> Hi,
>
> From dcdiag:
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: <site>\<server>
> Starting test: Connectivity
> ......................... <server> passed test Connectivity
>
> Doing primary tests
>
> Testing server: <site>\<server>
> Starting test: Replications
> [Replications Check,<server>] A recent replication attempt failed:
> From DC to <server>
> Naming Context: DC=ForestDnsZones,DC=<domain>,DC=local
> The replication generated an error (1256):
> The remote system is not available. For information about
> network tr
> oubleshooting, see Windows Help.
> The failure occurred at 2008-12-23 10:46:38.
> The last success occurred at 2008-12-22 15:45:44.
> 7 failures have occurred since the last success.
> [Replications Check,<server>] A recent replication attempt failed:
> From DC to <server>
> Naming Context: CN=Schema,CN=Configuration,DC=<domain>,DC=local
> The replication generated an error (8524):
> The DSA operation is unable to proceed because of a DNS lookup
> failu
> re.
> The failure occurred at 2008-12-23 07:47:34.
> The last success occurred at 2008-12-22 15:45:43.
> 6 failures have occurred since the last success.
> The guid-based DNS name
> 1e5fb0dc-5d86-4467-9d43-055d890145f2._msdcs.
> <domain>.local
> is not registered on one or more DNS servers.
> [Replications Check,<server>] A recent replication attempt failed:
> From DC to <server>
> Naming Context: CN=Configuration,DC=<domain>,DC=local
> The replication generated an error (8524):
> The DSA operation is unable to proceed because of a DNS lookup
> failu
> re.
> The failure occurred at 2008-12-23 10:46:38.
> The last success occurred at 2008-12-22 15:56:47.
> 10 failures have occurred since the last success.
> The guid-based DNS name
> 1e5fb0dc-5d86-4467-9d43-055d890145f2._msdcs.
> <domaon>.local
> is not registered on one or more DNS servers.
> REPLICATION-RECEIVED LATENCY WARNING
> <server>: Current time is 2008-12-23 16:00:19.
> DC=ForestDnsZones,DC=<domain>,DC=local
> Last replication recieved from <server> at 2008-12-22
> 15:20:01.
>
> Last replication recieved from DC at 2008-12-22 15:45:44.
> Last replication recieved from DC2 at 2008-12-22 15:29:38.
> Last replication recieved from DC3 at 2008-12-22 15:19:50.
> Last replication recieved from DC4 at 2008-12-22 15:44:37.
> CN=Schema,CN=Configuration,DC=<domain>,DC=local
> Last replication recieved from DC01 at 2008-12-22 15:20:01.
>
> Last replication recieved from DC at 2008-12-22 15:45:43.
> Last replication recieved from DC2 at 2008-12-22 15:45:44.
> Last replication recieved from DC3 at 2008-12-22 15:44:36.
> Last replication recieved from DC4 at 2008-12-22 15:29:37.
> Last replication recieved from DC5 at 2008-12-22 15:19:50.
> Last replication recieved from DC6 at 2008-12-22 15:44:36.
> CN=Configuration,DC=<domain>,DC=local
> Last replication recieved from DC01 at 2008-12-22 15:19:57.
>
> Last replication recieved from DC at 2008-12-22 15:56:47.
> Last replication recieved from DC2 at 2008-12-22 15:58:25.
> Last replication recieved from DC3 at 2008-12-22 15:44:32.
> Last replication recieved from DC4 at 2008-12-22 15:29:32.
> Last replication recieved from DC5 at 2008-12-22 15:20:23.
> Last replication recieved from DC6 at 2008-12-22 15:44:34.
> ......................... <server> passed test Replications
> Starting test: NCSecDesc
> ......................... <server> passed test NCSecDesc
> Starting test: NetLogons
> * You must make sure there are no existing net use connections,
> you can use "net use /d \\<server>\ipc$" or "net use /d
> \\<machine-name>\<share-name>"
> ......................... <server> failed test NetLogons
> Starting test: Advertising
> ......................... <server> passed test Advertising
> Starting test: KnowsOfRoleHolders
> ......................... <server> passed test KnowsOfRoleHolders
> Starting test: RidManager
> ......................... <server> passed test RidManager
> Starting test: MachineAccount
> Could not open pipe with [<server>]:failed with 1219: Multiple
> connectio
> ns to a server or shared resource by the same user, using more than one
> user
> nam
> e, are not allowed. Disconnect all previous connections to the server or
> shared
> resource and try again.
> Could not get NetBIOSDomainName
> Failed can not test for HOST SPN
> Failed can not test for HOST SPN
> * Missing SPN :(null)
> * Missing SPN :(null)
> ......................... <server> failed test MachineAccount
> Starting test: Services
> Could not open Remote ipc to [<server>]:failed with 1219: Multiple
> conne
> ctions to a server or shared resource by the same user, using more than
> one
> user
> name, are not allowed. Disconnect all previous connections to the server
> or
> sha
> red resource and try again.
