Results 1 to 2 of 2
  1. #1
    Lurker
    Join Date
    Jul 2016
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Replication Failed AD

    Hello to all,
    First of all sorry for my english!
    I am new to the forum and would like to greet and thank all those who can help me solve my problem.
    I have an AD with a 2 DC w2k8 (Virtual Machine) and PDC w2k3 (Physical Machine) promoted to DC at a later time, both have the DNS server installed.
    Everything went smoothly until one day you are no longer the PDC starts, blue screen and the continuous reboot. I put up the virtual machine from a backup copy of BK month that I do.
    It seemed to work properly, users authenticate themselves correctly in the domain and DNS performs its job properly, until I formatted a Work Station and when it pick the domain policy with a gpupdate / force, I opened a parallel and hidden .... []. The command gives me the following error:


    Could not update user policies. The following error occurred:


    Policy processing failed group. An attempt was made to recover the new Group Policy settings for the current user or computer. To get the code, and a description, see the details tab. The operation will be retried automatically during the next update cycle. For the identification of new GPOs and their settings, the added computers to the domain must have a service appropriate name resolution and network connectivity to a domain controller. To the completion of Group Policy it will be recorded evento.Impossibile update the computer policy. The following error occurred:


    Policy processing failed group. An attempt was made to recover the new Group Policy settings for the current user or computer. To get the code, and a description, see the details tab. The operation will be retried automatically during the next update cycle. For the identification of new GPOs and their settings, the added computers to the domain must have a service appropriate name resolution and network connectivity to a domain controller. To the completion of Group Policy will log an event.


    To diagnose the error, examine the event log or run GPRESULT / H GPReport.html from the command line to access information about Group Policy results.


    In fact, some policies are applied, some not ...


    Doing a bit of troubleshooting, I realized that something was wrong in the Active Directory Replication, both in the second DC event log with diagnostic commands I had several problems.
    I write to you in detail what I am experiencing on 2 servers:


    w2k3


    Domain Controller Diagnosis


    Performing initial setup:
    Done gathering initial info.


    Doing initial required tests


    Testing server: Default-First-Site-Name \ W2k3
    Starting test: Connectivity
    ......................... W2k3 passed test Connectivity


