Greetings all.
We're having a major issue with our AD DS. One of our Domain
Controllers is acting up. At the moment my goal it to try to get DC1 to
replace its AD database and SYSVOL folder with info from DC2, when the DC's
won't talk to each other.
I would like to know the best way to accomplish this.

The setup-------------------------------------------
Two W2K8E x64 DC's running DNS that is AD integrated.

The main issues-------------------------------------
1) Authentication is problematic across the infrastructure - assuming
because the AD's don't match on the DC's.

2) At first, DC1 could take entries in the AD but could not use those
entries after they were inputted, even though those objects replicated to
DC2; meaning it shows up in AD UC, but is not available to add to NTFS
permissions on a DC1 hard drive. DC2 didn't have this problem.
Now, the DC's won't replicate at all.

3) DNS serial numbers for the AD zone aren't even close. DC2 is now over
1,000 higher than DC1.

The errors found----------------------------------

1) If you reboot DC1 the Netlogon service will be in a paused state. It
allows me to resume or restart but it doesn't help the DC's replicate.

Event Viewer System logs on DC1-------
2) The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server
DC2$. The target name used was DOMAIN\DC2$. This indicates that the target
server failed to decrypt the ticket provided by the client. This can occur
when the target server principal name (SPN) is registered on an account
other than the account the target service is using.

Note that 2) shows up three times but differently...once like the
above, and later with the DOMAIN\DC2$ changed to DNS/dc2.company.com, and
another stating ldap/dc2.company.com

3) The name "DOMAIN :1b" could not be registered on the interface
with IP address 192.168.0.101. The computer with the IP address
192.168.0.102 did not allow the name to be claimed by this computer.

Note the following:
- the way that "DOMAIN :1b" is written, is how it
shows up.
- The IP address of 192.168.0.101 is DC1, and 102 is DC2.

Thanks beforehand for any help provided.

DCDIAG - DC1 (CLS12)

==============================================


Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

* Verifying that the local machine cls12, is a Directory Server.
Home Server = cls12

* Connecting to directory service on server cls12.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Getting ISTG and options for the site
* Identifying all servers.

Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 2 DC(s). Testing 1 of them.

Done gathering initial info.


Doing initial required tests


Testing server: Default-First-Site-Name\CLS12

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... CLS12 passed test Connectivity



Doing primary tests


Testing server: Default-First-Site-Name\CLS12

Starting test: Advertising

The DC CLS12 is advertising itself as a DC and having a DS.
The DC CLS12 is advertising as an LDAP server
The DC CLS12 is advertising as having a writeable directory
The DC CLS12 is advertising as a Key Distribution Center
The DC CLS12 is advertising as a time server
The DS CLS12 is advertising as a GC.
......................... CLS12 passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4

Time Generated: 08/24/2009 00:53:37

Event String:

The File Replication Service is having trouble enabling
replication from CLS21 to CLS12 for c:\windows\sysvol\domain using the DNS
name cls21.core.uac. FRS will keep retrying.

Following are some of the reasons you would see this warning.



[1] FRS can not correctly resolve the DNS name cls21.core.uac
from this computer.

[2] FRS is not running on cls21.core.uac.

[3] The topology information in the Active Directory Domain
Services for this replica has not yet replicated to all the Domain
Controllers.



This event log message will appear once per connection, After
the problem is fixed you will see another event log message indicating that
the connection has been established.

......................... CLS12 passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
......................... CLS12 passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CLS12 passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15
minutes.
......................... CLS12 passed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
[CLS21] DsBindWithSpnEx() failed with error -2146893022,

The target principal name is incorrect..
Warning: CLS21 is the Schema Owner, but is not responding to DS RPC

Bind.

[CLS21] LDAP bind failed with error 8341,

A directory service error has occurred..
Warning: CLS21 is the Schema Owner, but is not responding to LDAP

Bind.

Role Domain Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Warning: CLS21 is the Domain Owner, but is not responding to DS RPC

Bind.

Warning: CLS21 is the Domain Owner, but is not responding to LDAP

Bind.

Role PDC Owner = CN=NTDS
Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Role Rid Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Warning: CLS21 is the Rid Owner, but is not responding to DS RPC
Bind.

Warning: CLS21 is the Rid Owner, but is not responding to LDAP
Bind.

Role Infrastructure Update Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Warning: CLS21 is the Infrastructure Update Owner, but is not

responding to DS RPC Bind.

Warning: CLS21 is the Infrastructure Update Owner, but is not

responding to LDAP Bind.

......................... CLS12 failed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC CLS12 on DC CLS12.
* SPN found :LDAP/cls12.core.uac/core.uac
* SPN found :LDAP/cls12.core.uac
* SPN found :LDAP/CLS12
* SPN found :LDAP/cls12.core.uac/UAC
* SPN found
:LDAP/131f0345-87a7-4218-b232-93c2bee1eb9c._msdcs.core.uac
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/131f0345-87a7-4218-b232-93c2bee1eb9c/core.uac
* SPN found :HOST/cls12.core.uac/core.uac
* SPN found :HOST/cls12.core.uac
* SPN found :HOST/CLS12
* SPN found :HOST/cls12.core.uac/UAC
* SPN found :GC/cls12.core.uac/core.uac
......................... CLS12 passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC CLS12.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for

DC=ForestDnsZones,DC=core,DC=uac
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=ForestDnsZones,DC=core,DC=uac
* Security Permissions Check for

DC=DomainDnsZones,DC=core,DC=uac
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=DomainDnsZones,DC=core,DC=uac
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=core,DC=uac
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=core,DC=uac
(Configuration,Version 3)
* Security Permissions Check for

DC=core,DC=uac
(Domain,Version 3)
......................... CLS12 failed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\CLS12\netlogon
Verified share \\CLS12\sysvol
......................... CLS12 passed test NetLogons

Starting test: ObjectsReplicated

CLS12 is in domain DC=core,DC=uac
Checking for CN=CLS12,OU=Domain Controllers,DC=core,DC=uac in
domain DC=core,DC=uac on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
in domain CN=Configuration,DC=core,DC=uac on 1 servers
Object is up-to-date on all servers.
......................... CLS12 passed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
[Replications Check,Replications Check] Inbound replication is

disabled.

To correct, run "repadmin /options CLS12 -DISABLE_INBOUND_REPL"

[Replications Check,CLS12] Outbound replication is disabled.

To correct, run "repadmin /options CLS12 -DISABLE_OUTBOUND_REPL"

......................... CLS12 failed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 3603 to 1073741823
* cls21.core.uac is the RID Master
......................... CLS12 failed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CLS12 passed test Services

Starting test: SystemLog

* The System Event log test
An Error Event occurred. EventID: 0x40000004

Time Generated: 08/24/2009 14:36:20

Event String:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from
the server cls21$. The target name used was
LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac. This indicates
that the target server failed to decrypt the ticket provided by the client.
This can occur when the target server principal name (SPN) is registered on
an account other than the account the target service is using. Please ensure
that the target SPN is registered on, and only registered on, the account
used by the server. This error can also happen when the target service is
using a different password for the target service account than what the
Kerberos Key Distribution Center (KDC) has for the target service account.
Please ensure that the service on the server and the KDC are both updated to
use the current password. If the server name is not fully qualified, and the
target domain (CORE.UAC) is different from the client domain (CORE.UAC),
check if there are identically named server accounts in these two domains,
or use the fully-qualified name to identify the server.

An Error Event occurred. EventID: 0x40000004

Time Generated: 08/24/2009 14:36:36

Event String:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from
the server cls21$. The target name used was ldap/cls21.core.uac. This
indicates that the target server failed to decrypt the ticket provided by
the client. This can occur when the target server principal name (SPN) is
registered on an account other than the account the target service is using.
Please ensure that the target SPN is registered on, and only registered on,
the account used by the server. This error can also happen when the target
service is using a different password for the target service account than
what the Kerberos Key Distribution Center (KDC) has for the target service
account. Please ensure that the service on the server and the KDC are both
updated to use the current password. If the server name is not fully
qualified, and the target domain (CORE.UAC) is different from the client
domain (CORE.UAC), check if there are identically named server accounts in
these two domains, or use the fully-qualified name to identify the server.

An Error Event occurred. EventID: 0x40000004

Time Generated: 08/24/2009 14:36:43

Event String:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from
the server cls21$. The target name used was UAC\CLS21$. This indicates that
the target server failed to decrypt the ticket provided by the client. This
can occur when the target server principal name (SPN) is registered on an
account other than the account the target service is using. Please ensure
that the target SPN is registered on, and only registered on, the account
used by the server. This error can also happen when the target service is
using a different password for the target service account than what the
Kerberos Key Distribution Center (KDC) has for the target service account.
Please ensure that the service on the server and the KDC are both updated to
use the current password. If the server name is not fully qualified, and the
target domain (CORE.UAC) is different from the client domain (CORE.UAC),
check if there are identically named server accounts in these two domains,
or use the fully-qualified name to identify the server.

......................... CLS12 failed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=CLS12,OU=Domain Controllers,DC=core,DC=uac and backlink on

CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac

are correct.
The system object reference (serverReferenceBL)

CN=CLS12,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=core,DC=uac

and backlink on

CN=NTDS
Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac

are correct.
......................... CLS12 passed test VerifyReferences

Test omitted by user request: VerifyReplicas


Test omitted by user request: DNS

Test omitted by user request: DNS


Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test
CrossRefValidation


Running partition tests on : core

Starting test: CheckSDRefDom

......................... core passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... core passed test CrossRefValidation


Running enterprise tests on : core.uac

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \\cls12.core.uac

Locator Flags: 0xe00011fd
PDC Name: \\cls12.core.uac
Locator Flags: 0xe00011fd
Time Server Name: \\cls12.core.uac
Locator Flags: 0xe00011fd
Preferred Time Server Name: \\cls12.core.uac
Locator Flags: 0xe00011fd
KDC Name: \\cls12.core.uac
Locator Flags: 0xe00011fd
......................... core.uac passed test LocatorCheck

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the
scope

provided by the command line arguments provided.
......................... core.uac passed test Intersite

I'm sending each in a seperate post as the DCDIAG output is extensive.

It has not been past 60 days for the replication, as the replication was
occuring, but not usable by DC1, but now (in the last few days) replication
doesn't appear to happen at all.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662de3c8cbf31109494c32@msnews.microsoft.com...

