Hello Jacques Latoison" Jacques Latoison at hotmail dot com,

The trust is not related to the problem between your DCs. No replication
occurs between them, as between DCs.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

I forgot to mention that there is a two way trust relationship between this domain and a W2K3 domain - created manually after both domains were up for awhile. "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de8d8cbf31abfb642d2@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I understand, so in my understanding the reinstalled cls12 was not removed complete from AD. Even it has looked like or cls21 was not installed correct in the domain before. If the FSMO roles where moved to the 2008 DC correct, the PDCEmulator role can not be on the old one. I see that it is the case. In my opinion you have to shutdown the cls12 and then cleanup AD on cls21 according to: http://support.microsoft.com/kb/555846/en-us Then run dcdiag /v, netdiag /v again and check for errors, also in the event viewer. After that format cls12 and install it complete from scratch, maybe with another name also. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm CLS12 was first installed as a W2K3SE x86. CLS21 was installed as a WS2K8E x64 server, as the second DC. All primary DC functions were moved to CLS21. CLS12 was demoted successfully with no issues leaving CLS21 as the sole DC. CLS21's AD was then upgraded to 2008 functional levels in all areas. CLS12 was wiped out completely and a fresh installation of WS2K8E x64 was done. It was added to the domain as a member server, then DCPOMO'ed to the second DC. That was a year ago now. Whenever a needed Microsoft update is offered, they are both done together. The PDC emulator role issue is my fault, as CLS12 would not show who had the role for anything. They only showed ERROR for both RID and INFRASTRUCTURE. I attempted to get CLS12 to give it to CLS21 (or rather grab it), but it did it to itself, and I can't transfer it. I tried. RID and INFRASTRUCTURE show that the Operations Master is offline. NETDOM - (CLS12) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls12.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac NETDOM - (CLS21) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls21.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de468cbf315003b8002@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from: netdom query fsmo When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac ,L DA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=c or e, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=uac ,L DA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-298a f3 c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu ra ti on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N= Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite

Hello Jacques Latoison" Jacques Latoison at hotmail dot com,

On my system with 2008 SP2 the key exist, domain/forest functional level
2008. Even if DFSR is used for sysvol replication.

Check out this ones about FRS or DFSR replicated sysvol:
http://msdn.microsoft.com/en-us/library/cc507518(VS.85).aspx

http://msdn.microsoft.com/en-us/library/bb540026(VS.85).aspx

and migration to DFSR:
http://blogs.technet.com/filecab/archive/2008/02/08/sysvol-migration-series-part-1-introduction-to-the-sysvol-migration-process.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

Yeah, The registry keys its denotes in the below article 290762 don't appear in 2008. I had something similar show up before when I was attempting the SYSVOL fix but I found conversations where there were actual debates on the process of forced replication for 2008 (which differs from the Resource Kit). Most of the conversations revolved around 2000/2003 techniques that don't work in 2008. Unless you have something else for me I'm going to try your suggestions. "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662dea18cbf31e62b2a0c2@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I am not sure if this can help in your case, read carefully: http://support.microsoft.com/kb/290762 The biggest problem are the 2 PDCEmulator roles in the domain. So i would kick out cls12 and start there with going on to get it running back. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm The FSMO roles were all correct and fine prior to the last couple of weeks. Wouldn't forcing replication on CLS12 fix this issue? I was hoping there was a way to destroy the AD DB on CLS12 and just have it re-replicate a new copy from CLS21. Is this possible? "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de8d8cbf31abfb642d2@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, I understand, so in my understanding the reinstalled cls12 was not removed complete from AD. Even it has looked like or cls21 was not installed correct in the domain before. If the FSMO roles where moved to the 2008 DC correct, the PDCEmulator role can not be on the old one. I see that it is the case. In my opinion you have to shutdown the cls12 and then cleanup AD on cls21 according to: http://support.microsoft.com/kb/555846/en-us Then run dcdiag /v, netdiag /v again and check for errors, also in the event viewer. After that format cls12 and install it complete from scratch, maybe with another name also. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm CLS12 was first installed as a W2K3SE x86. CLS21 was installed as a WS2K8E x64 server, as the second DC. All primary DC functions were moved to CLS21. CLS12 was demoted successfully with no issues leaving CLS21 as the sole DC. CLS21's AD was then upgraded to 2008 functional levels in all areas. CLS12 was wiped out completely and a fresh installation of WS2K8E x64 was done. It was added to the domain as a member server, then DCPOMO'ed to the second DC. That was a year ago now. Whenever a needed Microsoft update is offered, they are both done together. The PDC emulator role issue is my fault, as CLS12 would not show who had the role for anything. They only showed ERROR for both RID and INFRASTRUCTURE. I attempted to get CLS12 to give it to CLS21 (or rather grab it), but it did it to itself, and I can't transfer it. I tried. RID and INFRASTRUCTURE show that the Operations Master is offline. NETDOM - (CLS12) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls12.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac NETDOM - (CLS21) ================================== Schema master cls21.core.uac Domain naming master cls21.core.uac PDC cls21.core.uac RID pool manager cls21.core.uac Infrastructure master cls21.core.uac "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662de468cbf315003b8002@msnews.microsoft.com... Hello Jacques Latoison" Jacques Latoison at hotmail dot com, Dcdiag states that cls21 and cls12 are having the PDCEmulator role. Is that a typo o real? Please post the output from each DC from: netdom query fsmo When cls21 was the first DC in the domain how was the second one cls12 installed, from scratch, backup, sysprepped or not sysprepped image or snapshot? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm DCDIAG - DC1 (CLS21- the one we believe is working fine) =============================================== Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine cls21, is a Directory Server. Home Server = cls21 * Connecting to directory service on server cls21. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=u ac ,L DA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC =c or e, DC=uac Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=core,DC=u ac ,L DA P_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=CLS12,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CLS21 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... CLS21 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CLS21 Starting test: Advertising The DC CLS21 is advertising itself as a DC and having a DS. The DC CLS21 is advertising as an LDAP server The DC CLS21 is advertising as having a writeable directory The DC CLS21 is advertising as a Key Distribution Center The DC CLS21 is advertising as a time server The DS CLS21 is advertising as a GC. ......................... CLS21 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... CLS21 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... CLS21 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CLS21 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... CLS21 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac Role Domain Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac Role PDC Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac Role Rid Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac Role Infrastructure Update Owner = CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac ......................... CLS21 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC CLS21 on DC CLS21. Warning: Attribute userAccountControl of CLS21 is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication? * SPN found :LDAP/cls21.core.uac/core.uac * SPN found :LDAP/cls21.core.uac * SPN found :LDAP/CLS21 * SPN found :LDAP/cls21.core.uac/UAC * SPN found :LDAP/fb192dc6-608d-4e40-92cd-298af3c2bfdd._msdcs.core.uac * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb192dc6-608d-4e40-92cd-29 8a f3 c2 bfdd/core.uac * SPN found :HOST/cls21.core.uac/core.uac * SPN found :HOST/cls21.core.uac * SPN found :HOST/CLS21 * SPN found :HOST/cls21.core.uac/UAC * SPN found :GC/cls21.core.uac/core.uac ......................... CLS21 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC CLS21. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=core,DC=uac * Security Permissions Check for DC=DomainDnsZones,DC=core,DC=uac (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=core,DC=uac * Security Permissions Check for CN=Schema,CN=Configuration,DC=core,DC=uac (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=core,DC=uac (Configuration,Version 3) * Security Permissions Check for DC=core,DC=uac (Domain,Version 3) ......................... CLS21 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CLS21\netlogon Verified share \\CLS21\sysvol ......................... CLS21 passed test NetLogons Starting test: ObjectsReplicated CLS21 is in domain DC=core,DC=uac Checking for CN=CLS21,OU=Domain Controllers,DC=core,DC=uac in domain DC=core,DC=uac on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac in domain CN=Configuration,DC=core,DC=uac on 1 servers Object is up-to-date on all servers. ......................... CLS21 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=ForestDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:23:42. 1081 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=DomainDnsZones,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:09:53. 1275 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Schema,CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:45. 1076 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: CN=Configuration,DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 20:18:42. 1079 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,CLS21] A recent replication attempt failed: From CLS12 to CLS21 Naming Context: DC=core,DC=uac The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at 2009-08-24 13:50:34. The last success occurred at 2009-07-10 21:10:27. 2449 failures have occurred since the last success. Replication has been explicitly disabled through the server options. REPLICATION LATENCY WARNING ERROR: Expected notification link is missing. Source CLS12 Replication of new changes along this path will be delayed. This problem should self-correct on the next periodic sync. ......................... CLS21 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 3603 to 1073741823 * cls21.core.uac is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2103 to 2602 * rIDPreviousAllocationPool is 2103 to 2602 * rIDNextRID: 2288 ......................... CLS21 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... CLS21 passed test Services Starting test: SystemLog * The System Event log test An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:16 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:17 Event String: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:18 Event String: Driver RICOH Aficio 3025 PCL 6 required for printer !!CLS12!CLC03 (7th FL Front) is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:21 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver RICOH Aficio MP C3000 PCL 6 required for printer RICOH Aficio MP C3000 PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:24 Event String: Driver PCL6 Driver for Universal Print required for printer Ricoh Aficio SP C410DN is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:25 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:26 Event String: Driver Samsung CLP-510 Series required for printer Samsung CLP-510 Series is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 13:52:27 Event String: Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:22:38 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:22:38 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:41 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:44 Event String: Driver RICOH Aficio 3035 PCL 6 required for printer !!CLS12!CLC02 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:45 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An Error Event occurred. EventID: 0x00000457 Time Generated: 08/24/2009 14:22:46 Event String: Driver RICOH Aficio SP C410DN PCL 6 required for printer RICOH Aficio SP C410DN PCL 6 is unknown. Contact the administrator to install the driver before you log in again. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer HP LaserJet 4050 Series PCL 5 (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer HP LaserJet 4050 Series PCL 5 (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. An Warning Event occurred. EventID: 0x80000008 Time Generated: 08/24/2009 14:24:37 Event String: The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 5) were deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000004 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box. An Warning Event occurred. EventID: 0x80000003 Time Generated: 08/24/2009 14:24:37 Event String: Printer Microsoft XPS Document Writer (redirected 5) was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box. ......................... CLS21 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=CLS21,OU=Domain Controllers,DC=core,DC=uac and backlink on CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi gu ra ti on,DC=core,DC=uac are correct. The system object reference (serverReferenceBL) CN=CLS21,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=core,DC=uac and backlink on CN=NTDS Settings,CN=CLS21,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,C N= Co nfiguration,DC=core,DC=uac are correct. ......................... CLS21 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : core Starting test: CheckSDRefDom ......................... core passed test CheckSDRefDom Starting test: CrossRefValidation ......................... core passed test CrossRefValidation Running enterprise tests on : core.uac Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\cls21.core.uac Locator Flags: 0xe00011fd PDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd Preferred Time Server Name: \\cls21.core.uac Locator Flags: 0xe00011fd KDC Name: \\cls21.core.uac Locator Flags: 0xe00011fd ......................... core.uac passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... core.uac passed test Intersite

"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message
news:OE9jmJPJKHA.5984@TK2MSFTNGP05.phx.gbl...

Quote:

My apologies, you can ignore this reponse. I misread the error log. "Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message I noticed something in DCDIAG between the two outputs, that CLS12 does not advertise itself as a DC (which makes sense to me considering the issues we're having).

According to the dcdiag, there's a communication issue. I was trying to
follow the thread, but I'm catching where you had removed or didn't remove a
DC?

After seeing this, what I can suggest from previous experience, is to
diable IPv6 completely on the 2008 DC, as well as disable RSS on all DCs
(2003 & 2008). I've seen IPv6 cause problems with Exchange 2007 to DC
communications, as well as between DCs (2008 to 2008 and 2008 to 2003).

Let's first disable IPv6 on the 2008 DC and restart it. Check replication
and event logs after it's been up for 15 minutes.

Here's how:

==================================================================
Disable IPv6

====
There are known issues regarding IPv6 affecting communications in certain
scenarios, such as with errors when using Outlook Anywhere such as to fix an
Exchange/DC

NSPI port 6004 communication issue, among many others. Therefore to
eliminiate communications issues regarding whether this is a factor or not,
it is recommended

to disable IPv6 in registry on the Exchange server, as well as on the domain
controllers, or any server for that matter, especially if there are no plans
in using

IPv6.

To disable IPv6 on 2008 or Vista:

Uncheck IPv6 in NIC properties
Uncheck the two LinkLayer Topology Discovery components
Then follow the registry changes procedure below to completely disable IPv6.

1. Navigate to:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
2. In the details pane, click New, and then click DWORD (32-bit) Value.
3. Type in DisabledComponents , and then press ENTER.
4. Double-click DisabledComponents,
5. Type ff in Hexadecimal.
6. So it should like this when completed:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
"DisabledComponents"=dword:000000ff

====

More info:

The installation of the Exchange Server 2007 Hub Transport role is
unsuccessful on a Windows Server 2008-based computer
http://support.microsoft.com/?id=952842

Disabling IPv6 on Windows 2008 or Vista
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx

---

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Had I seen this earlier, I would have tried that,
though I had an issue awhile back where IPv6 had to be on, for Exchange.

I've already demoted CLS12, but I had to force it.
I then couldn't even get it to join as a member server (but that was prior
to me removing entries from AD and DNS).
I'm also converting FRS to DFSR (which may take a minute).
Afterwards, I'm going to try and rejoin the domain as a member server.

If I still can't connect, I'll try that then. I'll keep you aprised.





"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:elkNTlRJKHA.4316@TK2MSFTNGP04.phx.gbl...

Quote:

"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message news:OE9jmJPJKHA.5984@TK2MSFTNGP05.phx.gbl... My apologies, you can ignore this reponse. I misread the error log. "Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message I noticed something in DCDIAG between the two outputs, that CLS12 does not advertise itself as a DC (which makes sense to me considering the issues we're having). According to the dcdiag, there's a communication issue. I was trying to follow the thread, but I'm catching where you had removed or didn't remove a DC? After seeing this, what I can suggest from previous experience, is to diable IPv6 completely on the 2008 DC, as well as disable RSS on all DCs (2003 & 2008). I've seen IPv6 cause problems with Exchange 2007 to DC communications, as well as between DCs (2008 to 2008 and 2008 to 2003). Let's first disable IPv6 on the 2008 DC and restart it. Check replication and event logs after it's been up for 15 minutes. Here's how: ================================================================== Disable IPv6 ==== There are known issues regarding IPv6 affecting communications in certain scenarios, such as with errors when using Outlook Anywhere such as to fix an Exchange/DC NSPI port 6004 communication issue, among many others. Therefore to eliminiate communications issues regarding whether this is a factor or not, it is recommended to disable IPv6 in registry on the Exchange server, as well as on the domain controllers, or any server for that matter, especially if there are no plans in using IPv6. To disable IPv6 on 2008 or Vista: Uncheck IPv6 in NIC properties Uncheck the two LinkLayer Topology Discovery components Then follow the registry changes procedure below to completely disable IPv6. 1. Navigate to: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters] 2. In the details pane, click New, and then click DWORD (32-bit) Value. 3. Type in DisabledComponents , and then press ENTER. 4. Double-click DisabledComponents, 5. Type ff in Hexadecimal. 6. So it should like this when completed: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters] "DisabledComponents"=dword:000000ff ==== More info: The installation of the Exchange Server 2007 Hub Transport role is unsuccessful on a Windows Server 2008-based computer http://support.microsoft.com/?id=952842 Disabling IPv6 on Windows 2008 or Vista http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx --- -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution. Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging Microsoft Certified Trainer For urgent issues, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message
news:%23crriLSJKHA.3632@TK2MSFTNGP05.phx.gbl...

Quote:

Had I seen this earlier, I would have tried that, though I had an issue awhile back where IPv6 had to be on, for Exchange. I've already demoted CLS12, but I had to force it. I then couldn't even get it to join as a member server (but that was prior to me removing entries from AD and DNS). I'm also converting FRS to DFSR (which may take a minute). Afterwards, I'm going to try and rejoin the domain as a member server. If I still can't connect, I'll try that then. I'll keep you aprised.

You are using IPv6 for Exchange??? Curious, how large is your
infrastructure? How many DCs and Exchange servers do you have? Do you have a
very large, multirouted infrastructure with multiple Exchange servers and
IPv6 capable routers in place with BGP? Then I would assume that you have
IPv6 on all of your DCs, as well?

Reason I'm asking, is basically out of curiosity. I have not heard of anyone
using IPv6 in smaller environments. Matter of fact, it causes some problems.
Also, if it's enabled on Exchange servers, then it must also be enabled on
all of the DCs to allow Exchange's DSAccess requirements to access AD using
IPv6, as well as that I would assume on your client machines.

I am also assuming that when you said you've removed entries for CLS12 from
AD, that you actually did that by performing a Metadata Cleanup procedure?

Let us know of your progress.

Ace

Hello Ace Fekay [MCT],

I suggested to demote cls12 ,because this one was demoted the first time
after installing and moving FSMOs to cls21, but if you follow the outputs
cls12 still is listed as PDCEmulator on it's own dcdiag, as cls21 was also
on it's own dcdiag.

But because cls21 was the newer one in my opinion, i suggested to remove
cls12 again and run metadata cleanup to get at least cls21 running correct.

I didn't realize in the postings that exchange is involved on the DCs.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message news:%23crriLSJKHA.3632@TK2MSFTNGP05.phx.gbl... Had I seen this earlier, I would have tried that, though I had an issue awhile back where IPv6 had to be on, for Exchange. I've already demoted CLS12, but I had to force it. I then couldn't even get it to join as a member server (but that was prior to me removing entries from AD and DNS). I'm also converting FRS to DFSR (which may take a minute). Afterwards, I'm going to try and rejoin the domain as a member server. If I still can't connect, I'll try that then. I'll keep you aprised. You are using IPv6 for Exchange??? Curious, how large is your infrastructure? How many DCs and Exchange servers do you have? Do you have a very large, multirouted infrastructure with multiple Exchange servers and IPv6 capable routers in place with BGP? Then I would assume that you have IPv6 on all of your DCs, as well? Reason I'm asking, is basically out of curiosity. I have not heard of anyone using IPv6 in smaller environments. Matter of fact, it causes some problems. Also, if it's enabled on Exchange servers, then it must also be enabled on all of the DCs to allow Exchange's DSAccess requirements to access AD using IPv6, as well as that I would assume on your client machines. I am also assuming that when you said you've removed entries for CLS12 from AD, that you actually did that by performing a Metadata Cleanup procedure? Let us know of your progress. Ace

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662df338cbf37103953607@msnews.microsoft.com...

Quote:

Hello Ace Fekay [MCT], I suggested to demote cls12 ,because this one was demoted the first time after installing and moving FSMOs to cls21, but if you follow the outputs cls12 still is listed as PDCEmulator on it's own dcdiag, as cls21 was also on it's own dcdiag. But because cls21 was the newer one in my opinion, i suggested to remove cls12 again and run metadata cleanup to get at least cls21 running correct. I didn't realize in the postings that exchange is involved on the DCs. Best regards

Hi Meinolf,

Thanks for the update. I am having a little difficulty following the thread.
I saw Exchange mentioned regarding IPv6, but I am not sure if it is on a DC
or not, at this time. I was also curious why IPv6 is being used. I haven't
heard of anyone using it unless it's an extremely large infrastructure, such
as a university, and only on VLANs connected to a BGP backbone.

