+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Server 2008 R2 Thread, replication issues (i suspect its ipv6 related) in Technical; i have an 08r2dc and a 2012dc both seem fine but the 2012 dc isnt getting updated policies sysvol for ...
  1. #1


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,645
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297

    replication issues (i suspect its ipv6 related)

    i have an 08r2dc and a 2012dc both seem fine but the 2012 dc isnt getting updated policies sysvol for instance has 6 folders missing under policies. on teh 2012 box in gpmc it shows either server as inaccessible if i go to the status of any gpo. The server ip it shows for the 2012 box is an ipv6 address and its ipv4 on the 2008r2 box (but i notices ipv6 was turned off on that so have reenebled it) the 08r2 box can ping the 2012 via ipv6 BUT its a dirrerent address than the 08 box shows for itself and it cant ping the ip that the 2012 thinks it has

    i diddnt set up dhcp here and its on the 08r2 box ipv6 appears not to have a scope but does have entries in server options 00023/4 (i cant remember if ive ever looked at that before so not sure if that is right or not

    any ideas?

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    Have you setup an IP V4 address?

  3. #3

    Join Date
    Oct 2005
    Posts
    849
    Thank Post
    51
    Thanked 115 Times in 105 Posts
    Rep Power
    74
    Does DCDIAG show anything in particular?

    Do you need to be using IPv6 internally?

  4. #4


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,645
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    Quote Originally Posted by FN-GM View Post
    Have you setup an IP V4 address?
    yes ipv4 works fine the dc can both ping each other happily

    Quote Originally Posted by pantscat View Post
    Does DCDIAG show anything in particular?

    Do you need to be using IPv6 internally?
    dcdiag just complains about the event log and some policies. Dont need ipv6 but i thought it was bad practice to kill it on 08+

    Code:
    Directory Server Diagnosis
    
    
    Performing initial setup:
    
       Trying to find home server...
    
       Home Server = Gateway
    
       * Identified AD Forest. 
       Done gathering initial info.
    
    
    Doing initial required tests
    
       
       Testing server: Default-First-Site-Name\GATEWAY
    
          Starting test: Connectivity
    
             ......................... GATEWAY passed test Connectivity
    
    
    
    Doing primary tests
    
       
       Testing server: Default-First-Site-Name\GATEWAY
    
          Starting test: Advertising
    
             ......................... GATEWAY passed test Advertising
    
          Starting test: FrsEvent
    
             ......................... GATEWAY passed test FrsEvent
    
          Starting test: DFSREvent
    
             There are warning or error events within the last 24 hours after the
    
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
    
             Group Policy problems. 
             ......................... GATEWAY failed test DFSREvent
    
          Starting test: SysVolCheck
    
             ......................... GATEWAY passed test SysVolCheck
    
          Starting test: KccEvent
    
             ......................... GATEWAY passed test KccEvent
    
          Starting test: KnowsOfRoleHolders
    
             ......................... GATEWAY passed test KnowsOfRoleHolders
    
          Starting test: MachineAccount
    
             ......................... GATEWAY passed test MachineAccount
    
          Starting test: NCSecDesc
    
             ......................... GATEWAY passed test NCSecDesc
    
          Starting test: NetLogons
    
             [GATEWAY] User credentials does not have permission to perform this
    
             operation.
    
             The account used for this test must have network logon privileges
    
             for this machine's domain.
    
             ......................... GATEWAY failed test NetLogons
    
          Starting test: ObjectsReplicated
    
             ......................... GATEWAY passed test ObjectsReplicated
    
          Starting test: Replications
    
             [Replications Check,GATEWAY] DsReplicaGetInfo(PENDING_OPS, NULL)
    
             failed, error 0x2105 "Replication access was denied."
    
             ......................... GATEWAY failed test Replications
    
          Starting test: RidManager
    
             ......................... GATEWAY passed test RidManager
    
          Starting test: Services
    
                Could not open NTDS Service on GATEWAY, error 0x5
    
                "Access is denied."
    
             ......................... GATEWAY failed test Services
    
          Starting test: SystemLog
    
             An error event occurred.  EventID: 0xC000271A
    
                Time Generated: 06/06/2013   08:41:15
    
                Event String:
    
                The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
    
             A warning event occurred.  EventID: 0x0000000B
    
                Time Generated: 06/06/2013   08:44:57
    
                Event String:
    
                Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
    
             An error event occurred.  EventID: 0xC00010E1
    
                Time Generated: 06/06/2013   08:45:37
    
                Event String:
    
                The name "domain        :0" could not be registered on the interface with IP address 10.5.227.253. The computer with the IP address 10.5.224.66 did not allow the name to be claimed by this computer.
    