    Doing primary tests


    Testing server: Default-First-Site-Name \ W2k3
    Starting test: Replications
    [Replications Check, W2k3] A recent replication attempt failed:
    From W2k8 to W2k3
    Naming Context: DC = ForestDnsZones, DC = Domain, DC = local
    The replication generated an error (1256):
    The remote system is not available. For information about troubleshooting network problems, see Windows Help.
    The failure occurred at 07/20/2016 11:56:23.
    The last success occurred at 01/06/2016 12:54:16.
    1176 failures have occurred since the last success.
    [W2k8] DsBindWithSpnEx () failed with error -2146893022,
    Main name right destination ..
    [Replications Check, W2k3] A recent replication attempt failed:
    From W2k8 to W2k3
    Naming Context: DC = DomainDnsZones, DC = Domain, DC = local
    The replication generated an error (1256):
    The remote system is not available. For information about troubleshooting network problems, see Windows Help.
    The failure occurred at 07/20/2016 11:56:23.
    The last success occurred at 06/05/2016 23:47:48.
    2331 failures have occurred since the last success.
    [Replications Check, W2k3] A recent replication attempt failed:
    From W2k8 to W2k3
    Naming Context: CN = Schema, CN = Configuration, DC = Domain, DC = local
    The replication generated an error (-2146893022):
    Main name right destination.
    The failure occurred at 07/20/2016 11:56:23.
    The last success occurred at 01/06/2016 12:54:16.
    1176 failures have occurred since the last success.
    [Replications Check, W2k3] A recent replication attempt failed:
    From W2k8 to W2k3
    Naming Context: CN = Configuration, DC = Domain, DC = local
    The replication generated an error (-2146893022):
    Main name right destination.
    The failure occurred at 07/20/2016 11:56:23.
    The last success occurred at 01/06/2016 12:54:15.
    1184 failures have occurred since the last success.
    [Replications Check, W2k3] A recent replication attempt failed:
    From W2k8 to W2k3
    Naming Context: DC = domain, DC = local
    The replication generated an error (-2146893022):
    Main name right destination.
    The failure occurred at 07/20/2016 12:18:42.
    The last success occurred at 01/06/2016 13:02:06.
    8877 failures have occurred since the last success.
    REPLICATION-RECEIVED LATENCY WARNING
    W2k3: Current time is 12:19:02 20/07/2016.
    ForestDnsZones DC =, DC = Domain, DC = local
    Last replication recieved from W2k8 at 06.01.2016 12:53:16.
    DomainDnsZones DC =, DC = Domain, DC = local
    Last replication recieved from W2k8 at 05.06.2016 23:47:48.
    CN = Schema, CN = Configuration, DC = Domain, DC = local
    Last replication recieved from W2k8 at 06.01.2016 12:53:16.
    CN = Configuration, DC = Domain, DC = local
    Last replication recieved from W2k8 at 06.01.2016 12:53:16.
    DC = Domain, DC = local
    Last replication recieved from W2k8 at 06.01.2016 13:01:07.
    ......................... W2k3 passed test Replications
    Starting test: NCSecDesc
    ......................... W2k3 passed NCSecDesc tests
    Starting test: NetLogons
    ......................... W2k3 passed NetLogons tests
    Starting test: Advertising
    Warning: W2k3 is not advertising as a time server.
    ......................... W2k3 failed test Advertising
    Starting test: KnowsOfRoleHolders
    Warning: W2k8 is the Schema Owner, but is not responding to DS RPC Bind.
    [W2k8] LDAP bind failed with error 8341,
    directory service error ..
    Warning: W2k8 is the Schema Owner, but is not responding to LDAP Bind.
    Warning: W2k8 is the Domain Owner, but is not responding to DS RPC Bind.
    Warning: W2k8 is the Domain Owner, but is not responding to LDAP Bind.
    Warning: W2k8 is the PDC Owner, but is not responding to DS RPC Bind.
    Warning: W2k8 is the PDC Owner, but is not responding to LDAP Bind.
    Warning: W2k8 is the Rid Owner, but is not responding to DS RPC Bind.
    Warning: W2k8 is the Rid Owner, but is not responding to LDAP Bind.
    Warning: W2k8 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
    Warning: W2k8 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
    ......................... W2k3 KnowsOfRoleHolders failed tests
    Starting test: RidManager
    ......................... W2k3 RidManager failed tests
    Starting test: MachineAccount
    ......................... W2k3 passed MachineAccount tests
    Starting test: Services
    ......................... W2k3 passed tests Services
    Starting test: ObjectsReplicated
    ......................... W2k3 passed ObjectsReplicated tests
    Starting test: frssysvol
    ......................... W2k3 passed frssysvol tests
    Starting test: frsevent
    There are warning or error events Within the last 24 hours after the SYSVOL shared Has Been. failing SYSVOL
    replication problems may cause Group Policy problems.
    ......................... W2k3 frsevent failed tests
    Starting test: kccevent
    ......................... W2k3 passed kccevent tests
    Starting test: systemlog
    An Error Event occured. EventID: 0x40000004
    Time Generated: 07/20/2016 11:23:54
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x40000004
    Time Generated: 07/20/2016 11:24:09
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC000001B
    Time Generated: 07/20/2016 11:25:23
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x40000004
    Time Generated: 07/20/2016 11:42:19
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x40000004
    Time Generated: 07/20/2016 11:54:10
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x40000004
    Time Generated: 07/20/2016 11:54:10
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC000001A
    Time Generated: 07/20/2016 11:56:53
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x40000004
    Time Generated: 07/20/2016 12:19:03
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x40000004
    Time Generated: 07/20/2016 12:19:06
    (Event String could not be retrieved)
    ......................... W2k3 systemlog failed tests
    Starting test: VerifyReferences
    ......................... W2k3 passed VerifyReferences tests


    Running partition tests on: ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed CrossRefValidation tests
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed CheckSDRefDom tests


    Running partition tests on: DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed CrossRefValidation tests
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed CheckSDRefDom tests


    Running partition tests on: Schema
    Starting test: CrossRefValidation
    ......................... Scheme passed CrossRefValidation tests
    Starting test: CheckSDRefDom
    ......................... Scheme passed CheckSDRefDom tests


    Running partition tests on: Configuration
    Starting test: CrossRefValidation
    ......................... Configuration CrossRefValidation passed tests
    Starting test: CheckSDRefDom
    ......................... Configuration CheckSDRefDom passed tests


    Running partition tests on: domain
    Starting test: CrossRefValidation
    ......................... Domain passed CrossRefValidation tests
    Starting test: CheckSDRefDom
    ......................... Domain passed CheckSDRefDom tests


    Running enterprise tests on: dominio.local
    Starting test: Intersite
    ......................... Dominio.local passed test Intersite
    Starting test: FsmoCheck
    Warning: DcGetDcName (TIME_SERVER) call failed, error 1355
    A Time Server could not be located.
    The server holding the PDC role is down.
    Warning: DcGetDcName (GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
    A Good Time Server could not be located.
    ......................... Dominio.local FsmoCheck failed tests