> ......................... <server> failed test Services
> Starting test: ObjectsReplicated
> ......................... <server> passed test ObjectsReplicated
> Starting test: frssysvol
> * You must make sure there are no existing net use connections,
> you can use "net use /d \\<server>\ipc$" or "net use /d
> \\<machine-name>\<share-name>"
> ......................... <server> failed test frssysvol
> Starting test: frsevent
> ......................... <server> failed test frsevent
> Starting test: kccevent
> Failed to enumerate event log records, error Multiple connections
> to a
> server or shared resource by the same user, using more than one user name,
> are n
> ot allowed. Disconnect all previous connections to the server or shared
> resource
> and try again.
> ......................... <server> failed test kccevent
> Starting test: systemlog
> Failed to enumerate event log records, error Multiple connections
> to a
> server or shared resource by the same user, using more than one user name,
> are n
> ot allowed. Disconnect all previous connections to the server or shared
> resource
> and try again.
> ......................... <server> failed test systemlog
> Starting test: VerifyReferences
> ......................... <server> passed test VerifyReferences
>
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test CheckSDRefDom
>
> Running partition tests on : <site>
> Starting test: CrossRefValidation
> ......................... <site> passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... <site> passed test CheckSDRefDom
>
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test CheckSDRefDom
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test CheckSDRefDom
>
> Running enterprise tests on : <domain.local>
> Starting test: Intersite
> ......................... <domain.local> passed test Intersite
> Starting test: FsmoCheck
> ......................... <domain.local> passed test FsmoCheck
>
> DC=root domain AD DNS server
> <server>=subdomain DC
> DC2.3.4 etc= other DC's in other locations
> domain.local=root domain
>
> Looks like the main issue maybe with the error:
>
> The guid-based DNS name 1e5fb0dc-5d86-4467-9d43-055d890145f2._msdcs.
> <domaon>.local
> is not registered on one or more DNS servers.
>
> So please tell me step by step how to solve this.
>
>
> Thanks,
> Taz
>
>
>
> "Paul Bergson" wrote:
>
>> What are the exact errors you are getting?
>>
>> "There are also a bunch of AD errors in the event log saying that the
>> root
>> dns server refuses connection from the subdomain for replication."
>>
>>
>>
>> Are the high ports being blocked going either way? This is common, since
>> RPC
>> uses high ports. You may have DNS setup correctly but errors created by
>> firewall issues could easily be the problem.
>> Check out an article I have on Firewall Ports Needed for Replication at:
>>
http://www.pbbergs.com/windows/articles.htm>>
>> Run portqryui from both sides of the domain and see what specifically is
>> going on.
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>>
>>
http://www.pbbergs.com>>
>> Please no e-mails, any questions should be posted in the NewsGroup This
>> posting is provided "AS IS" with no warranties, and confers no rights.
>> "Taz1972" <Taz1972[ at ]discussions.microsoft.com> wrote in message
>> news:47C3A2CE-6B9E-4E83-9A4B-D36538555D52[ at ]microsoft.com...
>> > Hi,
>> >
>> > I recently created a new subdomain for my company. The creation part of
>> > the
>> > subdomain went fine, but now when I attempt to connect to the DC of the
>> > new
>> > subdomain I get the following message:
>> >
>> > error 1722 rpc service not available
>> >
>> > My root domain has an internal address range of 172.x.x.x and the
>> > subdomain
>> > is 192.168.x.x.
>> >
>> > I can ping both the hostname and ip address of any machine FROM the
>> > subdomian to the root domain, but I can only ping the ip address and
>> > not
>> > the
>> > hostname when pinging TO the subdomain. This is most likely a dns
>> > configuration issue, but I'm not sure how to solve it. The subdomain is
>> > also
>> > on a different site, and it is setup to be AD integrated.
>> >
>> > I setup the subdomain according to these instructions:
>> >
>> >
http://support.microsoft.com/kb/255248>> >
>> >
http://technet.microsoft.com/en-us/library/cc780951.aspx>> >
>> >
http://technet.microsoft.com/en-us/library/cc787706.aspx>> >
>> > I checked the rpc/rpc locator services on both sides and they seem
>> > fine. I
>> > also get the above error when trying to do a replication in AD sites
>> > and
>> > servcies.
>> >
>> > I set the subdomain DC to point to itself for dns, and added the root
>> > domains internal dns server as a forwarder. We also have some external
>> > dns
>> > servers but I haven't set these anywhere in the configuration - is this
>> > needed?
>> >
>> > There are also a bunch of AD errors in the event log saying that the
>> > root
>> > dns server refuses connection from the subdomain for replication.
>> >
>> > This is kind of urgent so any advise will be appreciated!
>> >
>> > Thanks,
>> > Taz
>> >
>> >
>>