Hello, Good afternoon.
A month ago I started receiving several errors on my domain controller's event viewer, all of them have been about replication of partitions and information between domain controllers, affecting also Group Policy Deployment.
At the company we have only one domain suffix (ex: contoso.local), which is installed in three domain controllers, 2 of them in the HeadOffice, and the third in a near branch, these sites are connected through a dedicated VPN link.
I've been doing some tests with DNS records, trying to identify DNS miss configurations, apparently the DNS records (SRV, A, CNAME, NS, SOA) are all configured correctly at all DNS Servers, I could ping all domain controllers by the DNS name, from all domain controllers successfully, but sometimes for no reason, I couldn't. I tested also the DNS address of the PDC from msdcs zone (ex: \\xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx._msdcs.CONTOSO.LOCAL), and I could access it successfully also from the domain controller of our branch.
Our network topology is basically separated by two network ranges (192.168.1.x for Headoffice, and 192.168.4.x for the Branch), these two ranges belong to the unique DNS suffix (ex: contoso.local), and if we look at the DNS servers, we'll find DNS records of all hosts of both sites. At Active Directory Sites and Services I've created these two subnets, the two sites (HeadOffice and Branch), and have created a connection between domain controllers, using the Inter Site Transport IP. To be honest, I'm not used to make configurations on Active Directory tool, because I haven't had the need of create this kind of connection between sites sharing the same DNS suffix.
As I said, this problem is affecting Group Policy Deployment, so since I started receiving them, Group Policy objects haven't been applied successfully on computers, making the management of all computer difficult.
It's also important to say that all tries of ping using the IP of domain controllers and other hosts, were done successfully.
The more often errors I've been receiving are:
Primary Domain Controller (HeadOffice) - 192.168.1.x
Source: DFSR, Event ID: 5008, Error: 1722 (The RPC server is unavailable.) , This error means that the PDC couldn't communicate with the Branch Domain Controller (192.168.4.x subnet)
Source: ActiveDirectory_DomainService, Event ID: 1865, (KCC) was unable to form a complete spanning tree network topology, This error means that the list of sites couldn't be reached by the local site.
Source: ActiveDirectory_DomainService, Event ID: 1311, (KCC) has detected problems with the following directory partition (Configuration Partition), This error means that there is insufficient site connectivity information for the KCC to create a spanning tree replication topology.
Source: ActiveDirectory_DomainService, Event ID: 1566, All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Domain Controller (Branch) - 192.168.4.x
Source: NETLOGON, Event ID: 5781, Error: Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.CONTOSO.LOCAL.' failed, these error repeats to each segment of the domain (ex: ForestDnsZones.contoso.local, DomainDnsZones.contoso.local, consoto.local).
Source: NETLOGON, Event ID: 5719, Error: This computer was not able to set up a secure session with a domain controller in domain CONTOSO due to the following: There are currently no logon servers available to service the logon request.
Source: DFSR, Event ID: 5008, Error: 1722 (The RPC server is unavailable.) , This error means that the PDC couldn't communicate with the Primary Domain Controller (192.168.1.x subnet)
Source: ActiveDirectory_DomainService, Event ID: 2087, Task Category: DS RPC Client, Error: Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address, Source Domain Controller: PDC, Failing DNS Host name: xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx._msdcs.CONTOSO.LOCAL
On each domain controller the IP Addresses, Gateway and DNS server are configured manually, at the HeadOffice the Primary DNS is the PDC, and the second DNS is the Second Domain Controller, and the Branch the Primary DNS is the Domain Controller, and the second DNS is a Proxy Server, which requests its address as second DNS for transparent proxy function.
If you could give me some path to follow, I'll be very grateful, once I've empty my toolbox, every day I try to research these errors, make new tests, analyze and monitoring the new events, try to make adjusts, but nothing seemed to work.
If there is some information that is important to know, and I didn't put in here, please ask then I'll answer it asap.
Best Regards,
Fabio Reis. Analista de Suporte. Preparando-se para Windows Server 2008 - Server Administrator (MCSA) - MCITP