I have "inherited" a network and been asked to install a new DC and a new
exchange server.
(Two new poweredge servers), The PDC on the domain WAS a Windows 2000
server running DNS, WINS and exchange. I installed the new 2003 R2 machine
and did my domainprep and forestprep. I setup the new server as a DC and a
DNS server and then moved the roles over to the new server as well as the
global catalog. I thought everything went fine, so about a month later I
installed the new exchange server. Also Windows server 2003 R2. I looked at
the old DC and noticed that it wasn't replicating the AD, and now I'm not
sure it ever did. I read something in a whitepaper that said once exchange
is installed in a machine that is a DC, it will only look to itself for AD
info. Is that true?
Anyway, this has obviously presented quite a problem for my network. My old
2000 server has my exchange, and I can't migrate anything over, because it
doesn't even recognize the new exchange installation. On my new exchange
server, I can see the old exchange server, but I can't move any of the
mailboxes.
If I got to the new DC and try and replicate to the old DC, I get "the
replication operation failed because of a schme mismatch between the servers
involved" If I go to the old DC I get "access is denied" when I try to
replicate.
I followed an MS kb document about the "Access denied" message and it had me
run a dcdiag with the /test:CheckSecurityError switch. This appears to be my
problem, but I don't know where to go from here. I am posting the results of
the dcdiag . The first post is from the old DC named "00SERVER" and the next
one is from the new DC named "DC1-2K3"
------------dcdiag---------------00server-------------------
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\00SERVER
Starting test: Connectivity
......................... 00SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\00SERVER
Starting test: Replications
[Replications Check,00SERVER] A recent replication attempt failed:
From DC1-2K3 to 00SERVER
Naming Context:
CN=Schema,CN=Configuration,DC=domain,DC=mydomain,D C=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-11-21 09:55.52.
The last success occurred at 2007-09-11 10:49.35.
1796 failures have occurred since the last success.
[DC1-2K3] DsBind() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,00SERVER] A recent replication attempt failed:
From APPLICATIONS to 00SERVER
Naming Context:
CN=Schema,CN=Configuration,DC=domain,DC=mydomain,D C=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-11-21 09:55.52.
The last success occurred at 2007-09-11 10:49.35.
1740 failures have occurred since the last success.
[APPLICATIONS] DsBind() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,00SERVER] A recent replication attempt failed:
From DC1-2K3 to 00SERVER
Naming Context: CN=Configuration,DC=domain,DC=mydomain,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-11-21 09:55.52.
The last success occurred at 2007-09-11 10:55.19.
1728 failures have occurred since the last success.
[Replications Check,00SERVER] A recent replication attempt failed:
From APPLICATIONS to 00SERVER
Naming Context: CN=Configuration,DC=domain,DC=mydomain,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-11-21 09:55.52.
The last success occurred at 2007-09-11 10:54.54.
6474 failures have occurred since the last success.
[Replications Check,00SERVER] A recent replication attempt failed:
From APPLICATIONS to 00SERVER
Naming Context: DC=domain,DC=mydomain,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-11-21 09:55.52.
The last success occurred at 2007-09-11 10:56.51.
26656 failures have occurred since the last success.
[Replications Check,00SERVER] A recent replication attempt failed:
From DC1-2K3 to 00SERVER
Naming Context: DC=domain,DC=mydomain,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2007-11-21 10:10.51.
The last success occurred at 2007-09-11 10:55.13.
2161 failures have occurred since the last success.
......................... 00SERVER passed test Replications
Starting test: NCSecDesc
......................... 00SERVER passed test NCSecDesc
Starting test: NetLogons
......................... 00SERVER passed test NetLogons
Starting test: Advertising
......................... 00SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: DC1-2K3 is the Schema Owner, but is not responding to DS
RPC Bind.
[DC1-2K3] LDAP bind failed with error 31,
A device attached to the system is not functioning..
Warning: DC1-2K3 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: DC1-2K3 is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: DC1-2K3 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: DC1-2K3 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: DC1-2K3 is the PDC Owner, but is not responding to LDAP
Bind.
Warning: DC1-2K3 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: DC1-2K3 is the Rid Owner, but is not responding to LDAP
Bind.
Warning: DC1-2K3 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: DC1-2K3 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... 00SERVER failed test KnowsOfRoleHolders
Starting test: RidManager
[00SERVER] DsBindWithCred() failed with error -2146893022. The
target principal name is incorrect.
......................... 00SERVER failed test RidManager
Starting test: MachineAccount
......................... 00SERVER passed test MachineAccount
Starting test: Services
......................... 00SERVER passed test Services
Starting test: ObjectsReplicated
......................... 00SERVER passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... 00SERVER passed test frssysvol
Starting test: kccevent
......................... 00SERVER passed test kccevent
Starting test: systemlog
......................... 00SERVER passed test systemlog
Running enterprise tests on : domain.mydomain.com
Starting test: Intersite
......................... domain.mydomain.com passed test Intersite
Starting test: FsmoCheck
......................... domain.mydomain.com passed test FsmoCheck
-----------------------end dcdiag---------------
----------dcdiag----------from NEW DC DC1-2k3--------------------
omain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1-2K3
Starting test: Connectivity
......................... DC1-2K3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1-2K3
Starting test: Replications
[Replications Check,DC1-2K3] A recent replication attempt failed:
From 00SERVER to DC1-2K3
Naming Context: CN=Configuration,DC=domain,DC=mydomain,DC=com
The replication generated an error (8418):
The replication operation failed because of a schema mismatch
between the servers involved.
The failure occurred at 2007-11-21 09:52:50.
The last success occurred at 2007-11-17 17:52:49.
5 failures have occurred since the last success.
[Replications Check,DC1-2K3] A recent replication attempt failed:
From 00SERVER to DC1-2K3
Naming Context: DC=domain,DC=mydomain,DC=com
The replication generated an error (8418):
The replication operation failed because of a schema mismatch
between the servers involved.
The failure occurred at 2007-11-21 09:52:50.
The last success occurred at 2007-11-17 17:52:49.
5 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
DC1-2K3: Current time is 2007-11-21 10:21:26.
CN=Configuration,DC=domain,DC=mydomain,DC=com
Last replication recieved from 00SERVER at 2007-11-17 17:52:49.
DC=domain,DC=mydomain,DC=com
Last replication recieved from 00SERVER at 2007-11-17 17:52:49.
......................... DC1-2K3 passed test Replications
Starting test: NCSecDesc
......................... DC1-2K3 passed test NCSecDesc
Starting test: NetLogons
......................... DC1-2K3 passed test NetLogons
Starting test: Advertising
......................... DC1-2K3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC1-2K3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC1-2K3 passed test RidManager
Starting test: MachineAccount
......................... DC1-2K3 passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [DC1-2K3]
......................... DC1-2K3 failed test Services
Starting test: ObjectsReplicated
......................... DC1-2K3 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC1-2K3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
......................... DC1-2K3 failed test frsevent
Starting test: kccevent
......................... DC1-2K3 passed test kccevent
Starting test: systemlog
......................... DC1-2K3 passed test systemlog
Starting test: VerifyReferences
......................... DC1-2K3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domain
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Running enterprise tests on : domain.mydomain.com
Starting test: Intersite
......................... domain.mydomain.com passed test Intersite
Starting test: FsmoCheck
......................... domain.mydomain.com passed test FsmoCheck
---------end dcdiag---------------------------------------------
sorry for such a long post, but I just wanted to give enough info.
Similar Threads
Linear Mode