Quote:

Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Please run diagnostidc tools dcdiag /v, netdiag on both DCs and post the output here. Also run repadmin /showrepl on each of them and post the output. If replication is missing over the tombstone lifetime, between 60 and 180 days, it can require a reinstall of one DC. But this depends also on more detailed information. For more detailed AD replication troubleshooting see: http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Greetings all. We're having a major issue with our AD DS. One of our Domain Controllers is acting up. At the moment my goal it to try to get DC1 to replace its AD database and SYSVOL folder with info from DC2, when the DC's won't talk to each other. I would like to know the best way to accomplish this. The setup------------------------------------------- Two W2K8E x64 DC's running DNS that is AD integrated. The main issues------------------------------------- 1) Authentication is problematic across the infrastructure - assuming because the AD's don't match on the DC's. 2) At first, DC1 could take entries in the AD but could not use those entries after they were inputted, even though those objects replicated to DC2; meaning it shows up in AD UC, but is not available to add to NTFS permissions on a DC1 hard drive. DC2 didn't have this problem. Now, the DC's won't replicate at all. 3) DNS serial numbers for the AD zone aren't even close. DC2 is now over 1,000 higher than DC1. The errors found---------------------------------- 1) If you reboot DC1 the Netlogon service will be in a paused state. It allows me to resume or restart but it doesn't help the DC's replicate. Event Viewer System logs on DC1------- 2) The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server DC2$. The target name used was DOMAIN\DC2$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Note that 2) shows up three times but differently...once like the above, and later with the DOMAIN\DC2$ changed to DNS/dc2.company.com, and another stating ldap/dc2.company.com 3) The name "DOMAIN :1b" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer. Note the following: - the way that "DOMAIN :1b" is written, is how it shows up. - The IP address of 192.168.0.101 is DC1, and 102 is DC2. Thanks beforehand for any help provided.

DCDIAG - DC1 (CLS21- the one we believe is working fine)

===============================================



Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

* Verifying that the local machine cls21, is a Directory Server.
Home Server = cls21

* Connecting to directory service on server cls21.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Getting ISTG and options for the site
* Identifying all servers.

Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 2 DC(s). Testing 1 of them.

Done gathering initial info.


Doing initial required tests


Testing server: Default-First-Site-Name\CLS21

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... CLS21 passed test Connectivity



Doing primary tests


Testing server: Default-First-Site-Name\CLS21

Starting test: Advertising

The DC CLS21 is advertising itself as a DC and having a DS.
The DC CLS21 is advertising as an LDAP server
The DC CLS21 is advertising as having a writeable directory
The DC CLS21 is advertising as a Key Distribution Center
The DC CLS21 is advertising as a time server
The DS CLS21 is advertising as a GC.
......................... CLS21 passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
......................... CLS21 passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
......................... CLS21 passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CLS21 passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15
minutes.
......................... CLS21 passed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Role Domain Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Role PDC Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Role Rid Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
......................... CLS21 passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC CLS21 on DC CLS21.
Warning: Attribute userAccountControl of CLS21 is:

0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT |
TRUSTED_FOR_DELEGATION )

Typical setting for a DC is

0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )

This may be affecting replication?

* SPN found :LDAP/cls21.core.uac/core.uac
* SPN found :LDAP/cls21.core.uac
* SPN found :LDAP/CLS21
* SPN found :LDAP/cls21.core.uac/UAC
* SPN found
:LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298af3c2bfdd/core.uac
* SPN found :HOST/cls21.core.uac/core.uac
* SPN found :HOST/cls21.core.uac
* SPN found :HOST/CLS21
* SPN found :HOST/cls21.core.uac/UAC
* SPN found :GC/cls21.core.uac/core.uac
......................... CLS21 passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC CLS21.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for

DC=ForestDnsZones,DC=core,DC=uac
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=ForestDnsZones,DC=core,DC=uac
* Security Permissions Check for

DC=DomainDnsZones,DC=core,DC=uac
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=DomainDnsZones,DC=core,DC=uac
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=core,DC=uac
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=core,DC=uac
(Configuration,Version 3)
* Security Permissions Check for

DC=core,DC=uac
(Domain,Version 3)
......................... CLS21 failed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\CLS21\netlogon
Verified share \\CLS21\sysvol
......................... CLS21 passed test NetLogons

Starting test: ObjectsReplicated

CLS21 is in domain DC=core,DC=uac
Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in
domain DC=core,DC=uac on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac
in domain CN=Configuration,DC=core,DC=uac on 1 servers
Object is up-to-date on all servers.
......................... CLS21 passed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
[Replications Check,CLS21] A recent replication attempt failed:

From CLS12 to CLS21

Naming Context: DC=ForestDnsZones,DC=core,DC=uac

The replication generated an error (8456):

The source server is currently rejecting replication requests.

The failure occurred at 2009-08-24 13:50:34.

The last success occurred at 2009-07-10 20:23:42.

1081 failures have occurred since the last success.

Replication has been explicitly disabled through the server

options.

[Replications Check,CLS21] A recent replication attempt failed:

From CLS12 to CLS21

Naming Context: DC=DomainDnsZones,DC=core,DC=uac

The replication generated an error (8456):

The source server is currently rejecting replication requests.

The failure occurred at 2009-08-24 13:50:34.

The last success occurred at 2009-07-10 21:09:53.

1275 failures have occurred since the last success.

Replication has been explicitly disabled through the server

options.

[Replications Check,CLS21] A recent replication attempt failed:

From CLS12 to CLS21

Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac

The replication generated an error (8456):

The source server is currently rejecting replication requests.

The failure occurred at 2009-08-24 13:50:34.

The last success occurred at 2009-07-10 20:18:45.

1076 failures have occurred since the last success.

Replication has been explicitly disabled through the server

options.

[Replications Check,CLS21] A recent replication attempt failed:

From CLS12 to CLS21

Naming Context: CN=Configuration,DC=core,DC=uac

The replication generated an error (8456):

The source server is currently rejecting replication requests.

The failure occurred at 2009-08-24 13:50:34.

The last success occurred at 2009-07-10 20:18:42.

1079 failures have occurred since the last success.

Replication has been explicitly disabled through the server

options.

[Replications Check,CLS21] A recent replication attempt failed:

From CLS12 to CLS21

Naming Context: DC=core,DC=uac

The replication generated an error (8456):

The source server is currently rejecting replication requests.

