DCpromo issue. Health check on AD and group policy.

Discussion in 'Active Directory' started by IT Team @ Queensbridge.bham.sch.uk, Jun 27, 2009.

  1. Hi Folks

    we have 3 domain controllers all running windows 2003 (DC with FMSO roles
    has SP1 and the other 2 have SP2). One of the SP2 DC's is about to suffer an
    imminent hard drive failure and I wanted to decommission it before it dies.
    We have also had intermittent issues with some workstations on the domain not
    picking up policies and correctly logging people on. I suspect that these
    workstations are trying to authenticate to this problem DC and the
    communication between the two isn't happening hence why users cant get their
    settings and policies not being applied.

    The problem is I tryed to DCpromo this server yesterday and couldn't remove
    it as a DC. when I ran dcpromo it seemed like it was going to decommision
    itself until I got the following error:

    The operation failed because: Active Directory could not configure the
    computer account SERVER$ on the remote domain controller
    firstDCindomain.domain.com. "Access is denied."
    Specify an account with Enterprise Adminstrator privileges to the forest,
    home.domain.com.

    I have checked thisI keep getting the same error message over and over. Its
    odd because I have done various promotion and decommison of DC's and never
    had this trouble in the past. In fact a year ago I had to decommision this
    exact server and repromote this exact server after some maintenance and never
    had a problem.

    My worry is I have got a feeling that either active directory may be in a
    slight mess or its related to group policy objects. I have seen a few issues
    appearing on some of our workstations which relate to not picking up gpo
    objects and gpo.ini.

    I have read that i can do a dcpromo/force removal and this is likely to
    work, my worry is this could cause issues as I have to use a util called
    ntsdutil to clear out active direcory, this sounds scary and I am not
    comfortable with doing this method in case I make the problem worse.

    Is there something I could run which could check active directory and group
    policy for all the DC's to help me identify the problem. I have run dcdiag on
    all 3 domain controllers and the problem server did bring up more issues than
    the other 2, and it was pointing to the File replication service and
    replication issues. Its like it cannot communicate with the other DC's. I
    have manually tried to do replication through sites and services and this
    works without any errors.

    So I am confused. Has anyone suffered this issue?

    Please help!
     
    IT Team @ Queensbridge.bham.sch.uk, Jun 27, 2009
    #1
    1. Advertising

  2. Hi IT Team @ Queensbridge.bham.sch.uk

    Before I go on, are you logging on with a user account that is part of the
    Enterprise Admins group, or at the least a domain admin account of the domain
    in question? Can you please post more data from the following commandline
    utils:

    Run dcdiag, netdiag and repadmin in verbose mode.
    -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
    -> netdiag /v > c:\netdiag.log (On each dc)
    -> repadmin /showrepl dc* /verbose /all /intersite > c:\repl.txt
    -> dnslint /ad /s "ip address of your dc"


    Try running MS Sonar to check you SYSVOL replication status: Download Sonar
    @
    http://www.microsoft.com/downloads/...fb-fe09-477c-8148-25ae02cf15d8&displaylang=en

    Use sonar to check if the sysvols (File Replication Service) is replicating.
    Sometimes if you update a GPO on a DC, the GPO points to a GPT.INI file in
    the SYSVOL which if the faulting DC is not replicating FRS (SYSVOL), but AD
    is replicating, then the actual data that to AD's GPO object loads is
    outdated. --- SO: CHECK the FRS services eventlogs under computer management.

    Run REPADMIN /replsum to ascertain AD replication status.

    If AD is replcated (Converged), has the FRS (Sysvol) completed repl. Check
    DC1,2 and 3's SYSVOL size per each DC. Should be the same size.

    Does the FRS eventlog have and event along the lines of a "Journal Wrap"
    etc. If so, on the faulting DC, you could follow
    http://support.microsoft.com/kb/316790 (The D2) option, not D4, and restart
    the FRS service

    Has the faulting DC time sych'd with the other 2 "GOOD" dc's.

    Have you logged on recently and not just unlocked the DC?

    If all above does not help, remove the DC from the Network phyically, and
    manually remove the DC via following
    http://support.microsoft.com/default.aspx/kb/216498

    What give's you the idea that the Harddrive is going to crash, any Event ID
    etc??

    I would ensure that the SYSVOL on the 2 Good DC's is fine and most up to date.
    I would copy the SYSVOL from the faulty DC to a safe location incase you
    realise that one or 2 GPO's were directly modified/created on the faulty DC.
    (Just incase).
    I would try logging of then on with an account that has enterprise rights to
    the faulty DC. Then Try DCPROMO out of AD. If still not working, then run the
    NTDSUTIL as previously proposed. But please do rather post the
    DCDIAG/NETDIAG/REPADMIN results before incase this is sometime minor

    Regards










    --
    Garry Starck
    MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


    "IT Team @ Queensbridge.bham.sch.uk" wrote:

    > Hi Folks
    >
    > we have 3 domain controllers all running windows 2003 (DC with FMSO roles
    > has SP1 and the other 2 have SP2). One of the SP2 DC's is about to suffer an
    > imminent hard drive failure and I wanted to decommission it before it dies.
    > We have also had intermittent issues with some workstations on the domain not
    > picking up policies and correctly logging people on. I suspect that these
    > workstations are trying to authenticate to this problem DC and the
    > communication between the two isn't happening hence why users cant get their
    > settings and policies not being applied.
    >
    > The problem is I tryed to DCpromo this server yesterday and couldn't remove
    > it as a DC. when I ran dcpromo it seemed like it was going to decommision
    > itself until I got the following error:
    >
    > The operation failed because: Active Directory could not configure the
    > computer account SERVER$ on the remote domain controller
    > firstDCindomain.domain.com. "Access is denied."
    > Specify an account with Enterprise Adminstrator privileges to the forest,
    > home.domain.com.
    >
    > I have checked thisI keep getting the same error message over and over. Its
    > odd because I have done various promotion and decommison of DC's and never
    > had this trouble in the past. In fact a year ago I had to decommision this
    > exact server and repromote this exact server after some maintenance and never
    > had a problem.
    >
    > My worry is I have got a feeling that either active directory may be in a
    > slight mess or its related to group policy objects. I have seen a few issues
    > appearing on some of our workstations which relate to not picking up gpo
    > objects and gpo.ini.
    >
    > I have read that i can do a dcpromo/force removal and this is likely to
    > work, my worry is this could cause issues as I have to use a util called
    > ntsdutil to clear out active direcory, this sounds scary and I am not
    > comfortable with doing this method in case I make the problem worse.
    >
    > Is there something I could run which could check active directory and group
    > policy for all the DC's to help me identify the problem. I have run dcdiag on
    > all 3 domain controllers and the problem server did bring up more issues than
    > the other 2, and it was pointing to the File replication service and
    > replication issues. Its like it cannot communicate with the other DC's. I
    > have manually tried to do replication through sites and services and this
    > works without any errors.
    >
    > So I am confused. Has anyone suffered this issue?
    >
    > Please help!
     
    Garry Starck-MCITP Enterprise Admin, Jun 28, 2009
    #2
    1. Advertising

  3. "IT Team @ Queensbridge.bham.sch.uk"
    <> wrote in message
    news:...
    > Hi Folks
    >
    > we have 3 domain controllers all running windows 2003 (DC with FMSO roles
    > has SP1 and the other 2 have SP2). One of the SP2 DC's is about to suffer
    > an
    > imminent hard drive failure and I wanted to decommission it before it
    > dies.
    > We have also had intermittent issues with some workstations on the domain
    > not
    > picking up policies and correctly logging people on. I suspect that these
    > workstations are trying to authenticate to this problem DC and the
    > communication between the two isn't happening hence why users cant get
    > their
    > settings and policies not being applied.
    >
    > The problem is I tryed to DCpromo this server yesterday and couldn't
    > remove
    > it as a DC. when I ran dcpromo it seemed like it was going to decommision
    > itself until I got the following error:
    >
    > The operation failed because: Active Directory could not configure the
    > computer account SERVER$ on the remote domain controller
    > firstDCindomain.domain.com. "Access is denied."
    > Specify an account with Enterprise Adminstrator privileges to the forest,
    > home.domain.com.
    >
    > I have checked thisI keep getting the same error message over and over.
    > Its
    > odd because I have done various promotion and decommison of DC's and never
    > had this trouble in the past. In fact a year ago I had to decommision this
    > exact server and repromote this exact server after some maintenance and
    > never
    > had a problem.
    >
    > My worry is I have got a feeling that either active directory may be in a
    > slight mess or its related to group policy objects. I have seen a few
    > issues
    > appearing on some of our workstations which relate to not picking up gpo
    > objects and gpo.ini.
    >
    > I have read that i can do a dcpromo/force removal and this is likely to
    > work, my worry is this could cause issues as I have to use a util called
    > ntsdutil to clear out active direcory, this sounds scary and I am not
    > comfortable with doing this method in case I make the problem worse.
    >
    > Is there something I could run which could check active directory and
    > group
    > policy for all the DC's to help me identify the problem. I have run dcdiag
    > on
    > all 3 domain controllers and the problem server did bring up more issues
    > than
    > the other 2, and it was pointing to the File replication service and
    > replication issues. Its like it cannot communicate with the other DC's. I
    > have manually tried to do replication through sites and services and this
    > works without any errors.
    >
    > So I am confused. Has anyone suffered this issue?
    >
    > Please help!


