Both come up clean, despite the fact that the A record for the DC initially didn't have the BAD_DC$ account in the ACL and the owner was SYSTEM instead of BAD_DC$. I adjusted that manually and the change replicated to all DCs. Still the netdiag and dcdiag do not show any DNS related problems - only FRS and AD outbound replication is failing. All other tests are fine.
Other DCs that participate in the replication with bad DC come up with KCC errors (eventid 1311: there is insufficient site connectivity, blabla...) - it's the only DC at site. It looks almost like island DNS, but it's W2K3 and that should not happen. Guy On Wed, 2004-05-26 at 17:50, Mulnick, Al wrote: > Would be relatively easy to check DNS. DCDIAG and NETDIAG would be two > tools to use to check to see that all is well from the bad dc and good dc > perspectives. I'd say go the easy part first. > > Invalid Checksum? Hmmm... Anything in the security logs that gives an > indication? > > Al > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky > Sent: Tuesday, May 25, 2004 6:02 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] DC not replicating out > > > I am banging my head against the wall the whole day. > > In pilot environment we applied a GPO to replace the Default DC GPO. > Apparently one of the DCs had some issues when the GPO was applied. > The result was: the inbound replication on the DC works, but no other DC can > pull from the sick one. > Closer examination showed total WMI repository corruption. I have rebuilt it > and it looks that WMI is back (not sure it's related, but worth mentioning) > > Since than, the new GPO has been unlinked and replaced with default (and as > the inbound replication on the DC in question is working, it has replicated > to it). But that has not resolved the issue. > > >From faulty DC issued: > repadmin /replicate good_dc bad_dc cn=configuration,dc=compay,dc=com /force > > Traced the session with network monitor from the good DC... > What I see is: > - LDAP bind > - some searches performed and answered correctly > - MSRPC session initiated > - RPC request from good DC, RPC response from bad DC > - RPC bind request from good DC and RCP Bind Ack from bad DC > - again RPC request from good DC, RPC response from bad DC > - again RPC bind request from good DC and RPC Bind Nack from bad DC with > Provider Reject Reason: "Invalid checksum" > > I was about to blame the DNS till I got this "Invalid checksum" in the > trace... > > Now the question is: am I complicating the whole thing and should look > closer into DNS or this is something else ? > > Thanks, > Guy > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
