locked
Replication Access Was Denied

    Question

  • This is related to my DNS post...

    I just added a W2K8 R2 DC to my existing W2K3 SP2 forest/single domain. I have issues creating any kind of DNS record on the W2K8 server. I ran repadmin /showrepl and I receive the following error...

    DsReplicaGetInfo() failed with status 8453 (0x2105):
        Replication access was denied.
    DsReplicaGetInfo() failed with status 8453 (0x2105):
        Replication access was denied.

    Thanks
    Saturday, August 22, 2009 12:59 AM

All replies

  • DCDIAG has the following errors on the W2K8 R2 server...

     Starting test: NCSecDesc
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=ForestDnsZones,DC=camhydro,DC=com
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=DomainDnsZones,DC=camhydro,DC=com
        ......................... TUCANA failed test NCSecDesc
    Saturday, August 22, 2009 1:09 AM
  • Ok. I found that the DCDIAG errors are because I didn't run ADPREP /RODCPREP....still can't figure out why replication is denied though.
    Saturday, August 22, 2009 1:14 AM
  • Hi,

     

    Thanks for the post.

     

    From your description, I understand that the following error message is received when running the repadmin /showrepl command.

     

    DsReplicaGetInfo() failed with status 8453 (0x2105):

        Replication access was denied.

    DsReplicaGetInfo() failed with status 8453 (0x2105):

        Replication access was denied.

     

    This issue will occur if the repadmin /showreps command is not run from a privileged command

     

    Please open the command window by right-clicking the icon and selecting "Run as Administrator" and then type the repadmin /showrepl command.

     

    Hope this helps.


    Best Regards,
     

    Miles Zhang

    Windows Server Forum

    If you have any feedback on our support, please contact tngfb@microsoft.com 

     

    ********************************************

    Hope we can receive more and more feedbacks from VERY SATISFIED customers. :-)

     

    Monday, August 24, 2009 7:09 AM
    Moderator
  • repadmin /showrepl is ok now after a reboot on the weekend....


    I still have a bunch of errors (in bold) when running DDIAG /D /C from the W2K8 R2 DC that are concerning. DCDIAG was run from a batch file that was started as administrator. My account has domain admin and enterprise admin access...


    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine Tucana, is a Directory Server.
       Home Server = Tucana

       * Connecting to directory service on server Tucana.

       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=HYDRA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=LYRA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=TUCANA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.

       * Found 3 DC(s). Testing 1 of them.

       Done gathering initial info.


    Doing initial required tests

      
       Testing server: Default-First-Site-Name\TUCANA

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... TUCANA passed test Connectivity

     

    Doing primary tests

      
       Testing server: Default-First-Site-Name\TUCANA

          Starting test: Advertising

             The DC TUCANA is advertising itself as a DC and having a DS.
             The DC TUCANA is advertising as an LDAP server
             The DC TUCANA is advertising as having a writeable directory
             The DC TUCANA is advertising as a Key Distribution Center
             The DC TUCANA is advertising as a time server
             The DS TUCANA is advertising as a GC.
             ......................... TUCANA passed test Advertising

          Starting test: CheckSecurityError

             * Dr Auth:  Beginning security errors check!
             Found KDC TUCANA for domain domain.local in site Default-First-Site-Name
             Checking machine account for DC TUCANA on DC TUCANA.
             * SPN found :LDAP/Tucana.domain.local/domain.local
             * SPN found :LDAP/Tucana.domain.local
             * SPN found :LDAP/TUCANA
             * SPN found :LDAP/Tucana.domain.local/HYDRO
             * SPN found :LDAP/c4db264a-bb33-46a8-8883-9940f1c994fb._msdcs.domain.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c4db264a-bb33-46a8-8883-9940f1c994fb/domain.local
             * SPN found :HOST/Tucana.domain.local/domain.local
             * SPN found :HOST/Tucana.domain.local
             * SPN found :HOST/TUCANA
             * SPN found :HOST/Tucana.domain.local/HYDRO
             * SPN found :GC/Tucana.domain.local/domain.local
                [TUCANA] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with

                error 8453,

                Replication access was denied..
                [TUCANA] Unable to query the list of KCC connection failures.

                Continuing...

             [TUCANA] No security related replication errors were found on this DC!

              To target the connection to a specific source DC use

             /ReplSource:<DC>.

             ......................... TUCANA passed test CheckSecurityError

          Starting test: CutoffServers

             * Configuration Topology Aliveness Check
             * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for CN=Configuration,DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             ......................... TUCANA passed test CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             ......................... TUCANA passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log.
             Skip the test because the server is running FRS.

             ......................... TUCANA passed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... TUCANA passed test SysVolCheck

          Starting test: FrsSysVol

             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... TUCANA passed test FrsSysVol

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... TUCANA passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=HYDRA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
             Role Domain Owner = CN=NTDS Settings,CN=HYDRA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
             Role PDC Owner = CN=NTDS Settings,CN=HYDRA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
             Role Rid Owner = CN=NTDS Settings,CN=HYDRA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=HYDRA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
             ......................... TUCANA passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC TUCANA on DC TUCANA.
             * SPN found :LDAP/Tucana.domain.local/domain.local
             * SPN found :LDAP/Tucana.domain.local
             * SPN found :LDAP/TUCANA
             * SPN found :LDAP/Tucana.domain.local/HYDRO
             * SPN found :LDAP/c4db264a-bb33-46a8-8883-9940f1c994fb._msdcs.domain.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c4db264a-bb33-46a8-8883-9940f1c994fb/domain.local
             * SPN found :HOST/Tucana.domain.local/domain.local
             * SPN found :HOST/Tucana.domain.local
             * SPN found :HOST/TUCANA
             * SPN found :HOST/Tucana.domain.local/HYDRO
             * SPN found :GC/Tucana.domain.local/domain.local
             ......................... TUCANA passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC TUCANA.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=domain,DC=com
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=DomainDnsZones,DC=domain,DC=com
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=domain,DC=com
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=domain,DC=com
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=domain,DC=com
                (Domain,Version 3)
             ......................... TUCANA passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Verified share \\TUCANA\netlogon
             Verified share \\TUCANA\sysvol
             [TUCANA] User credentials does not have permission to perform this

             operation.

             The account used for this test must have network logon privileges

             for this machine's domain.

             ......................... TUCANA failed test NetLogons

          Starting test: ObjectsReplicated

             TUCANA is in domain DC=domain,DC=com
             Checking for CN=TUCANA,OU=Domain Controllers,DC=domain,DC=com in domain DC=domain,DC=com on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=TUCANA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com in domain CN=Configuration,DC=domain,DC=com on 1 servers
                Object is up-to-date on all servers.
             ......................... TUCANA passed test ObjectsReplicated

          Starting test: OutboundSecureChannels

             * The Outbound Secure Channels test
             ** Did not run Outbound Secure Channels test because /testdomain: was

             not entered

             ......................... TUCANA passed test OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             [Replications Check,TUCANA] DsReplicaGetInfo(PENDING_OPS, NULL)

             failed, error 0x2105 "Replication access was denied."

             ......................... TUCANA failed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 6875 to 1073741823
             * hydra.domain.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 6375 to 6874
             * rIDPreviousAllocationPool is 6375 to 6874
             * rIDNextRID: 6376
             ......................... TUCANA passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
                Could not open NTDS Service on TUCANA, error 0x5

                "Access is denied."

             * Checking Service: DnsCache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... TUCANA failed test Services

          Starting test: SystemLog

             * The System Event log test
             Found no errors in "System" Event log in the last 60 minutes.
             ......................... TUCANA passed test SystemLog

          Starting test: Topology

             * Configuration Topology Integrity Check
             * Analyzing the connection topology for DC=ForestDnsZones,DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for DC=DomainDnsZones,DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for CN=Configuration,DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for DC=domain,DC=com.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             ......................... TUCANA passed test Topology

          Starting test: VerifyEnterpriseReferences

             ......................... TUCANA passed test

             VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=TUCANA,OU=Domain Controllers,DC=domain,DC=com and backlink on

             CN=TUCANA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

             are correct.
             The system object reference (serverReferenceBL)

             CN=TUCANA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=com

             and backlink on

             CN=NTDS Settings,CN=TUCANA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=TUCANA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=com

             and backlink on CN=TUCANA,OU=Domain Controllers,DC=domain,DC=com are

             correct.
             ......................... TUCANA passed test VerifyReferences

          Starting test: VerifyReplicas

             ......................... TUCANA passed test VerifyReplicas

      
          Starting test: DNS

            

             DNS Tests are running and not hung. Please wait a few minutes...

