Replication failures , Connectivity Tests Failing from only one DC in forest.

-

hi,

we have had windows active directory domain many years running few issues.

in last 2 days replication 1 of our 2008r2 dc's has stopped.

the forest consists of 1 2008r2 dc  , 4 2003r2 dc's in various states around country.

about 2 days ago lost network connectivity our san the 2008r2 server running on virtual machine vmware esxi  5.0. loss of connection around minute.

it seem after there has been no replication 4 other servers.

dcdiag reports first of ldap bind failed error 8341 when testing the 2008r2 dc , when run 1 of 2003 dc's.

repadmin /showrepl shows last attempt failed ad partitions 2008r2 dc, others 2003 dc's last attempt successful.

using ldp.exe can connect 2008r2 dc bind fails using default bind method of sspi. if use bind method digest can bind 2008r2 dc. if attempt bind 2003dc's there no problem bind method.

if try repadmin /replicate 2003dc 2008r2 dc message

dsreplicasync() failed status -2146893022 (0x80090322)

can't retrieve message string -2146893022 (0x80090322), error 1815

this error message appearing in event logs

      starting test: systemlog
         * system event log test
         error event occured.  eventid: 0x40000004
            time generated: 01/14/2015   14:43:49
            event string: kerberos client received a

krb_ap_err_modified error server

sopm-dc1$.  target name used was

ldap/b6400cd3-2bcd-4f8b-866b-3dd06716188f._msdcs.shimadzu.com.au.

 this indicates password used encrypt

the kerberos service ticket different than

that on target server. commonly, due

to identically named  machine accounts in the

target realm (sopm.shimadzu.com.au), , the

client realm.   please contact system

administrator.

dcdiag has various errors such following

      starting test: kccevent
         * kcc event log test
         warning event occured.  eventid: 0x8000061e
            time generated: 01/14/2015   15:38:09
            event string: domain controllers in following site that

can replicate directory partition on this

transport unavailable.

and this

dc: sopm-dc1.sopm.shimadzu.com.au
            domain: sopm.shimadzu.com.au

                 
               test: authentication (auth)
                  error: authentication failed specified credentials
                  [error details: 1396 (type: win32 - description: logon failure: target account name incorrect.) - add connection failed]
                 
               test: basic (basc)
                  error: no ldap connectivity
                  error: no wmi connectivity
                  [error details: 0x800706ba (type: hresult - facility: win32, description: rpc server unavailable.) - connection wmi server failed]

i trying understand causing authentication errors, think basis of issues see.

i have disabled firewalls on servers has made no difference.

any appreciated

i believe have solved problem after many hours of searching.
                                      here is the fixed problem:
1 stop kdc and mark disabled
2 run netdom command line and reset secure channel pswd
                                           netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password
server_name name of server server kdc running
3 restart bad dc, wait 15 minutes bad ad synchronize pdc (make sure made connection bad dc pdc in sites/services)
4 re-enable kdc , reboot dc

after ran ldp.exe again , able bind without issues.

dcdiag tests not failing connectivity or authentication.

repadmin /showreps reports replication success.

                                     




Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

CRL Revocation always failed

-
hi all, i try configure radius server nps, somehow certificate authentication client failed with reason: reason = revocation function unable check revocation because revocation server offline. then check certificate client, certutil -f -urlfetch -verify client7.cer, result follow: issuer:     cn=entca     dc=intra     dc=domain     dc=co     dc=sg subject:     cn=computer.intra.domain.co.sg cert serial number: 1c5b00de000000000041 dwflags = ca_verify_flags_allow_untrusted_root (0x1) dwflags = ca_verify_flags_ignore_offline (0x2) dwflags = ca_verify_flags_full_chain_revocation (0x8) dwflags = ca_verify_flags_console_trace (0x20000000) dwflags = ca_verify_flags_dump_chain (0x40000000) chainflags = cert_chain_revocation_check_chain (0x20000000) hcce_local_machine cert_chain_policy_base -------- cert_chain_context -------- chaincontext.dwinfostatus = ce...
Read more

Failed to query the results of bpa xpath

-
Image
i have new server installed hyper v, iis , domain services roles on it.  i checking event log , see warning multiple times, idea how rid of it?? failed query results of bpa xpath: microsoft/windows/fileservices:$reports$\*\result.xml:/resultdatabase/result. error: device attached system not functioning., last error: system cannot find path specified.. follow me on twitter <<< levalencia blog <<< hi, similar issue discussed in forum: to rid of warnings: 1. go dashboard 2. click on add roles , features 3. click next "before begin step" 4. select "role based or feature based installation" , click next 5. select given server server pool , click next 6. in server roles step make sure following checked:   file , storage services > file , iscsi services > file server, click next 7.click next through rest of steps , install server role 8. rerun bpa scan described earlier for more information please refer foll...
Read more

0x300000d errors in Microsoft Remote Desktop client

-
we use rd connect home users office. @ server side remote desktop gateway configured on 2008r2 server. experience following:   for years worked fine, starting last year users apple macbook experienced connection errors after new version of microsoft remote desktop in app store , automatic update. after couple of weeks error disappaered when new updates released. since 6 8 weeks problem again. because don’t have macbook cannot reproduce problem.   starting couple of weeks samsung s6 experiencing problems, here version 8.1.37.135 installed, error displayed is: can’t connect tot remote pc because remote desktop gateway server temporaraily unavailable. try connecting later or contact network administrator assistance. error code  0x300000d   because has worked fine years expect issues on client can configuration error on gateway server.   who pin point real cause?   however, testing other rd gateway server works ok settings identically....
Read more