You can run dcdiag on the enterprise which will gather data from every server. Try doing that and collecting data on the issue. Also, do the objects exist in Sites and Services for the server to replicate among its peers?
Try checking out some of that stuff, Nate -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katrin Wilhelm Sent: Wednesday, January 17, 2007 4:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Unable to logon after DCPromo - oddness Hi Adam, I used to have similar problems after DCpromo - can you verify that the in the server properties (AD user and Computers) the flag is set to trust this computer? At least this was reason missing for my servers after checking the box it was working fine (btw. I found later out that the admin before me changed permissions for the Enterprise Admin account which resulted in these problems) Hope that helps. Cheers, Kat MCSA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AdamT Sent: Thursday, 18 January 2007 12:07 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Unable to logon after DCPromo - oddness Dear collective, I'm hoping somebody can help out with a little problem I've got here. I've got a Windows 2003 R2 Server, which I've joined to a domain, and dcpromo'd. After the dcpromo and subsequent reboot, I can't logon to the server, either 'interactively' or via RDP, or using PsExec. I can access file shares, like c$, and I can point MMC snap-ins to the computer without problems. The fact that the server is now a DC seems to have replicated around just fine (all DCs show that the server is now in the Domain Controllers OU), but all the SRV records are missing. The system log is full of Netlogon 5774 events, suggesting I run dcdiag, which is a nice suggestion, but I can't log on to the server to do it. Another (healthy) DC's directory service logs shows plenty of event 1699s, complaining: The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address. Directory partition: CN=RID Manager$,CN=System,DC=domain,DC=co,DC=uk Network address: a5859b6d-e8a7-4b50-aab8-ba0e03d259f3._msdcs.domain.co.uk Extended request code: 2 Additional Data Error value: 8453 Replication access was denied. Has something gone horribly wrong here, or am I overlooking something simple that I'm going to kick myself about later? Any ideas appreciated, -- AdamT "A casual stroll through the lunatic asylum shows that faith does not prove anything." - Nietzsche List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
