Replication issues

[gexen]

We were attempting a new domain/treee in an exiting forest earlier last
week. We installed everything and it seemed to go without a hitch in
the install, but we've run into some serious replication issues.

We have two domains, lets call them general.local and the new one,
dedicated.local

Issue #1: DNS Replication. dedicated.local received the AD entries for
general.local without any issues once we set them to replicate through
all DNS servers in the Forest. However, general.local does not receive
dedicated.local's DNS server entries. We changed dedicated.local's to
replicate to all DNS servers in the Forest, just as we did for
general.local. Once we do, we get the event in our DNS log that DNS
data will be stored in the ForestDnsZones. However, 15 minutes later,
the option has been set back to only Domain Controllers within the
Domain.

Issue #2: General replication is also failing. We tried to demote the
domain controller but it threw us a DNS error, so I assume once we get
DNS sorted out, regular replication will probably start working too.

Any ideas? I've done searching and haven't found anything that has
worked.

 

[Kidem]

You did setup trust didnt you??? And DNS secure or dynamic?

 

[gexen]

I was under the impression that creating a new tree in an existing
forest automatically granted a two way trust between the trees. DNS is
set to the defaults for an AD integrated zone, secure.

 

[Jmnts]

Could you give more details about your network configuration, and Nics
Configuration?

Did you run Netdiag /debug
Did you run Dcdiag
http://technet2.microsoft.com/WindowsServer/en/Library/39d6c272-5c2e-4db0-a79a-4d8fbf52dd411033.mspx

What errors are you seing when you run this tests.

When you promoted the new tree did you pointed the Primary Dns server to the
existent Tree? and after that did you pointed the new server to itself? Does
all Servers can resolve all existent domains?

You're probably having a bad Dns configuration, just make sure that you can
resolve both domain names by Fqdn, and if they're in different sites make
sure that you don't have FW that blok information.
For FW Check:
http://www.microsoft.com/technet/pr.../activedirectory/deploy/confeat/adrepfir.mspx

 

[Jorge de Almeida Pinto [MVP]]

It sounds like DNS is not configured correctly. If DNS fails -> AD fails!

Assuming:
* general.local = forest root domain
* dedicated.local = new tree root domain

On DCs/DNS servers in general.local configure:
* a zone called general.local with DCs/DNS servers within domain as
replication scope
* a zone called _msdcs.general.local with DCs/DNS servers within forest as
replication scope

On DCs/DNS servers in dedicated.local configure:
* a zone called dedicated.local with DCs/DNS servers within domain as
replication scope

Possible solutions to provide name resolution between two domains:
* Conditional forwarding (on one or more DNS servers within domain configure
a forwarder for the other domain)
* Stub zones (on one or more DNS servers within domain configure a stub zone
for the other domain)
* Secondary zones (on one or more DNS servers within domain configure a
secondary zone for the other domain)

If you have more than 1 DC/DNS servers it also depends how DNS name
resolution is configured within the domain.

Point each DC/DNS server to itself as primary and configure as secondary
another DNS server
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx