Windows 2008 R2
I've promoted a new server to a domain controller running DNS and I've created a computer, group and DNS object on a working DC on the other side of the world, and the computer & group objects created on the new DC came thru to the other DCs in the domain, so did the computer & group objects from the other DCs which came thru to the new DC- so these objects are replicating correctly.
However, DNS is not replicating correctly. A DNS name created on another DC was replicated correctly on the new DC, however a DNS object created on the new DC did not replicate back to the remote DC.
I checked Sites & Services and there are NO AD connection objects for the new DC. What can I do to get one or more AD Connection objects to appear in Sites & Services?
Here's some info:
C:\Users\MyUserName>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MyNewDomainControllerServer03
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Spain\MyNewDomainControllerServer03
Starting test: Connectivity
......................... MyNewDomainControllerServer03 passed test Connectivity
Doing primary tests
Testing server: Spain\MyNewDomainControllerServer03
Starting test: Advertising
......................... MyNewDomainControllerServer03 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... MyNewDomainControllerServer03 passed test FrsEvent
Starting test: DFSREvent
......................... MyNewDomainControllerServer03 passed test DFSREvent
Starting test: SysVolCheck
......................... MyNewDomainControllerServer03 passed test SysVolCheck
Starting test: KccEvent
......................... MyNewDomainControllerServer03 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... MyNewDomainControllerServer03 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... MyNewDomainControllerServer03 passed test MachineAccount
Starting test: NCSecDesc
Error MYDOMAINNAME\Enterprise Read-only Domain Controllers doesn't have
Replicating Directory Changes
access rights for the naming context:
CN=Configuration,DC=MYDOMAINNAME,DC=com
......................... MyNewDomainControllerServer03 failed test NCSecDesc
Starting test: NetLogons
......................... MyNewDomainControllerServer03 passed test NetLogons
Starting test: ObjectsReplicated
......................... MyNewDomainControllerServer03 passed test ObjectsReplicated
Starting test: Replications
......................... MyNewDomainControllerServer03 passed test Replications
Starting test: RidManager
......................... MyNewDomainControllerServer03 passed test RidManager
Starting test: Services
......................... MyNewDomainControllerServer03 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x80000434
Time Generated: 08/01/2016 13:12:02
Event String: The reason supplied by user MYDOMAINNAME\MyUserName for the last unexpected shutdown of this computer is: Other Failure: System Unresponsive
......................... MyNewDomainControllerServer03 passed test SystemLog
Starting test: VerifyReferences
......................... MyNewDomainControllerServer03 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : MYDOMAINNAME
Starting test: CheckSDRefDom
......................... MYDOMAINNAME passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... MYDOMAINNAME passed test CrossRefValidation
Running enterprise tests on : MYDOMAINNAME.com
Starting test: LocatorCheck
......................... MYDOMAINNAME.com passed test LocatorCheck
Starting test: Intersite
......................... MYDOMAINNAME.com passed test IntersiteC:\Users\MyUserName>repadmin /replsummary
Replication Summary Start Time: 2016-08-01 13:30:59
Beginning data collection for replication summary, this may take awhile:
..................................................
.............................
Source DSA largest delta fails/total %% error
Site1DC_Server01 10m:40s 0 / 10 0
Site1DC_Server02 05m:02s 0 / 5 0
Site2DC_Server01 43m:40s 0 / 15 0
Site2DC_Server02 40m:20s 0 / 5 0
Site3DC_Server01 12m:47s 0 / 55 0
Site3DC_Server02 34m:20s 0 / 10 0
Site4DC_Server01 04m:01s 0 / 5 0
Site5DC_Server01 04m:03s 0 / 5 0
Site6DC_Server01 44m:33s 0 / 5 0
Site6DC_Server02 43m:59s 0 / 10 0
MyNewDomainControllerServer02 0s 0 / 5 0
Destination DSA largest delta fails/total %% error
Site1DC_Server01 05m:37s 0 / 10 0
Site1DC_Server02 07m:35s 0 / 5 0
Site2DC_Server01 44m:26s 0 / 10 0
Site2DC_Server02 44m:54s 0 / 10 0
Site3DC_Server01 36m:54s 0 / 55 0
Site4DC_Server01 02m:13s 0 / 5 0
Site5DC_Server01 13m:06s 0 / 5 0
MyNewDomainControllerServer03 02m:11s 0 / 5 0
Experienced the following operational errors trying to retrieve replication information:
1053 - Site3DC_Server02.MYDOMAINNAME.com
58 - MyNewDomainControllerServer02.MYDOMAINNAME.com
58 - MyNewDomainControllerServer01.MYDOMAINNAME.com
....
....
....
....
FRS Event Log:
Log Name: File Replication Service Source: NtFrs Date: 8/1/2016 1:00:10 PM Event ID: 13508 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: MyNewDomainControllerServer03.MYDOMAINNAME.com Description: The File Replication Service is having trouble enabling replication from MyNewDomainControllerServer01 to MyNewDomainControllerServer03 for c:\windows\sysvol\domain using the DNS name MyNewDomainControllerServer01.MYDOMAINNAME.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name MyNewDomainControllerServer01.MYDOMAINNAME.com from this computer. [2] FRS is not running on MyNewDomainControllerServer01.MYDOMAINNAME.com. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. Log Name: File Replication Service Source: NtFrs Date: 8/1/2016 1:09:48 PM Event ID: 13508 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: MyNewDomainControllerServer03.MYDOMAINNAME.com Description: The File Replication Service is having trouble enabling replication from MyNewDomainControllerServer02 to MyNewDomainControllerServer03 for c:\windows\sysvol\domain using the DNS name MyNewDomainControllerServer02.MYDOMAINNAME.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name MyNewDomainControllerServer02.MYDOMAINNAME.com from this computer. [2] FRS is not running on MyNewDomainControllerServer02.MYDOMAINNAME.com. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. Log Name: File Replication Service Source: NtFrs Date: 8/1/2016 2:00:09 PM Event ID: 13562 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: MyNewDomainControllerServer03.MYDOMAINNAME.com Description: Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller MyNewDomainControllerServer03.MYDOMAINNAME.com for FRS replica set configuration information. The nTDSConnection object cn=MyNewDomainControllerServer01,cn=ntds settings,cn=MyNewDomainControllerServer03,cn=servers,cn=spain,cn=sites,cn=configuration,dc=MYDOMAINNAME,dc=com is conflicting with cn=e9d5760e-5e65-4f50-99cb-2fa2b8514a02,cn=ntds settings,cn=MyNewDomainControllerServer03,cn=servers,cn=spain,cn=sites,cn=configuration,dc=MYDOMAINNAME,dc=com. Using cn=MyNewDomainControllerServer01,cn=ntds settings,cn=MyNewDomainControllerServer03,cn=servers,cn=spain,cn=sites,cn=configuration,dc=MYDOMAINNAME,dc=com
Directory Service Event Log:
Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 8/1/2016 2:01:50 PM Event ID: 1925 Task Category: Knowledge Consistency Checker Level: Warning Keywords: Classic User: ANONYMOUS LOGON Computer: MyNewDomainControllerServer03.MYDOMAINNAME.com Description: The attempt to establish a replication link for the following writable directory partition failed. Directory partition: DC=MYDOMAINNAME,DC=com Source directory service: CN=NTDS Settings,CN=MyNewDomainControllerServer01,CN=Servers,CN=Spain,CN=Sites,CN=Configuration,DC=MYDOMAINNAME,DC=com Source directory service address: c2ddc207-2f72-46e0-834f-c812da2676ea._msdcs.MYDOMAINNAME.com Intersite transport (if any): This directory service will be unable to replicate with the source directory service until this problem is corrected. User Action Verify if the source directory service is accessible or network connectivity is available. Additional Data Error value: 1722 The RPC server is unavailable.
No errors in the DNS Event Log.
In the one site, we have three new domain controllers who's names are MyNewDomainControllerServer01, MyNewDomainControllerServer02 and MyNewDomainControllerServer03 (the latest one which has no connections in Sites & Servers). 01 & 02 are replicating
OK.
| +-- JDMils |