[ActiveDir] Problems with dcdiag showing replication latency between Windows 2000 and Windows 2003

Wed, 17 Mar 2004 09:33:29 -0800 

Problem:
 
In a multi-domain forest with 2003 at the root, 1 2003 child domain, and
8 2000 child domains (all child domains in one tree) when running dcdiag
on any of the 2003 domain controllers in the child domain, it shows
replication latency warnings between the 2003 and all the other domains.
(portion of dcdiag output shown below).  Additionally the NCSecDesc test
shows as failed for not all domains having the "replicating directory
changes all access rights for the naming context".  When running dcdiag
at the root all tests show pass with no warnings.
 
When checking replication with replmon and repadmin, all tests show that
replication is working correctly between all domains.
 
Thoughts:
 
I think this is an issue with dcdiag but could be wrong.  Replication is
working and is confirmed by running replmon and repadmin.  I think
(based on some kb's and Google searches) that the NCSecDesc test failure
is misleading as it can be ignored (kb 829306 is close but not the exact
error).
 
Is this something that anyone else has seen?  What exactly would cause
this if in fact it was a real error?  
 
Thanks
 
Steve
 
 
 
Doing primary tests
      Testing server: DOLOly0001\DOLGCOLY02
      Starting test: Replications
         REPLICATION-RECEIVED LATENCY WARNING
          Source site:
         CN=NTDS Site
Settings,CN=WAOly0001,CN=Sites,CN=Configuration,DC=wa,DC=lcl
          Current time: 2004-03-15 13:18:11
          Last update time: 2004-03-11 14:23:37
          Check if source site has an elected ISTG running.
          Check replication from source site to this server. 
snipped to avoid really long post........
REPLICATION-RECEIVED LATENCY WARNING
          Source site:
         CN=NTDS Site
Settings,CN=ESD1GUIDE01,CN=Sites,CN=Configuration,DC=wa,DC=lcl
          Current time: 2004-03-15 13:18:11
          Last update time: 2004-03-11 14:23:37
          Check if source site has an elected ISTG running.
          Check replication from source site to this server. 
         ......................... DOLGCOLY02 passed test Replications
Starting test: NCSecDesc
         Error GA\Domain Controllers doesn't have 
            Replicating Directory Changes All
         access rights for the naming context:
         DC=ga,DC=wa,DC=lcl
         Error LNI\Domain Controllers doesn't have 
            Replicating Directory Changes All
         access rights for the naming context:
         DC=lni,DC=wa,DC=lcl
         Error DSHS\Domain Controllers doesn't have 
            Replicating Directory Changes All
         access rights for the naming context:
         DC=dshs,DC=wa,DC=lcl
         ......................... DOLGCOLY02 failed test NCSecDesc

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to