    Hello IT Team,

    Garry gave you plenty of useful information to help you with this. And as he
    stated, if you need to simply remove it if you can't get it to work, make
    sure you follow that article he posted to remove its reference from the AD
    database using ntdsutil after you unplug it. This is important if you unplug
    the machine and never expect to return it before promoting anything new into
    the domain.

    I would like to add, that the lack of this DC replicating, or the ability to
    remove it by the normal process of using dcpromo, can be due to numerous
    factors. This may also cause problems with your other existing DCs.

    Things that can cause AD problems:

    1. Multihomed DC (DC has more than one NIC and/or IP, which is NOT
    recommended or advised). This is due to the additional IPs registered into
    DNS that will cause problems with AD communications.

    2. Single label AD DNS domain name ('domain' vs the required minimum of
    'domain.net,' 'domain.local,' etc).

    3. Using your ISP, router or some other DNS as an address in the DC's IP
    properties. Rule of thumb is to NEVER use a DNS server that does not host a
    copy of the AD zone, or that does not have a reference to it such as using
    Secondary zones, conditional forwarding or a stub. This rule also applies to
    all machines in a domain. Only use the ISP's DNS as a Forwarder in DNS
    properties.

    4. Local Windows or third party firewall blocking necessary ports.

    5. Firewall between Sites blocking necessary ports. (There are over 30 ports
    that need to be opened in addition to the UDP Service ports - 1004 - 65536).

    6. IPSec policy on the DC preventing communications.

    7. RRAS installed on a DC. Not advised or recommended. This goes back to the
    no-multihomed rule because of the additional IPs RRAS registers into DNS.


    If you feel you can handle it with the information provided by Garry and I,
    that would be great. Otherwise, if you need additional specific assistance
    to get communication working, we'll need specific config info from your
    machines. Please post the following information to get us started in
    diagnosing this.

    1. Unedited ipconfig /all from your three DCs. You can change your domain
    name to hide it, but don't change the IPs or the format of the domain name,
    please. Simply copy and paste if from a CMD prompt.

    2. Any Event log errors from all three DCs in the app and System logs.

    3. Are the DCs all in one site, or in different Sites?
    If so, do you have AD Sites configured?
    If so, any firewalls rules between locations?

    4. What issues are you seeing on the workstations regarding GPOs? Please
    post the event ID as well as an ipconfig /all of a sample workstation this
    is occuring on.

    Thanks,

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup/forum to benefit from collaboration among
    responding engineers, as well as to help others benefit from your
    resolution.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer

    http://twitter.com/acefekay

    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [Microsoft Certified Trainer], Jun 28, 2009
    #3
  4. Hello IT Team Queensbridge.bham.sch.uk ITTeamQueensbridgebhamschukdiscussions.microsoft.com,

    As already stated from the others the output from the diagnostic tools and
    answers to the additional questions are really a good starting point to see
    what's going ono in your domain. So we are looking for the answers/outputs.

    You wrote about the remove/restore of that server some time ago, maybe you
    can also give some more detailed info about the way you did it.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Hi Folks
    >
    > we have 3 domain controllers all running windows 2003 (DC with FMSO
    > roles has SP1 and the other 2 have SP2). One of the SP2 DC's is about
    > to suffer an imminent hard drive failure and I wanted to decommission
    > it before it dies. We have also had intermittent issues with some
    > workstations on the domain not picking up policies and correctly
    > logging people on. I suspect that these workstations are trying to
    > authenticate to this problem DC and the communication between the two
    > isn't happening hence why users cant get their settings and policies
    > not being applied.
    >
    > The problem is I tryed to DCpromo this server yesterday and couldn't
    > remove it as a DC. when I ran dcpromo it seemed like it was going to
    > decommision itself until I got the following error:
    >
    > The operation failed because: Active Directory could not configure the
    > computer account SERVER$ on the remote domain controller
    > firstDCindomain.domain.com. "Access is denied."
    > Specify an account with Enterprise Adminstrator privileges to the
    > forest,
    > home.domain.com.
    > I have checked thisI keep getting the same error message over and
    > over. Its odd because I have done various promotion and decommison of
    > DC's and never had this trouble in the past. In fact a year ago I had
    > to decommision this exact server and repromote this exact server after
    > some maintenance and never had a problem.
    >
    > My worry is I have got a feeling that either active directory may be
    > in a slight mess or its related to group policy objects. I have seen a
    > few issues appearing on some of our workstations which relate to not
    > picking up gpo objects and gpo.ini.
    >
    > I have read that i can do a dcpromo/force removal and this is likely
    > to work, my worry is this could cause issues as I have to use a util
    > called ntsdutil to clear out active direcory, this sounds scary and I
    > am not comfortable with doing this method in case I make the problem
    > worse.
    >
    > Is there something I could run which could check active directory and
    > group policy for all the DC's to help me identify the problem. I have
    > run dcdiag on all 3 domain controllers and the problem server did
    > bring up more issues than the other 2, and it was pointing to the File
    > replication service and replication issues. Its like it cannot
    > communicate with the other DC's. I have manually tried to do
    > replication through sites and services and this works without any
    > errors.
    >
    > So I am confused. Has anyone suffered this issue?
    >
    > Please help!
    >
     
    Meinolf Weber [MVP-DS], Jun 28, 2009
    #4
  5. Hi

    I wasn't sure how to attach the files. so have pasted all of the files that
    were generated into this one post. It wont let me attach all files as they
    are very long.

    Is there a way to attach files?

    Any help would be most appreciated. After running the various utils it seems
    that the problem DC (NED) isn't replicating properly with the FRS. The same
    server hosts DFS and that seems to be working fine, but clearly there is some
    sort of replication issue.
     
    IT Team @ Queensbridge.bham.sch.uk, Jun 28, 2009
    #5
  6. "IT Team @ Queensbridge.bham.sch.uk"
    <> wrote in message
    news:...
    > Hi
    >
    > I wasn't sure how to attach the files. so have pasted all of the files
    > that
    > were generated into this one post. It wont let me attach all files as they
    > are very long.
    >
    > Is there a way to attach files?
    >
    > Any help would be most appreciated. After running the various utils it
    > seems
    > that the problem DC (NED) isn't replicating properly with the FRS. The
    > same
    > server hosts DFS and that seems to be working fine, but clearly there is
    > some
    > sort of replication issue.
    >
    >


    I believe there is a 100k limit to attachments, but I do not remember.

    You can copy and paste the data into your post, or attach them, but you have
    to break them up into separate posts. Keep them as text files only (no docs,
    excel or anything other than a text file in notepad). You can have the event
    log errors and ipconfigs in one post, another post with a netdiag errors
    only, and another post with the dcdiag errors only.

    I hope that helps.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jun 28, 2009
    #6
  7. Hi

    I have run the various utils as stated in my last post.

    The sonar util offered something interesting, clearly its showing that
    replication isn't happy on one of the DC's

    I have also checked to see if the user was a member of the enterprise admins
    group and it was. It was actually run using the administrator account which
    should have full access to everything.

    Below is the output from using the sonar util. I kept it logging data for
    about 5 minutes:

    Member,DNSSuffix,Domain,Site,DataCollectionState,DataCollectionError,RefreshInterval,UpdateTime,UpdateCost,SCMState,FRSState,ReplicaPath,StagingPath,InConnections,OutConnections,InJoinedConnections,OutJoinedConnections,LastInJoinInterval,LastOutJoinInterval,VerCompiledOn,VerLatestChanges,ServiceStartTime,BacklogFiles,BacklogFilesCycle,BacklogFilesDelta,BacklogSize,BacklogConnections,BacklogConnectionsCycle,BacklogConnectionsDelta,USNJournalSize,Burflags,JoinsTotal,VVJoinsActiveOutbound,LastVVJoinDateOutbound,SharingViolations,SYSVOLShared,LocalChangeOrdersTotal,LocalChangeOrdersDelta,LocalChangeOrdersCycle,USNRecordsAcceptedTotal,USNRecordsAcceptedDelta,USNRecordsAcceptedCycle,ChangeOrdersMorphedTotal,ChangeOrdersMorphedDelta,ChangeOrdersMorphedCycle,CommTimeoutTotal,CommTimeoutDelta,CommTimeoutCycle,DiskSpaceReplicaRoot,DiskSpaceStagingRoot,ExcessiveReplicationCycle,LongJoinCycle,HugeFileCycle,StagingFullCycle,StagingFilesRegeneratedTotal,StagingFilesRegeneratedDelta,StagingFilesRegeneratedCycle
    bart,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:01:00,28/06/2009
    13:58:48,172,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:07:00,1.21:06:00,24/03/2005 15:06:43,Install Override
    fix,02/06/2009 18:11:39,0,,0,,0,,0,0,0,,0,06/06/2009
    11:10:32,0,Ok,,,,,,,,,,,,,8626,8626,0,1,0,0,,,
    ned,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Failed,"FRSSets
    (Unexpected output (0))",00:01:00,28/06/2009
    13:58:49,109,Running,,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,,,,,,,16/02/2007
    20:01:30,Install Override fix,26/06/2009 15:07:06,,,,,,,,0,0,,,,0,Not
    shared,,,,,,,,,,,,,14399,14399,0,0,0,0,,,
    lisa,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:01:00,28/06/2009
    13:58:49,328,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:06:00,1.21:07:00,16/02/2007 20:01:30,Install Override
    fix,26/06/2009 16:51:33,0,,0,,0,,0,0,0,,0,07/08/2008
    14:11:39,0,Ok,,,,,,,,,,,,,143065,143065,0,1,0,0,,,
    lisa,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:59,28/06/2009
    13:59:48,109,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:07:00,1.21:08:00,16/02/2007 20:01:30,Install Override
    fix,26/06/2009 16:51:33,0,,0,,0,,0,0,0,,0,07/08/2008
    14:11:39,0,Ok,,,,,,,,,,,,,143065,143065,0,1,0,0,,,
    bart,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:59,28/06/2009
    13:59:48,125,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:08:00,1.21:07:00,24/03/2005 15:06:43,Install Override
    fix,02/06/2009 18:11:39,0,,0,,0,,0,0,0,,0,06/06/2009
    11:10:32,0,Ok,,,,,,,,,,,,,8626,8626,0,1,0,0,,,
    ned,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Failed,"FRSSets
    (Unexpected output (0))",00:00:59,28/06/2009
    13:59:48,94,Running,,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,,,,,,,16/02/2007
    20:01:30,Install Override fix,26/06/2009 15:07:06,,,,,,,,0,0,,,,0,Not
    shared,,,,,,,,,,,,,14399,14399,0,0,0,0,,,
    lisa,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:59,28/06/2009
    14:00:48,94,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:08:00,1.21:09:00,16/02/2007 20:01:30,Install Override
    fix,26/06/2009 16:51:33,0,,0,,0,,0,0,0,,0,07/08/2008
    14:11:39,0,Ok,,,,,,,,,,,,,143065,143065,0,1,0,0,,,
    bart,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:59,28/06/2009
    14:00:48,125,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:09:00,1.21:08:00,24/03/2005 15:06:43,Install Override
    fix,02/06/2009 18:11:39,0,,0,,0,,0,0,0,,0,06/06/2009
    11:10:32,0,Ok,,,,,,,,,,,,,8626,8626,0,1,0,0,,,
    ned,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Failed,"FRSSets
    (Unexpected output (0))",00:00:59,28/06/2009
    14:00:48,94,Running,,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,,,,,,,16/02/2007
    20:01:30,Install Override fix,26/06/2009 15:07:06,,,,,,,,0,0,,,,0,Not
    shared,,,,,,,,,,,,,14399,14399,0,0,0,0,,,
    lisa,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:43,28/06/2009
    14:01:31,94,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:09:00,1.21:09:00,16/02/2007 20:01:30,Install Override
    fix,26/06/2009 16:51:33,0,,0,,0,,0,0,0,,0,07/08/2008
    14:11:39,0,Ok,,,,,,,,,,,,,143065,143065,0,1,0,0,,,
    bart,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:43,28/06/2009
    14:01:31,156,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:09:00,1.21:09:00,24/03/2005 15:06:43,Install Override
    fix,02/06/2009 18:11:39,0,,0,,0,,0,0,0,,0,06/06/2009
    11:10:32,0,Ok,,,,,,,,,,,,,8626,8626,0,1,0,0,,,
    ned,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Failed,"FRSSets
    (Unexpected output (0))",00:00:43,28/06/2009
    14:01:32,109,Running,,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,,,,,,,16/02/2007
    20:01:30,Install Override fix,26/06/2009 15:07:06,,,,,,,,0,0,,,,0,Not
    shared,,,,,,,,,,,,,14399,14399,0,0,0,0,,,
    lisa,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:05,28/06/2009
    14:01:37,94,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:09:00,1.21:09:00,16/02/2007 20:01:30,Install Override
    fix,26/06/2009 16:51:33,0,,0,,0,,0,0,0,,0,07/08/2008
    14:11:39,0,Ok,,,,,,,,,,,,,143065,143065,0,1,0,0,,,
    bart,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:05,28/06/2009
    14:01:37,141,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:09:00,1.21:09:00,24/03/2005 15:06:43,Install Override
    fix,02/06/2009 18:11:39,0,,0,,0,,0,0,0,,0,06/06/2009
    11:10:32,0,Ok,,,,,,,,,,,,,8626,8626,0,1,0,0,,,
    ned,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Failed,"FRSSets
    (Unexpected output (0))",00:00:05,28/06/2009
    14:01:37,109,Running,,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,,,,,,,16/02/2007
    20:01:30,Install Override fix,26/06/2009 15:07:06,,,,,,,,0,0,,,,0,Not
    shared,,,,,,,,,,,,,14399,14399,0,0,0,0,,,
    lisa,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:57,28/06/2009
    14:02:35,94,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:10:00,1.21:10:00,16/02/2007 20:01:30,Install Override
    fix,26/06/2009 16:51:33,0,,0,,0,,0,0,0,,0,07/08/2008
    14:11:39,0,Ok,,,,,,,,,,,,,143065,143065,0,1,0,0,,,
    bart,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:57,28/06/2009
    14:02:35,156,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:10:00,1.21:10:00,24/03/2005 15:06:43,Install Override
    fix,02/06/2009 18:11:39,0,,0,,0,,0,0,0,,0,06/06/2009
    11:10:32,0,Ok,,,,,,,,,,,,,8626,8626,0,1,0,0,,,
    ned,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Failed,"FRSSets
    (Unexpected output (0))",00:00:57,28/06/2009
    14:02:35,125,Running,,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,,,,,,,16/02/2007
    20:01:30,Install Override fix,26/06/2009 15:07:06,,,,,,,,0,0,,,,0,Not
    shared,,,,,,,,,,,,,14399,14399,0,0,0,0,,,
    bart,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:00:59,28/06/2009
    14:03:35,125,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:11:00,1.21:11:00,24/03/2005 15:06:43,Install Override
    fix,02/06/2009 18:11:39,0,,0,,0,,0,0,0,,0,06/06/2009
    11:10:32,0,Ok,,,,,,,,,,,,,8626,8626,0,1,0,0,,,
    ned,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Failed,"FRSSets
    (Unexpected output (0))",00:01:00,28/06/2009
    14:03:35,109,Running,,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,,,,,,,16/02/2007
    20:01:30,Install Override fix,26/06/2009 15:07:06,,,,,,,,0,0,,,,0,Not
    shared,,,,,,,,,,,,,14399,14399,0,0,0,0,,,
    lisa,queensbridge.pri,QUEENSBRIDGE.PRI,Default-First-Site-Name,Succeeded,,00:01:00,28/06/2009
    14:03:35,297,Running,ACTIVE,C:\WINDOWS\SYSVOL\domain,C:\WINDOWS\SYSVOL\staging\domain,
    2, 2, 1, 1,1.21:11:00,1.21:11:00,16/02/2007 20:01:30,Install Override
    fix,26/06/2009 16:51:33,0,,0,,0,,0,0,0,,0,07/08/2008
    14:11:39,0,Ok,,,,,,,,,,,,,143065,143065,0,1,0,0,,,

    Thank you.
     
    IT Team @ Queensbridge.bham.sch.uk, Jun 28, 2009
    #7
  8. Hi

    Please find attached output from repl command:



    repadmin running command /showrepl against server ned.QUEENSBRIDGE.PRI



    Default-First-Site-Name\NED

    DC Options: (none)

    Site Options: (none)

    DC object GUID: 6cb09c14-734e-44bf-b67c-30ef9d28b264

    DC invocationID: 2b5e028e-a67f-4ed2-8ff0-b76cdd0ce4ac



    ==== INBOUND NEIGHBORS ======================================



    ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============



    DC=QUEENSBRIDGE,DC=PRI

    Default-First-Site-Name\LISA via RPC

    DC object GUID: ea498032-7e43-4b1a-b97a-4fbaeab64095

    Address: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-28 14:15:18 was successful.

    Default-First-Site-Name\BART via RPC

    DC object GUID: 2a90b761-fac5-459a-8cd0-826a734afc1c

    Address: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-28 14:45:18 was successful.



    CN=Configuration,DC=QUEENSBRIDGE,DC=PRI

    Default-First-Site-Name\LISA via RPC

    DC object GUID: ea498032-7e43-4b1a-b97a-4fbaeab64095

    Address: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-28 13:56:57 was successful.

    Default-First-Site-Name\BART via RPC

    DC object GUID: 2a90b761-fac5-459a-8cd0-826a734afc1c

    Address: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-28 14:26:49 was successful.



    CN=Schema,CN=Configuration,DC=QUEENSBRIDGE,DC=PRI

    Default-First-Site-Name\LISA via RPC

    DC object GUID: ea498032-7e43-4b1a-b97a-4fbaeab64095

    Address: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-27 19:51:14 was successful.

    Default-First-Site-Name\BART via RPC

    DC object GUID: 2a90b761-fac5-459a-8cd0-826a734afc1c

    Address: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-27 19:51:17 was successful.



    DC=DomainDnsZones,DC=QUEENSBRIDGE,DC=PRI

    Default-First-Site-Name\BART via RPC

    DC object GUID: 2a90b761-fac5-459a-8cd0-826a734afc1c

    Address: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-28 13:56:48 was successful.

    Default-First-Site-Name\LISA via RPC

    DC object GUID: ea498032-7e43-4b1a-b97a-4fbaeab64095

    Address: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-28 13:56:51 was successful.



    DC=ForestDnsZones,DC=QUEENSBRIDGE,DC=PRI

    Default-First-Site-Name\BART via RPC

    DC object GUID: 2a90b761-fac5-459a-8cd0-826a734afc1c

    Address: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-28 11:27:33 was successful.

    Default-First-Site-Name\LISA via RPC

    DC object GUID: ea498032-7e43-4b1a-b97a-4fbaeab64095

    Address: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI

    WRITEABLE

    Last attempt @ 2009-06-28 11:27:36 was successful.



    ==== KCC CONNECTION OBJECTS ============================================

    Connection --

    Connection name : 21cfcba8-d198-43a0-932e-c959a0f6ef23

    Server DNS name : ned.QUEENSBRIDGE.PRI

    Server DN name : CN=NTDS
    Settings,CN=NED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=QUEENSBRIDGE,DC=PRI

    Source: Default-First-Site-Name\BART

    No Failures.

    TransportType: intrasite RPC

    options: isGenerated

    ReplicatesNC: DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    ReplicatesNC: DC=ForestDnsZones,DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    ReplicatesNC: CN=Schema,CN=Configuration,DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    ReplicatesNC: CN=Configuration,DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    ReplicatesNC: DC=DomainDnsZones,DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    enabledConnection: whenChanged: 20090120040619.0Z

    whenCreated: 20080604085132.0Z

    Schedule:

    day: 0123456789ab0123456789ab

    Sun: 111111111111111111111111

    Mon: 111111111111111111111111

    Tue: 111111111111111111111111

    Wed: 111111111111111111111111

    Thu: 111111111111111111111111

    Fri: 111111111111111111111111

    Sat: 111111111111111111111111

    Connection --

    Connection name : LISA

    Server DNS name : ned.QUEENSBRIDGE.PRI

    Server DN name : CN=NTDS
    Settings,CN=NED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=QUEENSBRIDGE,DC=PRI

    Source: Default-First-Site-Name\LISA

    No Failures.

    TransportType: intrasite RPC

    ReplicatesNC: DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    ReplicatesNC: DC=ForestDnsZones,DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    ReplicatesNC: CN=Schema,CN=Configuration,DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    ReplicatesNC: CN=Configuration,DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    ReplicatesNC: DC=DomainDnsZones,DC=QUEENSBRIDGE,DC=PRI

    Reason: RingTopology

    Replica link has been added.

    enabledConnection: whenChanged: 20090120035119.0Z

    whenCreated: 20080811073920.0Z

    Schedule:

    day: 0123456789ab0123456789ab

    Sun: ffffffffffffffffffffffff

    Mon: ffffffffffffffffffffffff

    Tue: ffffffffffffffffffffffff

    Wed: ffffffffffffffffffffffff

    Thu: ffffffffffffffffffffffff

    Fri: ffffffffffffffffffffffff

    Sat: ffffffffffffffffffffffff

    2 connections found.



    Partition Replication Schedule Loading:



    00 01 02 03 04 05 06 07 08
    09 10 11



    0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1
    2 3 0 1 2 3 0 1 2 3

    Sun:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Sun:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Mon:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Mon:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Tue:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Tue:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Wed:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Wed:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Thu:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Thu:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Fri:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Fri:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Sat:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505

    Sat:
    100505051005050510050505100505051005050510050505100505051005050510050505100505051005050510050505
     
    IT Team @ Queensbridge.bham.sch.uk, Jun 28, 2009
    #8
  9. Please find attached information from dnslint file.

    DNSLint Report
    System Date: Fri Jun 26 16:18:04 2009
    Command run:
    \\techpc1\c$\dnslint\dnslint.exe /ad /s 10.122.84.58 /v
    Root of Active Directory Forest:
    QUEENSBRIDGE.PRI
    Active Directory Forest Replication GUIDs Found:

    DC: BART
    GUID: 2a90b761-fac5-459a-8cd0-826a734afc1c

    DC: NED
    GUID: 6cb09c14-734e-44bf-b67c-30ef9d28b264

    DC: LISA
    GUID: ea498032-7e43-4b1a-b97a-4fbaeab64095


    Total GUIDs found: 3
    ________________________________________
    The following 3 DNS servers were checked for records related to AD forest
    replication:
    DNS server: ned.queensbridge.pri
    IP Address: 10.122.84.58
    UDP port 53 responding to queries: YES
    TCP port 53 responding to queries: Not tested
    Answering authoritatively for domain: YES

    SOA record data from server:
    Authoritative name server: ned.QUEENSBRIDGE.PRI
    Hostmaster: hostmaster
    Zone serial number: 467
    Zone expires in: 1.00 day(s)
    Refresh period: 900 seconds
    Retry delay: 600 seconds
    Default (minimum) TTL: 3600 seconds
    Additional authoritative (NS) records from server:
    lisa.queensbridge.pri 10.122.84.53
    bart.queensbridge.pri 10.122.84.51
    ned.queensbridge.pri 10.122.84.58
    Alias (CNAME) and glue (A) records for forest GUIDs from server:
    CNAME: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI
    Alias: bart.QUEENSBRIDGE.PRI
    Glue: 10.122.84.51

    CNAME: 6cb09c14-734e-44bf-b67c-30ef9d28b264._msdcs.QUEENSBRIDGE.PRI
    Alias: ned.QUEENSBRIDGE.PRI
    Glue: 10.122.84.58

    CNAME: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI
    Alias: lisa.QUEENSBRIDGE.PRI
    Glue: 10.122.84.53


    Total number of CNAME records found on this server: 3

    Total number of CNAME records missing on this server: 0

    Total number of glue (A) records this server could not find: 0
    ________________________________________
    DNS server: lisa.queensbridge.pri
    IP Address: 10.122.84.53
    UDP port 53 responding to queries: NO
    TCP port 53 responding to queries: Not tested
    Answering authoritatively for domain: Unknown

    SOA record data from server:
    Authoritative name server: Unknown
    Hostmaster: Unknown
    Zone serial number: Unknown
    Zone expires in: Unknown
    Refresh period: Unknown
    Retry delay: Unknown
    Default (minimum) TTL: Unknown

    Total number of CNAME records found on this server: 0

    Total number of CNAME records missing on this server: 0

    Total number of glue (A) records this server could not find: 0
    ________________________________________
    DNS server: bart.queensbridge.pri
    IP Address: 10.122.84.51
    UDP port 53 responding to queries: YES
    TCP port 53 responding to queries: Not tested
    Answering authoritatively for domain: YES

    SOA record data from server:
    Authoritative name server: bart.QUEENSBRIDGE.PRI
    Hostmaster: hostmaster
    Zone serial number: 467
    Zone expires in: 1.00 day(s)
    Refresh period: 900 seconds
    Retry delay: 600 seconds
    Default (minimum) TTL: 3600 seconds
    Additional authoritative (NS) records from server:
    lisa.queensbridge.pri 10.122.84.53
    bart.queensbridge.pri 10.122.84.51
    ned.queensbridge.pri 10.122.84.58
    Alias (CNAME) and glue (A) records for forest GUIDs from server:
    CNAME: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI
    Alias: bart.QUEENSBRIDGE.PRI
    Glue: 10.122.84.51

