prmoting the new windows 2003 r2 Domain controller in our 2003 env,,, notice that FRS replication not working . nt sharing the SYSVOL and NETLOGON.

-

hi,

after prmoting new windows 2003 r2 domain controller in our 2003 env,,, notice frs replication not working , receive below error @ time of dcdiag result.

please assist.

didcgiag result below :

 

directory server diagnosis


performing initial setup:

   trying find home server...

   home server = test101

   * identified ad forest.
   done gathering initial info.


doing initial required tests

  
   testing server: stg\test101

      starting test: connectivity

         ......................... test101 passed test connectivity

 

doing primary tests

  
   testing server: stg-gio\test101

      starting test: advertising

         warning: dsgetdcname returned information for

         \\testv100.com, when trying reach test101.

         server not responding or not considered suitable.

         ......................... test101 failed test advertising

      starting test: frsevent

         there warning or error events within last 24 hours after the

         sysvol has been shared.  failing sysvol replication problems may cause

         group policy problems.
         ......................... test101 passed test frsevent

      starting test: dfsrevent

         ......................... test101 passed test dfsrevent

      starting test: sysvolcheck

         ......................... test101 passed test sysvolcheck

      starting test: kccevent

         warning event occurred.  eventid: 0x80000b46

            time generated: 06/30/2011   17:51:10

            event string:

            security of directory server can enhanced configuring server reject sasl (negotiate,  kerberos, ntlm, or digest) ldap binds not request signing (integrity verification) , ldap simple binds that  performed on cleartext (non-ssl/tls-encrypted) connection.  if no clients using such binds, configuring server reject them improve security of server.


         ......................... test101 passed test kccevent

      starting test: knowsofroleholders

         ......................... test101 passed test knowsofroleholders

      starting test: machineaccount

         ......................... test101 passed test machineaccount

      starting test: ncsecdesc

         ......................... test101 passed test ncsecdesc

      starting test: netlogons

         unable connect netlogon share! (\\test101\netlogon)

         [test101] net use or lsapolicy operation failed error 67,

         network name cannot found..

         ......................... test101 failed test netlogons

      starting test: objectsreplicated

         ......................... test101 passed test objectsreplicated

      starting test: replications

         ......................... test101 passed test replications

      starting test: ridmanager

         ......................... test101 passed test ridmanager

      starting test: services

         ......................... test101 passed test services

      starting test: systemlog

         warning event occurred.  eventid: 0x8000001d

            time generated: 06/30/2011   17:51:11

            event string:

            key distribution center (kdc) cannot find suitable certificate use smart card logons, or kdc certificate not verified. smart card logon may not function correctly if problem not resolved. correct problem, either verify existing kdc certificate using certutil.exe or enroll new kdc certificate.

         warning event occurred.  eventid: 0x000016aa

            time generated: 06/30/2011   17:51:15

            event string:

            none of ip addresses (***.**.**.74) of domain controller map configured site 'stg-gio'. while may temporary situation due ip address changes, recommended ip address of domain controller (accessible machines in domain) maps site services. if above list of ip addresses stable, consider moving server site (or create 1 if not exist) such above ip address maps selected site. may require creation of new subnet object (whose range includes above ip address) maps selected site object.

         ......................... test101 passed test systemlog

      starting test: verifyreferences

         ......................... test101 passed test verifyreferences

  
  
   running partition tests on : forestdnszones

      starting test: checksdrefdom

         ......................... forestdnszones passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... forestdnszones passed test

         crossrefvalidation

  
   running partition tests on : domaindnszones

      starting test: checksdrefdom

         ......................... domaindnszones passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... domaindnszones passed test

         crossrefvalidation

  
   running partition tests on : d1

      starting test: checksdrefdom

         ......................... d1 passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... d1 passed test crossrefvalidation

  
   running partition tests on : schema

      starting test: checksdrefdom

         ......................... schema passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... schema passed test crossrefvalidation

