locked
Issue with Active Directory site replication RRS feed

  • Question

  • Hello,

    We created a new site for our Calgary office. When we installed the first domain controller in the site through DCPROMO it replicated to all active directory sites.

    When we installed the second domain controller in the Calgary office it replicated only to the first domain controller in the site but not to the other sites.

     

    Here is how Active Directory sites and services look like in our Calgary office:

    Here is how Active Directory looks in our main office:

     

    On my domain controller in the main office I see this in the event viewer:

    Event Type:    Error
    Event Source:    NETLOGON
    Event Category:    None
    Event ID:    5723
    Date:        11/27/2011
    Time:        7:40:31 AM
    User:        N/A
    Computer:    COVERITY-DC1
    Description:
    The session setup from computer 'CALG-DC2' failed because the security database does not contain a trust account 'CALG-DC2$' referenced by the specified computer. 

    USER ACTION 
    If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem: 

    If 'CALG-DC2$' is a legitimate machine account for the computer 'CALG-DC2', then 'CALG-DC2' should be rejoined to the domain. 

    If 'CALG-DC2$' is a legitimate interdomain trust account, then the trust should be recreated. 

    Otherwise, assuming that 'CALG-DC2$' is not a legitimate account, the following action should be taken on 'CALG-DC2': 

    If 'CALG-DC2' is a Domain Controller, then the trust associated with 'CALG-DC2$' should be deleted. 

    If 'CALG-DC2' is not a Domain Controller, it should be disjoined from the domain.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 8b 01 00 c0               ‹..À   

     

    Can someone advise how to fix this problem?

     

    Morris

     

     



    • Edited by Morris - MS Monday, November 28, 2011 2:30 AM
    Sunday, November 27, 2011 5:49 PM

Answers

  • Decided to run DCPROMO to demote the DC. Run ntdsutil to metadata cleanup.

     

    Erorrs are gone.

    Morris

    • Marked as answer by Morris - MS Monday, November 28, 2011 2:31 AM
    Monday, November 28, 2011 2:31 AM

All replies

  • The pictures don't show up , could you repost them ?

    By the error message it seems that there's no computer account present on Coverity-DC1 for the new DC. Can you check AD Site and service and ADUC on the "healthy" DCs and see if the new one shows up ?

    Sunday, November 27, 2011 6:30 PM
  • Hi Alexander,

     

    I don't see the DC in the AD sites and services in the main office.

     

    Morris

    Sunday, November 27, 2011 7:31 PM
  • Ah now I see the screens... if Calg-DC1 knows about the object (seeing that your DC promo finished ok) then there's only one reason.

    Your CALG-DC1 is not replicating inter-site. Review the site links and the check if any DC has a connection object with Calg-DC1 and if so , check with replmon and repadmin /showreps whether it is replicating.

     

    Sunday, November 27, 2011 8:02 PM
  • I would like to add that on the problematic domain controller I see this error in the event log:

     

    Sunday, November 27, 2011 8:12 PM
  • Hi Alexander,

     

    The problematic server is calg-dc2 and not calg-dc1.

     

    I think that you're right, calg-dc2 is not replicated inter-site (dcpromo completed successfully).

     

    When I run repadmin /showreps on calg-dc2 I am getting:

    C:\>repadmin.exe /showreps
    Calgary\CALG-DC2
    DC Options: IS_GC
    Site Options: (none)
    DC object GUID: 60ea38e3-6bba-4441-b46f-c6a91300445e
    DC invocationID: c47410a3-ce01-4532-b8a2-22cc54478861

    ==== INBOUND NEIGHBORS ======================================

    CN=Configuration,DC=coverity,DC=root
        San-Francisco\COVERITY-DC1 via RPC
            DC object GUID: 2ea4b1cf-7dc5-4fa8-ad1f-0444dfaf3f33
            Last attempt @ 2011-11-27 13:50:57 was successful.
        Calgary\CALG-DC1 via RPC
            DC object GUID: 16ad6986-6f26-4bd9-8272-ba50af168f37
            Last attempt @ 2011-11-27 13:50:57 was successful.

    CN=Schema,CN=Configuration,DC=coverity,DC=root
        Calgary\CALG-DC1 via RPC
            DC object GUID: 16ad6986-6f26-4bd9-8272-ba50af168f37
            Last attempt @ 2011-11-27 13:50:57 was successful.
        San-Francisco\COVERITY-DC1 via RPC
            DC object GUID: 2ea4b1cf-7dc5-4fa8-ad1f-0444dfaf3f33
            Last attempt @ 2011-11-27 13:50:57 was successful.

    DC=coverity,DC=com
        Calgary\CALG-DC1 via RPC
            DC object GUID: 16ad6986-6f26-4bd9-8272-ba50af168f37
            Last attempt @ 2011-11-27 13:50:57 was successful.
        San-Francisco\COVERITY-DC1 via RPC
            DC object GUID: 2ea4b1cf-7dc5-4fa8-ad1f-0444dfaf3f33
            Last attempt @ 2011-11-27 13:50:57 was successful.

    DC=ForestDnsZones,DC=coverity,DC=root
        Calgary\CALG-DC1 via RPC
            DC object GUID: 16ad6986-6f26-4bd9-8272-ba50af168f37
            Last attempt @ 2011-11-27 13:50:57 was successful.
        San-Francisco\COVERITY-DC1 via RPC
            DC object GUID: 2ea4b1cf-7dc5-4fa8-ad1f-0444dfaf3f33
            Last attempt @ 2011-11-27 13:50:57 was successful.

    DC=DomainDnsZones,DC=coverity,DC=com
        Calgary\CALG-DC1 via RPC
            DC object GUID: 16ad6986-6f26-4bd9-8272-ba50af168f37
            Last attempt @ 2011-11-27 13:50:57 was successful.
        San-Francisco\COVERITY-DC1 via RPC
            DC object GUID: 2ea4b1cf-7dc5-4fa8-ad1f-0444dfaf3f33
            Last attempt @ 2011-11-27 13:50:57 was successful.

    DC=coverity,DC=root
        Calgary\CALG-DC1 via RPC
            DC object GUID: 16ad6986-6f26-4bd9-8272-ba50af168f37
            Last attempt @ 2011-11-27 13:50:57 was successful.

     

    Do you think that I should demote the DC run ntdsutil to clean the metadata and rerun the DCPROMO?

     

    Morris

     

    Sunday, November 27, 2011 9:05 PM
  • Decided to run DCPROMO to demote the DC. Run ntdsutil to metadata cleanup.

     

    Erorrs are gone.

    Morris

    • Marked as answer by Morris - MS Monday, November 28, 2011 2:31 AM
    Monday, November 28, 2011 2:31 AM