RE: [NTSysADM] Active Directory DC replication issue

[Melvin Backus]

Also, from earlier in the thread I seem to recall that one of the child DCs 
resolved correctly while the other one resolved external addresses.  That's 
pointing to configuration rather than the fact that the domain exists.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Tuesday, March 11, 2014 10:45 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Active Directory DC replication issue

The only reason you should get an outside IP address, even in this situation, 
is if there is a DNS misconfiguration.

I've configured several clients that split from their parents and have internal 
domain names that are publically available (and aren't them). And this is a 
typical split DNS concern.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Liby Philip Mathew
Sent: Tuesday, March 11, 2014 10:35 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Active Directory DC replication issue

We had to create a new domain.  Since the user base was less and had no 
in-house Exchange at that, we didn't bother to rename the domain or fix it.  We 
created an new domain from scratch.


Regards
Liby Philip Mathew


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of CSSU NetAdmin
Sent: Tuesday, March 11, 2014 5:22 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Active Directory DC replication issue

Sounds like our issue.  How did you resolve it?

On Tue, Mar 11, 2014 at 4:07 AM, Liby Philip Mathew 
<lmat...@path-solutions.com<mailto:lmat...@path-solutions.com>> wrote:
Hi,
We had a similar situation 5-6 years back.
The issue was that we were using an internal domain xxxx.com<http://xxxx.com> 
that was already registered on the Internet.  All the internal DNS, replication 
were trying to sync / connect with this externally registered domain / IP.



Regards
Liby Philip Mathew


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Tiago Viana
Sent: Monday, March 10, 2014 8:25 PM

To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Active Directory DC replication issue

Oh nooo...
Somehow I haven't read the line ", when we ping a parent DC from the DC with 
the issue, it returns an outside IP address not associated with us at all."... 
Sorry about that!
Well, while it doesn't hurt to check the secure channel... name resolution 
seems to be the issue (as well pointed by Rami and yourself before) :)

Regards,
Tiago Ribeiro S. A. Viana

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Tiago Viana
Sent: 10 de março de 2014 16:32
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Active Directory DC replication issue

Oftenly it's caused by the Secure Channel being corrupted between the two DC's.
If the replication is not only working between those two DC's, I'd check that 
out, too.


Cumprimentos,
Tiago Ribeiro S. A. Viana


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rami SIK
Sent: 10 de março de 2014 16:23
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Active Directory DC replication issue

Check the followings:

Host file
DNS forwarders
Make sure conditional forwarders are correct if there are any
DNS search order in the network configuration properties tab

For troubleshooting, use nslookup and its "set debug = 9" feature, I did not 
remember the exact style now, though

In the worst case, compare all these related configurations side by side with 
the fine-working DC.


Good luck,


Rami

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of CSSU NetAdmin
Sent: Monday, March 10, 2014 5:45 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Active Directory DC replication issue

We have an Win2008R2 forest.  There are two parent DC's and two child DC's.  
One of the child DC's is not replicating correctly.  It seems to be OK with its 
child partner but it doesn't not sync with either of the parent DC's. The 
problem seems to be with DNS. When we run - REPADMIN /SHOWREPL * /CSV 
>showrepl.csv - on the box, it returns an LDAP  error 81 (Server Down) Win32 
Err 58 error message. Interestingly, when we ping a parent DC from the DC with 
the issue, it returns an outside IP address not associated with us at all.  It 
pings its sibling fine.  DNS looks like it is configured OK.  The children 
point to each other and the parents point to each other and the other three can 
ping all of the DC's correctly.   Any ideas for this issue would be 
appreciated.  Thanks!

________________________________
Disclaimer

[The information contained in this e-mail message and any attached files are 
confidential information and intended solely for the use of the individual or 
entity to whom they are addressed. This transmission may contain information 
that is privileged, confidential or exempt from disclosure under applicable 
law. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies. If you are not the intended recipient, any 
disclosure, copying, distribution, or use of the information contained herein 
is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any 
errors, omissions, computer viruses and other defects.]
P Protect our planet: Do not print this email unless necessary.