I am getting ad replication error when I run the Status Tool and also with dcdiag. I can't tell which DC is actually causing the issue.
I have two DCs, 1 at each site. Site connectivity is not an issue and they can both ping each other by name.
On one site called PAC when I run dcdiag /checksecurityerror /replsource:ssqdc1 i get the following output.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PACDC01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: PAC\PACDC01
Starting test: Connectivity
......................... PACDC01 passed test Connectivity
Doing primary tests
Testing server: PAC\PACDC01
Starting test: CheckSecurityError
Source DC SSQDC1 was requested for a manual security error check. Diagnosing...
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=ncbpac,DC=org
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=ncbpac,DC=org
Authoritative attribute lastLogonTimestamp on PACDC01 (writeable)
usnLocalChange = 14622395
LastOriginatingDsa = PACDC01
usnOriginatingChange = 14622395
timeLastOriginatingChange = 2013-04-09 12:21:49
VersionLastOriginatingChange = 101
Out-of-date attribute lastLogonTimestamp on SSQDC1 (writeable)
usnLocalChange = 10390259
LastOriginatingDsa = PACDC01
usnOriginatingChange = 14500459
timeLastOriginatingChange = 2013-03-30 05:19:25
VersionLastOriginatingChange = 100
Authoritative attribute pwdLastSet on PACDC01 (writeable)
usnLocalChange = 14611871
LastOriginatingDsa = PACDC01
usnOriginatingChange = 14611871
timeLastOriginatingChange = 2013-04-08 23:44:59
VersionLastOriginatingChange = 37
Out-of-date attribute pwdLastSet on SSQDC1 (writeable)
usnLocalChange = 10292124
LastOriginatingDsa = PACDC01
usnOriginatingChange = 14131225
timeLastOriginatingChange = 2013-03-09 04:14:29
VersionLastOriginatingChange = 36
Authoritative attribute userAccountControl on PACDC01 (writeable)
usnLocalChange = 14622373
LastOriginatingDsa = PACDC01
usnOriginatingChange = 14622373
timeLastOriginatingChange = 2013-04-09 12:15:21
VersionLastOriginatingChange = 7
Out-of-date attribute userAccountControl on SSQDC1 (writeable)
usnLocalChange = 5488339
LastOriginatingDsa = 08c59c5a-4fb2-4219-aa8e-a46676a14019
usnOriginatingChange = 6656264
timeLastOriginatingChange = 2010-07-12 18:51:33
VersionLastOriginatingChange = 6
Unable to verify the convergence of this machine account (CN=PACDC01,OU=Domain Controllers,DC=ncbpac,DC=org) on these DC's
(DC=ncbpac,DC=org,). Does the machine account password need resetting?
......................... PACDC01 failed test CheckSecurityError
If I run just dcdiag /checksecurityerror I get no errors. I don't know which DC is actually causing the issue.