Gizneek
asked on
AD Replication, DCDIAG errors... HELP!!!
have an exchange server that the motherboard failed on.
After the server came back up I had tons of issues. I have resolved all but this one...
I have 2 sites. The main issue I seem to be having is AD replication. WHen running DC Diag I get this...
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Birmingham-AL\MERCURY
Starting test: Connectivity
......................... MERCURY passed test Connectivity
Doing primary tests
Testing server: Birmingham-AL\MERCURY
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source ZEUS
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION-RECEIVED LATENCY WARNING
MERCURY: Current time is 2007-03-19 12:22:30.
DC=ForestDnsZones,DC=subdo
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=subdo
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:13.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=subdom
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:13.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=subdomain,DC=domain,DC=
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... MERCURY passed test Replications
Starting test: NCSecDesc
......................... MERCURY passed test NCSecDesc
Starting test: NetLogons
......................... MERCURY passed test NetLogons
Starting test: Advertising
......................... MERCURY passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MERCURY passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MERCURY passed test RidManager
Starting test: MachineAccount
......................... MERCURY passed test MachineAccount
Starting test: Services
......................... MERCURY passed test Services
Starting test: ObjectsReplicated
......................... MERCURY passed test ObjectsReplicated
Starting test: frssysvol
......................... MERCURY passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MERCURY failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000061E
Time Generated: 03/19/2007 12:09:12
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 03/19/2007 12:09:12
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 03/19/2007 12:09:12
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 03/19/2007 12:09:12
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) was
......................... MERCURY failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:01
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:01
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:03
(Event String could not be retrieved)
......................... MERCURY failed test systemlog
Starting test: VerifyReferences
......................... MERCURY passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : subdomain
Starting test: CrossRefValidation
......................... subdomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... subdomain passed test CheckSDRefDom
Running enterprise tests on : subdomain.domain.com
Starting test: Intersite
......................... subdomain.domain.com passed test Intersite
Starting test: FsmoCheck
......................... subdomain.domain.com passed test FsmoCheck
any help is MUCH MUCH appreciated...
After the server came back up I had tons of issues. I have resolved all but this one...
I have 2 sites. The main issue I seem to be having is AD replication. WHen running DC Diag I get this...
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Birmingham-AL\MERCURY
Starting test: Connectivity
......................... MERCURY passed test Connectivity
Doing primary tests
Testing server: Birmingham-AL\MERCURY
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source ZEUS
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION-RECEIVED LATENCY WARNING
MERCURY: Current time is 2007-03-19 12:22:30.
DC=ForestDnsZones,DC=subdo
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=subdo
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:13.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=subdom
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:13.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=subdomain,DC=domain,DC=
Last replication recieved from PROMETHEUS at 2006-03-18 03:49:14.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... MERCURY passed test Replications
Starting test: NCSecDesc
......................... MERCURY passed test NCSecDesc
Starting test: NetLogons
......................... MERCURY passed test NetLogons
Starting test: Advertising
......................... MERCURY passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MERCURY passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MERCURY passed test RidManager
Starting test: MachineAccount
......................... MERCURY passed test MachineAccount
Starting test: Services
......................... MERCURY passed test Services
Starting test: ObjectsReplicated
......................... MERCURY passed test ObjectsReplicated
Starting test: frssysvol
......................... MERCURY passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MERCURY failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000061E
Time Generated: 03/19/2007 12:09:12
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 03/19/2007 12:09:12
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 03/19/2007 12:09:12
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 03/19/2007 12:09:12
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/19/2007 12:09:12
Event String: The Knowledge Consistency Checker (KCC) was
......................... MERCURY failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:01
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:01
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/19/2007 11:47:03
(Event String could not be retrieved)
......................... MERCURY failed test systemlog
Starting test: VerifyReferences
......................... MERCURY passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : subdomain
Starting test: CrossRefValidation
......................... subdomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... subdomain passed test CheckSDRefDom
Running enterprise tests on : subdomain.domain.com
Starting test: Intersite
......................... subdomain.domain.com passed test Intersite
Starting test: FsmoCheck
......................... subdomain.domain.com passed test FsmoCheck
any help is MUCH MUCH appreciated...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
k... here is what I did.
This got pretty deep so I called Microsoft and got an engineer on the line. Evidentally what happned is when the server died and the system board was changed. Because of this we started having issues due the whole kerberos password issue that I found on the internet, and the internall equipment change.
The microsoft guy ran some reports and some tests. Went to all DC's and tried to connect via
\\servername.domain.bla and found that they could not connect to mercury. Also the DNS just went away on prometheus as well... forgot to mention that one. But I cannot remember everything he did as I was fighting about 5 other fires at the same time. That was the main reason I had to call... and that I have 5 free incidents per year. Here are the links I got after he fixed everything...
http://technet2.microsoft.com/WindowsServer/en/Library/1465d773-b763-45ec-b971-c23cdc27400e1033.mspx?mfr=true
http://technet2.microsoft.com/WindowsServer/f/?en/library/838dbebe-7a87-4cd2-b6f7-fc5847a2c2261033.mspx
http://support.microsoft.com/kb/830069/en-us
http://support.microsoft.com/kb/288167/en-us
I will have to say that calling these people was the best thing I could do in my situation as I was swamped and I was actually having a hard time juggling this with the other issues. They actually did a good job. I expected it to be scripted like when you call dell or HP. but it was not and for that I am thankful. I will award points for those of you who replied.
Thanks,... If you have any additional questions I will do my best to answer them.
This got pretty deep so I called Microsoft and got an engineer on the line. Evidentally what happned is when the server died and the system board was changed. Because of this we started having issues due the whole kerberos password issue that I found on the internet, and the internall equipment change.
The microsoft guy ran some reports and some tests. Went to all DC's and tried to connect via
\\servername.domain.bla and found that they could not connect to mercury. Also the DNS just went away on prometheus as well... forgot to mention that one. But I cannot remember everything he did as I was fighting about 5 other fires at the same time. That was the main reason I had to call... and that I have 5 free incidents per year. Here are the links I got after he fixed everything...
http://technet2.microsoft.com/WindowsServer/en/Library/1465d773-b763-45ec-b971-c23cdc27400e1033.mspx?mfr=true
http://technet2.microsoft.com/WindowsServer/f/?en/library/838dbebe-7a87-4cd2-b6f7-fc5847a2c2261033.mspx
http://support.microsoft.com/kb/830069/en-us
http://support.microsoft.com/kb/288167/en-us
I will have to say that calling these people was the best thing I could do in my situation as I was swamped and I was actually having a hard time juggling this with the other issues. They actually did a good job. I expected it to be scripted like when you call dell or HP. but it was not and for that I am thankful. I will award points for those of you who replied.
Thanks,... If you have any additional questions I will do my best to answer them.
ASKER
Some other stuff in the email sent to me after fix...
# DC: 3 SITE: 2
# subdomain.domain.com
# Hardware --> Board Changed on the server.
# found that the Secure channel was broken..
# Did reset the secure channel of Mercury with Zeus & PROMETHEUS
# Followed Command:
***added by Gizneek*** (You have to stop it first then run this)
netdom resetpwd /server:<PDCe> /userd:<DOMAIN>\<Admin_acc
# It worked fine..
# On PROMETHEUS zones were not getting populated.. so did run Klist to purge tickets & then tried to reset the secure channel & then ran the following commands:
ipconfig /flushdns
net stop netlogon
net start netlogon
ipconfig /registerdns
# Now were not getting any AD Replication errors: i.e. Logon Failure. Target principle name is incorrect
Hope this helps anyone else that has this issue.
# DC: 3 SITE: 2
# subdomain.domain.com
# Hardware --> Board Changed on the server.
# found that the Secure channel was broken..
# Did reset the secure channel of Mercury with Zeus & PROMETHEUS
# Followed Command:
***added by Gizneek*** (You have to stop it first then run this)
netdom resetpwd /server:<PDCe> /userd:<DOMAIN>\<Admin_acc
# It worked fine..
# On PROMETHEUS zones were not getting populated.. so did run Klist to purge tickets & then tried to reset the secure channel & then ran the following commands:
ipconfig /flushdns
net stop netlogon
net start netlogon
ipconfig /registerdns
# Now were not getting any AD Replication errors: i.e. Logon Failure. Target principle name is incorrect
Hope this helps anyone else that has this issue.
ASKER
Thanks for the reply