I was also trying to determine if a Metadata Cleanup was run. It was
mentioned that CL12 "was removed from AD," but I am not sure if it was
removed using the Metadata Cleanup procedure, or its machine account was
simply deleted from ADUC.

Also, were the FSMOs seized afterwards?

Ace

Hello Ace Fekay [MCT],

If i understand the OP correct, a new 2008 Dc was installed with DNS/GC,
then FSMOs where moved and the old DC demoted. Now the machine was reinstalled
with 2008 and promoted to DC again. Why this one also becomes PDCEmulator
i was not able to follow.

So because the new installed one was running ok in my opinion, the reinstalled
machine with the same name is the problem one which has to be kicked out
and then get the first 2008 running correct and error free.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662df338cbf37103953607@msnews.microsoft.com... Hello Ace Fekay [MCT], I suggested to demote cls12 ,because this one was demoted the first time after installing and moving FSMOs to cls21, but if you follow the outputs cls12 still is listed as PDCEmulator on it's own dcdiag, as cls21 was also on it's own dcdiag. But because cls21 was the newer one in my opinion, i suggested to remove cls12 again and run metadata cleanup to get at least cls21 running correct. I didn't realize in the postings that exchange is involved on the DCs. Best regards Hi Meinolf, Thanks for the update. I am having a little difficulty following the thread. I saw Exchange mentioned regarding IPv6, but I am not sure if it is on a DC or not, at this time. I was also curious why IPv6 is being used. I haven't heard of anyone using it unless it's an extremely large infrastructure, such as a university, and only on VLANs connected to a BGP backbone. I was also trying to determine if a Metadata Cleanup was run. It was mentioned that CL12 "was removed from AD," but I am not sure if it was removed using the Metadata Cleanup procedure, or its machine account was simply deleted from ADUC. Also, were the FSMOs seized afterwards? Ace

"Meinolf Weber [MVP-DS]" wrote in message
news:6cb2911d484c8cbf3ed29a31780@msnews.microsoft.com...

Quote:

Hello Ace Fekay [MCT], If i understand the OP correct, a new 2008 Dc was installed with DNS/GC, then FSMOs where moved and the old DC demoted. Now the machine was reinstalled with 2008 and promoted to DC again. Why this one also becomes PDCEmulator i was not able to follow. So because the new installed one was running ok in my opinion, the reinstalled machine with the same name is the problem one which has to be kicked out and then get the first 2008 running correct and error free. Best regards

Oh, ok. That makes a little more sense. Then possibly when reinstalling the
machine with the same name, it was possible there wasn't enough time allowed
for replication for all DCs to know that the old DC was removed after the
demotion, or there were replication problems to begin with, so when the new
server came up with the same name, it couldn't communicate to the other DCs
so it thought it is the PDC Emulator? (I know, I'm stretching here).

I still think that IPv6 should be disabled, as well as possibly RSS/TCP
Chimney features, which I haven't mentioned yet. I am still curious about
IPv6 and it's role in the infrastructure.

Ace

Sorry I didn't get right back.
We've been working on it the whole week and a half - and we're sorta kinda
back up now.
Ok, first, to alleviate the confusion.

I mentioned the thought about IPv6 because I found threads from a tech, that
relieved an issue on Exchange if IPv6 was on, ...but no, this particular
site is not using the protocol.

CLS12 started as a W2K3E AD DNS server with ES2K7E server on it.
---maybe 6 months later---
CLS21 started as a W2K8E AD DNS server in the same domain
(AD on CLS12 was prepped prior).
ES2K7E was then installed as a secondary Exchange server on CLS21.

