D
David N. Spink
Hello,
I'm having a confusing time try to work out why I'm having an issue getting Domain Controllers to replicate - I think it might be something to do with the VPN connection between the two sites, but I'm unclear why.
The setup is as follows:
PDC PIA001 (Server 2016 Standard), and DC MAIL (Server 2008 R2 Standard) are located at the main site.
DC PIA003 (Server 2016 Standard), and member server PIASVR2 (Server 2008 R2 Standard) are at a remote site connected by a VPN.
I originally had a server called PIA002 at the remote site (Server 2016 Standard) which was a DC - however when I noticed it wasn't replicating I demoted it and then tried to promote it again, but couldn't, so I've installed PIA003 from scratch today.
PIA003 joined the domain just fine, the DCPROMO also worked but took about an hour. However immediately I'm getting lots of odd errors from DCDIAG.
I should mention that these are all virtual machines - the 2016 machines are running on HyperV (Server 2016 Standard), and the 2008 R2's are running on VMWare hosts.
DCDIAG run from PIA003 produces this:
===================================================================
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PIA003
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Glasgow\PIA003
Starting test: Connectivity
......................... PIA003 passed test Connectivity
Doing primary tests
Testing server: Glasgow\PIA003
Starting test: Advertising
Warning: PIA003 is not advertising as a time server.
......................... PIA003 failed test Advertising
Starting test: FrsEvent
......................... PIA003 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PIA003 passed test DFSREvent
Starting test: SysVolCheck
......................... PIA003 passed test SysVolCheck
Starting test: KccEvent
......................... PIA003 passed test KccEvent
Starting test: KnowsOfRoleHolders
[PIA001] LDAP bind failed with error 1053,
The service did not respond to the start or control request in a timely fashion..
Warning: PIA001 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: PIA001 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: PIA001 is the PDC Owner, but is not responding to LDAP Bind.
Warning: PIA001 is the Rid Owner, but is not responding to LDAP Bind.
Warning: PIA001 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... PIA003 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PIA003 passed test MachineAccount
Starting test: NCSecDesc
......................... PIA003 passed test NCSecDesc
Starting test: NetLogons
......................... PIA003 passed test NetLogons
Starting test: ObjectsReplicated
......................... PIA003 passed test ObjectsReplicated
Starting test: Replications
......................... PIA003 passed test Replications
Starting test: RidManager
......................... PIA003 passed test RidManager
Starting test: Services
......................... PIA003 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 05/09/2018 17:52:13
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 17:56:20
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was LDAP/f663d11b-f1b4-4577-8e8c-5d34e643b596._msdcs.not-actual-domain.org.uk and lookup type 0x48.
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 18:10:14
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was and lookup type 0x108.
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 18:11:14
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was ESSENTIALS_PWD_SYNC/PIA001.not-actual-domain.org.uk and lookup type 0x48.
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 18:25:09
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was DNS/pia001.not-actual-domain.org.uk and lookup type 0x48.
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 18:31:37
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was ldap/PIA001.not-actual-domain.org.uk and lookup type 0x48.
......................... PIA003 failed test SystemLog
Starting test: VerifyReferences
......................... PIA003 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : not-actual-domain
Starting test: CheckSDRefDom
......................... not-actual-domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... not-actual-domain passed test
CrossRefValidation
Running enterprise tests on : not-actual-domain.org.uk
Starting test: LocatorCheck
......................... not-actual-domain.org.uk passed test
LocatorCheck
Starting test: Intersite
......................... not-actual-domain.org.uk passed test
Intersite
===================================================================
DCDIAG /sIA001 run from server MAIL at the main site produces this:
===================================================================
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Edinburgh\PIA001
Starting test: Connectivity
......................... PIA001 passed test Connectivity
Doing primary tests
Testing server: Edinburgh\PIA001
Starting test: Advertising
......................... PIA001 passed test Advertising
Starting test: FrsEvent
......................... PIA001 passed test FrsEvent
Starting test: DFSREvent
......................... PIA001 passed test DFSREvent
Starting test: SysVolCheck
......................... PIA001 passed test SysVolCheck
Starting test: KccEvent
......................... PIA001 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PIA001 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PIA001 passed test MachineAccount
Starting test: NCSecDesc
......................... PIA001 passed test NCSecDesc
Starting test: NetLogons
......................... PIA001 passed test NetLogons
Starting test: ObjectsReplicated
......................... PIA001 passed test ObjectsReplicated
Starting test: Replications
REPLICATION LATENCY WARNING
PIA001: This replication path was preempted by higher priority work.
