Discussion:
AD Replication problem
(too old to reply)
Cougar281
2005-11-29 04:54:18 UTC
Permalink
After having my DC's seperated on and off (mostly off) for the last
year, I finally set up a site to site VPN between the DC's. I noticed
that changed sisn't replicate, so I attempted the various
troubleshooting tasks, and found that I was getting "Access Denied"
errors. I also discovered that the clocks on the DC's where almost 10
minutes apart. after I brought them closer (within 60 seconds), they
seem to sync... sort of. It seems like some changes are replicating,
and some aren't. The error I'm now seeing is:

Testing server: Southold\WIN2KSERVER
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source EXCHANGESVR1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source EXCHANGESVR1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.

If I "force" replication in AD Sites and services, it says that the
replication was successful, and it seems that it was partially, For
example, the distribution groups I created inside an OU (on
Exchangesvr1) replicated (to win2kserver), but when I deleted the test
OU on exchangesvr1 that I created on win2kserver (which did replicate
from Win2kServer to exchangesvr1) the deletion did not replicate. I
also noticed that the OU I created to have a different GP in did not
replicate to win2kserver, but my notebook DID dissapear from the
"computers" container (I had moved my notebook to the new OU that did
not appear on win2kserver). When I moved my notebook back to the
"computers" container and deleted the new OU, my notebook re-appeared
in the "computers" OU on win2kserver.

Anything else I can provide to help resolve this?
--
Cougar281
------------------------------------------------------------------------
Cougar281's Profile: http://forums.techarena.in/member.php?userid=11965
View this thread: http://forums.techarena.in/showthread.php?t=413558
Free Computer Help - http://forums.techarena.in
Cougar281
2005-11-29 04:54:45 UTC
Permalink
Here is the complete DCDiag from Win2kserver:

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Southold\WIN2KSERVER
Starting test: Connectivity
........................ WIN2KSERVER passed test
Connectivity

Doing primary tests

Testing server: Southold\WIN2KSERVER
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source EXCHANGESVR1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source EXCHANGESVR1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
........................ WIN2KSERVER passed test
Replications
Starting test: NCSecDesc
........................ WIN2KSERVER passed test NCSecDesc
Starting test: NetLogons
........................ WIN2KSERVER passed test NetLogons
Starting test: Advertising
........................ WIN2KSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
........................ WIN2KSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
........................ WIN2KSERVER passed test RidManager
Starting test: MachineAccount
........................ WIN2KSERVER passed test
MachineAccount
Starting test: Services
........................ WIN2KSERVER passed test Services
Starting test: ObjectsReplicated
........................ WIN2KSERVER passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
........................ WIN2KSERVER passed test frssysvol
Starting test: kccevent
........................ WIN2KSERVER passed test kccevent
Starting test: systemlog
........................ WIN2KSERVER passed test systemlog

Running enterprise tests on : HOME2K.NET
Starting test: Intersite
........................ HOME2K.NET passed test Intersite
Starting test: FsmoCheck
........................ HOME2K.NET passed test FsmoCheck
--
Cougar281
------------------------------------------------------------------------
Cougar281's Profile: http://forums.techarena.in/member.php?userid=11965
View this thread: http://forums.techarena.in/showthread.php?t=413558
Free Computer Help - http://forums.techarena.in
Cougar281
2005-11-29 04:55:22 UTC
Permalink
Here is the complete DCDiag log from Exchangesvr1:

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Southold\EXCHANGESVR1
Starting test: Connectivity
........................ EXCHANGESVR1 passed test
Connectivity

Doing primary tests

Testing server: Southold\EXCHANGESVR1
Starting test: Replications
........................ EXCHANGESVR1 passed test
Replications
Starting test: NCSecDesc
........................ EXCHANGESVR1 passed test NCSecDesc
Starting test: NetLogons
........................ EXCHANGESVR1 passed test NetLogons
Starting test: Advertising
........................ EXCHANGESVR1 passed test
Advertising
Starting test: KnowsOfRoleHolders
........................ EXCHANGESVR1 passed test
KnowsOfRoleHolders
Starting test: RidManager
........................ EXCHANGESVR1 passed test RidManager
Starting test: MachineAccount
........................ EXCHANGESVR1 passed test
MachineAccount
Starting test: Services
........................ EXCHANGESVR1 passed test Services
Starting test: ObjectsReplicated
........................ EXCHANGESVR1 passed test
ObjectsReplicated
Starting test: frssysvol
........................ EXCHANGESVR1 passed test frssysvol
Starting test: frsevent
........................ EXCHANGESVR1 passed test frsevent
Starting test: kccevent
........................ EXCHANGESVR1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0000007
Time Generated: 11/28/2005 21:51:46
Event String: The kerberos subsystem encountered a PAC
An Error Event occured. EventID: 0x00000457
Time Generated: 11/28/2005 22:07:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 11/28/2005 22:07:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 11/28/2005 22:07:12
(Event String could not be retrieved)
........................ EXCHANGESVR1 failed test systemlog
Starting test: VerifyReferences
........................ EXCHANGESVR1 passed test
VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
........................ Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
........................ Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ Configuration passed test
CheckSDRefDom

Running partition tests on : HOME2K
Starting test: CrossRefValidation
........................ HOME2K passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ HOME2K passed test CheckSDRefDom

Running enterprise tests on : HOME2K.NET
Starting test: Intersite
........................ HOME2K.NET passed test Intersite
Starting test: FsmoCheck
........................ HOME2K.NET passed test FsmoCheck
--
Cougar281
------------------------------------------------------------------------
Cougar281's Profile: http://forums.techarena.in/member.php?userid=11965
View this thread: http://forums.techarena.in/showthread.php?t=413558
Free Computer Help - http://forums.techarena.in
Paul Williams [MVP]
2005-11-29 07:39:59 UTC
Permalink
How long have these machines not replicated for? Use REPLMON for more info.
on what is happening, and which way replication is flowing, if at all.

Note. REPLMON is a support tool. See
http://www.msresource.net/content/view/53/46/ for more info. on the support
tools.


Check the event logs, especially the Directory Service log, and
cross-reference with www.eventid.net

As you've got Windows 2000 boxes, strict replication checking isn't on, so
things will replicate but you're going to have lingering objects. See
kb314282 and the following URL for more info. on how to remove these.
--
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/77dbd146-f265-4d64-bdac-605ecbf1035f.mspx


You should point both boxes at the same DNS server temporarily to allow
replication. DNS will be way out of sync, some aspects of which could well
be lingering.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Cougar281
2005-11-30 02:27:49 UTC
Permalink
As of last night, the last replication was around 10/11/05.

It SEEMS like it's replicating now... I think all of the AD objects are
replicating. This morning, the Sites and Services hadn't replicated, but
now it seems to have replicated.

Thanks for your input.
--
Cougar281
------------------------------------------------------------------------
Cougar281's Profile: http://forums.techarena.in/member.php?userid=11965
View this thread: http://forums.techarena.in/showthread.php?t=413558
Free Computer Help - http://forums.techarena.in
Loading...