Windows 2000 Active Directory Replication Error

[cybercrusader2000]

Hi guys,

I am facing this problem with Active Directory not replicating between the DC and the ADC in my Domain. The domain name is a single-label domain name with no extensions ("."). The following are the errors from Event Log.

===========

SysLog :-

NETLOGON

Warning

None

5781

N/A

DC01

Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.

w32time

Warning

None

64

N/A

DC01

"Because of repeated network problems, the time service has not been able to find a domain controller to synchronize with for a long time. To reduce network traffic, the time service will wait 960 minutes before trying again. No synchronization will take place during this interval, even if network connectivity is restored. Accumulated time errors may cause certain network operations to fail. To tell the time service that network connectivity has been restored and that it should resynchronize, execute ""w32tm /s"" from the command line. "

w32time

Error

None

62

N/A

DC01

This Machine is a PDC of the domain at the root of the forest. Configure to sync from External time source using the net command, 'net time /setsntp:<server name>'.

MRxSmb

Error

None

8003

N/A

DC01

The master browser has received a server announcement from the computer COMPUTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{15676B6E-58D3. The master browser is stopping or an election is being forced.

File Replication Log :-

NtFrs

Warning

None

13562

N/A

DC01

Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller dc01.domain for FRS replica set configuration information.

The nTDSConnection object cn=dc01,cn=ntds settings,cn=dc02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=domain is conflicting with cn=\<automatically generated\>,cn=ntds settings,cn=dc02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=domain. Using cn=dc01,cn=ntds settings,cn=dc02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=domain

The nTDSConnection object cn=dc02,cn=ntds settings,cn=dc01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=domain is conflicting with cn=8aa06a8d-c60a-4ccf-8240-99808ebcd538,cn=ntds settings,cn=dc01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=domain. Using cn=dc02,cn=ntds settings,cn=dc01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=domain

Directory Service Log :-

NTDS KCC

Warning

(1)

1265

N/A

DC01

The attempt to establish a replication link with parameters

Partition: CN=Schema,CN=Configuration,DC=domain

Source DSA DN: CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain

Source DSA Address: 26bffa7d-fba6-456b-bd2c-ad5cafc67545._msdcs.domain

Inter-site Transport (if any):

failed with the following status:

The DSA operation is unable to proceed because of a DNS lookup failure.

The record data is the status code. This operation will be retried.

=================

The SysVol and NetLogon folders on DC02 are blank, that shows that there is no replication. If compared, DC01 & DC02, under Active Directory Sites and Services, DC02 seems to be somewhat missing parameters. I can successfully ping DC01 from DC02 and vise-versa using IP , NetBIOS & DNS name. Forward and reverse DNS seem to work while communicating between the 2 DCs. But, AD zones under the Forward Lookup Zones in the AD-integrated DNS ( the dns residing on DC01 , there is no DNS/DHCP on DC02 , DC01 has DHCP running too ) for example _msdc , _sites , _tcp , _udp , etc. are missing. DHCP is integrated with DNS but DNS records don't get updated in Forward Lookup Zone. However, they get updated in Reverser Lookup Zone. I wonder how they get created when there is no Forward Lookup entry created ( host A record ) for the PTR record in Reverse DNS. I ran Netdiag /fix and i get a dns lookup error. DcDiag gives an error. "DC01 failed test kccevent". Connectivity test results via DcDiag test gave the following error :

DcDiag Test :-

Testing server: Default-First-Site-Name\DC01

Starting test: Connectivity

14067e65-e6e5-45a9-bbc0-e8c781409a0a._msdcs.domain's server GUID DNS name could not be resolved to an

IP address. Check the DNS server, DHCP, server name, etc

Although the Guid DNS name

(14067e65-e6e5-45a9-bbc0-e8c781409a0a._msdcs.domain) couldn't

be resolved, the server name (dc01.domain) resolved to the

IP address (192.168.0.2) and was pingable. Check that the IP

address is registered correctly with the DNS server.

......................... DC01 failed test Connectivity

=================

Thats all I can remember as of now.

I have followed a few articles :

http://support.microsoft.com/default.aspx?...kb;en-us;300684

http://support.microsoft.com/?kbid=193888 ( tried this but the reg entry showed invalid charectors after modification, so I reset it back )

I understand that all this seems to be due to a invalid/corrupt dns server running. I have thought of demoting DC02, rectifying DNS on DC01 and the promoting DC02 back to the domain ( after freshly installing the OS and updating it on DC02 ). As for the changes described on MS KB 300684 , I need to know, do we make the changes in the workstations only or also in the server ( as I have done, after testing the changes in the client ) , and what other changes have to be made in the client / server incase of a single-label domain name based domain to function properly ?

Any / all suggestions are welcomed.

[valter]

Before we go deeper into this, just a single question. Is your server multihomed? What I mean is, how many network cards do you have on the server that has replication issue?

[cybercrusader2000]

DC01 = Single Adapter ( Single IP - Internal IP )

DC02 = 4 Adapters ( 1 Active , 3 Disabled , Single IP - Internal IP )

[valter]

Are you sure those 3 NICs are actually disabled because 90% of replication errors comes from multihomed DCs ... and you have 8003 that points to more than one master browser on the network ...

[cybercrusader2000]

Yeah, I am sure that the rest of the 3 network adapters are in disabled state. The Master Browser errors are due to the presence of Windows XP clients having the Computer Browser service running. Those can be disabled whenever required. Also, I don't think this is related to the replication failure error.

[valter]

I really doubt that XP's Computer Browser service causes that error. All my XPs have Computer Browser service running but that error is never logged. I've seen that error only when there is a problem with replication, including all other errors. Anyway, I would advise you, to remove those 3 NICs and see what happens. I believe that as soon as those 3 NICs are removed, replication should start again. Otherwise you could install support tools and use replmon.exe to monitor replication and locate the problem ...

[cybercrusader2000]

Ok. I will check that as well and revert back.

[cybercrusader2000]

Ummm, I made some changes to the connection strings in Active Directory Sites and Services and now replication is taking place. Also, AD Replication Monitor states that last replication attempt was successfull. But, I am still facing some errors in the event log. I will list them in a while. Untill then, take care guys.