    CNAME: 6cb09c14-734e-44bf-b67c-30ef9d28b264._msdcs.QUEENSBRIDGE.PRI
    Alias: ned.QUEENSBRIDGE.PRI
    Glue: 10.122.84.58

    CNAME: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI
    Alias: lisa.QUEENSBRIDGE.PRI
    Glue: 10.122.84.53


    Total number of CNAME records found on this server: 3

    Total number of CNAME records missing on this server: 0

    Total number of glue (A) records this server could not find: 0
    ________________________________________
    Notes:
    One or more DNS servers may not be authoritative for the domain
    One or more DNS servers did not respond to UDP queries
    One or more zone files may have expired
    SOA record data was unavailable and/or missing on one or more DNS servers
     
    IT Team @ Queensbridge.bham.sch.uk, Jun 28, 2009
    #9
  10. Hello IT Team Queensbridge.bham.sch.uk ITTeamQueensbridgebhamschukdiscussions.microsoft.com,

    Please post an unedited ipconfig b/all from all DNS servers. Something is
    strange with LISA, does it have all DNS zones and all domain machine entries
    listed? As you can see nothing is in the dnslint output for it.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Please find attached information from dnslint file.
    >
    > DNSLint Report
    > System Date: Fri Jun 26 16:18:04 2009
    > Command run:
    > \\techpc1\c$\dnslint\dnslint.exe /ad /s 10.122.84.58 /v
    > Root of Active Directory Forest:
    > QUEENSBRIDGE.PRI
    > Active Directory Forest Replication GUIDs Found:
    > DC: BART
    > GUID: 2a90b761-fac5-459a-8cd0-826a734afc1c
    > DC: NED
    > GUID: 6cb09c14-734e-44bf-b67c-30ef9d28b264
    > DC: LISA
    > GUID: ea498032-7e43-4b1a-b97a-4fbaeab64095
    > Total GUIDs found: 3
    > ________________________________________
    > The following 3 DNS servers were checked for records related to AD
    > forest
    > replication:
    > DNS server: ned.queensbridge.pri
    > IP Address: 10.122.84.58
    > UDP port 53 responding to queries: YES
    > TCP port 53 responding to queries: Not tested
    > Answering authoritatively for domain: YES
    > SOA record data from server:
    > Authoritative name server: ned.QUEENSBRIDGE.PRI
    > Hostmaster: hostmaster
    > Zone serial number: 467
    > Zone expires in: 1.00 day(s)
    > Refresh period: 900 seconds
    > Retry delay: 600 seconds
    > Default (minimum) TTL: 3600 seconds
    > Additional authoritative (NS) records from server:
    > lisa.queensbridge.pri 10.122.84.53
    > bart.queensbridge.pri 10.122.84.51
    > ned.queensbridge.pri 10.122.84.58
    > Alias (CNAME) and glue (A) records for forest GUIDs from server:
    > CNAME: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI
    > Alias: bart.QUEENSBRIDGE.PRI
    > Glue: 10.122.84.51
    > CNAME: 6cb09c14-734e-44bf-b67c-30ef9d28b264._msdcs.QUEENSBRIDGE.PRI
    > Alias: ned.QUEENSBRIDGE.PRI
    > Glue: 10.122.84.58
    > CNAME: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI
    > Alias: lisa.QUEENSBRIDGE.PRI
    > Glue: 10.122.84.53
    > Total number of CNAME records found on this server: 3
    >
    > Total number of CNAME records missing on this server: 0
    >
    > Total number of glue (A) records this server could not find: 0
    > ________________________________________
    > DNS server: lisa.queensbridge.pri
    > IP Address: 10.122.84.53
    > UDP port 53 responding to queries: NO
    > TCP port 53 responding to queries: Not tested
    > Answering authoritatively for domain: Unknown
    > SOA record data from server:
    > Authoritative name server: Unknown
    > Hostmaster: Unknown
    > Zone serial number: Unknown
    > Zone expires in: Unknown
    > Refresh period: Unknown
    > Retry delay: Unknown
    > Default (minimum) TTL: Unknown
    > Total number of CNAME records found on this server: 0
    >
    > Total number of CNAME records missing on this server: 0
    >
    > Total number of glue (A) records this server could not find: 0
    > ________________________________________
    > DNS server: bart.queensbridge.pri
    > IP Address: 10.122.84.51
    > UDP port 53 responding to queries: YES
    > TCP port 53 responding to queries: Not tested
    > Answering authoritatively for domain: YES
    > SOA record data from server:
    > Authoritative name server: bart.QUEENSBRIDGE.PRI
    > Hostmaster: hostmaster
    > Zone serial number: 467
    > Zone expires in: 1.00 day(s)
    > Refresh period: 900 seconds
    > Retry delay: 600 seconds
    > Default (minimum) TTL: 3600 seconds
    > Additional authoritative (NS) records from server:
    > lisa.queensbridge.pri 10.122.84.53
    > bart.queensbridge.pri 10.122.84.51
    > ned.queensbridge.pri 10.122.84.58
    > Alias (CNAME) and glue (A) records for forest GUIDs from server:
    > CNAME: 2a90b761-fac5-459a-8cd0-826a734afc1c._msdcs.QUEENSBRIDGE.PRI
    > Alias: bart.QUEENSBRIDGE.PRI
    > Glue: 10.122.84.51
    > CNAME: 6cb09c14-734e-44bf-b67c-30ef9d28b264._msdcs.QUEENSBRIDGE.PRI
    > Alias: ned.QUEENSBRIDGE.PRI
    > Glue: 10.122.84.58
    > CNAME: ea498032-7e43-4b1a-b97a-4fbaeab64095._msdcs.QUEENSBRIDGE.PRI
    > Alias: lisa.QUEENSBRIDGE.PRI
    > Glue: 10.122.84.53
    > Total number of CNAME records found on this server: 3
    >
    > Total number of CNAME records missing on this server: 0
    >
    > Total number of glue (A) records this server could not find: 0
    > ________________________________________
    > Notes:
    > One or more DNS servers may not be authoritative for the domain
    > One or more DNS servers did not respond to UDP queries
    > One or more zone files may have expired
    > SOA record data was unavailable and/or missing on one or more DNS
    > servers
     
    Meinolf Weber [MVP-DS], Jun 28, 2009
    #10
  11. Hi

    We have 2 DNS servers (bart and NED), Bart is the primary DNS server and is
    the first DC in the domain. NED is the DC which isn't replicating but is also
    a DNS server.

    Please find ipconfig /all outputs from both servers

    BART

    indows IP Configuration



    Host Name . . . . . . . . . . . . : bart

    Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection

    Physical Address. . . . . . . . . : 00-11-2F-63-BC-9B

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 10.122.84.51

    Subnet Mask . . . . . . . . . . . : 255.255.252.0

    Default Gateway . . . . . . . . . : 10.122.84.50

    DNS Servers . . . . . . . . . . . : 10.122.84.51

    10.122.84.58


    NED



    Windows IP Configuration



    Host Name . . . . . . . . . . . . : ned

    Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI



    Ethernet adapter Local Area Connection 2:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit
    Ethernet NIC

    Physical Address. . . . . . . . . : 00-0F-B5-09-A5-2C

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 10.122.84.58

    Subnet Mask . . . . . . . . . . . : 255.255.252.0

    Default Gateway . . . . . . . . . : 10.122.84.50

    DNS Servers . . . . . . . . . . . : 10.122.84.51
     
    IT Team @ Queensbridge.bham.sch.uk, Jun 28, 2009
    #11
  12. Hello IT Team Queensbridge.bham.sch.uk ITTeamQueensbridgebhamschukdiscussions.microsoft.com,

