|
|
This is something I'm doing in a test environment using Virtual PC.
Two Servers, both 2003
Server1
domain1.com
Server2
sub.domain1.com
I'm troubleshooting replication problems.
If I look in this folder in DNS
Forward Lookup
Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp Forward
Lookup Zones/Domain_Name/_msdcs/dc/_tcp
_ldap._tcp.dc._msdcs.Domain_Name
there is a SRV record for that server under _ldap and _kerberos
If I look in the same location in DNS on Server2, the SRV record is also for
Server1. Is that correct or should there be SRV records for Server2 there?
TIA
|
|
In news:epO7Tp0RJHA.4760[ at ]TK2MSFTNGP02.phx.gbl,
JohnB <jbrigan[ at ]yahoo.com> requesting assistance, typed the following:
[Quoted Text] > This is something I'm doing in a test environment using Virtual PC.
>
> Two Servers, both 2003
>
> Server1
> domain1.com
>
> Server2
> sub.domain1.com
>
> I'm troubleshooting replication problems.
>
> If I look in this folder in DNS
> Forward Lookup
> Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp
> Forward Lookup Zones/Domain_Name/_msdcs/dc/_tcp
> _ldap._tcp.dc._msdcs.Domain_Name
> there is a SRV record for that server under _ldap and _kerberos
>
> If I look in the same location in DNS on Server2, the SRV record is
> also for Server1. Is that correct or should there be SRV records for
> Server2 there?
> TIA
Not if they are in different domains.
If you are having replication issues, can you post the eventID errors in the
Event logs as well as an unedited ipconfig /all of the parent domain DC and
the child domain DC please?This will help us get a better understanding of
how the infrastructure is configured and provide specific help.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly.
Please check http://support.microsoft.com for regional support phone
numbers.
|
|
This is from the DC for the parent domain
Windows IP Configuration
Host Name . . . . . . . . . . . . : serverdc1
Primary Dns Suffix . . . . . . . : FLCOMPUTECH.COM
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : FLCOMPUTECH.COM
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapt
er (Generic)
Physical Address. . . . . . . . . : 00-03-FF-E1-8D-4F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.1.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
-------------------------------------------
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1925
Date: 11/17/2008
Time: 12:31:55 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVERDC1
Description:
The attempt to establish a replication link for the following writable
directory partition failed.
Directory partition:
CN=Configuration,DC=FLCOMPUTECH,DC=COM
Source domain controller:
CN=NTDS
Settings,CN=SERVER03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=FLCOMPUTECH,DC=COM
Source domain controller address:
e6db54b3-54c4-4464-a4e0-0922651abea2._msdcs.FLCOMPUTECH.COM
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain
controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity
is available.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
*********************************
This is from the DC from the child domain
Windows IP Configuration
Host Name . . . . . . . . . . . . : server03
Primary Dns Suffix . . . . . . . : OCALA.FLCOMPUTECH.COM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : OCALA.FLCOMPUTECH.COM
FLCOMPUTECH.COM
Ethernet adapter Internal NIC:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapt
er (Generic)
Physical Address. . . . . . . . . : 00-03-FF-E2-8D-4F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.1.252
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.254
DNS Servers . . . . . . . . . . . : 172.16.1.252
NetBIOS over Tcpip. . . . . . . . : Disabled
----------------------------------------------
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1308
Date: 11/17/2008
Time: 12:39:22 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER03
Description:
The Knowledge Consistency Checker (KCC) has detected that successive
attempts to replicate with the following domain controller has consistently
failed.
Attempts:
1
Domain controller:
CN=NTDS
Settings,CN=SERVERDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=FLCOMPUTECH,DC=COM
Period of time (minutes):
2744
The Connection object for this domain controller will be ignored, and a new
temporary connection will be established to ensure that replication
continues. Once replication with this domain controller resumes, the
temporary connection will be removed.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
"Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname[ at ]hotmail.com>
wrote in message news:OjRJjl7RJHA.1484[ at ]TK2MSFTNGP03.phx.gbl...
