Netdiag errors

[Code666]

Hello, I ahve had an ongoing replication problem with one of my DC's. We have one domain, 4 remotes sites. HQ is here with 3 DC's, the other sutes have 1 DC. All remote DC's are pointed to the DNS root at HQ for primary and themselves as secondary. The DC's here all pointed to the root and then themselves. I ran Netdiag on the remote DC and everything looks good except the DNS entries. Can anyone help with interpreting the results? Internet searches have not been too promising. Any help is greatly appreciated.

Testing DNS
[WARNING]: The DNS registration for 'cal-dc01.us.ad.ep.local' is correct only on some DNS servers.
Please wait 15 min for replication and run the test again.
* If I understand correctly the CAL DC is not registered on all DC's, I have checked and all DC's have the usual DNS records (NS, A, etc.).

[WARNING]: The DNS registration for 'cal-dc01.us.ad.ep.local' is correct only on some DNS servers.
Please wait 15 min for replication and run the test again.
Check the DNS registration for DCs entries on DNS server '10.55.X.X'
The Record is different on DNS server '10.55.X.X'.
* This is the root DNS at HQ. It has the CAL records, unless there is something else I need to check?

PASS - All the DNS entries for DC are registered on DNS server '10.55.X.X' and other DCs also have some of the names registered.

I really want to get this resolved as it has been an ongoing battle for 6 months now...thanks for the input/help.

 

[Code666]

Anyone?

 

[ITPangaeaArchitect]

what's the os, win2k or 2k3?
which replication is having the problem, FRS or AD replication?
run netdiag /fix and dcdiag /fix on the problem servers
post the results of netdiag /v and dcdiag /v......there's alot that can cause that.
see 179442 and make sure all the ports listed in the win2000 section are open on the firewalls or routers

first off make sure tcp/ip properties are correct and also ensure that the DHCP client service is started and auto on all DCs

by correct I mean go into the advanced TCP/IP properties, and go to the DNS tab first..make sure append primary and conenction specific DNS suffixes radio button is marked, append parent suffixes of the primary DNS suffix is checked, and register this connections addresses in DNS is checked. everything else should be blank.
then go to the WINS tab and ensure that enable netbios over tcp/ip is checked

now as for your configuration...i'll refer to your sites as main, remote1, remote2, etc.
main: PDC emulator should point to itself and itself only, the other two DCs should be standardized with the PDC as preferred (all servers/clients in your domain should have PDC as preferred). After that, open the DNS console on those DCs and right click the server and go to properties, go to the forwarders tab and add all other DNS serers in your domain.

What happens with that is that if they for some erason lose connection with the preferred DNS server, they will attempt to use themselves as their alternate (unless you standardize the alternates all the way down, but takes more time than forwarders)..if they haven't gotten some record replicated to them it is searching for, and the other DCs are not listed as forwarders, then the name resolution request will go out to the ISP (most likely forwarder to be there anyways) and never get answered. with using the other DNS servers as forwarders too, it will search the DNS structure internally and look for the record and have a better chance of finding it.

another thing id like to see is the repadmin /showreps command



-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there

 

[Code666]

Thanks for the reply, I have been working so hard on this issue for several days now. OK, where do I begin? The os of the servers is 2K and the clients are 2K/XP. The DC that is unable to complete the RPC connection is logging ID 13508. The problem seems to be FRS related, I ran the NTFRSUTL VERSION command on the DC logging the 13508 error (doing this will verify if FRS is running on the remote DC) and got "DSBINDWOTHDRED to localhost failed with status 1753 (0x6d90): There are no more endpoints available from the endpoint mapper." A look in the services console shows that the RPC service povides the endpoint mapper and other miscellaneous RPC services. You cannot restart the service from within services.msc, the DC needs to be rebooted. The repadmin /showreps and /kcc commands fail with the same error. For now I am rebooting every 3 days or so. The way the network is set-up the remote sites and HQ here are all part of the same domain, there are connection objects in AD Sites and Services, all internal traffice (replication, etc.) does not cross the firewall. All the DC's are pointed to the root dc here at HQ for Preferred DNS and then to themsleves for Secondary. The root DC is pointed to itself and Secondary is blank. It looks like the RPC service on the remote DC is flaking out. Is there annyway to reinstall the service? Let me know what you think, thanks!

 

[ITPangaeaArchitect]

first off

13508...you will always see this

always

the problem is when there is no trailing 13509

rpc server is unavailable usually indiactes a DNS issue though

do a netstat -an and make sure you are listening on port 135

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there

 

[Code666]

i've seen documentation detailing 13508 and 13509, also have a better understanding of replication under the hood my head hurts. netstat shows:
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
Also checked DNS and the information is there for the server unless there is something else I should look for?

 

[ITPangaeaArchitect]

see if this helps you

http://support.microsoft.com/?kbid=839880

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there

 

[Code666]

will try the steps listed and post back the results...thanks for the help.

 

[Code666]

UPDATE:
the server is running SP3. i am updating to SP4 tonight, but the culprit looks like the rpcss services is dying on the DC. i'll post back here in a few days to let everyone know how it goes...

 

[ITPangaeaArchitect]

yep you need sp4


sp3 sucked

and if you have other DCs, and they are SP4...SP3 machines won't replicate

shoulda mentioned that before

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there

 

[Code666]

this DC was set-up by another person who is no longer here btw. i am cleaning up his messes that i find along the way and this was one of them. SP4 was installed late friday night, checked this morning it looks cool. will monitor the next few days and post back...