    The output looks ok, but again about LISA. It is listed as a DNS server in
    dnslint output. Was it some time ago DNS server, chek the nameserver tab
    on all DNS zones you have. If it is listed there remove it if not needed.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Hi
    >
    > We have 2 DNS servers (bart and NED), Bart is the primary DNS server
    > and is the first DC in the domain. NED is the DC which isn't
    > replicating but is also a DNS server.
    >
    > Please find ipconfig /all outputs from both servers
    >
    > BART
    >
    > indows IP Configuration
    >
    > Host Name . . . . . . . . . . . . : bart
    >
    > Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
    >
    > Node Type . . . . . . . . . . . . : Unknown
    >
    > IP Routing Enabled. . . . . . . . : No
    >
    > WINS Proxy Enabled. . . . . . . . : No
    >
    > DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
    >
    > Ethernet adapter Local Area Connection:
    >
    > Connection-specific DNS Suffix . :
    >
    > Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
    > Connection
    >
    > Physical Address. . . . . . . . . : 00-11-2F-63-BC-9B
    >
    > DHCP Enabled. . . . . . . . . . . : No
    >
    > IP Address. . . . . . . . . . . . : 10.122.84.51
    >
    > Subnet Mask . . . . . . . . . . . : 255.255.252.0
    >
    > Default Gateway . . . . . . . . . : 10.122.84.50
    >
    > DNS Servers . . . . . . . . . . . : 10.122.84.51
    >
    > 10.122.84.58
    >
    > NED
    >
    > Windows IP Configuration
    >
    > Host Name . . . . . . . . . . . . : ned
    >
    > Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
    >
    > Node Type . . . . . . . . . . . . : Unknown
    >
    > IP Routing Enabled. . . . . . . . : No
    >
    > WINS Proxy Enabled. . . . . . . . : No
    >
    > DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
    >
    > Ethernet adapter Local Area Connection 2:
    >
    > Connection-specific DNS Suffix . :
    >
    > Description . . . . . . . . . . . : Realtek RTL8169/8110 Family
    > Gigabit Ethernet NIC
    >
    > Physical Address. . . . . . . . . : 00-0F-B5-09-A5-2C
    >
    > DHCP Enabled. . . . . . . . . . . : No
    >
    > IP Address. . . . . . . . . . . . : 10.122.84.58
    >
    > Subnet Mask . . . . . . . . . . . : 255.255.252.0
    >
    > Default Gateway . . . . . . . . . : 10.122.84.50
    >
    > DNS Servers . . . . . . . . . . . : 10.122.84.51
    >
     
    Meinolf Weber [MVP-DS], Jun 28, 2009
    #12
  13. Hello IT Team Queensbridge.bham.sch.uk ITTeamQueensbridgebhamschukdiscussions.microsoft.com,

    Also do not forget the other questions and outputs, especially when the other
    output is to big to post use the dcdiag /v /c on each DC separate and also
    netdiag /v.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Hi
    >
    > We have 2 DNS servers (bart and NED), Bart is the primary DNS server
    > and is the first DC in the domain. NED is the DC which isn't
    > replicating but is also a DNS server.
    >
    > Please find ipconfig /all outputs from both servers
    >
    > BART
    >
    > indows IP Configuration
    >
    > Host Name . . . . . . . . . . . . : bart
    >
    > Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
    >
    > Node Type . . . . . . . . . . . . : Unknown
    >
    > IP Routing Enabled. . . . . . . . : No
    >
    > WINS Proxy Enabled. . . . . . . . : No
    >
    > DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
    >
    > Ethernet adapter Local Area Connection:
    >
    > Connection-specific DNS Suffix . :
    >
    > Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
    > Connection
    >
    > Physical Address. . . . . . . . . : 00-11-2F-63-BC-9B
    >
    > DHCP Enabled. . . . . . . . . . . : No
    >
    > IP Address. . . . . . . . . . . . : 10.122.84.51
    >
    > Subnet Mask . . . . . . . . . . . : 255.255.252.0
    >
    > Default Gateway . . . . . . . . . : 10.122.84.50
    >
    > DNS Servers . . . . . . . . . . . : 10.122.84.51
    >
    > 10.122.84.58
    >
    > NED
    >
    > Windows IP Configuration
    >
    > Host Name . . . . . . . . . . . . : ned
    >
    > Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
    >
    > Node Type . . . . . . . . . . . . : Unknown
    >
    > IP Routing Enabled. . . . . . . . : No
    >
    > WINS Proxy Enabled. . . . . . . . : No
    >
    > DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
    >
    > Ethernet adapter Local Area Connection 2:
    >
    > Connection-specific DNS Suffix . :
    >
    > Description . . . . . . . . . . . : Realtek RTL8169/8110 Family
    > Gigabit Ethernet NIC
    >
    > Physical Address. . . . . . . . . : 00-0F-B5-09-A5-2C
    >
    > DHCP Enabled. . . . . . . . . . . : No
    >
    > IP Address. . . . . . . . . . . . : 10.122.84.58
    >
    > Subnet Mask . . . . . . . . . . . : 255.255.252.0
    >
    > Default Gateway . . . . . . . . . : 10.122.84.50
    >
    > DNS Servers . . . . . . . . . . . : 10.122.84.51
    >
     
    Meinolf Weber [MVP-DS], Jun 28, 2009
    #13
  14. "IT Team @ Queensbridge.bham.sch.uk"
    <> wrote in message
    news:...
    > Please find attached information from dnslint file.
    >
    > ________________________________________
    > DNS server: lisa.queensbridge.pri
    > IP Address: 10.122.84.53
    > UDP port 53 responding to queries: NO
    > TCP port 53 responding to queries: Not tested
    > Answering authoritatively for domain: Unknown
    >
    > SOA record data from server:
    > Authoritative name server: Unknown
    > Hostmaster: Unknown
    > Zone serial number: Unknown
    > Zone expires in: Unknown
    > Refresh period: Unknown
    > Retry delay: Unknown
    > Default (minimum) TTL: Unknown
    >
    > Total number of CNAME records found on this server: 0
    >
    > Total number of CNAME records missing on this server: 0
    >
    > Total number of glue (A) records this server could not find: 0
    > ________________________________________



    The above says the DNS is not responding on lisa.queensbridge.pri. This
    could either be due to firewall block or the DNS service may not be running.
    Is the DNS service running on lisa.queensbridge.pri?

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jun 28, 2009
    #14
  15. Hi Meinholf and Hello IT Team Queensbridge.bham.sch.uk

    Since Repadmin was not looking great to say the least, check FRS and AD evt
    logs on the other intrastire DC's for failures creating connection objects
    with NED. Presuming that NED was recently promo'd out and in again (I'm
    really hoping)

    I have a recollection of this issue after I removed a DC via DCPROMO and
    within 20minutes I DCpromo'd the new Hardware in as the exact same name. What
    happened then was GUID/CNAMES in DNS were 100% right for the new DC, but
    every DC whether Intra or Intersite that was a direct replication partner
    with the he renewed DC simply would not allow the new DC to create new
    inbound connection objects (You can't even via manual methods). Every DC that
    was a replication partner of the DC before removing it obviously continued
    repl via KCC auto generated connection objects to another preferred bridge
    head. I eventually found nothing on the internet to help, but what I did do
    next was user repadmin /expertuser switch and users the following cowboy
    trick (Int the LAB first, managed to replicate exact problem luckily):

    /delrepsto <Naming Context> <DC> <Reps-To DC> <Reps-To DC GUID>
    Examples:
    Naming Context <DC=TESTDOM,DC=LOCAL >
    <DC> done at each DC that was a pervious repl partner
    <repsto dc> this will most definitely be NED in every run of the commands on
    each old partners. And check intrasite DC's FRS/AD eventlogs on each DC to
    see if their is an issue showing the old GUID/CNAME in the events. This GUID
    will be the buid use supply for <Reps-To DC GUID>

    Now I scripted this as the forest has over 200 DC's and due to lack of RAM /
    perf on most DC's, KCC was not autogening connection obj's. 90 % of the dc's
    used this DC as a bridgehead (Manually set seince we were still on 2000 AD
    and it's hidden agenda, we had switched KCC &ISTG off and every connection
    object was manual (This is how I know that not even a manual obj creation
    helps to trick).

    To add to my missery, when I spotted the errors after the new DC's promo. I
    dcpromo'd out again and then there were now 2 wrong outdated GUID to remove.
    I don't think the /delrepsto <Naming Context> <DC> <Reps-To DC> <Reps-To DC
    GUID> way is complex, just guid's burnt into you retinas if manually done.
    But you are small, so if this pie in the sky theory is write, each DC
    Intrasite show hhave some eventlogs, hopefully showing the antiquated GUID's.
    Since each other site had one or more DC's, only one is generally in need of
    attention, the Bridgehead which KCC selects. KCC does the KCC thing every 15
    minutes and will auto gen the new "true" connetion objects at those
    intervals,

    Also, who's the RID master, is he UP?