             A warning event occurred.  EventID: 0x8000001D
    
                Time Generated: 06/06/2013   08:45:39
    
                Event String:
    
                The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
    
             An error event occurred.  EventID: 0x0000166D
    
                Time Generated: 06/06/2013   08:45:42
    
                Event String:
    
                Netlogon could not register the domain<1B> name for the following reason: 
    
    
             A warning event occurred.  EventID: 0x00002724
    
                Time Generated: 06/06/2013   08:45:56
    
                Event String:
    
                This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
    
             A warning event occurred.  EventID: 0x0000000C
    
                Time Generated: 06/06/2013   08:47:41
    
                Event String:
    
                Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
    
             A warning event occurred.  EventID: 0x000727AA
    
                Time Generated: 06/06/2013   08:50:19
    
                Event String:
    
                The WinRM service failed to create the following SPNs: WSMAN/Gateway.domain.local; WSMAN/Gateway. 
    
    
             An error event occurred.  EventID: 0x00000422
    
                Time Generated: 06/06/2013   08:51:15
    
                Event String:
    
                The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{77597492-BF94-4D3B-B9F3-F6128075949A}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 
    
    
             A warning event occurred.  EventID: 0x0000000C
    
                Time Generated: 06/06/2013   08:52:28
    
                Event String:
    
                Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
    
             ......................... GATEWAY failed test SystemLog
    
          Starting test: VerifyReferences
    
             ......................... GATEWAY passed test VerifyReferences
    
       
       
       Running partition tests on : ForestDnsZones
    
          Starting test: CheckSDRefDom
    
             ......................... ForestDnsZones passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... ForestDnsZones passed test
    
             CrossRefValidation
    
       
       Running partition tests on : DomainDnsZones
    
          Starting test: CheckSDRefDom
    
             ......................... DomainDnsZones passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... DomainDnsZones passed test
    
             CrossRefValidation
    
       
       Running partition tests on : Schema
    
          Starting test: CheckSDRefDom
    
             ......................... Schema passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Schema passed test CrossRefValidation
    
       
       Running partition tests on : Configuration
    
          Starting test: CheckSDRefDom
    
             ......................... Configuration passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Configuration passed test CrossRefValidation
    
       
       Running partition tests on : domain
    
          Starting test: CheckSDRefDom
    
             ......................... domain passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... domain passed test CrossRefValidation
    
       
       Running enterprise tests on : domain.local
    
          Starting test: LocatorCheck
    
             ......................... domain.local passed test LocatorCheck
    
          Starting test: Intersite
    
             ......................... domain.local passed test Intersite

  5. #5

    Join Date
    Oct 2005
    Posts
    849
    Thank Post
    51
    Thanked 115 Times in 105 Posts
    Rep Power
    74
    Yes, Microsoft do recommend not disabling IPv6, but there is a lot of debate as to whether it's really necessary.

    Looks to me from the DCDIAG output that maybe you (or whomever is responsible) didn't run ADPREP before adding the 2012 DC, perhaps?

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by pantscat View Post
    Yes, Microsoft do recommend not disabling IPv6, but there is a lot of debate as to whether it's really necessary.

    Looks to me from the DCDIAG output that maybe you (or whomever is responsible) didn't run ADPREP before adding the 2012 DC, perhaps?
    I dont think that is even possible

  7. #7

    Join Date
    Oct 2005
    Posts
    849
    Thank Post
    51
    Thanked 115 Times in 105 Posts
    Rep Power
    74
    Sorry - should have elaborated - Is it a read-only 2012 DC?

    I meant ADPREP /RODCPREP.

  8. #8


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,645
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    nope no rodc's here. You cant adprep when you add 2012 adding it to the domain is supposed to do it for you

    slightly different dcdiag result if i run cmd as admin even though uac is off

    Code:
    Directory Server Diagnosis
    
    
    Performing initial setup:
    
       Trying to find home server...
    
       Home Server = Gateway
    
       * Identified AD Forest. 
       Done gathering initial info.
    
    
    Doing initial required tests
    
       
       Testing server: Default-First-Site-Name\GATEWAY
    
          Starting test: Connectivity
    
             ......................... GATEWAY passed test Connectivity
    
    
    
    Doing primary tests
    
       
       Testing server: Default-First-Site-Name\GATEWAY
    
          Starting test: Advertising
    
             ......................... GATEWAY passed test Advertising
    
          Starting test: FrsEvent
    
             ......................... GATEWAY passed test FrsEvent
    
          Starting test: DFSREvent
    
             There are warning or error events within the last 24 hours after the
    
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
    
             Group Policy problems. 
             ......................... GATEWAY failed test DFSREvent
    
          Starting test: SysVolCheck
    
             ......................... GATEWAY passed test SysVolCheck
    
          Starting test: KccEvent
    
             ......................... GATEWAY passed test KccEvent
    
          Starting test: KnowsOfRoleHolders
    
             ......................... GATEWAY passed test KnowsOfRoleHolders
    
          Starting test: MachineAccount
    
             ......................... GATEWAY passed test MachineAccount
    
          Starting test: NCSecDesc
    
             ......................... GATEWAY passed test NCSecDesc
    
          Starting test: NetLogons
    
             ......................... GATEWAY passed test NetLogons
    
          Starting test: ObjectsReplicated
    
             ......................... GATEWAY passed test ObjectsReplicated
    
          Starting test: Replications
    
             ......................... GATEWAY passed test Replications
    
          Starting test: RidManager
    
             ......................... GATEWAY passed test RidManager
    
          Starting test: Services
    
             ......................... GATEWAY passed test Services
    
          Starting test: SystemLog
    
             An error event occurred.  EventID: 0xC000271A
    
                Time Generated: 06/06/2013   08:41:15
    
                Event String:
    
                The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
    
             A warning event occurred.  EventID: 0x0000000B
    
                Time Generated: 06/06/2013   08:44:57
    
                Event String:
    
                Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
    
             An error event occurred.  EventID: 0xC00010E1
    
                Time Generated: 06/06/2013   08:45:37
    
                Event String:
    
                The name "domain        :0" could not be registered on the interface with IP address 10.5.227.253. The computer with the IP address 10.5.224.66 did not allow the name to be claimed by this computer.
    