....but, in a nutshell

At some point the marriage between Dad (CLS21) and Mom (CLS12) stopped being
a match made in heaven.
Mom started telling Dad weird things, and Dad didn't really wanna hear it.
It got so bad, that on the 23Aug2009 Dad told the kids (all the member
workstations) that Mom was an imposter (literrally).
On the 24th, when all the employees came in, the parent's were giving the
kids blatantly different information, so you could log in one minute, but
not another, on the same machine. If you logged into one of the kids that
were listening to Dad, you wouldn't have any problems logging in. If you
tried this with a kid that was on Mom's side, you may, or may not have been
able to get in.

We therefore decided to divorce them, but Mom didn't go quietly.
I then had to forcibly divorce Mom from the relationship.
After we gave Dad some counseling by explaining to him that that woman never
truly existed (Meta cleanup - there's no such thing as CLS12, there's no
such thing as CLS12), Dad finally seemed to be healed, and there was no
trace of that other person in his mind.

Mom, of course, wouldn't go back. She refused. She didn't like Dad, and
thought those kids were crazy, so she wasn't about to claim them.

Mom then recieved the same counseling as Dad (you're not the same CLS12,
you're not the same CLS12), and then (after some nitpicking) Mom remarried
Dad (oops sorry) Mom married Dad for the first time and they are now almost,
somewhat, sort kinda happy.

....wish it were The end.

"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message
news:OPIZc2BLKHA.4316@TK2MSFTNGP04.phx.gbl...

Quote:

Sorry I didn't get right back. We've been working on it the whole week and a half - and we're sorta kinda back up now. Ok, first, to alleviate the confusion. I mentioned the thought about IPv6 because I found threads from a tech, that relieved an issue on Exchange if IPv6 was on, ...but no, this particular site is not using the protocol. CLS12 started as a W2K3E AD DNS server with ES2K7E server on it. ---maybe 6 months later--- CLS21 started as a W2K8E AD DNS server in the same domain (AD on CLS12 was prepped prior). ES2K7E was then installed as a secondary Exchange server on CLS21. ...but, in a nutshell At some point the marriage between Dad (CLS21) and Mom (CLS12) stopped being a match made in heaven. Mom started telling Dad weird things, and Dad didn't really wanna hear it. It got so bad, that on the 23Aug2009 Dad told the kids (all the member workstations) that Mom was an imposter (literrally). On the 24th, when all the employees came in, the parent's were giving the kids blatantly different information, so you could log in one minute, but not another, on the same machine. If you logged into one of the kids that were listening to Dad, you wouldn't have any problems logging in. If you tried this with a kid that was on Mom's side, you may, or may not have been able to get in. We therefore decided to divorce them, but Mom didn't go quietly. I then had to forcibly divorce Mom from the relationship. After we gave Dad some counseling by explaining to him that that woman never truly existed (Meta cleanup - there's no such thing as CLS12, there's no such thing as CLS12), Dad finally seemed to be healed, and there was no trace of that other person in his mind. Mom, of course, wouldn't go back. She refused. She didn't like Dad, and thought those kids were crazy, so she wasn't about to claim them. Mom then recieved the same counseling as Dad (you're not the same CLS12, you're not the same CLS12), and then (after some nitpicking) Mom remarried Dad (oops sorry) Mom married Dad for the first time and they are now almost, somewhat, sort kinda happy. ...wish it were The end.

Married with Children. I wasn't a big fan of the show, nor do I get involved
with tear streaming family shows, but you had me glued there for a bit.
It's like now I must wait for the next episode! LOL

Anyway, so if they're almost happy again, what errors are you seeing? Maybe
part of their miscommunication is, such as when mom says she wants some
space, but dad miscontrues it, she may be talking using a southern accent
(IPv6) and dad don't understand it.

Dad could also be using some sort of caching while listening, but he's not
absorbing it (TCP Chimney), kind of like he appears he's listening, but he's
distracted, and mom's getting frustrated.

:-)

Ace

It seems that the virus software on both machines didn't understand what was
going on, and also became a problem - as far as what traffic to allow.
We're using Symantec's Endpoint Protection 11, and even though it wasn't set
to stop traffic, it definitely began hindering AD information on both,
because some things cleared up, the instant the SEP was disabled (on both).



