B
Bartosz Wegrzyn
Hi there,
I am having problems with AD and replication.
I have one PDC and one secondary domain controller.
After I added the secondary DC I am having problems.
On the PDC I do see those error messages in the event viewer.
Event ID 1411
The Directory Service failed to construct a mutual authentication
Service Principal Name (SPN) for server
a7127243-37d4-45e6-bf54-7a796809af1e._msdcs.saintferdinand.org. The
call is denied. The error was:
The DSA object could not be found.
The record data is the status code.
When I try to ping a7127243-37d4-45e6-bf54-7a796809af1e._msdcs.saintferdinand.org
everything is ok, I get the reply.
Both servers can talk to each other very easiliy.
On the backup domain controller:
EventID-13508
The File Replication Service is having trouble enabling replication
from SATURN to MOON for c:\winnt\sysvol\domain using the DNS name
saturn.saintferdinand.org. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name
saturn.saintferdinand.org from this computer.
[2] FRS is not running on saturn.saintferdinand.org.
[3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the
problem is fixed you will see another event log message indicating
that the connection has been established.
When I ping saturn.saintferdinand.org I receive reply so looks like
the conectivity is ok.
I run netdiag on the Backup domain controler I rewceive this:
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : gateway
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : moon
IP Address . . . . . . . . : 192.168.40.254
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.40.99
Dns Servers. . . . . . . . : 192.168.40.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Adapter : local
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : moon
IP Address . . . . . . . . : 192.168.40.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 192.168.40.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to
the local
machine. This machine is not working properly as a DC.
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B47D9731-45E9-47C0-8619-9973B3B67785}
NetBT_Tcpip_{B54C0BCC-9B82-4A7E-9875-16FBEA359373}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.40.1
' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B47D9731-45E9-47C0-8619-9973B3B67785}
NetBT_Tcpip_{B54C0BCC-9B82-4A7E-9875-16FBEA359373}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B54C0BCC-9B82-4A7E-9875-16FBEA359373}
NetBT_Tcpip_{B47D9731-45E9-47C0-8619-9973B3B67785}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Failed
[FATAL] Secure channel to domain 'SAINTFERDINAND' is broken.
[ERROR_ACCESS_D
ENIED]
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
So it looks like that there is something wrong with the relationship.
If I run the netdiag on PDC i receive:
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Team #0 - Adaptive Load Balancing Mode
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : saturn
IP Address . . . . . . . . : 192.168.40.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.40.99
Dns Servers. . . . . . . . : 127.0.0.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F2A5CFF7-9D38-448A-AB5B-D32759083607}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'127.0.0.1' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F2A5CFF7-9D38-448A-AB5B-D32759083607}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F2A5CFF7-9D38-448A-AB5B-D32759083607}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC
'moon.saintferdinand.org'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
Please help.
I tried to read all the articels from eventid.net, but looks like I
dont understand what is going on.
Thanks
I am having problems with AD and replication.
I have one PDC and one secondary domain controller.
After I added the secondary DC I am having problems.
On the PDC I do see those error messages in the event viewer.
Event ID 1411
The Directory Service failed to construct a mutual authentication
Service Principal Name (SPN) for server
a7127243-37d4-45e6-bf54-7a796809af1e._msdcs.saintferdinand.org. The
call is denied. The error was:
The DSA object could not be found.
The record data is the status code.
When I try to ping a7127243-37d4-45e6-bf54-7a796809af1e._msdcs.saintferdinand.org
everything is ok, I get the reply.
Both servers can talk to each other very easiliy.
On the backup domain controller:
EventID-13508
The File Replication Service is having trouble enabling replication
from SATURN to MOON for c:\winnt\sysvol\domain using the DNS name
saturn.saintferdinand.org. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name
saturn.saintferdinand.org from this computer.
[2] FRS is not running on saturn.saintferdinand.org.
[3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the
problem is fixed you will see another event log message indicating
that the connection has been established.
When I ping saturn.saintferdinand.org I receive reply so looks like
the conectivity is ok.
I run netdiag on the Backup domain controler I rewceive this:
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : gateway
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : moon
IP Address . . . . . . . . : 192.168.40.254
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.40.99
Dns Servers. . . . . . . . : 192.168.40.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Adapter : local
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : moon
IP Address . . . . . . . . : 192.168.40.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 192.168.40.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to
the local
machine. This machine is not working properly as a DC.
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B47D9731-45E9-47C0-8619-9973B3B67785}
NetBT_Tcpip_{B54C0BCC-9B82-4A7E-9875-16FBEA359373}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.40.1
' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B47D9731-45E9-47C0-8619-9973B3B67785}
NetBT_Tcpip_{B54C0BCC-9B82-4A7E-9875-16FBEA359373}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B54C0BCC-9B82-4A7E-9875-16FBEA359373}
NetBT_Tcpip_{B47D9731-45E9-47C0-8619-9973B3B67785}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Failed
[FATAL] Secure channel to domain 'SAINTFERDINAND' is broken.
[ERROR_ACCESS_D
ENIED]
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
So it looks like that there is something wrong with the relationship.
If I run the netdiag on PDC i receive:
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Team #0 - Adaptive Load Balancing Mode
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : saturn
IP Address . . . . . . . . : 192.168.40.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.40.99
Dns Servers. . . . . . . . : 127.0.0.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F2A5CFF7-9D38-448A-AB5B-D32759083607}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'127.0.0.1' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F2A5CFF7-9D38-448A-AB5B-D32759083607}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F2A5CFF7-9D38-448A-AB5B-D32759083607}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC
'moon.saintferdinand.org'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
Please help.
I tried to read all the articels from eventid.net, but looks like I
dont understand what is going on.
Thanks