The failure occurred at 2009-08-24 13:50:34.

The last success occurred at 2009-07-10 21:10:27.

2449 failures have occurred since the last success.

Replication has been explicitly disabled through the server

options.

REPLICATION LATENCY WARNING

ERROR: Expected notification link is missing.

Source CLS12

Replication of new changes along this path will be delayed.

This problem should self-correct on the next periodic sync.

......................... CLS21 failed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 3603 to 1073741823
* cls21.core.uac is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2288
......................... CLS21 passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CLS21 passed test Services

Starting test: SystemLog

* The System Event log test
An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:16

Event String:

Driver RICOH Aficio 3035 PCL 6 required for printer
!!CLS12!CLC02 is unknown. Contact the administrator to install the driver
before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:17

Event String:

Driver HP Universal Printing PCL 6 required for printer HP
Universal Printing PCL 6 is unknown. Contact the administrator to install
the driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:18

Event String:

Driver RICOH Aficio 3025 PCL 6 required for printer
!!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to
install the driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:21

Event String:

Driver Adobe PDF Converter required for printer Adobe PDF is
unknown. Contact the administrator to install the driver before you log in
again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:24

Event String:

Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH
Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the
driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:24

Event String:

Driver PCL6 Driver for Universal Print required for printer
Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the
driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:25

Event String:

Driver Send To Microsoft OneNote Driver required for printer
Send To OneNote 2007 is unknown. Contact the administrator to install the
driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:26

Event String:

Driver Samsung CLP-510 Series required for printer Samsung
CLP-510 Series is unknown. Contact the administrator to install the driver
before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 13:52:27

Event String:

Driver Snagit 9 Printer required for printer Snagit 9 is
unknown. Contact the administrator to install the driver before you log in
again.

An Warning Event occurred. EventID: 0x80000008

Time Generated: 08/24/2009 14:22:38

Event String:

The jobs in the print queue for printer HP LaserJet 4050 Series
PCL 5 (redirected 5) were deleted. No user action is required.

To stop logging warning events for the print spooler, in Control
Panel, open Printers, right-click a blank area of the window, click Run as
Administrator, click Server Properties, click the Advanced tab, and then
clear the Log spooler warning events check box.

An Warning Event occurred. EventID: 0x80000004

Time Generated: 08/24/2009 14:22:38

Event String:

Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be
deleted. No user action is required.

To stop logging warning events for the print spooler, in Control
Panel, open Printers, right-click a blank area of the window, click Run as
Administrator, click Server Properties, click the Advanced tab, and then
clear the Log spooler warning events check box.

An Warning Event occurred. EventID: 0x80000003

Time Generated: 08/24/2009 14:22:38

Event String:

Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was
deleted, and users will no longer be able to print to this printer. No user
action is required.

To stop logging information events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window, click
Run as Administrator, click Server Properties, click the Advanced tab, and
then clear the Log spooler information events check box.

An Warning Event occurred. EventID: 0x80000008

Time Generated: 08/24/2009 14:22:38

Event String:

The jobs in the print queue for printer Microsoft XPS Document
Writer (redirected 5) were deleted. No user action is required.

To stop logging warning events for the print spooler, in Control
Panel, open Printers, right-click a blank area of the window, click Run as
Administrator, click Server Properties, click the Advanced tab, and then
clear the Log spooler warning events check box.

An Warning Event occurred. EventID: 0x80000004

Time Generated: 08/24/2009 14:22:38

Event String:

Printer Microsoft XPS Document Writer (redirected 5) will be
deleted. No user action is required.

To stop logging warning events for the print spooler, in Control
Panel, open Printers, right-click a blank area of the window, click Run as
Administrator, click Server Properties, click the Advanced tab, and then
clear the Log spooler warning events check box.

An Warning Event occurred. EventID: 0x80000003

Time Generated: 08/24/2009 14:22:38

Event String:

Printer Microsoft XPS Document Writer (redirected 5) was
deleted, and users will no longer be able to print to this printer. No user
action is required.

To stop logging information events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window, click
Run as Administrator, click Server Properties, click the Advanced tab, and
then clear the Log spooler information events check box.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 14:22:41

Event String:

Driver Microsoft Office Document Image Writer Driver required
for printer Microsoft Office Document Image Writer is unknown. Contact the
administrator to install the driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 14:22:44

Event String:

Driver RICOH Aficio 3035 PCL 6 required for printer
!!CLS12!CLC02 is unknown. Contact the administrator to install the driver
before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 14:22:45

Event String:

Driver Send To Microsoft OneNote Driver required for printer
Send To OneNote 2007 is unknown. Contact the administrator to install the
driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 08/24/2009 14:22:46

Event String:

Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH
Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the
driver before you log in again.

An Warning Event occurred. EventID: 0x80000008

Time Generated: 08/24/2009 14:24:37

Event String:

The jobs in the print queue for printer HP LaserJet 4050 Series
PCL 5 (redirected 5) were deleted. No user action is required.

To stop logging warning events for the print spooler, in Control
Panel, open Printers, right-click a blank area of the window, click Run as
Administrator, click Server Properties, click the Advanced tab, and then
clear the Log spooler warning events check box.

An Warning Event occurred. EventID: 0x80000004

Time Generated: 08/24/2009 14:24:37

Event String:

Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be
deleted. No user action is required.

To stop logging warning events for the print spooler, in Control
Panel, open Printers, right-click a blank area of the window, click Run as
Administrator, click Server Properties, click the Advanced tab, and then
clear the Log spooler warning events check box.