    ************************************************** ************************************************** ***************


    Repadmin.exe / showreps






    Default-First-Site-Name \ W2k3
    DC Options: IS_GC
    Site Options: (none)
    DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
    DC invocationID: 21af6366-86e6-4a0f-a3fe-c6048edd4a8e


    ==== INBOUND NEIGHBORS ======================================


    DC = Domain, DC = local
    Default-First-Site-Name \ W2k8 via RPC
    DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
    Last attempt @ 20/07/2016 12:33:42 failed, result -2146893022 (0x80090322):
    Main name right destination.
    8887 consecutive failure (s).
    Last success @ 01/06/2016 13:02:06.


    CN = Configuration, DC = Domain, DC = local
    Default-First-Site-Name \ W2k8 via RPC
    DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
    Last attempt @ 20/07/2016 11:56:23 failed, result -2146893022 (0x80090322):
    Main name right destination.
    1184 consecutive failure (s).
    Last success @ 01/06/2016 12:54:15.


    CN = Schema, CN = Configuration, DC = Domain, DC = local
    Default-First-Site-Name \ W2k8 via RPC
    DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
    Last attempt @ 20/07/2016 11:56:23 failed, result -2146893022 (0x80090322):
    Main name right destination.
    1176 consecutive failure (s).
    Last success @ 01/06/2016 12:54:16.


    DomainDnsZones DC =, DC = Domain, DC = local
    Default-First-Site-Name \ W2k8 via RPC
    DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
    Last attempt @ 20/07/2016 11:56:23 failed, result 1256 (0x4e8):
    The remote system is not available. For information about troubleshooting networking problems, refer to the Guide
    Windows.
    2331 consecutive failure (s).
    Last success @ 05/06/2016 23:47:48.


    ForestDnsZones DC =, DC = Domain, DC = local
    Default-First-Site-Name \ W2k8 via RPC
    DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
    Last attempt @ 20/07/2016 11:56:23 failed, result 1256 (0x4e8):
    The remote system is not available. For information about troubleshooting networking problems, refer to the Guide
    Windows.
    1176 consecutive failure (s).
    Last success @ 01/06/2016 12:54:16.


    Source: Default-First-Site-Name \ W2k8
    ******* 8884 CONSECUTIVE FAILURES since 01/06/2016 13:02:06
    Last error: -2146893022 (0x80090322):
    Main name right destination.




    ************************************************** ************************************************** ***************


    Nltest / dsgetdc: / pdc / force / avoidself




    DC: \\ W2k8.dominio.local
    Address: \\ 10.1.10.21
    Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a
    Dom Name: dominio.local
    Forest Name: dominio.local
    AD Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
    Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC dns_domain DNS_FOREST CLOSE_SITE 0x1000
    The command completed successfully






    ************************************************** ************************************************** ***************




    nltest / dsgetdc: / gc / force




    DC: \\ W2k3.dominio.local
    Address: \\ 10.1.10.56
    Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a
    Dom Name: dominio.local
    Forest Name: dominio.local
    AD Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
    Flags: GC DS LDAP KDC WRITABLE DNS_DC dns_domain DNS_FOREST CLOSE_SITE
    The command completed successfully




    ************************************************** ************************************************** ***************




    w2k8


    Domain Controller Diagnosis


    Performing initial setup:
    Done gathering initial info.


    Doing initial required tests


    Testing server: Default-First-Site-Name \ W2k8
    Starting test: Connectivity
    ......................... W2k8 passed test Connectivity


    Doing primary tests


    Testing server: Default-First-Site-Name \ W2k8
    Starting test: Replications
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    source W2k3
    Replication of new changes along this path will be delayed.
    Should this problem self-correct on the next periodic sync.
    ......................... W2k8 passed test Replications
    Starting test: NCSecDesc
    ......................... W2k8 passed NCSecDesc tests
    Starting test: NetLogons
    ......................... W2k8 passed NetLogons tests
    Starting test: Advertising
    Warning: W2k8 is not advertising as a time server.
    ......................... W2k8 failed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... W2k8 passed KnowsOfRoleHolders tests
    Starting test: RidManager
    ......................... W2k8 passed RidManager tests
    Starting test: MachineAccount
    ......................... W2k8 passed MachineAccount tests
    Starting test: Services
    w32time Service is stopped on [W2k8]
    ......................... W2k8 failed test Services
    Starting test: ObjectsReplicated
    ......................... W2k8 passed ObjectsReplicated tests
    Starting test: frssysvol
    ......................... W2k8 passed frssysvol tests
    Starting test: frsevent
    There are warning or error events Within the last 24 hours after the
    Has Been SYSVOL shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... W2k8 frsevent failed tests
    Starting test: kccevent
    ......................... W2k8 passed kccevent tests
    Starting test: systemlog
    ......................... W2k8 passed systemlog tests
    Starting test: VerifyReferences
    ......................... W2k8 passed VerifyReferences tests


