Replication Problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

In our company we have a Windows 2000 AD with 2 DCs each in a different site.
The DCs are linked via an IP-Sitelink. About a month ago we installed a
bunch of Windows Updates since then have a lot Error & Warning messages in
the Windows Event Log. Currently all services work as expected but I am not
so sure how long it will stay that way.

The follwing error messages are shown:
DNS 4013 (Warning)
The DNS server was unable to open the Active Directory. This DNS server is
configured to use directory service information and can not operate without
access to the directory. The DNS server will wait for the directory to
start. If the DNS server is started but the appropriate event has not been
logged, then the DNS server is still waiting for the directory to start.


DNS 4000 (Error)
The DNS server was unable to open Active Directory. This DNS server is
configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is
functioning properly and reload the zone. The event data is the error code.


NtFrs 13562 (Warning)
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller dc2.mydomain.at for
FRS replica set configuration information.

Could not bind to a Domain Controller. Will try again at next polling cycle.


NTDS KCC 1311 (Error)
The Directory Service consistency checker has determined that either (a)
there is not enough physical connectivity published via the Active Directory
Sites and Services Manager to create a spanning tree connecting all the sites
containing the Partition CN=Configuration,DC=mydomain,DC=at, or (b)
replication cannot be performed with one or more critical servers in order
for changes to propagate across all sites (most often due to the servers
being unreachable).

For (a), please use the Active Directory Sites and Services Manager to do
one of the following:
1. Publish sufficient site connectivity information such that the system can
infer a route by which this Partition can reach this site. This option is
preferred.
2. Add an ntdsConnection object to a Domain Controller that contains the
Partition CN=Configuration,DC=mydomain,DC=at in this site from a Domain
Controller that contains the same Partition in another site.

For (b), please see previous events logged by the NTDS KCC source that
identify the servers that could not be contacted.


NTDS KCC 1566 (Warning)
All servers in site CN=Site1,CN=Sites,CN=Configuration,DC=mydomain,DC=at
that can replicate partition CN=Configuration,DC=mydomain,DC=at over
transport CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=mydomain,DC=at are currently
unavailable.


DhcpServer 1051 (Error)
The DHCP/BINL service has determined that it is not authorized to service
clients on this network for the Windows domain: mydomain.at.


Userenv 1000 (Error)
Windows cannot determine the user or computer name. Return value (5).


I have tried several suggestions from the Microsoft Knowledge Base and also
some other sites but nothing seems to work.

An analaysis with the Repmon tool showed that the two sites do not
synchronize properly. When I try to synchronize them manually I got the
following error message:
There was an error during queuing the synchronization. The error code was:
ERROR_REPLICA_SYNC_FAILED_ACCESS IS DENIED.

As I also didn't succeed in finding a solution for that I am little bit out
of ideas and would appreciate some help or suggestions.

Regards,
Gegor
 
Hello,

With your error, there can be many issues that are causing this.
I would start at looking at DNS.
Point all of your Domain Controllers to your PDC for primary DNS and
themselfs for secondary DNS (if DNS is installed on the DC, which is
recommended)
I would delete all connection objects within Active Directory Sites and
Services.
On all of the domain controllers starting with your PDC emulator run
the following
ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net
start netlogon & net stop ntfrs & net start ntfrs.
Run the above on the rest of the domain controllers, and continually
check replication topology.
Also as you are getting an Access Denied on the Configurations, lets
verify within ADSIedit that the Domain Controllers group has the
following
Manage replication topology
Replicate directory changes
Replicating directory changes all
Replication synchronization.

After all the above is done, we should see an event within the File
Replication Service log
either 13516, or 13509.
If you find a 13508, we should wait and we should receive 13516, or
13509 after some time.
The above has resolve many calls I have received by enterprise
customers with replication issues.

Thanks
 
Hello Cisqokid!

Thanks for your help.

Currently Replmon tells me that Replication is working again but still have
the following errors in the event logs of the PDC:
NTDS KCC 1265 (Warning)
NTDS KCC 1566 (Warning)
NTDS KCC 1311 (Error)
NTDS General 1126 (Error)
NTDS General 1655 (Warning)

And some others on the second DC:
DHCPServer 1051 (Error)
DNS 4000 (Error)
DNS 4013 (Error)

Do you have any further suggestions?

Thanks in advance
Gregor
 
Back
Top