It sounds like the computer account password on the dc that is getting the "denied" error is still out of sync--you might try re-syncing it again using netdom.exe and/or nltest.exe since it sounds like you're still within 60 days of the problem first happening.
To see who is a GC, open ADS&S, drill down to the server object, and get properties of the NTDS Settings. I think you might have trouble with a straight DCpromo at this point since they already aren't talking to each other. If re-syncing the DC account doesn't work, you'll need to look into using NTDSutil to remove the problem dc. -Bonnie -----Original Message----- From: Michael Reid [mailto:[email protected]] Sent: Friday, March 13, 2009 6:52 AM To: NT System Admin Issues Subject: Re: Replication stopped, how to get going again? Yes, these servers have been working fine for a year or so. Then a month or so ago they got disconnected. Someone else dealt with that and they reset the computer account password and it started replicating again (didn't get more details than that). I found that link too, but since that it wasn't a recent addition I didn't follow up with it. On Fri, Mar 13, 2009 at 9:44 AM, David Lum <[email protected]> wrote: > Has replication ever worked? Is one of these a new DC? > > Have you Googled that error message? First link takes you here: > http://support.microsoft.com/kb/329860 > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > -----Original Message----- > From: Michael Reid [mailto:[email protected]] > Sent: Friday, March 13, 2009 6:40 AM > To: NT System Admin Issues > Subject: Replication stopped, how to get going again? > > We have a 2003 and a 2000 server. Both are Domain controllers (or are > suppose to be). When I go into AD users and computers, the second > server shows up as a DC. When I go into the first server (2003) it > shows it as a member server. > > on the 2003 I get this error: 8453 Replication access was denied. > > Passwords, expiries, etc aren't being replicated. I was thinking of > just re adding the second server to the domain again by DCPROMO'ing > it. However, this wouldn't go well if it's the global catalogue server > I'm assuming. How could I tell which server was made first (the GC)? > > Any other suggestions? > > 'preciate it. > > Michael > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