from PIA003 to PIA001
Reason: The operation completed successfully.
The last success occurred at (never).
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
PIA001: This replication path was preempted by higher priority work.
from PIA003 to PIA001
Reason: The operation completed successfully.
The last success occurred at (never).
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
PIA001: This replication path was preempted by higher priority work.
from PIA003 to PIA001
Reason: The operation completed successfully.
The last success occurred at (never).
Replication of new changes along this path will be delayed.
......................... PIA001 passed test Replications
Starting test: RidManager
......................... PIA001 passed test RidManager
Starting test: Services
......................... PIA001 passed test Services
Starting test: SystemLog
......................... PIA001 passed test SystemLog
Starting test: VerifyReferences
......................... PIA001 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : not-actual-domain
Starting test: CheckSDRefDom
......................... not-actual-domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... not-actual-domain passed test
CrossRefValidation
Running enterprise tests on : not-actual-domain.org.uk
Starting test: LocatorCheck
......................... not-actual-domain.org.uk passed test
LocatorCheck
Starting test: Intersite
......................... not-actual-domain.org.uk passed test
Intersite
===================================================
I'm not really understanding where or what the problem is. Can anyone give me any ideas where I should be looking?
Thanks
Continue reading...
I'm having a confusing time try to work out why I'm having an issue getting Domain Controllers to replicate - I think it might be something to do with the VPN connection between the two sites, but I'm unclear why.
The setup is as follows:
PDC PIA001 (Server 2016 Standard), and DC MAIL (Server 2008 R2 Standard) are located at the main site.
DC PIA003 (Server 2016 Standard), and member server PIASVR2 (Server 2008 R2 Standard) are at a remote site connected by a VPN.
I originally had a server called PIA002 at the remote site (Server 2016 Standard) which was a DC - however when I noticed it wasn't replicating I demoted it and then tried to promote it again, but couldn't, so I've installed PIA003 from scratch today.
PIA003 joined the domain just fine, the DCPROMO also worked but took about an hour. However immediately I'm getting lots of odd errors from DCDIAG.
I should mention that these are all virtual machines - the 2016 machines are running on HyperV (Server 2016 Standard), and the 2008 R2's are running on VMWare hosts.
DCDIAG run from PIA003 produces this:
===================================================================
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PIA003
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Glasgow\PIA003
Starting test: Connectivity
......................... PIA003 passed test Connectivity
Doing primary tests
Testing server: Glasgow\PIA003
Starting test: Advertising
Warning: PIA003 is not advertising as a time server.
......................... PIA003 failed test Advertising
Starting test: FrsEvent
......................... PIA003 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PIA003 passed test DFSREvent
Starting test: SysVolCheck
......................... PIA003 passed test SysVolCheck
Starting test: KccEvent
......................... PIA003 passed test KccEvent
Starting test: KnowsOfRoleHolders
[PIA001] LDAP bind failed with error 1053,
The service did not respond to the start or control request in a timely fashion..
Warning: PIA001 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: PIA001 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: PIA001 is the PDC Owner, but is not responding to LDAP Bind.
Warning: PIA001 is the Rid Owner, but is not responding to LDAP Bind.