  
   running partition tests on : configuration

      starting test: checksdrefdom

         ......................... configuration passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... configuration passed test crossrefvalidation

  
   running enterprise tests on : .com

      starting test: locatorcheck

         ......................... .com passed test locatorcheck

      starting test: intersite

         ......................... .com passed test intersite

 

kalanke

hello,

please check needed ports ad replication not blocked. needed ports mentioned here: http://technet.microsoft.com/en-us/library/bb727063.aspx

also, please use microsoft skydrive upload output of these commands on dcs have:

ipconfig /all >c:\ipconfig.txt [from each dc/dns server]

dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt

repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* place holder starting name of dcs if begin same (if more 1 dc exists)]

dnslint /ad /s "dcipaddress" (http://support.microsoft.com/kb/321045

once done, post link here.

this posting provided "as is" no warranties or guarantees , , confers no rights.

microsoft student partner 2010 / 2011
microsoft certified professional
microsoft certified systems administrator: security
microsoft certified systems engineer: security
microsoft certified technology specialist: windows server 2008 active directory, configuration
microsoft certified technology specialist: windows server 2008 network infrastructure, configuration
microsoft certified technology specialist: windows server 2008 applications infrastructure, configuration
microsoft certified technology specialist: windows 7, configuring
microsoft certified professional: enterprise administrator



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

2008 Windows Deployment Server Properties Error

-
currently wading through setup , configuration of wds on 2008 server. have captured xp sp2 image , purposes of testing not prestaging. pxe response settings have been set "respond (known & unknown) client computers" leaving "for unknown clients, notify administrator etc" unchecked when ok properties sheet error "server properties error" "the system cannot find file specified" when attempting use command "wdsutil /approve-autoadddevices /requestid:1" in response pending devices within gui "an error occurred while trying execute command. error code: 0x6 error description: access denied" surely if not attempting add workstations domain (no prestaging) there shouldn't problem. any appreciated  answering part of own question although if can explain reason appreciated. server properties error occurs when launching windows deployment services using start>all programs>administrative tools. if access via server manager...
Read more

Domain migration ERR3:7075 Failed to change domain affiliation, hr=8007054a This operation is only allowed for the Primary Domain Controller of the domain

-
dear all hope 1 faced issue , can me solution member server migration. i'm in process of intraforest migration using admt 3.1, have established trust between domains. domain (source domain) have both dc's running on windows 2003 functional level windows 2003 , while in domain b ( target domain )we have both windows 2008 , windows 2003 domain same functional level of windows 2003. have installed exchange 2007 sp2 in domain b. have installed admt in domain b , created necessary service acct used migration purpose , provide them whatever privileges required on both source , target domain. issue user , group migration done, while member server migration failed eventhough migration service account added local admin group of these member servers in source domain need migrated , domain local setting policy network access has been enabled llcsrpc, browser, netlogon ...(named pipes can accessed anonymously.) also have unistall , install microsoft network client services gett...
Read more

How do a find data in one file, search for it in another file and if not found, write a custom message to another file

-
in file if.txt, starting on 2nd line of file, data formatted follows: ah10551,a10551,cn=a10551,a10551@qts.com ah10600,a10600,cn=a10600,a10600@qts.com ah10608,a10608,cn=a10608,a10608@qts.com in file sf.txt, data formatted follows: 2011-02-16 17:26:44 sid acme\ah10551 added sid history of qts\a10551 2011-02-16 17:26:44 sid acme\ah10244 added sid history of qts\a10244 2011-02-16 17:26:45 sid acme\ah10425 added sid history of qts\a10425 please provide suggestions on how following: 1. in if.txt file, read first field first ',' , store in variable called $if1 2. in sf.txt file, search for the value stored in $if1 , if found, ignore.  if not found, write custom message in another file such as: $if1 sidhistory not migrated. these files wont large.  im trying build 'exception file' of items in if.txt file not occurring in sf.txt file. thanks in advance ideas. mtv99 many ways that... here's one... (using example data) [array]$if1=@() gc d:\if.txt...
Read more