what is the network configuration or R101NS02? Do an IPCONFIG /ALL
--
Glenn L
CCNA, MCSE 2000/2003 + Security
Hi Glen,
Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
when
I ran repadmin /showreps. Here are the results:
R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error
82
(local error)
R101NS01 and R101NS05 seemed to have worked fine, and they show they
were
successful with R101NS02.
I couldn't capture this info for you, could not find the /switch
Thanks
Johan
I
:
Johan,
Does r101ns02 hold any FSMO roles or do anything else besides DC work?
The quickest way back to health for r101ns02 is to force demote it, do
a
metadata cleanup of r101ns02 using KB216498, then repromote it.
If you execute repadmin /showreps from r101ns02, do you get the LDAP
bind
error?
Execute repadmin /showreps from R101NS01 and R101NS05, are they
getting
replication from R101NS02?
If you want to continue to troubleshoot, then the next step is to
reset
the
machine account password of the DC with the domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
Aftger you reset the password and initiate the reboot, be sure to
force
replication between R101NS01 and R101NS05
--
Glenn L
CCNA, MCSE 2000/2003 + Security
Hi Glenn,
All the DC's are within 1min of each other, and I have rebooted all
the
DC's
a number of times. I ran dcdiag and here are the results:
DC1
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: SSC\R101NS01
Starting test: Connectivity
......................... R101NS01 passed test Connectivity
Doing primary tests
Testing server: SSC\R101NS01
Starting test: Replications
......................... R101NS01 passed test Replications
Starting test: NCSecDesc
......................... R101NS01 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS01 passed test NetLogons
Starting test: Advertising
......................... R101NS01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS01 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS01 passed test RidManager
Starting test: MachineAccount
......................... R101NS01 passed test
MachineAccount
Starting test: Services
......................... R101NS01 passed test Services
Starting test: ObjectsReplicated
......................... R101NS01 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS01 passed test frssysvol
Starting test: kccevent
......................... R101NS01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:11
Event String: Driver Xerox Phaser 790 required for
printer
An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:11
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:14
Event String: Driver Xerox Phaser 790 required for
printer
An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:14
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/06/2005 07:09:24
Event String: Driver HP DesignJet 450C (E/A0) by HP
required
An Error Event occured. EventID: 0x00000452
Time Generated: 01/06/2005 07:09:24
Event String: The printer could not be installed.
......................... R101NS01 failed test systemlog
Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck
DC2
Domain Controller Diagnosis
Performing initial setup:
[r101ns02] LDAP bind failed with error 31,
A device attached to the system is not functioning..
DC3
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: SSC\R101NS05
Starting test: Connectivity
......................... R101NS05 passed test Connectivity
Doing primary tests
Testing server: SSC\R101NS05
Starting test: Replications
......................... R101NS05 passed test Replications
Starting test: NCSecDesc
......................... R101NS05 passed test NCSecDesc
Starting test: NetLogons
......................... R101NS05 passed test NetLogons
Starting test: Advertising
......................... R101NS05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... R101NS05 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... R101NS05 passed test RidManager
Starting test: MachineAccount
......................... R101NS05 passed test
MachineAccount
Starting test: Services
......................... R101NS05 passed test Services
Starting test: ObjectsReplicated
......................... R101NS05 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... R101NS05 passed test frssysvol
Starting test: kccevent
......................... R101NS05 passed test kccevent
Starting test: systemlog
......................... R101NS05 passed test systemlog
Running enterprise tests on : rona.ca
Starting test: Intersite
......................... rona.ca passed test Intersite
Starting test: FsmoCheck
......................... rona.ca passed test FsmoCheck
I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
would
not allow me
Thanks
Johan
:
These are typiccally a kerberos time skew issue.
Verify all DCs are withing 5 minutes of each other.
If that does not take care of things, have you rebooted DC1?
Also, run dcdiag on each DC.
post the results here.
--
Glenn L
CCNA, MCSE 2000/2003 + Security
I have 3 Domain Controllers, all are running W2K SP4. DC1 holds
the
Global
Catalog.
Since this morning DC1 seems to have a problem replicating to DC2
and
DC3
in
the same domain.
The error I get on DC1 is as follows:
Source: NTDS KCC
Error Event ID 1311
"The Directory Service consistency checker has determined that
either,
(a)there is not enough physical connectivity published via the
Acrtive
Directory Sites and Services Manager to create a spanning tree to
connecting
all the sites containing the Partition DC=xxx,DC=ca, or (b)
replication
cannot be performed with one or more critical servers in order
for
changes
to
propogate across all sites (most often being due to the servers
being
unreachable)
I also get Error Event ID 1265 which says "The RPC server is to
busy
to
complete this operation."
The errors I get on DC2 and DC3 are:
Event ID 1126: "unable to establish connection with the Global
Catalog."
Event ID 1655: "the attempt to communicate with global catalog
\\DC.xxx.ca
failed with the following status. The RPC Server is to busy to
complete
this
operation.
No changes were made to any of the DC's before this problem
occured.
No DC's were demoted and their time are all in sync.
I tried making DC3 a GC, but I still have users that cannot be
authenticated, and none can connect to the web via my proxy
server.
Can you please help?????