Warning: PIA001 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... PIA003 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PIA003 passed test MachineAccount
Starting test: NCSecDesc
......................... PIA003 passed test NCSecDesc
Starting test: NetLogons
......................... PIA003 passed test NetLogons
Starting test: ObjectsReplicated
......................... PIA003 passed test ObjectsReplicated
Starting test: Replications
......................... PIA003 passed test Replications
Starting test: RidManager
......................... PIA003 passed test RidManager
Starting test: Services
......................... PIA003 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 05/09/2018 17:52:13
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 17:56:20
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was LDAP/f663d11b-f1b4-4577-8e8c-5d34e643b596._msdcs.not-actual-domain.org.uk and lookup type 0x48.
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 18:10:14
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was and lookup type 0x108.
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 18:11:14
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was ESSENTIALS_PWD_SYNC/PIA001.not-actual-domain.org.uk and lookup type 0x48.
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 18:25:09
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was DNS/pia001.not-actual-domain.org.uk and lookup type 0x48.
An error event occurred. EventID: 0xC0000007
Time Generated: 05/09/2018 18:31:37
Event String:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was ldap/PIA001.not-actual-domain.org.uk and lookup type 0x48.
......................... PIA003 failed test SystemLog
Starting test: VerifyReferences
......................... PIA003 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : not-actual-domain
Starting test: CheckSDRefDom
......................... not-actual-domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... not-actual-domain passed test
CrossRefValidation
Running enterprise tests on : not-actual-domain.org.uk
Starting test: LocatorCheck
......................... not-actual-domain.org.uk passed test
LocatorCheck
Starting test: Intersite
......................... not-actual-domain.org.uk passed test
Intersite
===================================================================
DCDIAG /sIA001 run from server MAIL at the main site produces this:
===================================================================
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Edinburgh\PIA001
Starting test: Connectivity
......................... PIA001 passed test Connectivity
Doing primary tests
Testing server: Edinburgh\PIA001
Starting test: Advertising
......................... PIA001 passed test Advertising
Starting test: FrsEvent
......................... PIA001 passed test FrsEvent
Starting test: DFSREvent
......................... PIA001 passed test DFSREvent
Starting test: SysVolCheck
......................... PIA001 passed test SysVolCheck
Starting test: KccEvent
......................... PIA001 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PIA001 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PIA001 passed test MachineAccount
Starting test: NCSecDesc
......................... PIA001 passed test NCSecDesc
Starting test: NetLogons
......................... PIA001 passed test NetLogons
Starting test: ObjectsReplicated
......................... PIA001 passed test ObjectsReplicated
Starting test: Replications
REPLICATION LATENCY WARNING
PIA001: This replication path was preempted by higher priority work.
from PIA003 to PIA001
Reason: The operation completed successfully.
The last success occurred at (never).
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
PIA001: This replication path was preempted by higher priority work.
from PIA003 to PIA001
Reason: The operation completed successfully.
The last success occurred at (never).
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
PIA001: This replication path was preempted by higher priority work.
from PIA003 to PIA001
Reason: The operation completed successfully.
The last success occurred at (never).
Replication of new changes along this path will be delayed.
......................... PIA001 passed test Replications
Starting test: RidManager
......................... PIA001 passed test RidManager
Starting test: Services
......................... PIA001 passed test Services
Starting test: SystemLog
......................... PIA001 passed test SystemLog
Starting test: VerifyReferences
......................... PIA001 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : not-actual-domain
Starting test: CheckSDRefDom
......................... not-actual-domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... not-actual-domain passed test
CrossRefValidation
Running enterprise tests on : not-actual-domain.org.uk
Starting test: LocatorCheck
......................... not-actual-domain.org.uk passed test
LocatorCheck
Starting test: Intersite
......................... not-actual-domain.org.uk passed test
Intersite
===================================================
I'm not really understanding where or what the problem is. Can anyone give me any ideas where I should be looking?
Thanks
Continue reading...