An Warning Event occurred. EventID: 0x80000003

Time Generated: 08/24/2009 14:24:37

Event String:

Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was
deleted, and users will no longer be able to print to this printer. No user
action is required.

To stop logging information events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window, click
Run as Administrator, click Server Properties, click the Advanced tab, and
then clear the Log spooler information events check box.

An Warning Event occurred. EventID: 0x80000008

Time Generated: 08/24/2009 14:24:37

Event String:

The jobs in the print queue for printer Microsoft XPS Document
Writer (redirected 5) were deleted. No user action is required.

To stop logging warning events for the print spooler, in Control
Panel, open Printers, right-click a blank area of the window, click Run as
Administrator, click Server Properties, click the Advanced tab, and then
clear the Log spooler warning events check box.

An Warning Event occurred. EventID: 0x80000004

Time Generated: 08/24/2009 14:24:37

Event String:

Printer Microsoft XPS Document Writer (redirected 5) will be
deleted. No user action is required.

To stop logging warning events for the print spooler, in Control
Panel, open Printers, right-click a blank area of the window, click Run as
Administrator, click Server Properties, click the Advanced tab, and then
clear the Log spooler warning events check box.

An Warning Event occurred. EventID: 0x80000003

Time Generated: 08/24/2009 14:24:37

Event String:

Printer Microsoft XPS Document Writer (redirected 5) was
deleted, and users will no longer be able to print to this printer. No user
action is required.

To stop logging information events for the print spooler, in
Control Panel, open Printers, right-click a blank area of the window, click
Run as Administrator, click Server Properties, click the Advanced tab, and
then clear the Log spooler information events check box.

......................... CLS21 failed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on

CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac

are correct.
The system object reference (serverReferenceBL)

CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=core,DC=uac

and backlink on

CN=NTDS
Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core,DC=uac

are correct.
......................... CLS21 passed test VerifyReferences

Test omitted by user request: VerifyReplicas


Test omitted by user request: DNS

Test omitted by user request: DNS


Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test
CrossRefValidation


Running partition tests on : core

Starting test: CheckSDRefDom

......................... core passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... core passed test CrossRefValidation


Running enterprise tests on : core.uac

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \\cls21.core.uac

Locator Flags: 0xe00011fd
PDC Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
Time Server Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
Preferred Time Server Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
KDC Name: \\cls21.core.uac
Locator Flags: 0xe00011fd
......................... core.uac passed test LocatorCheck

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the
scope

provided by the command line arguments provided.
......................... core.uac passed test Intersite

REPADMIN - DC1 (CLS12)

==============================================


Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\CLS12
DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
Site Options: (none)
DSA object GUID: 131f0345-87a7-4218-b232-93c2bee1eb9c
DSA invocationID: 83763ada-f2ea-4702-9878-35d2a9a492bf

==== INBOUND NEIGHBORS ======================================

DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:52:21 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
47928 consecutive failure(s).
Last success @ 2009-07-10 20:32:03.

CN=Configuration,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1075 consecutive failure(s).
Last success @ 2009-07-10 20:18:23.

CN=Schema,CN=Configuration,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1072 consecutive failure(s).
Last success @ 2009-07-10 20:18:23.

DC=DomainDnsZones,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
2007 consecutive failure(s).
Last success @ 2009-07-10 20:25:08.

DC=ForestDnsZones,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1072 consecutive failure(s).
Last success @ 2009-07-10 20:23:57.

Source: Default-First-Site-Name\CLS21
******* 47915 CONSECUTIVE FAILURES since 2009-07-10 20:32:03
Last error: 8457 (0x2109):
The destination server is currently rejecting replication
requests.

REPADMIN - DC2 (CLS21 - the one we think is working)


==============================================


Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\CLS12
DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
Site Options: (none)
DSA object GUID: 131f0345-87a7-4218-b232-93c2bee1eb9c
DSA invocationID: 83763ada-f2ea-4702-9878-35d2a9a492bf

==== INBOUND NEIGHBORS ======================================

DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:55:45 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
47932 consecutive failure(s).
Last success @ 2009-07-10 20:32:03.

CN=Configuration,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1075 consecutive failure(s).
Last success @ 2009-07-10 20:18:23.

CN=Schema,CN=Configuration,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1072 consecutive failure(s).
Last success @ 2009-07-10 20:18:23.

DC=DomainDnsZones,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
2007 consecutive failure(s).
Last success @ 2009-07-10 20:25:08.

DC=ForestDnsZones,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1072 consecutive failure(s).
Last success @ 2009-07-10 20:23:57.

Source: Default-First-Site-Name\CLS21
******* 47915 CONSECUTIVE FAILURES since 2009-07-10 20:32:03
Last error: 8457 (0x2109):
The destination server is currently rejecting replication
requests.

CLS12 was first installed as a W2K3SE x86.
CLS21 was installed as a WS2K8E x64 server, as the second DC.
All primary DC functions were moved to CLS21.
CLS12 was demoted successfully with no issues leaving CLS21 as the sole DC.
CLS21's AD was then upgraded to 2008 functional levels in all areas.
CLS12 was wiped out completely and a fresh installation of WS2K8E x64 was
done.
It was added to the domain as a member server, then DCPOMO'ed to the second
DC.
That was a year ago now.

Whenever a needed Microsoft update is offered, they are both done together.

The PDC emulator role issue is my fault, as CLS12 would not show who had the
role for anything. They only showed ERROR for both RID and INFRASTRUCTURE.
I attempted to get CLS12 to give it to CLS21 (or rather grab it), but it did
it to itself, and I can't transfer it. I tried.
RID and INFRASTRUCTURE show that the Operations Master is offline.

NETDOM - (CLS12)
==================================
Schema master cls21.core.uac
Domain naming master cls21.core.uac
PDC cls12.core.uac
RID pool manager cls21.core.uac
Infrastructure master cls21.core.uac


NETDOM - (CLS21)
==================================
Schema master cls21.core.uac
Domain naming master cls21.core.uac
PDC cls21.core.uac
RID pool manager cls21.core.uac
Infrastructure master cls21.core.uac





"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662de468cbf315003b8002@msnews.microsoft.com...

Quote:

Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from: netdom query fsmo When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298af3c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite

I noticed something in DCDIAG between the two outputs, that CLS12 does not
advertise itself as a DC (which makes sense to me considering the issues
we're having).





"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662de468cbf315003b8002@msnews.microsoft.com...

Quote:

Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from: netdom query fsmo When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298af3c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite

My apologies, you can ignore this reponse. I misread the error log.


"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message

Quote:

I noticed something in DCDIAG between the two outputs, that CLS12 does not advertise itself as a DC (which makes sense to me considering the issues we're having).

I'm resending the REPADMIN results as I believe I sent the same server twice.

CLS12=====================================

Repadmin: running command /SHOWREPL against full DC localhost
Default-First-Site-Name\CLS12
DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
Site Options: (none)
DSA object GUID: 131f0345-87a7-4218-b232-93c2bee1eb9c
DSA invocationID: 83763ada-f2ea-4702-9878-35d2a9a492bf

==== INBOUND NEIGHBORS ======================================

DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 15:41:58 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
47971 consecutive failure(s).
Last success @ 2009-07-10 20:32:03.

CN=Configuration,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1075 consecutive failure(s).
Last success @ 2009-07-10 20:18:23.

CN=Schema,CN=Configuration,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1072 consecutive failure(s).
Last success @ 2009-07-10 20:18:23.

DC=DomainDnsZones,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 15:08:25 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
2008 consecutive failure(s).
Last success @ 2009-07-10 20:25:08.

DC=ForestDnsZones,DC=core,DC=uac
Default-First-Site-Name\CLS21 via RPC
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
Last attempt @ 2009-08-24 14:51:03 failed, result 8457 (0x2109):
The destination server is currently rejecting replication
requests.
1072 consecutive failure(s).
Last success @ 2009-07-10 20:23:57.

Source: Default-First-Site-Name\CLS21
******* 47969 CONSECUTIVE FAILURES since 2009-07-10 20:32:03
Last error: 8457 (0x2109):
The destination server is currently rejecting replication
requests.

I'm resending the REPADMIN results as I believe I sent the same server twice.

CLS21=====================================

Repadmin: running command /SHOWREPL against full DC localhost
Default-First-Site-Name\CLS21
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: fb192dc6-608d-4e40-92cd-298af3c2bfdd
DSA invocationID: eab41059-bd40-4a7e-8de7-6148b145db11

==== INBOUND NEIGHBORS ======================================

DC=core,DC=uac
Default-First-Site-Name\CLS12 via RPC
DSA object GUID: 131f0345-87a7-4218-b232-93c2bee1eb9c
Last attempt @ 2009-08-24 14:50:34 failed, result 8456 (0x2108):
The source server is currently rejecting replication requests.
2450 consecutive failure(s).
Last success @ 2009-07-10 21:10:27.

CN=Configuration,DC=core,DC=uac
Default-First-Site-Name\CLS12 via RPC
DSA object GUID: 131f0345-87a7-4218-b232-93c2bee1eb9c
Last attempt @ 2009-08-24 14:50:34 failed, result 8456 (0x2108):
The source server is currently rejecting replication requests.
1080 consecutive failure(s).
Last success @ 2009-07-10 20:18:42.

CN=Schema,CN=Configuration,DC=core,DC=uac
Default-First-Site-Name\CLS12 via RPC
DSA object GUID: 131f0345-87a7-4218-b232-93c2bee1eb9c
Last attempt @ 2009-08-24 14:50:34 failed, result 8456 (0x2108):
The source server is currently rejecting replication requests.
1077 consecutive failure(s).
Last success @ 2009-07-10 20:18:45.

DC=DomainDnsZones,DC=core,DC=uac
Default-First-Site-Name\CLS12 via RPC
DSA object GUID: 131f0345-87a7-4218-b232-93c2bee1eb9c
Last attempt @ 2009-08-24 14:50:34 failed, result 8456 (0x2108):
The source server is currently rejecting replication requests.
1276 consecutive failure(s).
Last success @ 2009-07-10 21:09:53.

DC=ForestDnsZones,DC=core,DC=uac
Default-First-Site-Name\CLS12 via RPC
DSA object GUID: 131f0345-87a7-4218-b232-93c2bee1eb9c
Last attempt @ 2009-08-24 14:50:34 failed, result 8456 (0x2108):
The source server is currently rejecting replication requests.
1082 consecutive failure(s).
Last success @ 2009-07-10 20:23:42.

Source: Default-First-Site-Name\CLS12
******* 2450 CONSECUTIVE FAILURES since 2009-07-10 21:10:27
Last error: 8456 (0x2108):
The source server is currently rejecting replication requests.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662de8d8cbf31abfb642d2@msnews.microsoft.com...

Quote:

Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I understand, so in my understanding the reinstalled cls12 was not removed complete from AD. Even it has looked like or cls21 was not installed correct in the domain before. If the FSMO roles where moved to the 2008 DC correct, the PDCEmulator role can not be on the old one. I see that it is the case. In my opinion you have to shutdown the cls12 and then cleanup AD on cls21 according to: http://support.microsoft.com/kb/555846/en-us Then run dcdiag /v, netdiag /v again and check for errors, also in the event viewer. After that format cls12 and install it complete from scratch, maybe with another name also. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm CLS12 was first installed as a W2K3SE x86. CLS21 was installed as a WS2K8E x64 server, as the second DC. All primary DC functions were moved to CLS21. CLS12 was demoted successfully with no issues leaving CLS21 as the sole DC. CLS21's AD was then upgraded to 2008 functional levels in all areas. CLS12 was wiped out completely and a fresh installation of WS2K8E x64 was done. It was added to the domain as a member server, then DCPOMO'ed to the second DC. That was a year ago now. Whenever a needed Microsoft update is offered, they are both done together. The PDC emulator role issue is my fault, as CLS12 would not show who had the role for anything. They only showed ERROR for both RID and INFRASTRUCTURE. I attempted to get CLS12 to give it to CLS21 (or rather grab it), but it did it to itself, and I can't transfer it. I tried. RID and INFRASTRUCTURE show that the Operations Master is offline. NETDOM - (CLS12) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls12.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac NETDOM - (CLS21) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls21.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de468cbf315003b8002@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from: netdom query fsmo When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,L DA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cor e, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,L DA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298af3 c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura ti on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite

The FSMO roles were all correct and fine prior to the last couple of weeks.

Wouldn't forcing replication on CLS12 fix this issue?

I was hoping there was a way to destroy the AD DB on CLS12 and just have it
re-replicate a new copy from CLS21. Is this possible?


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662de8d8cbf31abfb642d2@msnews.microsoft.com...

Quote:

Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I understand, so in my understanding the reinstalled cls12 was not removed complete from AD. Even it has looked like or cls21 was not installed correct in the domain before. If the FSMO roles where moved to the 2008 DC correct, the PDCEmulator role can not be on the old one. I see that it is the case. In my opinion you have to shutdown the cls12 and then cleanup AD on cls21 according to: http://support.microsoft.com/kb/555846/en-us Then run dcdiag /v, netdiag /v again and check for errors, also in the event viewer. After that format cls12 and install it complete from scratch, maybe with another name also. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm CLS12 was first installed as a W2K3SE x86. CLS21 was installed as a WS2K8E x64 server, as the second DC. All primary DC functions were moved to CLS21. CLS12 was demoted successfully with no issues leaving CLS21 as the sole DC. CLS21's AD was then upgraded to 2008 functional levels in all areas. CLS12 was wiped out completely and a fresh installation of WS2K8E x64 was done. It was added to the domain as a member server, then DCPOMO'ed to the second DC. That was a year ago now. Whenever a needed Microsoft update is offered, they are both done together. The PDC emulator role issue is my fault, as CLS12 would not show who had the role for anything. They only showed ERROR for both RID and INFRASTRUCTURE. I attempted to get CLS12 to give it to CLS21 (or rather grab it), but it did it to itself, and I can't transfer it. I tried. RID and INFRASTRUCTURE show that the Operations Master is offline. NETDOM - (CLS12) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls12.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac NETDOM - (CLS21) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls21.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de468cbf315003b8002@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from: netdom query fsmo When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,L DA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cor e, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,L DA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298af3 c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura ti on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite

I forgot to mention that there is a two way trust relationship between this
domain and a W2K3 domain - created manually after both domains were up for
awhile.


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662de8d8cbf31abfb642d2@msnews.microsoft.com...

Quote:

Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I understand, so in my understanding the reinstalled cls12 was not removed complete from AD. Even it has looked like or cls21 was not installed correct in the domain before. If the FSMO roles where moved to the 2008 DC correct, the PDCEmulator role can not be on the old one. I see that it is the case. In my opinion you have to shutdown the cls12 and then cleanup AD on cls21 according to: http://support.microsoft.com/kb/555846/en-us Then run dcdiag /v, netdiag /v again and check for errors, also in the event viewer. After that format cls12 and install it complete from scratch, maybe with another name also. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm CLS12 was first installed as a W2K3SE x86. CLS21 was installed as a WS2K8E x64 server, as the second DC. All primary DC functions were moved to CLS21. CLS12 was demoted successfully with no issues leaving CLS21 as the sole DC. CLS21's AD was then upgraded to 2008 functional levels in all areas. CLS12 was wiped out completely and a fresh installation of WS2K8E x64 was done. It was added to the domain as a member server, then DCPOMO'ed to the second DC. That was a year ago now. Whenever a needed Microsoft update is offered, they are both done together. The PDC emulator role issue is my fault, as CLS12 would not show who had the role for anything. They only showed ERROR for both RID and INFRASTRUCTURE. I attempted to get CLS12 to give it to CLS21 (or rather grab it), but it did it to itself, and I can't transfer it. I tried. RID and INFRASTRUCTURE show that the Operations Master is offline. NETDOM - (CLS12) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls12.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac NETDOM - (CLS21) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls21.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de468cbf315003b8002@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from: netdom query fsmo When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,L DA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cor e, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,L DA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298af3 c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura ti on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite

Hello Jacques Latoison" Jacques Latoison at hotmail dot com,

Please run diagnostidc tools dcdiag /v, netdiag on both DCs and post the
output here. Also run repadmin /showrepl on each of them and post the output.

If replication is missing over the tombstone lifetime, between 60 and 180
days, it can require a reinstall of one DC. But this depends also on more
detailed information.

For more detailed AD replication troubleshooting see:
http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

Greetings all. We're having a major issue with our AD DS. One of our Domain Controllers is acting up. At the moment my goal it to try to get DC1 to replace its AD database and SYSVOL folder with info from DC2, when the DC's won't talk to each other. I would like to know the best way to accomplish this. The setup------------------------------------------- Two W2K8E x64 DC's running DNS that is AD integrated. The main issues------------------------------------- 1) Authentication is problematic across the infrastructure - assuming because the AD's don't match on the DC's. 2) At first, DC1 could take entries in the AD but could not use those entries after they were inputted, even though those objects replicated to DC2; meaning it shows up in AD UC, but is not available to add to NTFS permissions on a DC1 hard drive. DC2 didn't have this problem. Now, the DC's won't replicate at all. 3) DNS serial numbers for the AD zone aren't even close. DC2 is now over 1,000 higher than DC1. The errors found---------------------------------- 1) If you reboot DC1 the Netlogon service will be in a paused state. It allows me to resume or restart but it doesn't help the DC's replicate. Event Viewer System logs on DC1------- 2) The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server DC2$. The target name used was DOMAIN\DC2$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Note that 2) shows up three times but differently...once like the above, and later with the DOMAIN\DC2$ changed to DNS/dc2.company.com, and another stating ldap/dc2.company.com 3) The name "DOMAIN :1b" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer. Note the following: - the way that "DOMAIN :1b" is written, is how it shows up. - The IP address of 192.168.0.101 is DC1, and 102 is DC2. Thanks beforehand for any help provided.

That article doesn't seem to apply to 2008, only 2000 and 2003.

Does it?



"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662dea18cbf31e62b2a0c2@msnews.microsoft.com...

Quote:

Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I am not sure if this can help in your case, read carefully: http://support.microsoft.com/kb/290762 The biggest problem are the 2 PDCEmulator roles in the domain. So i would kick out cls12 and start there with going on to get it running back. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm The FSMO roles were all correct and fine prior to the last couple of weeks. Wouldn't forcing replication on CLS12 fix this issue? I was hoping there was a way to destroy the AD DB on CLS12 and just have it re-replicate a new copy from CLS21. Is this possible? "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de8d8cbf31abfb642d2@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I understand, so in my understanding the reinstalled cls12 was not removed complete from AD. Even it has looked like or cls21 was not installed correct in the domain before. If the FSMO roles where moved to the 2008 DC correct, the PDCEmulator role can not be on the old one. I see that it is the case. In my opinion you have to shutdown the cls12 and then cleanup AD on cls21 according to: http://support.microsoft.com/kb/555846/en-us Then run dcdiag /v, netdiag /v again and check for errors, also in the event viewer. After that format cls12 and install it complete from scratch, maybe with another name also. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Yeah,
The registry keys its denotes in the below article 290762 don't appear
in 2008.
I had something similar show up before when I was attempting the SYSVOL fix
but I found conversations where there were actual debates on the process of
forced replication for 2008 (which differs from the Resource Kit).
Most of the conversations revolved around 2000/2003 techniques that don't
work in 2008.

Unless you have something else for me I'm going to try your suggestions.



"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662dea18cbf31e62b2a0c2@msnews.microsoft.com...

Quote:

Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I am not sure if this can help in your case, read carefully: http://support.microsoft.com/kb/290762 The biggest problem are the 2 PDCEmulator roles in the domain. So i would kick out cls12 and start there with going on to get it running back. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm The FSMO roles were all correct and fine prior to the last couple of weeks. Wouldn't forcing replication on CLS12 fix this issue? I was hoping there was a way to destroy the AD DB on CLS12 and just have it re-replicate a new copy from CLS21. Is this possible? "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de8d8cbf31abfb642d2@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I understand, so in my understanding the reinstalled cls12 was not removed complete from AD. Even it has looked like or cls21 was not installed correct in the domain before. If the FSMO roles where moved to the 2008 DC correct, the PDCEmulator role can not be on the old one. I see that it is the case. In my opinion you have to shutdown the cls12 and then cleanup AD on cls21 according to: http://support.microsoft.com/kb/555846/en-us Then run dcdiag /v, netdiag /v again and check for errors, also in the event viewer. After that format cls12 and install it complete from scratch, maybe with another name also. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm CLS12 was first installed as a W2K3SE x86. CLS21 was installed as a WS2K8E x64 server, as the second DC. All primary DC functions were moved to CLS21. CLS12 was demoted successfully with no issues leaving CLS21 as the sole DC. CLS21's AD was then upgraded to 2008 functional levels in all areas. CLS12 was wiped out completely and a fresh installation of WS2K8E x64 was done. It was added to the domain as a member server, then DCPOMO'ed to the second DC. That was a year ago now. Whenever a needed Microsoft update is offered, they are both done together. The PDC emulator role issue is my fault, as CLS12 would not show who had the role for anything. They only showed ERROR for both RID and INFRASTRUCTURE. I attempted to get CLS12 to give it to CLS21 (or rather grab it), but it did it to itself, and I can't transfer it. I tried. RID and INFRASTRUCTURE show that the Operations Master is offline. NETDOM - (CLS12) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls12.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac NETDOM - (CLS21) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls21.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de468cbf315003b8002@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from: netdom query fsmo When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac ,L DA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=c or e, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac ,L DA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298a f3 c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu ra ti on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite

Hello Jacques Latoison" Jacques Latoison at hotmail dot com,

Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that
a typo o real? Please post the output from each DC from:
netdom query fsmo

When cls21 was the first DC in the domain how was the second one cls12 installed,
from scratch, backup, sysprepped or not sysprepped image or snapshot?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=core, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac,LDA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298af3c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite