Hi there,I have a problem with my domain controllers.I have two, dep-s-dc(Win 2k3 Ent) and dep-s-004(Win 2k8 Ent)dep-s-dc was our main server when the company started out and as such hostednearly everything, DNS, DHCP, Exchange, AD and DCOver time we have got bigger and bought more servers. I installed dep-s-004as a domain secondary controller. Recently we have had problems with dep-s-dcand it was looking bad so I moved the FSMO roles to dep-s-004 making this theprimary. All roles were transfered without problems.I have now noticed however that new client when logging on take an age topopulate the domain list. Also group policy has stopped working.
SyncAll exited with fatal Win32 error: 8440 (0x20f8): The naming context specified for this replication operation is invalid. Some information seemed to conflict as similar tests for certain services failed (like DNS) yet you could still ping by name and confirm using nslookup.
When youclick on a policy you get the following message 'The network name cannot befound'. You get this message on dep-s-dc and dep-s-004. There are also errorsrelating to NTfrs in the event logs on both machines.I have done a lot of research and can't seem to pinpoint the error.Replication does seem to be working.
If I create an account on dep-s-004 andcheck dep-s-dc it appears. Ping and nslookup are ok between the two servers.It just seems to be the sysvol and netlogon that are not being replicated.they are on dep-s-dc but not on dep-s-004How can I solve this?Meinolf Weber13.06.08 13:38. Hello cw,Check out this article:Also run diagnostics tools against all DC's, install them from the supporttools folder on the installation disk, dcdiag /v, netdiag /v and repadmin/showreps if you have errors post the complete output here, even it is ahuge amount. Split in into more postings.Best regardsMeinolf WeberDisclaimer: This posting is provided 'AS IS' with no warranties, and confersno rights. Please do NOT email, only reply to Newsgroups. HELP us help YOU!!!Ruchi Manuja15.06.08 23:14.
Dep-s-004Log Name: File Replication ServiceSource: NtFrsDate: 17:10:38Event ID: 13508Task Category: NoneLevel: WarningKeywords: ClassicUser: N/AComputer: dep-s-004.depoel.localDescription:The File Replication Service is having trouble enabling replication fromDEP-S-DC to DEP-S-004 for c:windowssysvoldomain using the DNS namedep-s-dc.depoel.local. The only thing I haven't tried is the reg key for the JRNLWRAPERROR.1 FRS can not correctly resolve the DNS name dep-s-dc.depoel.local fromthis computer.DNS shows no errors and ping and nslookup both show correct results fromboth machines2 FRS is not running on dep-s-dc.depoel.local.FRS is running on both machines3 The topology information in the Active Directory Domain Services forthis replica has not yet replicated to all the Domain Controllers.I have done manual replication which states it has been successful. There isonly about 15MB to sync.1 Volume '.C:' has been formatted.Not true2 The NTFS USN journal on volume '.C:' has been deleted.3 The NTFS USN journal on volume '.C:' has been truncated.I am not sure what where this is located, but nothing has been deletedI have tried many Microsoft articles to try and sort this but so far I amdrawing a blankCW17.06.08 01:36. Hi Meinolf,I have split it into 3 parts.
This is part 1, 2 is the results of dcdiag /vfrom dep-s-004, 3 is the results from dcdiag /v from dep-s-dcI didn't restore anything on the DC's. I switched the FSMO roles fromdep-s-dc to dep-s-004 and I noticed that the SYSVOL and NETLOGON folder arenot replicated. To be honest it looks like they never were.From the tests below I think this will be the problem on dep-s-004An Warning Event occurred. EventID: 0x800034C4Time Generated: 18:19:49EvtFormatMessage failed, error 15100 Win32 Error 15100.(Event String (event log = File Replication Service) could not beretrieved, error 0x3afc)An Warning Event occurred.
EventID: 0x800034C4Time Generated: 21:52:45EvtFormatMessage failed, error 15100 Win32 Error 15100.(Event String (event log = File Replication Service) could not beretrieved, error 0x3afc)The problem is I just seems to chasing a never ending loop of event ids thatall point to different thingsCW18.06.08 02:08. PART 3This is the result from dep-s-dcDomain Controller DiagnosisPerforming initial setup:. Verifying that the local machine dep-s-dc, is a DC. Connecting to directory service on server dep-s-dc. Collecting site info. Identifying all servers.
Identifying all NC cross-refs. Found 2 DC(s). Testing 1 of them.Done gathering initial info.Doing initial required testsTesting server: Default-First-SiteDEP-S-DCStarting test: Connectivity.
Active Directory LDAP Services Check. Active Directory RPC Services Check. DEP-S-DC passed test ConnectivityDoing primary testsTesting server: Default-First-SiteDEP-S-DCStarting test: Replications. Replications Check. Replication Latency Check. Replication Site Latency Check. Hello cw,Please check the system time:run on the problem DC:net time ComputerNameOfAuthoritativeTimeServer /set /ynet stop ntfrsnet start ntfrsAdditional check permissions:Corrupted permissions on the Sysvol share or any of the objects below itcan cause this error.
The ACL should include full access for Administrators,Creator/Owner and system, read for server operators and authenticated users.The ownership on these folders and files may also become corrupt and haveto be reset to Administrators.Then go on here for the event id's:Best regardsMeinolf WeberDisclaimer: This posting is provided 'AS IS' with no warranties, and confersno rights. Please do NOT email, only reply to Newsgroups. HELP us help YOU!!! I have been through all the tests and everything looks ok apart fromCW18.06.08 06:40. Hi Meinolf,completed the net time but nothing changed. All permissions are correct andowners are correct for sysvol.I have been through the guide mentioned, thats the first place I originallystarted.The section I focused on was 'Troubleshooting FRS Events 13508 without FRSEvent 13509' as this is the event I get most.I have gone though everything and everything has passed.
The only thing Ineed to check is if its being blocked by a firewall. Is there a way to testthis?dep-s-004 has windows firewall running but has 'File Replication' as anexception. I am assuming this is ntfrs.
When I open windows firewall ondep-s-dc I get the following 'Windows Firewall cannot run because anotherprogram or service is running that might use the network address translationcomponant (Ipnat.sys)'. I am assuming it is not blocking anything.Does ntfrs use port 389??Meinolf Weber18.06.08 07:08.
Repadmin is legend. I mean, who hasn't impressed their friends, family and pets with the /experthelp switch? And, when it comes to administering and troubleshooting Active Directory replication, repadmin is king. There's a young pretender to the throne in the guise of the Windows Server 2012 Active Directory replication cmdlets.Why use these cmdlets instead of repadmin, you ask? Well, the answer is the same as the answer to the question 'why use a cmdlet instead of an executable'?
And here it is.A cmdlet outputs objects rather than text. An object has a rich set of properties and methods (for getting stuff and doing stuff) that are easily accessed. An object is easily passed down the PowerShell pipeline. Text is, well, just text and it can be quite tricky to parse and manipulate the weird and wonderful patterns returned to the host.Today, I'm going to try and mimic a popular repadmin command switch, /showrepl, with PowerShell and the AD replication cmdlets. Take a look at the following, hybrid command:repadmin /showrepl. /csv ConvertFrom-Csv Out-GridViewThe /showrepl switch tells repadmin to show the inbound replication status, for all partitions for a designated domain controller. The. tells repadmin to execute against ALL domain controllers. The /csv switch produces output that can be saved to a CSV files.
Ldap Error 81 (server Down Win32 Err 58 11
If an executable can produce output in a CSV format, it's much easier to get that output into objects so PowerShell can do its amazing stuff. We pipe the output of the repadmin command into ConvertFrom-CSV; the resultant objects are then piped into Out-Gridview for an interactive table. Here's a sample:Now, let's do something similar with the Get-ADReplicationPartnerMetaData cmdlet:Get-ADReplicationPartnerMetadata -Target.Partition. Select-Object Server, Partition, Partner, ConsecutiveReplicationFailures, LastReplicationSuccess, LastRepicationResult Out-GridViewWe're targeting all servers the wildcard supplied to the -Target parameter. The wildcard supplied to the -Partition parameter ensures that details for the Schema, Configuration and Domain partitions are included.
Select-Object is used to provide a view similar to that of repadmin. Again, Out-Gridview is used to provide an interactive table. Here's a sample:Right, I'm off to see what other repadmin functionality I can reproduce with the Active Directory replication cmdlets. The king is dead.
Ldap Error 81 (server Down Win32 Err 5800
Well, actually, the king is probably going to be round for a little while yet, so long live the young pretender!