Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AD Not Replicating Due to Permissions - Access Denied

Status
Not open for further replies.
gavm99

gavm99

IS-IT--Management
May 18, 2004
809
GB
Hi all,

My domain is no longer replicating (and hasn't for a while).

I have ran dcdiag and the results are below, why am I getting access denied errors?


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER02
Starting test: Connectivity
......................... SERVER02 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER02
Starting test: Replications
[Replications Check,SERVER02] A recent replication attempt failed:
From SERVER01 to SERVER02
Naming Context: CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-08-06 10:48.08.
The last success occurred at 2007-06-04 08:50.57.
1520 failures have occurred since the last success.
[SERVER01] DsBind() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,SERVER02] A recent replication attempt failed:
From SERVER01 to SERVER02
Naming Context: CN=Configuration,DC=DOMAIN,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-08-06 10:50.55.
The last success occurred at 2007-06-04 09:16.44.
7074 failures have occurred since the last success.
[Replications Check,SERVER02] A recent replication attempt failed:
From SERVER01 to SERVER02
Naming Context: DC=DOMAIN,DC=local
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-08-06 11:03.12.
The last success occurred at 2007-06-04 09:45.42.
25473 failures have occurred since the last success.
......................... SERVER02 passed test Replications
Starting test: NCSecDesc
......................... SERVER02 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER02 passed test NetLogons
Starting test: Advertising
......................... SERVER02 passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: SERVER01 is the Domain Owner, but is not responding to DS RPC Bind.
[SERVER01] LDAP bind failed with error 31,
A device attached to the system is not functioning..
Warning: SERVER01 is the Domain Owner, but is not responding to LDAP Bind.
Warning: SERVER01 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: SERVER01 is the PDC Owner, but is not responding to LDAP Bind.
Warning: SERVER01 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: SERVER01 is the Rid Owner, but is not responding to LDAP Bind.
Warning: SERVER01 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: SERVER01 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... SERVER02 failed test KnowsOfRoleHolders
Starting test: RidManager
[SERVER02] DsBindWithCred() failed with error -2146893022. The target principal name is incorrect.
......................... SERVER02 failed test RidManager
Starting test: MachineAccount
......................... SERVER02 passed test MachineAccount
Starting test: Services
......................... SERVER02 passed test Services
Starting test: ObjectsReplicated
......................... SERVER02 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER02 passed test frssysvol
Starting test: kccevent
......................... SERVER02 passed test kccevent
Starting test: systemlog
......................... SERVER02 passed test systemlog

Running enterprise tests on : DOMAIN.local
Starting test: Intersite
......................... DOMAIN.local passed test Intersite
Starting test: FsmoCheck
......................... DOMAIN.local passed test FsmoCheck


Any suggestions would be appreciated!!!

Thanks.

----------------------------------------
"Nobody cares how it works, as long as it works
 
Sort by date Sort by votes
What I also found is that if do \\SERVER01 from SERVER02 then I get access denied, but if I do it by IP it works!

----------------------------------------
"Nobody cares how it works, as long as it works
 
Upvote 0 Downvote
I had a similiar problem with file replication, and solved it by the following steps:

1) Stop file replication service on domain controller and backup DC's.
2) Make sure the logon is set to Local System Account (Services->File Replication->LogOn on each DC.
3) Start the FRS on the domain controller.
4) Start the FRS on each backup DC.
5) Check the event logs to see what happens.

Hope this helps,
David.
 
Upvote 0 Downvote
Hi there,

In the end after attempting everything I came across I removed AD from Server2. This had to be forced. Once it was removed AD was happy again and everyone can log on as normal, at much faster speeds and I can access everything by IP or Name.

Thanks.

----------------------------------------
"Nobody cares how it works, as long as it works
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
505
microsGuy16
microsGuy16
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
709
suncit
suncit
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
466
DTGMI
DTGMI
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
304
DrB0b
DrB0b
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
269
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top