[Quoted Text] > In news:epO7Tp0RJHA.4760[ at ]TK2MSFTNGP02.phx.gbl, > JohnB <jbrigan[ at ]yahoo.com> requesting assistance, typed the following: >> This is something I'm doing in a test environment using Virtual PC. >> >> Two Servers, both 2003 >> >> Server1 >> domain1.com >> >> Server2 >> sub.domain1.com >> >> I'm troubleshooting replication problems. >> >> If I look in this folder in DNS >> Forward Lookup >> Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp >> Forward Lookup Zones/Domain_Name/_msdcs/dc/_tcp >> _ldap._tcp.dc._msdcs.Domain_Name >> there is a SRV record for that server under _ldap and _kerberos >> >> If I look in the same location in DNS on Server2, the SRV record is >> also for Server1. Is that correct or should there be SRV records for >> Server2 there? >> TIA > > > Not if they are in different domains. > > If you are having replication issues, can you post the eventID errors in > the Event logs as well as an unedited ipconfig /all of the parent domain > DC and the child domain DC please?This will help us get a better > understanding of how the infrastructure is configured and provide specific > help. > > -- > Ace > > This posting is provided "AS-IS" with no warranties or guarantees and > confers no rights. > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT > Microsoft Certified Trainer > > For urgent issues, you may want to contact Microsoft PSS directly. > Please check http://support.microsoft.com for regional support phone > numbers.
|
|
Hello JohnB,
from a command prompt on each dc do the following:
netdiag /fix
ipconfig /registerdns
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This posting
is provided "AS IS" with no warranties, and confers no rights.
[Quoted Text] > This is something I'm doing in a test environment using Virtual PC.
>
> Two Servers, both 2003
>
> Server1
> domain1.com
> Server2
> sub.domain1.com
> I'm troubleshooting replication problems.
>
> If I look in this folder in DNS
> Forward Lookup
> Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp
> Forward
> Lookup Zones/Domain_Name/_msdcs/dc/_tcp
> _ldap._tcp.dc._msdcs.Domain_Name
> there is a SRV record for that server under _ldap and _kerberos
> If I look in the same location in DNS on Server2, the SRV record is
> also for Server1. Is that correct or should there be SRV records for
> Server2 there?
>
> TIA
>
|
|
Thanks Paul, but I moved on, I just recreated the VM's, and started from
scratch. I need the practice any way :-)
But thanks for the tip, I'll keep in mind.
"Paul Bergson [MVP-DS]" <pbbergs[ at ]nospam_msn.com> wrote in message
news:6f5dc7bb7fcd8cb182f65ef8029[ at ]msnews.microsoft.com...
[Quoted Text] > Hello JohnB, > from a command prompt on each dc do the following: > > netdiag /fix > ipconfig /registerdns > > > > > -- > Paul Bergson > MVP - Directory Services > MCTS, MCT, MCSE, MCSA, Security+, BS CSci > 2008, 2003, 2000 (Early Achiever), NT4 > > > http://www.pbbergs.com> > Please no e-mails, any questions should be posted in the NewsGroup This > posting is provided "AS IS" with no warranties, and confers no rights. > > > >> This is something I'm doing in a test environment using Virtual PC. >> >> Two Servers, both 2003 >> >> Server1 >> domain1.com >> Server2 >> sub.domain1.com >> I'm troubleshooting replication problems. >> >> If I look in this folder in DNS >> Forward Lookup >> Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp >> Forward >> Lookup Zones/Domain_Name/_msdcs/dc/_tcp >> _ldap._tcp.dc._msdcs.Domain_Name >> there is a SRV record for that server under _ldap and _kerberos >> If I look in the same location in DNS on Server2, the SRV record is >> also for Server1. Is that correct or should there be SRV records for >> Server2 there? >> >> TIA >> > >
|
|
In news:Oepi8FnSJHA.6060[ at ]TK2MSFTNGP06.phx.gbl,
JohnB <jbrigan[ at ]yahoo.com> requesting assistance, typed the following:
[Quoted Text] > Thanks Paul, but I moved on, I just recreated the VM's, and started
> from scratch. I need the practice any way :-)
>
> But thanks for the tip, I'll keep in mind.
John,
Does that mean the problems are gone?
Some suggestions, based on the ipconfig /all you provided:
1. Change the 127.0.0.1 to the actual IP of the DNS server IP address.
2. If both DC/DNS servers are on the same subnet/site, set the partner as
the first address, the second as itself, otherwise in different
subnets/sites, itself as first, one of the others as the second entry.
3. Create a reverse zone for your subnet. Allow updates.
4. If you are disabling NetBIOS, make it consistent on all DCs. Your
original ipconfig showed it was disabled on only one.
5. Keep in mind replication scope of an AD integrated zone properties.
You'll want them consistent. If you set it to All DNS server in the domain
(middle button) on one of the DCs, and to all DNS servers in the Forest (top
button), this can cause a major problem and would be a cause of the problems
you were seeing. There are quite a few steps that need to be taken to clean
it up, if that were the case. Also, if you delete a zone on one of the DCs,
it will delete them on ALL DCs, unless of course the replication scopes are
skewed.
I hope that helps.
Ace
|
|
|