             A warning event occurred.  EventID: 0x8000001D
    
                Time Generated: 06/06/2013   08:45:39
    
                Event String:
    
                The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
    
             An error event occurred.  EventID: 0x0000166D
    
                Time Generated: 06/06/2013   08:45:42
    
                Event String:
    
                Netlogon could not register the domain<1B> name for the following reason: 
    
    
             A warning event occurred.  EventID: 0x00002724
    
                Time Generated: 06/06/2013   08:45:56
    
                Event String:
    
                This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
    
             A warning event occurred.  EventID: 0x0000000C
    
                Time Generated: 06/06/2013   08:47:41
    
                Event String:
    
                Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
    
             A warning event occurred.  EventID: 0x000727AA
    
                Time Generated: 06/06/2013   08:50:19
    
                Event String:
    
                The WinRM service failed to create the following SPNs: WSMAN/Gateway.domain.local; WSMAN/Gateway. 
    
    
             An error event occurred.  EventID: 0x00000422
    
                Time Generated: 06/06/2013   08:51:15
    
                Event String:
    
                The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{77597492-BF94-4D3B-B9F3-F6128075949A}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 
    
    
             A warning event occurred.  EventID: 0x0000000C
    
                Time Generated: 06/06/2013   08:52:28
    
                Event String:
    
                Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
    
             ......................... GATEWAY failed test SystemLog
    
          Starting test: VerifyReferences
    
             ......................... GATEWAY passed test VerifyReferences
    
       
       
       Running partition tests on : ForestDnsZones
    
          Starting test: CheckSDRefDom
    
             ......................... ForestDnsZones passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... ForestDnsZones passed test
    
             CrossRefValidation
    
       
       Running partition tests on : DomainDnsZones
    
          Starting test: CheckSDRefDom
    
             ......................... DomainDnsZones passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... DomainDnsZones passed test
    
             CrossRefValidation
    
       
       Running partition tests on : Schema
    
          Starting test: CheckSDRefDom
    
             ......................... Schema passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Schema passed test CrossRefValidation
    
       
       Running partition tests on : Configuration
    
          Starting test: CheckSDRefDom
    
             ......................... Configuration passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Configuration passed test CrossRefValidation
    
       
       Running partition tests on : domain
    
          Starting test: CheckSDRefDom
    
             ......................... domain passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... domain passed test CrossRefValidation
    
       
       Running enterprise tests on : domain.local
    
          Starting test: LocatorCheck
    
             ......................... domain.local passed test LocatorCheck
    
          Starting test: Intersite
    
             ......................... domain.local passed test Intersite

  9. #9

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    Whats going on in the event logs?

  10. #10

    Join Date
    Oct 2005
    Posts
    849
    Thank Post
    51
    Thanked 115 Times in 105 Posts
    Rep Power
    74
    Ah - clearly I need to update my knowledge in regard to 2012! Soz...

    Does event viewer say anything in particular about DFSR?

  11. #11


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,645
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    Quote Originally Posted by FN-GM View Post
    Whats going on in the event logs?
    naff all only errors i have are wsus failing to download/sync and thats cos lln are useless

    onlt dfs errors are oh you rebooted a server did you type ones
    Last edited by sted; 6th June 2013 at 09:50 AM.

  12. #12

    Join Date
    Oct 2005
    Posts
    849
    Thank Post
    51
    Thanked 115 Times in 105 Posts
    Rep Power
    74
    Is the time within 5 mins on both DCs? (same timezones etc?)

  13. #13


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,645
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    yup times identical near as i can tell and both utc

  14. #14

    Join Date
    Oct 2005
    Posts
    849
    Thank Post
    51
    Thanked 115 Times in 105 Posts
    Rep Power
    74
    Hmm... that's an odd one then.

    I hate to state the obvious but is the DFS service running?

  15. #15


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,645
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    Quote Originally Posted by pantscat View Post
    Hmm... that's an odd one then.

    I hate to state the obvious but is the DFS service running?
    yup and other dfs shares replicate fine just added a file to one server and its on both on my startmenu

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. DFS Replication issues
    By mrbios in forum Windows Server 2008 R2
    Replies: 1
    Last Post: 29th November 2012, 10:42 AM
  2. DC Replication Issue
    By JHeaton in forum Windows Server 2008 R2
    Replies: 2
    Last Post: 18th September 2011, 03:10 PM
  3. Replies: 11
    Last Post: 24th March 2011, 01:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •