I have a network that I recently migrated to 2000 os. I had three servers online, 1 nt pdc, and two 2000 servers. I took my original nt pdc server (server0) and upgraded the os to 2000 server. I then went to native mode on all servers. I then mistakenly took server0 offline. I seized the roles to Server1 and removed all entries of Server0 with the ntdsutil /metadata cleanup utility. I then installed dns as a single-master with a reverse lookup zone (all entries in dns look to Server1 the way I want it). Server1 then disappeared from the browser list. I can still ping it and I can still connect to it by name. I confirmed that server1 had possession of all roles. Server2 still lists server0 as having roles (schema Master). It seems as if active-directory is not working correctly. Server2 thinks server0 is still the master browser and schema master due to replication failures. AD replication monitor says ad replication failed because of RPC failures. I checked both servers the RPC service is started. I also synchronized the time on both servers. Any Ideas would be greatly appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Active Directory replication problems
- Thread starter Cenz
- Start date
mlichstein
MIS
Run a "dcdiag /v > output.txt" on your DCs.
You can post the output here.
You can post the output here.
- Thread starter
- #6
I looked im AD sites and services and saw a entry that referred to the server that is offline and removed it, leaving the entries for valid servers. I then tried replicating again. I recieved a "failure due to dns problems" error. I ran dcdiag and see a slew of problems. There are currently two dc's online at this point "scmeserver" and "image_server". Scmeserver is the role holder. I seized the roles from "pc001" which is no longer online. All references to pc001 need to be replaced by SCMESERVER - which I thought i did by running the ntdsutil metadata cleanup. I am looking into setting up a time server. Thankyou for your responses.
dcdiag Output.txt
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine SCMESERVER, is a DC.
* Connecting to directory service on server SCMESERVER.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: SCME\SCMESERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SCMESERVER passed test Connectivity
Doing primary tests
Testing server: SCME\SCMESERVER
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
SCMESERVER: This replication path was preempted by higher priority work.
from IMAGE_SERVER to SCMESERVER
Reason: The replication operation failed because of a schema mismatch between the servers involved.
The last success occurred at 2004-03-31 12:05.51.
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
SCMESERVER: This replication path was preempted by higher priority work.
from IMAGE_SERVER to SCMESERVER
Reason: The replication operation failed because of a schema mismatch between the servers involved.
The last success occurred at 2004-03-31 12:05.51.
Replication of new changes along this path will be delayed.
......................... SCMESERVER passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=scme,DC=gov
* Security Permissions Check for
CN=Configuration,DC=scme,DC=gov
* Security Permissions Check for
DC=scme,DC=gov
......................... SCMESERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SCMESERVER passed test NetLogons
Starting test: Advertising
The DC SCMESERVER is advertising itself as a DC and having a DS.
The DC SCMESERVER is advertising as an LDAP server
The DC SCMESERVER is advertising as having a writeable directory
The DC SCMESERVER is advertising as a Key Distribution Center
Warning: SCMESERVER is not advertising as a time server.
......................... SCMESERVER failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
Role Domain Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
Role PDC Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
Role Rid Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
......................... SCMESERVER passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3217 to 1073741823
* SCMESERVER.scme.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1705 to 2204
* rIDNextRID: 1714
* rIDPreviousAllocationPool is 1705 to 2204
......................... SCMESERVER passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/SCMESERVER.scme.gov/scme.gov
* SPN found :LDAP/SCMESERVER.scme.gov
* SPN found :LDAP/SCMESERVER
* SPN found :LDAP/SCMESERVER.scme.gov/SCME
* SPN found :LDAP/a269ed98-bd4c-44a4-a9c7-2235898fdbfe._msdcs.scme.gov
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a269ed98-bd4c-44a4-a9c7-2235898fdbfe/scme.gov
* SPN found :HOST/SCMESERVER.scme.gov/scme.gov
* SPN found :HOST/SCMESERVER.scme.gov
* SPN found :HOST/SCMESERVER
* SPN found :HOST/SCMESERVER.scme.gov/SCME
* SPN found :GC/SCMESERVER.scme.gov/scme.gov
......................... SCMESERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
w32time Service is stopped on [SCMESERVER]
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
Could not open IISADMIN Service on [SCMESERVER]:failed with 1060: The specified service does not exist as an installed service.
* Checking Service: NtFrs
Could not open SMTPSVC Service on [SCMESERVER]:failed with 1060: The specified service does not exist as an installed service.
......................... SCMESERVER failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SCMESERVER is in domain DC=scme,DC=gov
Checking for CN=SCMESERVER,OU=Domain Controllers,DC=scme,DC=gov in domain DC=scme,DC=gov on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov in domain CN=Configuration,DC=scme,DC=gov on 1 servers
Object is up-to-date on all servers.
......................... SCMESERVER passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/31/2004 13:07:42
Event String: The File Replication Service is having trouble
enabling replication from PC001 to SCMESERVER for
e:\winnt\sysvol\domain using the DNS name
pc001.scme.gov. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
pc001.scme.gov from this computer.
[2] FRS is not running on pc001.scme.gov.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... SCMESERVER passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... SCMESERVER passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000041B
Time Generated: 04/08/2004 08:06:59
Event String: The DHCP/BINL service has determined that it is
not authorized to service clients on this network
for the Windows domain: scme.gov.
......................... SCMESERVER failed test systemlog
Running enterprise tests on : scme.gov
Starting test: Intersite
Skipping site SCME, this site is outside the scope provided by the
command line arguments provided.
......................... scme.gov passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
PDC Name: \\SCMESERVER.scme.gov
Locator Flags: 0xe00001b9
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
KDC Name: \\SCMESERVER.scme.gov
Locator Flags: 0xe00001b9
......................... scme.gov failed test FsmoCheck
dcdiag Output.txt
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine SCMESERVER, is a DC.