"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:%23UFSj$BLKHA.1380@TK2MSFTNGP02.phx.gbl...

Quote:

"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message news:OPIZc2BLKHA.4316@TK2MSFTNGP04.phx.gbl... Sorry I didn't get right back. We've been working on it the whole week and a half - and we're sorta kinda back up now. Ok, first, to alleviate the confusion. I mentioned the thought about IPv6 because I found threads from a tech, that relieved an issue on Exchange if IPv6 was on, ...but no, this particular site is not using the protocol. CLS12 started as a W2K3E AD DNS server with ES2K7E server on it. ---maybe 6 months later--- CLS21 started as a W2K8E AD DNS server in the same domain (AD on CLS12 was prepped prior). ES2K7E was then installed as a secondary Exchange server on CLS21. ...but, in a nutshell At some point the marriage between Dad (CLS21) and Mom (CLS12) stopped being a match made in heaven. Mom started telling Dad weird things, and Dad didn't really wanna hear it. It got so bad, that on the 23Aug2009 Dad told the kids (all the member workstations) that Mom was an imposter (literrally). On the 24th, when all the employees came in, the parent's were giving the kids blatantly different information, so you could log in one minute, but not another, on the same machine. If you logged into one of the kids that were listening to Dad, you wouldn't have any problems logging in. If you tried this with a kid that was on Mom's side, you may, or may not have been able to get in. We therefore decided to divorce them, but Mom didn't go quietly. I then had to forcibly divorce Mom from the relationship. After we gave Dad some counseling by explaining to him that that woman never truly existed (Meta cleanup - there's no such thing as CLS12, there's no such thing as CLS12), Dad finally seemed to be healed, and there was no trace of that other person in his mind. Mom, of course, wouldn't go back. She refused. She didn't like Dad, and thought those kids were crazy, so she wasn't about to claim them. Mom then recieved the same counseling as Dad (you're not the same CLS12, you're not the same CLS12), and then (after some nitpicking) Mom remarried Dad (oops sorry) Mom married Dad for the first time and they are now almost, somewhat, sort kinda happy. ...wish it were The end. Married with Children. I wasn't a big fan of the show, nor do I get involved with tear streaming family shows, but you had me glued there for a bit. It's like now I must wait for the next episode! LOL Anyway, so if they're almost happy again, what errors are you seeing? Maybe part of their miscommunication is, such as when mom says she wants some space, but dad miscontrues it, she may be talking using a southern accent (IPv6) and dad don't understand it. Dad could also be using some sort of caching while listening, but he's not absorbing it (TCP Chimney), kind of like he appears he's listening, but he's distracted, and mom's getting frustrated. :-) Ace

"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message
news:eEJHMGXLKHA.1492@TK2MSFTNGP03.phx.gbl...

Quote:

It seems that the virus software on both machines didn't understand what was going on, and also became a problem - as far as what traffic to allow. We're using Symantec's Endpoint Protection 11, and even though it wasn't set to stop traffic, it definitely began hindering AD information on both, because some things cleared up, the instant the SEP was disabled (on both).

I would make sure that Ssyvol, NTFRS and the NTDS folders (including
subfolders) are excluded from your AV. AV has a habit of deleting necessary
files. Same with Exchange, if you're using it. Exclude all Exchange folders
and subfolders. Otherwise, it can cause major problems.

Seems like Symantec in this situation, has selective listening skills. :-)

Ace

Truly.

Quote:

I would make sure that Ssyvol, NTFRS and the NTDS folders (including subfolders) are excluded from your AV. AV has a habit of deleting necessary files. Same with Exchange, if you're using it. Exclude all Exchange folders and subfolders. Otherwise, it can cause major problems. Seems like Symantec in this situation, has selective listening skills. :-) Ace

"Jacques Latoison" <Jacques Latoison at hotmail dot com> wrote in message
news:eMZN8kXLKHA.6016@TK2MSFTNGP05.phx.gbl...

Quote:

Truly.