.) Do you have dok where is all say what exacly should be in _msdns,
ForestDNS, DomainDNS in win2k3??
Click to expand...

http://www.petri.co.il/active_directory_srv_records.htm
http://www.windowsitpro.com/Article/ArticleID/13399/13399.html?Ad=1
 
U¿ytkownik "Tomasz Onyszko said:
But is it supporting dynamic updates?
Click to expand...

Yes Ofcourse
Yup, be sure to duble check:
- registration of DCs
- registration of your GC
- registered GUIDs (if they are the same as actuall DCs GUIDs)

Check %systemroot%\system32\config\netlogon.dns file for possible failed
entries marked with ';' sign on the beginning of line.
Click to expand...

all entries are ok. dnslint on all dc says everything is ok :(
Why this server disapeared? It was deleted or crashed. Is it still in the
domain as DC and is it working properly?
Click to expand...

hmmm.... It was not deleted and defuncted. I don't know whay it disapired.
In mean time one of administrator has depromed on server in subdomain, and
promoted with the same name.

This is 2003 AD, i spoke today mornining with one administrator from pila,
and can be that he plug into network one DC which was not connected for more
than 60 days.
But You tell on presentatnion that problem can be than situation avoid more
than 180 days on win2003.
 
Pawe³ Mylka said:
hmmm.... It was not deleted and defuncted. I don't know whay it disapired.
In mean time one of administrator has depromed on server in subdomain, and
promoted with the same name.
Click to expand...

And here can lay the problem - the same name doesn't mean the same GUID
and as You can see AD is using GUIDs. Is this DC still in topology ring?

I would suggest to demote this DC, cleanup metadata and promote it again.
 
Back
Top