    Root Cause Analysis of my issue, A bit of a thumb suck, I has just arrived
    at the clients site and I have never seen the monetuos amount of linger
    objects in AD, maybe that cintributed, I douted that, I then thought through
    a personally created issue, I took the HDD's out of the old DC and added them
    to the new server so as to mirrow the OS and current configs and then
    promoted it in with 20mins. By this stage, the mirrors had completed sync and
    pulled the old hdd's out. You may think this is menial, but in my VM labs, I
    often promo one out then straigh back in, and have noticed similar issues
    eventing. Apparently the now member server keeps it AD settings and what you
    should do is promo it 1st into another new dummy.junk domain and promo it out
    and reboot. All the "so called" domain history is now gone from registry etc.
    I do not know what exacts around documented around that issue, maybe some of
    the MVP can comment/ drill me/thrill me

    Regards





    Garry Starck
    MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


    "Meinolf Weber [MVP-DS]" wrote:

    > Hello IT Team Queensbridge.bham.sch.uk ITTeamQueensbridgebhamschukdiscussions.microsoft.com,
    >
    > Also do not forget the other questions and outputs, especially when the other
    > output is to big to post use the dcdiag /v /c on each DC separate and also
    > netdiag /v.
    >
    > Best regards
    >
    > Meinolf Weber
    > Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    > no rights.
    > ** Please do NOT email, only reply to Newsgroups
    > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    >
    > > Hi
    > >
    > > We have 2 DNS servers (bart and NED), Bart is the primary DNS server
    > > and is the first DC in the domain. NED is the DC which isn't
    > > replicating but is also a DNS server.
    > >
    > > Please find ipconfig /all outputs from both servers
    > >
    > > BART
    > >
    > > indows IP Configuration
    > >
    > > Host Name . . . . . . . . . . . . : bart
    > >
    > > Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
    > >
    > > Node Type . . . . . . . . . . . . : Unknown
    > >
    > > IP Routing Enabled. . . . . . . . : No
    > >
    > > WINS Proxy Enabled. . . . . . . . : No
    > >
    > > DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
    > >
    > > Ethernet adapter Local Area Connection:
    > >
    > > Connection-specific DNS Suffix . :
    > >
    > > Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
    > > Connection
    > >
    > > Physical Address. . . . . . . . . : 00-11-2F-63-BC-9B
    > >
    > > DHCP Enabled. . . . . . . . . . . : No
    > >
    > > IP Address. . . . . . . . . . . . : 10.122.84.51
    > >
    > > Subnet Mask . . . . . . . . . . . : 255.255.252.0
    > >
    > > Default Gateway . . . . . . . . . : 10.122.84.50
    > >
    > > DNS Servers . . . . . . . . . . . : 10.122.84.51
    > >
    > > 10.122.84.58
    > >
    > > NED
    > >
    > > Windows IP Configuration
    > >
    > > Host Name . . . . . . . . . . . . : ned
    > >
    > > Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
    > >
    > > Node Type . . . . . . . . . . . . : Unknown
    > >
    > > IP Routing Enabled. . . . . . . . : No
    > >
    > > WINS Proxy Enabled. . . . . . . . : No
    > >
    > > DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
    > >
    > > Ethernet adapter Local Area Connection 2:
    > >
    > > Connection-specific DNS Suffix . :
    > >
    > > Description . . . . . . . . . . . : Realtek RTL8169/8110 Family
    > > Gigabit Ethernet NIC
    > >
    > > Physical Address. . . . . . . . . : 00-0F-B5-09-A5-2C
    > >
    > > DHCP Enabled. . . . . . . . . . . : No
    > >
    > > IP Address. . . . . . . . . . . . : 10.122.84.58
    > >
    > > Subnet Mask . . . . . . . . . . . : 255.255.252.0
    > >
    > > Default Gateway . . . . . . . . . : 10.122.84.50
    > >
    > > DNS Servers . . . . . . . . . . . : 10.122.84.51
    > >

    >
    >
    >
     
    Garry Starck-MCITP Enterprise Admin, Jun 29, 2009
    #15
  16. "Garry Starck-MCITP Enterprise Admin"
    <vjsparx@REMOVE_CAPS_INVALIDhotmail.com> wrote in message
    news:...
    > Hi Meinholf and Hello IT Team Queensbridge.bham.sch.uk
    >
    > Since Repadmin was not looking great to say the least, check FRS and AD
    > evt
    > logs on the other intrastire DC's for failures creating connection objects
    > with NED. Presuming that NED was recently promo'd out and in again (I'm
    > really hoping)
    >
    > I have a recollection of this issue after I removed a DC via DCPROMO and
    > within 20minutes I DCpromo'd the new Hardware in as the exact same name.
    > What
    > happened then was GUID/CNAMES in DNS were 100% right for the new DC, but
    > every DC whether Intra or Intersite that was a direct replication partner
    > with the he renewed DC simply would not allow the new DC to create new
    > inbound connection objects (You can't even via manual methods). Every DC
    > that
    > was a replication partner of the DC before removing it obviously continued
    > repl via KCC auto generated connection objects to another preferred bridge
    > head. I eventually found nothing on the internet to help, but what I did
    > do
    > next was user repadmin /expertuser switch and users the following cowboy
    > trick (Int the LAB first, managed to replicate exact problem luckily):
    >
    > /delrepsto <Naming Context> <DC> <Reps-To DC> <Reps-To DC GUID>
    > Examples:
    > Naming Context <DC=TESTDOM,DC=LOCAL >
    > <DC> done at each DC that was a pervious repl partner
    > <repsto dc> this will most definitely be NED in every run of the commands
    > on
    > each old partners. And check intrasite DC's FRS/AD eventlogs on each DC to
    > see if their is an issue showing the old GUID/CNAME in the events. This
    > GUID
    > will be the buid use supply for <Reps-To DC GUID>
    >
    > Now I scripted this as the forest has over 200 DC's and due to lack of RAM
    > /
    > perf on most DC's, KCC was not autogening connection obj's. 90 % of the
    > dc's
    > used this DC as a bridgehead (Manually set seince we were still on 2000 AD
    > and it's hidden agenda, we had switched KCC &ISTG off and every connection
    > object was manual (This is how I know that not even a manual obj creation
    > helps to trick).
    >
    > To add to my missery, when I spotted the errors after the new DC's promo.
    > I
    > dcpromo'd out again and then there were now 2 wrong outdated GUID to
    > remove.
    > I don't think the /delrepsto <Naming Context> <DC> <Reps-To DC> <Reps-To
    > DC
    > GUID> way is complex, just guid's burnt into you retinas if manually done.
    > But you are small, so if this pie in the sky theory is write, each DC
    > Intrasite show hhave some eventlogs, hopefully showing the antiquated
    > GUID's.
    > Since each other site had one or more DC's, only one is generally in need
    > of
    > attention, the Bridgehead which KCC selects. KCC does the KCC thing every
    > 15
    > minutes and will auto gen the new "true" connetion objects at those
    > intervals,
    >
    > Also, who's the RID master, is he UP?
    >
    > Root Cause Analysis of my issue, A bit of a thumb suck, I has just arrived
    > at the clients site and I have never seen the monetuos amount of linger
    > objects in AD, maybe that cintributed, I douted that, I then thought
    > through
    > a personally created issue, I took the HDD's out of the old DC and added
    > them
    > to the new server so as to mirrow the OS and current configs and then
    > promoted it in with 20mins. By this stage, the mirrors had completed sync
    > and
    > pulled the old hdd's out. You may think this is menial, but in my VM labs,
    > I
    > often promo one out then straigh back in, and have noticed similar issues
    > eventing. Apparently the now member server keeps it AD settings and what
    > you
    > should do is promo it 1st into another new dummy.junk domain and promo it
    > out
    > and reboot. All the "so called" domain history is now gone from registry
    > etc.
    > I do not know what exacts around documented around that issue, maybe some
    > of
    > the MVP can comment/ drill me/thrill me
    >
    > Regards
    >


    Very interesting, and very VERY plausible. I've seen this happen before
    years ago in a 2000 domain, and without running numerous tests, I realized
    it before it got too far, when replication was failing. Looking at
    replication intervals where the removed DC's reference replication to other
    sites did not occur before promoting the new machine into the domain with
    the same name, caused the issue. Since this was a 2000 domain, there was no
    /forceremoval switch to work with, but not that it would have probably
    worked because of the identical names and two GUIDs. I pulled out the old DC
    and ran a Metadata Cleanup, and manually cleaned out DNS, Sites & Services,
    etc, and blew away the machine, and reinstalled it, but did not re-promote
    it until waiting a day, ran replmon, etc, to monitor all DCs to make sure
    there were no replication references.

    As for registry settings, the only entry I am aware of would be the product
    type entry, whether it's a DC or not
    (HKLM\SYSTEM\CCS\Control\ProductOptions - only values would be either
    LanmanNT or ServerNT). Everything else is in the AD database as far as the
    GUID, etc, nut then again, there's the machine's TCP reg entries, as well as
    netlogon reg entry, which registers the GUID into DNS and AD database, which
    when demoted, the reg entry should get removed, as well as the DNS reg.

    So if this is the case, and a /forceremoval doesn't work, I would think to
    unplug it, run Metadata Cleanup, and rebuild the machine from scratch.

    But then again, there were other similar cases where I've seen similar
    issues where the customer updated one of their SonicWall routers wtih a new
    firmware that changed the MTU to 1492 from 1500. It took me two days to
    figure this one out. Apparently from researching it, LDAP/RPC traffic fails
    at anything less than 1500 MTU. We put the old firmware back on and
    replication started once again. This is one reason I advise customers to not
    use an ADSL service for a corporate link.

    Then again, it could be a simple firewall rule blocking necessary ports, but
    I'm starting to think not because of the DNS issue I saw in the DNSLint
    report.