    Running partition tests on: ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed CrossRefValidation tests


    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed CheckSDRefDom tests


    Running partition tests on: DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed CrossRefValidation tests


    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed CheckSDRefDom tests


    Running partition tests on: Schema
    Starting test: CrossRefValidation
    ......................... Scheme passed CrossRefValidation tests
    Starting test: CheckSDRefDom
    ......................... Scheme passed CheckSDRefDom tests


    Running partition tests on: Configuration
    Starting test: CrossRefValidation
    ......................... Configuration CrossRefValidation passed tests
    Starting test: CheckSDRefDom
    ......................... Configuration CheckSDRefDom passed tests


    Running partition tests on: domain
    Starting test: CrossRefValidation
    ......................... Domain passed CrossRefValidation tests
    Starting test: CheckSDRefDom
    ......................... Domain passed CheckSDRefDom tests


    Running enterprise tests on: dominio.local
    Starting test: Intersite
    ......................... Dominio.local passed test Intersite
    Starting test: FsmoCheck
    Warning: DcGetDcName (TIME_SERVER) call failed, error 1355
    A Time Server could not be located.
    The server holding the PDC role is down.
    Warning: DcGetDcName (GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
    A Good Time Server could not be located.
    ......................... Dominio.local FsmoCheck failed tests


    ************************************************** ************************************************** ***************


    Repadmin.exe / showreps




    Default-First-Site-Name \ W2k8
    DC Options: IS_GC
    Site Options: (none)
    DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
    DC invocationID: 4650e772-3559-4454-9f47-bb283b501cb5


    ==== INBOUND NEIGHBORS ======================================


    DC = Domain, DC = local
    Default-First-Site-Name \ W2k3 via RPC
    DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
    Last attempt @ 20/07/2016 11:53:19 was successful.


    CN = Configuration, DC = Domain, DC = local
    Default-First-Site-Name \ W2k3 via RPC
    DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
    Last attempt @ 20/07/2016 11:53:19 was successful.


    CN = Schema, CN = Configuration, DC = Domain, DC = local
    Default-First-Site-Name \ W2k3 via RPC
    DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
    Last attempt @ 20/07/2016 11:53:19 was successful.


    DomainDnsZones DC =, DC = Domain, DC = local
    Default-First-Site-Name \ W2k3 via RPC
    DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
    Last attempt @ 20/07/2016 11:53:19 was successful.


    ForestDnsZones DC =, DC = Domain, DC = local
    Default-First-Site-Name \ W2k3 via RPC
    DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
    Last attempt @ 20/07/2016 11:53:19 was successful.


    ************************************************** ************************************************** ***************
    Nltest / dsgetdc: / pdc / force / avoidself


    DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN


    ************************************************** ************************************************** ***************


    nltest / dsgetdc: / gc / force


    DC: \\ W2k8.dominio.local
    Address: \\ 10.1.10.21
    Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a
    Dom Name: dominio.local
    Forest Name: dominio.local
    AD Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
    Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC dns_domain DNS_FOREST CLOSE_SITE 0x1000
    The command completed successfully


    ************************************************** ************************************************** ***************


    The thing that catches my eye is that if I try to access the File System from W2k3 to W2k8 with the machine name (\\ W2K8) I get the following error


    You can not access \\ W2K8. You might not disporrre permission to use this network resource. Access error. The target account name is incorrect.


    While entering the ip working properly (\\ 10.1.10.21)
    This happens to me on all network PCs.
    So the problem should lie in the DNS ?? I checked several times and is in direct search (Host present) and reverse (PTR present) is all set.


    For further analysis, I put on the Active Directory Replication Monitor and W2k8 everything is correct I have no error, for W2k3 instead all replicas have the error warning (red circle with a white x) with the following error: Name main right destination.


    Someone manages to enlighten me? [: D] [: D]


    Thank you all.

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 986 Times in 916 Posts
    It looks to me like the FSMO roles are at odds with your machines. You need to check which machine holds the roles and possibly seize the roles if one is missing - in your set up all roles should be held by one server.
    Role check on both machines: NetDOM /query FSMO
    Seize Roles in 2003: https://support.microsoft.com/en-gb/kb/255504

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •