Active Directory - Add a new replication partner 1

[shreks]

Hopefully a simple question?

Is it possible to manually add a replication partner in active directory?
We have 2 domain controllers but the new one is not registered as a replication partner so cannot replicate changes to the other DC.
Replication does work from the older DC to the new one.

Any help would be much appreciated

Thanks

Neil D

 

[jpederson]

Have you tried going to AD Sites and Services, expanding the tree and right clicking on servers. You should see a "New" choice on the menu. Try adding it there.

JP

 

[mlichstein]

Creating a manual connection is not the way to approach this problem. If you only have two DCs, the replication connections should be automatically created.

Start your troubleshooting with dcdiag /v and netdiag /v reports from both servers.

 

[shreks]

On further inspection I have noticed that the new DC has no IUSR_ or IWAM_ records in ad and therefore can't get access to DC1 to carry out replication??

DCDIAG result for DC1:

DC Diagnosis

Performing initial setup:
* Verifing that the local machine DC1, is a DC.
* Connecting to directory service on server DC1.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC1
Starting test: Replications
* Replications Check
......................... DC1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=dms,DC=co,DC=uk
* Security Permissions Check for
CN=Configuration,DC=dms,DC=co,DC=uk
* Security Permissions Check for
DC=dms,DC=co,DC=uk
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DC1 passed test NetLogons
Starting test: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3603 to 1073741823
* DC1.dms.co.uk is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3103 to 3602
* rIDNextRID: 1442
* rIDPreviousAllocationPool is 1103 to 1602
......................... DC1 passed test RidManager
Starting test: MachineAccount
* DC1 is not a server trust account
* SPN found :LDAP/DC1.dms.co.uk/dms.co.uk
* SPN found :LDAP/DC1.dms.co.uk
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.dms.co.uk/DMS
* SPN found :LDAP/ab1dd6ac-5bfd-4304-b88a-511ccdcb9545._msdcs.dms.co.uk
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ab1dd6ac-5bfd-4304-b88a-511ccdcb9545/dms.co.uk
* SPN found :HOST/DC1.dms.co.uk/dms.co.uk
* SPN found :HOST/DC1.dms.co.uk
* SPN found :HOST/DC1
* SPN found :HOST/DC1.dms.co.uk/DMS
* SPN found :GC/DC1.dms.co.uk/dms.co.uk
......................... DC1 failed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... DC1 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
DC1 is in domain DC=dms,DC=co,DC=uk
Checking for CN=DC1,OU=Domain Controllers,DC=dms,DC=co,DC=uk in domain DC=dms,DC=co,DC=uk on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk in domain CN=Configuration,DC=dms,DC=co,DC=uk on 1 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... DC1 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x800004F1
Time Generated: 02/28/2005 13:20:35
Event String: The attempt to establish a replication link with

parameters



Partition: DC=dms,DC=co,DC=uk

Source DSA DN:

CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk

Source DSA Address:

1352b1a0-befb-41bf-87cc-977eaddf09c0._msdcs.dms.co.uk

Inter-site Transport (if any):



failed with the following status:



Replication access was denied.



The record data is the status code. This

operation will be retried.
An Warning Event occured. EventID: 0x800004F1
Time Generated: 02/28/2005 13:20:35
Event String: The attempt to establish a replication link with

parameters



Partition: CN=Configuration,DC=dms,DC=co,DC=uk

Source DSA DN:

CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk

Source DSA Address:

1352b1a0-befb-41bf-87cc-977eaddf09c0._msdcs.dms.co.uk

Inter-site Transport (if any):



failed with the following status:



Replication access was denied.



The record data is the status code. This

operation will be retried.
An Warning Event occured. EventID: 0x800004F1
Time Generated: 02/28/2005 13:20:35
Event String: The attempt to establish a replication link with

parameters



Partition:

CN=Schema,CN=Configuration,DC=dms,DC=co,DC=uk

Source DSA DN:

CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dms,DC=co,DC=uk

Source DSA Address:

1352b1a0-befb-41bf-87cc-977eaddf09c0._msdcs.dms.co.uk

Inter-site Transport (if any):



failed with the following status:



Replication access was denied.



The record data is the status code. This

operation will be retried.
......................... DC1 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DC1 passed test systemlog

Running enterprise tests on : dms.co.uk
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... dms.co.uk passed test Intersite
Starting test: FsmoCheck
GC Name: \\DC1.dms.co.uk
Locator Flags: 0xe00001fd
PDC Name: \\DC1.dms.co.uk
Locator Flags: 0xe00001fd
Time Server Name: \\DC1.dms.co.uk
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\DC1.dms.co.uk
Locator Flags: 0xe00001fd
KDC Name: \\DC1.dms.co.uk
Locator Flags: 0xe00001fd
......................... dms.co.uk passed test FsmoCheck


DCDIAG results for DC2:


DC Diagnosis

Performing initial setup:
* Verifing that the local machine DC2, is a DC.
* Connecting to directory service on server DC2.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
DC2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(1352b1a0-befb-41bf-87cc-977eaddf09c0._msdcs.dms.co.uk) couldn't be

resolved, the server name (DC2.dms.co.uk) resolved to the IP address

(10.0.2.70) and was pingable. Check that the IP address is registered

correctly with the DNS server.
......................... DC2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC2
Skipping all tests, because server DC2 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels

Running enterprise tests on : dms.co.uk
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... dms.co.uk passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
PDC Name: \\DC1.dms.co.uk
Locator Flags: 0xe00001fd
Time Server Name: \\DC2.dms.co.uk
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\DC2.dms.co.uk
Locator Flags: 0xe00001f8
KDC Name: \\DC2.dms.co.uk
Locator Flags: 0xe00001f8
......................... dms.co.uk failed test FsmoCheck