    Awaiting to see the dcdiag and netdiags to see what they have to say...

    But I like your theory, and it may just probably be the case. We'll need IT
    Team Queensbridge.bham.sch.uk to elaborate on what occured for a
    determination.

    Cheers!

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jun 29, 2009
    #16
  17. Hello Garry,

    really a good information about your solution to such a kind of problem.
    And with 200 DCs, yes it's a lot of work when you can't find a way like you
    did.

    I also had the thoughts about a problem with removing and reinstalling, that
    was my reason to ask the OP about the way he did it in detail. Maybe we will
    get an answer.


    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Hi Meinholf and Hello IT Team Queensbridge.bham.sch.uk
    >
    > Since Repadmin was not looking great to say the least, check FRS and
    > AD evt logs on the other intrastire DC's for failures creating
    > connection objects with NED. Presuming that NED was recently promo'd
    > out and in again (I'm really hoping)
    >
    > I have a recollection of this issue after I removed a DC via DCPROMO
    > and within 20minutes I DCpromo'd the new Hardware in as the exact same
    > name. What happened then was GUID/CNAMES in DNS were 100% right for
    > the new DC, but every DC whether Intra or Intersite that was a direct
    > replication partner with the he renewed DC simply would not allow the
    > new DC to create new inbound connection objects (You can't even via
    > manual methods). Every DC that was a replication partner of the DC
    > before removing it obviously continued repl via KCC auto generated
    > connection objects to another preferred bridge head. I eventually
    > found nothing on the internet to help, but what I did do next was user
    > repadmin /expertuser switch and users the following cowboy trick (Int
    > the LAB first, managed to replicate exact problem luckily):
    >
    > /delrepsto <Naming Context> <DC> <Reps-To DC> <Reps-To DC GUID>
    > Examples:
    > Naming Context <DC=TESTDOM,DC=LOCAL >
    > <DC> done at each DC that was a pervious repl partner
    > <repsto dc> this will most definitely be NED in every run of the
    > commands on
    > each old partners. And check intrasite DC's FRS/AD eventlogs on each
    > DC to
    > see if their is an issue showing the old GUID/CNAME in the events.
    > This GUID
    > will be the buid use supply for <Reps-To DC GUID>
    > Now I scripted this as the forest has over 200 DC's and due to lack of
    > RAM / perf on most DC's, KCC was not autogening connection obj's. 90 %
    > of the dc's used this DC as a bridgehead (Manually set seince we were
    > still on 2000 AD and it's hidden agenda, we had switched KCC &ISTG off
    > and every connection object was manual (This is how I know that not
    > even a manual obj creation helps to trick).
    >
    > To add to my missery, when I spotted the errors after the new DC's
    > promo. I dcpromo'd out again and then there were now 2 wrong outdated
    > GUID to remove. I don't think the /delrepsto <Naming Context> <DC>
    > <Reps-To DC> <Reps-To DC
    >

    GUID>> way is complex, just guid's burnt into you retinas if manually
    GUID>> done.
    GUID>>
    > But you are small, so if this pie in the sky theory is write, each DC
    > Intrasite show hhave some eventlogs, hopefully showing the antiquated
    > GUID's. Since each other site had one or more DC's, only one is
    > generally in need of attention, the Bridgehead which KCC selects. KCC
    > does the KCC thing every 15 minutes and will auto gen the new "true"
    > connetion objects at those intervals,
    >
    > Also, who's the RID master, is he UP?
    >
    > Root Cause Analysis of my issue, A bit of a thumb suck, I has just
    > arrived at the clients site and I have never seen the monetuos amount
    > of linger objects in AD, maybe that cintributed, I douted that, I then
    > thought through a personally created issue, I took the HDD's out of
    > the old DC and added them to the new server so as to mirrow the OS and
    > current configs and then promoted it in with 20mins. By this stage,
    > the mirrors had completed sync and pulled the old hdd's out. You may
    > think this is menial, but in my VM labs, I often promo one out then
    > straigh back in, and have noticed similar issues eventing. Apparently
    > the now member server keeps it AD settings and what you should do is
    > promo it 1st into another new dummy.junk domain and promo it out and
    > reboot. All the "so called" domain history is now gone from registry
    > etc. I do not know what exacts around documented around that issue,
    > maybe some of the MVP can comment/ drill me/thrill me
    >
    > Regards
    >
    > Garry Starck
    > MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
    > "Meinolf Weber [MVP-DS]" wrote:
    >
    >> Hello IT Team Queensbridge.bham.sch.uk
    >> ITTeamQueensbridgebhamschukdiscussions.microsoft.com,
    >>
    >> Also do not forget the other questions and outputs, especially when
    >> the other output is to big to post use the dcdiag /v /c on each DC
    >> separate and also netdiag /v.
    >>
    >> Best regards
    >>
    >> Meinolf Weber
    >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> confers
    >> no rights.
    >> ** Please do NOT email, only reply to Newsgroups
    >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>> Hi
    >>>
    >>> We have 2 DNS servers (bart and NED), Bart is the primary DNS server
    >>> and is the first DC in the domain. NED is the DC which isn't
    >>> replicating but is also a DNS server.
    >>>
    >>> Please find ipconfig /all outputs from both servers
    >>>
    >>> BART
    >>>
    >>> indows IP Configuration
    >>>
    >>> Host Name . . . . . . . . . . . . : bart
    >>>
    >>> Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
    >>>
    >>> Node Type . . . . . . . . . . . . : Unknown
    >>>
    >>> IP Routing Enabled. . . . . . . . : No
    >>>
    >>> WINS Proxy Enabled. . . . . . . . : No
    >>>
    >>> DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
    >>>
    >>> Ethernet adapter Local Area Connection:
    >>>
    >>> Connection-specific DNS Suffix . :
    >>>
    >>> Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
    >>> Connection
    >>>
    >>> Physical Address. . . . . . . . . : 00-11-2F-63-BC-9B
    >>>
    >>> DHCP Enabled. . . . . . . . . . . : No
    >>>
    >>> IP Address. . . . . . . . . . . . : 10.122.84.51
    >>>
    >>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
    >>>
    >>> Default Gateway . . . . . . . . . : 10.122.84.50
    >>>
    >>> DNS Servers . . . . . . . . . . . : 10.122.84.51
    >>>
    >>> 10.122.84.58
    >>>
    >>> NED
    >>>
    >>> Windows IP Configuration
    >>>
    >>> Host Name . . . . . . . . . . . . : ned
    >>>
    >>> Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
    >>>
    >>> Node Type . . . . . . . . . . . . : Unknown
    >>>
    >>> IP Routing Enabled. . . . . . . . : No
    >>>
    >>> WINS Proxy Enabled. . . . . . . . : No
    >>>
    >>> DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
    >>>
    >>> Ethernet adapter Local Area Connection 2:
    >>>
    >>> Connection-specific DNS Suffix . :
    >>>
    >>> Description . . . . . . . . . . . : Realtek RTL8169/8110 Family
    >>> Gigabit Ethernet NIC
    >>>
    >>> Physical Address. . . . . . . . . : 00-0F-B5-09-A5-2C
    >>>
    >>> DHCP Enabled. . . . . . . . . . . : No
    >>>
    >>> IP Address. . . . . . . . . . . . : 10.122.84.58
    >>>
    >>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
    >>>
    >>> Default Gateway . . . . . . . . . : 10.122.84.50
    >>>
    >>> DNS Servers . . . . . . . . . . . : 10.122.84.51
    >>>
     
    Meinolf Weber [MVP-DS], Jun 29, 2009
    #17
  18. IT Team @ Queensbridge.bham.sch.uk

    enricklary

    Joined:
    Mar 26, 2010
    Messages:
    1
    enricklary, Mar 26, 2010
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kaden

    HP health check says poor?

    Kaden, May 9, 2007, in forum: Windows Vista Hardware
    Replies:
    4
    Views:
    288
    huwyngr
    Jul 1, 2007
  2. buckskinpaintchic

    Health Check issues

    buckskinpaintchic, Jul 15, 2007, in forum: Windows Vista Performance
    Replies:
    3
    Views:
    227
    dean-dean
    Jul 15, 2007
  3. screech

    Health Check

    screech, Mar 1, 2008, in forum: Windows Vista Performance
    Replies:
    2
    Views:
    193
    That Guy
    Mar 2, 2008
  4. jane1043

    Instant health insurance quotes,california health insurance quotes

    jane1043, Jan 7, 2010, in forum: Windows Vista Music, Pictures and Video
    Replies:
    0
    Views:
    601
    jane1043
    Jan 7, 2010
  5. Chris

    AD health check and cleanup

    Chris, Jan 20, 2010, in forum: Active Directory
    Replies:
    3
    Views:
    370
    Paul Bergson [MVP-DS]
    Jan 21, 2010
Loading...

Share This Page