* Connecting to directory service on server SCMESERVER.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: SCME\SCMESERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SCMESERVER passed test Connectivity
Doing primary tests
Testing server: SCME\SCMESERVER
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
SCMESERVER: This replication path was preempted by higher priority work.
from IMAGE_SERVER to SCMESERVER
Reason: The replication operation failed because of a schema mismatch between the servers involved.
The last success occurred at 2004-03-31 12:05.51.
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
SCMESERVER: This replication path was preempted by higher priority work.
from IMAGE_SERVER to SCMESERVER
Reason: The replication operation failed because of a schema mismatch between the servers involved.
The last success occurred at 2004-03-31 12:05.51.
Replication of new changes along this path will be delayed.
......................... SCMESERVER passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=scme,DC=gov
* Security Permissions Check for
CN=Configuration,DC=scme,DC=gov
* Security Permissions Check for
DC=scme,DC=gov
......................... SCMESERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SCMESERVER passed test NetLogons
Starting test: Advertising
The DC SCMESERVER is advertising itself as a DC and having a DS.
The DC SCMESERVER is advertising as an LDAP server
The DC SCMESERVER is advertising as having a writeable directory
The DC SCMESERVER is advertising as a Key Distribution Center
Warning: SCMESERVER is not advertising as a time server.
......................... SCMESERVER failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
Role Domain Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
Role PDC Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
Role Rid Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov
......................... SCMESERVER passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3217 to 1073741823
* SCMESERVER.scme.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1705 to 2204
* rIDNextRID: 1714
* rIDPreviousAllocationPool is 1705 to 2204
......................... SCMESERVER passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/SCMESERVER.scme.gov/scme.gov
* SPN found :LDAP/SCMESERVER.scme.gov
* SPN found :LDAP/SCMESERVER
* SPN found :LDAP/SCMESERVER.scme.gov/SCME
* SPN found :LDAP/a269ed98-bd4c-44a4-a9c7-2235898fdbfe._msdcs.scme.gov
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a269ed98-bd4c-44a4-a9c7-2235898fdbfe/scme.gov
* SPN found :HOST/SCMESERVER.scme.gov/scme.gov
* SPN found :HOST/SCMESERVER.scme.gov
* SPN found :HOST/SCMESERVER
* SPN found :HOST/SCMESERVER.scme.gov/SCME
* SPN found :GC/SCMESERVER.scme.gov/scme.gov
......................... SCMESERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
w32time Service is stopped on [SCMESERVER]
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
Could not open IISADMIN Service on [SCMESERVER]:failed with 1060: The specified service does not exist as an installed service.
* Checking Service: NtFrs
Could not open SMTPSVC Service on [SCMESERVER]:failed with 1060: The specified service does not exist as an installed service.
......................... SCMESERVER failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SCMESERVER is in domain DC=scme,DC=gov
Checking for CN=SCMESERVER,OU=Domain Controllers,DC=scme,DC=gov in domain DC=scme,DC=gov on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SCMESERVER,CN=Servers,CN=SCME,CN=Sites,CN=Configuration,DC=scme,DC=gov in domain CN=Configuration,DC=scme,DC=gov on 1 servers
Object is up-to-date on all servers.
......................... SCMESERVER passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/31/2004 13:07:42
Event String: The File Replication Service is having trouble
enabling replication from PC001 to SCMESERVER for
e:\winnt\sysvol\domain using the DNS name
pc001.scme.gov. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
pc001.scme.gov from this computer.
[2] FRS is not running on pc001.scme.gov.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... SCMESERVER passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... SCMESERVER passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000041B
Time Generated: 04/08/2004 08:06:59
Event String: The DHCP/BINL service has determined that it is
not authorized to service clients on this network
for the Windows domain: scme.gov.
......................... SCMESERVER failed test systemlog
Running enterprise tests on : scme.gov
Starting test: Intersite
Skipping site SCME, this site is outside the scope provided by the
command line arguments provided.
......................... scme.gov passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
PDC Name: \\SCMESERVER.scme.gov
Locator Flags: 0xe00001b9
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
KDC Name: \\SCMESERVER.scme.gov
Locator Flags: 0xe00001b9
......................... scme.gov failed test FsmoCheck
mlichstein
MIS
Have you run the 2003 adprep command recently?
You really need to start the Windows time service on this DC. It isn't necessary to install a third-party time server, just activate the built in service.
Make sure the time service is started on both DCs. Then on SCMESERVER run "net time /setsntp:time.nist.gov" Then stop and start the time service.
On the other DC run "net time /setsntp:" (leave it blank after the colon). Then stop and start the time service.
Having the time service started on the DCs is critical. The schema mismatch error is troubling though.
You really need to start the Windows time service on this DC. It isn't necessary to install a third-party time server, just activate the built in service.
Make sure the time service is started on both DCs. Then on SCMESERVER run "net time /setsntp:time.nist.gov" Then stop and start the time service.
On the other DC run "net time /setsntp:" (leave it blank after the colon). Then stop and start the time service.
Having the time service started on the DCs is critical. The schema mismatch error is troubling though.
- Thread starter
- #8
I forgot 1 critical piece of information - this is an internal network not attached to the internet. So, I was trying to set the scmeserver as the authoritative time server with the net time command. Is that possible? I dont see how to accomplish this on any site so far. Also in ad replication monitor (after starting the rpc and telephony services) scmeserver says that replication to image-server was successful - but Image_server still is still trying to rep with pc001 (unsuccesful of course because it is gone) and has unsuccesful reps to scme_server due to "rpc server unavailable" ?????? driving me crazy.
- Status
Similar threads
- Locked
- Question
- Locked
- Question