             See DNS test in enterprise tests section for results
             ......................... TUCANA passed test DNS

      
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

      
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

      
       Running partition tests on : domain

          Starting test: CheckSDRefDom

             ......................... domain passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... domain passed test CrossRefValidation

      
       Running enterprise tests on : domain.local

          Starting test: DNS

             Test results for domain controllers:

               
                DC: Tucana.domain.local

                Domain: domain.local

               

                     
                   TEST: Authentication (Auth)
                      Authentication test: Successfully completed
                     
                   TEST: Basic (Basc)
                      The OS

                      Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 0.0)

                      is supported.

                      NETLOGON service is running

                      kdc service is running

                      DNSCACHE service is running

                      DNS service is running

                      DC is a DNS server

                      Network adapters information:

                      Adapter [00000007] VMware PCI Ethernet Adapter:

                         MAC address is 00:50:56:8D:6A:FA
                         IP Address is static
                         IP address: 192.168.77.220
                         DNS servers:

                            192.168.77.220 (TUCANA) [Valid]
                            192.168.77.251 (HYDRA) [Valid]
                            192.168.77.249 (LYRA) [Valid]
                      The A host record(s) for this DC was found
                      The SOA record for the Active Directory zone was found
                      The Active Directory zone on this DC/DNS server was found primary
                      Root zone on this DC/DNS server was not found
                     
                   TEST: Forwarders/Root hints (Forw)
                      Recursion is enabled
                      Forwarders Information:
                         192.168.77.254 (<name unavailable>) [Valid]
                     
                   TEST: Delegations (Del)
                      No delegations were found in this zone on this DNS server
                     
                   TEST: Dynamic update (Dyn)
                      Test record dcdiag-test-record added successfully in zone domain.local
                      Warning: Failed to delete the test record dcdiag-test-record in zone domain.local
                      [Error details: 9005 (Type: Win32 - Description: DNS operation refused.)]
                     
                   TEST: Records registration (RReg)
                      Network Adapter [00000007] VMware PCI Ethernet Adapter:

                         Matching CNAME record found at DNS server 192.168.77.220:
                         c4db264a-bb33-46a8-8883-9940f1c994fb._msdcs.domain.local

                         Matching A record found at DNS server 192.168.77.220:
                         Tucana.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _ldap._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _ldap._tcp.949890f1-6d5e-4551-b118-134a12f86323.domains._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _kerberos._tcp.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _ldap._tcp.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _kerberos._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _kerberos._udp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _kpasswd._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _ldap._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _kerberos._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _ldap._tcp.gc._msdcs.domain.local

                         Matching A record found at DNS server 192.168.77.220:
                         gc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _gc._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.220:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.local

                         Matching CNAME record found at DNS server 192.168.77.251:
                         c4db264a-bb33-46a8-8883-9940f1c994fb._msdcs.domain.local

                         Matching A record found at DNS server 192.168.77.251:
                         Tucana.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _ldap._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _ldap._tcp.949890f1-6d5e-4551-b118-134a12f86323.domains._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _kerberos._tcp.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _ldap._tcp.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _kerberos._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _kerberos._udp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _kpasswd._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _ldap._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _kerberos._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _ldap._tcp.gc._msdcs.domain.local

                         Matching A record found at DNS server 192.168.77.251:
                         gc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _gc._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.251:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.local

                         Matching CNAME record found at DNS server 192.168.77.249:
                         c4db264a-bb33-46a8-8883-9940f1c994fb._msdcs.domain.local

                         Matching A record found at DNS server 192.168.77.249:
                         Tucana.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _ldap._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _ldap._tcp.949890f1-6d5e-4551-b118-134a12f86323.domains._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _kerberos._tcp.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _ldap._tcp.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _kerberos._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _kerberos._udp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _kpasswd._tcp.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _ldap._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _kerberos._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _ldap._tcp.gc._msdcs.domain.local

                         Matching A record found at DNS server 192.168.77.249:
                         gc._msdcs.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _gc._tcp.Default-First-Site-Name._sites.domain.local

                         Matching  SRV record found at DNS server 192.168.77.249:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.local

            
             Summary of test results for DNS servers used by the above domain

             controllers:

            

                DNS server: 192.168.77.220 (TUCANA)

                   All tests passed on this DNS server

                   Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
                  
                DNS server: 192.168.77.249 (LYRA)

                   All tests passed on this DNS server

                   Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
                  
                DNS server: 192.168.77.251 (HYDRA)

                   All tests passed on this DNS server

                   Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
                  
                DNS server: 192.168.77.254 (<name unavailable>)

                   All tests passed on this DNS server

                  
             Summary of DNS test results:

            
                                                Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: domain.local

                   Tucana                       PASS PASS PASS PASS WARN PASS n/a 
            
             ......................... domain.local passed test DNS

          Starting test: LocatorCheck

             GC Name: \\Tucana.domain.local

             Locator Flags: 0xe00031fc
             PDC Name: \\hydra.domain.local
             Locator Flags: 0xe00003fd
             Time Server Name: \\Tucana.domain.local
             Locator Flags: 0xe00031fc
             Preferred Time Server Name: \\hydra.domain.local
             Locator Flags: 0xe00003fd
             KDC Name: \\Tucana.domain.local
             Locator Flags: 0xe00031fc
             ......................... domain.local passed test LocatorCheck

          Starting test: FsmoCheck

             GC Name: \\Tucana.domain.local

             Locator Flags: 0xe00031fc
             PDC Name: \\hydra.domain.local
             Locator Flags: 0xe00003fd
             Time Server Name: \\Tucana.domain.local
             Locator Flags: 0xe00031fc
             Preferred Time Server Name: \\hydra.domain.local
             Locator Flags: 0xe00003fd
             KDC Name: \\Tucana.domain.local
             Locator Flags: 0xe00031fc
             ......................... domain.local passed test FsmoCheck

          Starting test: Intersite

             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided.
             ......................... domain.local passed test Intersite

     

    Monday, August 24, 2009 5:34 PM
  • Hi,

     

    Thanks for the update.

     

    In this case, I suggest we check the following points.

     

    1. Please logon as Enterprise Admin to test this issue.

     

    2. Check the rights "Access this computer from network" and "Bypass traverse checking"

     

    3. Ensure to use the repadmin included in Windows Server 2008 R2 from Server Manager.

     

    Meanwhile, Please collect the MPSReport.

     

    1. Download proper MPS Report tool from the website below.

     

    Microsoft Product Support Reports

    http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

     

    2. Double-click to run it, if requirement is not met, please follow the wizard to download and install them. After that, click Next, when the "Select the diagnostics you want to run" page appears, select "General", “Internet and Networking”, “Business Networks”, “Server Components”, click Next.

     

    3. After collecting all log files, choose "Save the results", choose a folder to save <Computername>MPSReports.cab file.

     

    Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give us the download address.

     

    Hope this helps.

     

     

     

    Tuesday, August 25, 2009 8:35 AM
    Moderator
  • 1. As stated in my previous post...I have Enterprise Admins status
    2. Need more details. Where do I check this?
    3. It was run from the cmd line. I would assume this is the same version as running from Server Manager

    Here is the URL to the results of MPSReports
    http://cid-d0347f8612498637.skydrive.live.com/browse.aspx/Documents?wa=wsignin1.0&sa=193807883

    Thanks!
    Tuesday, August 25, 2009 12:36 PM
  • Can anyone help figure what is going on ??
    Wednesday, August 26, 2009 12:51 PM