Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » DC Not Accepting Any Replications from Partners
DC Not Accepting Any Replications from Partners [message #156358] Mon, 15 June 2009 20:21 Go to next message
Charles  is currently offline Charles
Messages: 71
Registered: July 2009
Member
Hi All:

One of our DCs get to the point where it does not accept any replication
from its partners. I can net view \\dc01 and see the netlogon and sysvol
shares fine while the problem occurs. Doesn't help if I restart netlogon but
it does help if I reboot the system but the problem comes back after a week
or so.

I use kerbtray to list the tickets and expiration dates and all looks well.
Since rebooting helps it for awhile, should I use kerbtray and purge all
tickets and then reboot it so it will get new tickets from the KDC?

DCdiag:
Doing initial required tests

Testing server: Washington\dc01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
[MSSAMDC01] DsBindWithSpnEx() failed with error 1727,
Detection location is 251
......................... dc01 failed test Connectivity

Netdiag
Testing Kerberos authentication... Failed
DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to dc01 (10.11.30.153).
[RPC_S_CALL_FAILED_DNE]
List of DCs in Domain 'domain.com':
dc02
dc03

Kerberos test. . . . . . . . . . . : Failed
Cached Tickets:
Server: krbtgt/domain.com
End Time: 6/15/2009 23:29:21
Renew Time: 6/22/2009 13:29:21
Server: krbtgt/domain.com
End Time: 6/15/2009 23:29:21
Renew Time: 6/22/2009 13:29:21
Server: cifs/dc02
End Time: 6/15/2009 23:29:21
Renew Time: 6/22/2009 13:29:21
[FATAL] Kerberos does not have a ticket for host/dc01

LDAP test. . . . . . . . . . . . . : Passed

[WARNING] Failed to query SPN registration on DC 'dc01.domain.com'.
Re: DC Not Accepting Any Replications from Partners [message #156361 is a reply to message #156358] Mon, 15 June 2009 21:44 Go to previous messageGo to next message
scottvan  is currently offline scottvan
Messages: 3
Registered: June 2009
Junior Member
It sounds like you're running out of available ports for the RPC endpoint
mapper to use. Take a look at the following article:
839880 Troubleshooting RPC Endpoint Mapper errors using the Windows Server
2003 Support Tools from the product CD
http://support.microsoft.com/default.aspx?scid=kb;EN-US;839880

"netstat -ano" should provide a listing of ports that are in use as well as
the PID of the process that owns that port. Possibly you're running an
application on this server that isn't releasing ports when it's done with
them. You can also extend the available ports used by RPC but I'd recommend
looking into what's consuming them first.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
-
Scott Van Cleave [MSFT]
MCM:Directory | MCITP:EA/SA | MCSE:Security | CISSP | Security+
scottvan@online.microsoft.com
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

"Charles" <Charles@discussions.microsoft.com> wrote in message
news:63A47C07-A904-4ED7-93E2-0054436D7BA8@microsoft.com...
> Hi All:
>
> One of our DCs get to the point where it does not accept any replication
> from its partners. I can net view \\dc01 and see the netlogon and sysvol
> shares fine while the problem occurs. Doesn't help if I restart netlogon
> but
> it does help if I reboot the system but the problem comes back after a
> week
> or so.
>
> I use kerbtray to list the tickets and expiration dates and all looks
> well.
> Since rebooting helps it for awhile, should I use kerbtray and purge all
> tickets and then reboot it so it will get new tickets from the KDC?
>
> DCdiag:
> Doing initial required tests
>
> Testing server: Washington\dc01
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> * Active Directory RPC Services Check
> [MSSAMDC01] DsBindWithSpnEx() failed with error 1727,
> Detection location is 251
> ......................... dc01 failed test Connectivity
>
> Netdiag
> Testing Kerberos authentication... Failed
> DC list test . . . . . . . . . . . : Failed
> [WARNING] Cannot call DsBind to dc01 (10.11.30.153).
> [RPC_S_CALL_FAILED_DNE]
> List of DCs in Domain 'domain.com':
> dc02
> dc03
>
> Kerberos test. . . . . . . . . . . : Failed
> Cached Tickets:
> Server: krbtgt/domain.com
> End Time: 6/15/2009 23:29:21
> Renew Time: 6/22/2009 13:29:21
> Server: krbtgt/domain.com
> End Time: 6/15/2009 23:29:21
> Renew Time: 6/22/2009 13:29:21
> Server: cifs/dc02
> End Time: 6/15/2009 23:29:21
> Renew Time: 6/22/2009 13:29:21
> [FATAL] Kerberos does not have a ticket for host/dc01
>
> LDAP test. . . . . . . . . . . . . : Passed
>
> [WARNING] Failed to query SPN registration on DC 'dc01.domain.com'.
Re: DC Not Accepting Any Replications from Partners [message #156362 is a reply to message #156358] Mon, 15 June 2009 23:20 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Charles" <Charles@discussions.microsoft.com> wrote in message
news:63A47C07-A904-4ED7-93E2-0054436D7BA8@microsoft.com...
> Hi All:
>
> One of our DCs get to the point where it does not accept any replication
> from its partners. I can net view \\dc01 and see the netlogon and sysvol
> shares fine while the problem occurs. Doesn't help if I restart netlogon
> but
> it does help if I reboot the system but the problem comes back after a
> week
> or so.
>
> I use kerbtray to list the tickets and expiration dates and all looks
> well.
> Since rebooting helps it for awhile, should I use kerbtray and purge all
> tickets and then reboot it so it will get new tickets from the KDC?
>
> DCdiag:
> Doing initial required tests
>
> Testing server: Washington\dc01
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> * Active Directory RPC Services Check
> [MSSAMDC01] DsBindWithSpnEx() failed with error 1727,
> Detection location is 251
> ......................... dc01 failed test Connectivity
>
> Netdiag
> Testing Kerberos authentication... Failed
> DC list test . . . . . . . . . . . : Failed
> [WARNING] Cannot call DsBind to dc01 (10.11.30.153).
> [RPC_S_CALL_FAILED_DNE]
> List of DCs in Domain 'domain.com':
> dc02
> dc03
>
> Kerberos test. . . . . . . . . . . : Failed
> Cached Tickets:
> Server: krbtgt/domain.com
> End Time: 6/15/2009 23:29:21
> Renew Time: 6/22/2009 13:29:21
> Server: krbtgt/domain.com
> End Time: 6/15/2009 23:29:21
> Renew Time: 6/22/2009 13:29:21
> Server: cifs/dc02
> End Time: 6/15/2009 23:29:21
> Renew Time: 6/22/2009 13:29:21
> [FATAL] Kerberos does not have a ticket for host/dc01
>
> LDAP test. . . . . . . . . . . . . : Passed
>
> [WARNING] Failed to query SPN registration on DC 'dc01.domain.com'.


Hello Charles,

In addition to Scott's great suggestion, which may be occuring from the
sound of it, I would like to eliminate the possibility that DNS is not
misconfigured between your DCs, and some other factors.

If you can post an unedited ipconfig /all from your DCs, that will help to
eliminate any possibility of DNS, as well as other issues, not being either
the cause or a contributing factor.

Thank you,

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay
Previous Topic:Homepage set in GPO not working in Win7 w/ IE 8
Next Topic:A Way to Export Local Policy?
Goto Forum:
  


Current Time: Sat Oct 21 18:58:40 EDT 2017

Total time taken to generate the page: 0.02843 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software