DNS lookup failure - error #8524

[GrnEyedLdy]

I am running ADcheck looking for reasons why replicaiton is failing to one of my DC's (from the parent to the child). From the child to the parent replication is working fine.

The child DC in question currently holds the PDC Emulator, RID and Infrastructure master roles.

The following is from the ADcheck report when checking replicaiton...

Verifying replication topology of entire network...
Detected no timeout errors...
Detected no configuration errors...
Detected no system errors...
Network replication appears to be functioning correctly!

Analyzing direct replication partners...
VANCOUVER
Last successful replication: Tuesday, October 29, 2002 1:08:17 PM
Last replication attempt: Friday, November 01, 2002 3:52:54 PM
Number of recent failures: 60
Status of last attempt: The DSA operation is unable to proceed because of a DNS lookup failure. (For diagnostic purposes, the error number is= 8524 )

I can't find any reference to the error code...anyone have any ideas where I should look next?

Thanks!

Patty

 

[jrogersnd]

Has the IP address of the machine changed? Can you ping the machine? Does NSlookup provide the correct ip address e.g. same ip address that you can ping the machine by?

Check your pointer and host records on the dns server to make sure they're consistent.

HTH!

--James

 

[GrnEyedLdy]

Hi James,

Has the IP address of the machine changed? No

Can you ping the machine? I can ping from the parent(London), to the child (Vancouver) by IP and Name. However, from the child (Vancouver) to the parent (London), I cannot ping by any means. (Request times out) I can however communicate with London via UNC's or by browsing from Vancouver. So, I believe that there must be some security filter that will not allow me to send/or maybe receive ICMP packets between these two machines. There are no IPsec polices enabled...I've looked everywhere I can think of for anything that might be causing this. From the child (Vancouver) to any other machine in the domain tree, pings are successful in either direction.

Does NSlookup provide the correct ip address e.g. same ip address that you can ping the machine by? Yes, Nslookup returns the correct DNS name server...which is London with the correct IP address.

Pointer and Hosts records are consistent.

Hmmm....I just don't know!

Thanks for your input,

Patty

 

[GrnEyedLdy]

Correction to my last post,

"However, from the child (Vancouver) to the parent (London), I cannot ping by any means".

I can ping from Vancouver to London via IP...just not by name.

Patty

 

[GlenJohnson]

Event logs? Ipconfig all? Swapped out nics? Trace route? Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@nellsgiftbox.com


"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.

 

[jrogersnd]

Patty,

There must be a firewall in-between the two domains. Has replication ever worked? If not then the firewall in the London office must be blocking RPC communications. I would suggest talking to one of the network engineers that maintains the WAN links (unless there isn't one) to find out if there is a firewall in place. If there is I would ask if RPC (tcp/135 I think) or SMTP (port 80) communication is being forwarded to the domain controllers depending on your site link setup.

What is your domain topology like? Is your DNS Active Directory Integrated? Do you use SMTP site links or IP site links? Do you have a firewall in London, but not Vancouver? CIFS/SMB traffic is obviously getting through, so there has to be some sort of filtering mechanism like you mentioned. How is your replication set up?

--James