replication error on windows 2012 DC

-

hi,

i have added windows 2012 r2 server (cadpdc1) windows 2003 sp2 dc  (primary dc) , promoted dc. after promote have ran dcdiag , shows errors.

each of servers have 3 nics connected different networks.

please me expertise since need bring on monday.

thank

kind regards

chamara

here dcdiag output of new dc


directory server diagnosis


performing initial setup:

   trying find home server...

   home server = cadpdc1

   * identified ad forest.
   done gathering initial info.


doing initial required tests

   
   testing server: default-first-site-name\cadpdc1

      starting test: connectivity

         error during resolution of hostname cadpdc1.engineer.com through

         ipv6 stack.

         *** warning: not confirm identity of server in the

         directory versus names returned dns servers. hostname

         resolution error 0x2af9 "no such host known."

         ......................... cadpdc1 passed test connectivity



doing primary tests

   
   testing server: default-first-site-name\cadpdc1

      starting test: advertising

         warning: dsgetdcname returned information for

         \\cadpdc.engineer.com, when trying reach cadpdc1.

         server not responding or not considered suitable.

         ......................... cadpdc1 failed test advertising

      starting test: frsevent

         there warning or error events within last 24 hours after the

         sysvol has been shared.  failing sysvol replication problems may cause

         group policy problems.
         ......................... cadpdc1 passed test frsevent

      starting test: dfsrevent

         ......................... cadpdc1 passed test dfsrevent

      starting test: sysvolcheck

         ......................... cadpdc1 passed test sysvolcheck

      starting test: kccevent

         ......................... cadpdc1 passed test kccevent

      starting test: knowsofroleholders

         [cadpdc] dsbindwithspnex() failed error -2146893022,

         target principal name incorrect..
         warning: cadpdc schema owner, not responding ds rpc

         bind.

         [cadpdc] ldap bind failed error 8341,

         directory service error has occurred..
         warning: cadpdc schema owner, not responding ldap

         bind.

         warning: cadpdc domain owner, not responding ds rpc

         bind.

         warning: cadpdc domain owner, not responding ldap

         bind.

         warning: cadpdc pdc owner, not responding ds rpc

         bind.

         warning: cadpdc pdc owner, not responding ldap bind.

         warning: cadpdc rid owner, not responding ds rpc

         bind.

         warning: cadpdc rid owner, not responding ldap bind.

         warning: cadpdc infrastructure update owner, not

         responding ds rpc bind.

         warning: cadpdc infrastructure update owner, not

         responding ldap bind.

         ......................... cadpdc1 failed test knowsofroleholders

      starting test: machineaccount

         ......................... cadpdc1 passed test machineaccount

      starting test: ncsecdesc

         ......................... cadpdc1 passed test ncsecdesc

      starting test: netlogons

         unable connect netlogon share! (\\cadpdc1\netlogon)

         [cadpdc1] net use or lsapolicy operation failed error 67,

         network name cannot found..

         ......................... cadpdc1 failed test netlogons

      starting test: objectsreplicated

         ......................... cadpdc1 passed test objectsreplicated

      starting test: replications

         [replications check,cadpdc1] recent replication attempt failed:

            cadpdc cadpdc1

            naming context: dc=forestdnszones,dc=engineer,dc=com

            replication generated error (-2146893022):

            target principal name incorrect.

            failure occurred @ 2014-06-27 17:05:59.

            last success occurred @ 2014-06-27 17:01:21.

            1 failures have occurred since last success.

         [replications check,cadpdc1] recent replication attempt failed:

            cadpdc cadpdc1

            naming context: dc=domaindnszones,dc=engineer,dc=com

            replication generated error (-2146893022):

            target principal name incorrect.

            failure occurred @ 2014-06-27 17:05:59.

            last success occurred @ 2014-06-27 17:01:21.

            1 failures have occurred since last success.

         [replications check,cadpdc1] recent replication attempt failed:

            cadpdc cadpdc1

            naming context: cn=schema,cn=configuration,dc=engineer,dc=com

            replication generated error (1727):

            remote procedure call failed , did not execute.

            failure occurred @ 2014-06-27 17:05:59.

            last success occurred @ 2014-06-27 17:01:06.

            1 failures have occurred since last success.

         [replications check,cadpdc1] recent replication attempt failed:

            cadpdc cadpdc1

            naming context: cn=configuration,dc=engineer,dc=com

            replication generated error (-2146893022):

            target principal name incorrect.

            failure occurred @ 2014-06-27 17:05:59.

            last success occurred @ 2014-06-27 17:01:07.

            1 failures have occurred since last success.

         [replications check,cadpdc1] recent replication attempt failed:

            cadpdc cadpdc1

            naming context: dc=engineer,dc=com

            replication generated error (-2146893022):

            target principal name incorrect.

            failure occurred @ 2014-06-27 17:05:59.

            last success occurred @ 2014-06-27 17:01:21.

            1 failures have occurred since last success.

         ......................... cadpdc1 failed test replications

      starting test: ridmanager

         ......................... cadpdc1 failed test ridmanager

      starting test: services

         ......................... cadpdc1 passed test services

      starting test: systemlog

         warning event occurred.  eventid: 0x000727a5

            time generated: 06/27/2014   17:01:38

            event string:

            winrm service not listening ws-management requests.


         warning event occurred.  eventid: 0x80050004

            time generated: 06/27/2014   17:05:03

            event string:

            hp ethernet 1gb 2-port 332t adapter: network link down.  check make sure network cable connected.

         warning event occurred.  eventid: 0xa004001b

            time generated: 06/27/2014   17:05:06

            event string: hp nc112t pcie gigabit server adapter


         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:05:39

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used ldap/cadpdc.engineer.com/engineer.com@engineer.com. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:05:39

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used ldap/cadpdc.engineer.com/engineer.com@engineer.com. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:05:41

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used cadpdc$. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:05:43

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used gc/cadpdc.engineer.com/engineer.com. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         warning event occurred.  eventid: 0x000727aa

            time generated: 06/27/2014   17:05:43

            event string:

            winrm service failed create following spns: wsman/cadpdc1.engineer.com; wsman/cadpdc1.


         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:05:55

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used cifs/cadpdc.engineer.com. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         warning event occurred.  eventid: 0x84350444

            time generated: 06/27/2014   17:05:58

            event string:

            system information agent: health: post errors detected.  1 or more power-on-self-test errors detected during server startup.


         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:05:59

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used e3514235-4b06-11d1-ab04-00c04fc2dcd2/5122bd13-c8ac-4265-a879-3a6831224994/engineer.com@engineer.com. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:05:59

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used ldap/cadpdc.engineer.com. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         error event occurred.  eventid: 0x0000410b

            time generated: 06/27/2014   17:05:59

            event string:

            request new account-identifier pool failed. operation retried until request succeeds. error


         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:06:07

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used ldap/cadpdc.engineer.com. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         error event occurred.  eventid: 0x0000041f

            time generated: 06/27/2014   17:06:30

            event string:

            processing of group policy failed. windows not resolve computer name. caused 1 of more of following:


         error event occurred.  eventid: 0x0000041d

            time generated: 06/27/2014   17:07:07

            event string:

            processing of group policy failed. windows not resolve user name. caused 1 of more of following:


         error event occurred.  eventid: 0x0000041f

            time generated: 06/27/2014   17:11:32

            event string:

            processing of group policy failed. windows not resolve computer name. caused 1 of more of following:


         error event occurred.  eventid: 0x0000041f

            time generated: 06/27/2014   17:16:33

            event string:

            processing of group policy failed. windows not resolve computer name. caused 1 of more of following:


         error event occurred.  eventid: 0x40000004

            time generated: 06/27/2014   17:16:38

            event string:

            kerberos client received krb_ap_err_modified error server cadpdc1$. target name used ldap/5122bd13-c8ac-4265-a879-3a6831224994._msdcs.engineer.com. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. ensure target spn registered on account used server. error can happen if target service account password different configured on kerberos key distribution center target service. ensure service on server , kdc both configured use same password. if server name not qualified, , target domain (engineer.com) different client domain (engineer.com), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

         error event occurred.  eventid: 0x0000041f

            time generated: 06/27/2014   17:21:35

            event string:

            processing of group policy failed. windows not resolve computer name. caused 1 of more of following:


         ......................... cadpdc1 failed test systemlog

      starting test: verifyreferences

         ......................... cadpdc1 passed test verifyreferences

   
   
   running partition tests on : forestdnszones

      starting test: checksdrefdom

         ......................... forestdnszones passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... forestdnszones passed test

         crossrefvalidation

   
   running partition tests on : domaindnszones

      starting test: checksdrefdom

         ......................... domaindnszones passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... domaindnszones passed test

         crossrefvalidation

   
   running partition tests on : schema

      starting test: checksdrefdom

         ......................... schema passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... schema passed test crossrefvalidation

   
   running partition tests on : configuration

      starting test: checksdrefdom

         ......................... configuration passed test checksdrefdom

      starting test: crossrefvalidation

         ......................... configuration passed test crossrefvalidation

   
   running partition tests on : engineer

      starting test: checksdrefdom

         ......................... engineer passed test checksdrefdom

      starting test: crossrefvalidation
()
         ......................... engineer passed test crossrefvalidation

   
   running enterprise tests on : engineer.com

      starting test: locatorcheck

         ......................... engineer.com passed test locatorcheck

      starting test: intersite

         ......................... engineer.com passed test intersite

hi,

please check following : 

- confgigure ipv6 in dns management

- kerberos , ldap records of dns.

- zone transfer old server new server.

thanks.

alper yazgan *



Windows Server  >  Windows Server 2012 Setup



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- ------...
Read more

Windows 2016 RDS event 1306 Connection Broker Client failed to redirect the user... Error: NULL

-
Image
i'm attempting setup windows 2016 rds standard deployment session hosting.  layout follows: rds01 - rds connection broker , web access ts02 - rds session host ts03 - rds session host domain these servers part of has (1) windows 2008 server , (2) windows 2016 servers acting dcs.  domain running @ windows 2003 functional level. servers on single routed network no firewall between them.  dns , ptr records servers exist , resolve on hosts.  servers can pinged each other. in other words, there no network connectivity issues. i've setup rds deployment several times w/ same results. the issue can login via rdweb interface on rds01 win10 desktop , connect published rdp desktop without issue (i.e. no error messages user) , no errors in logs.  when try directly rdp rds01, authenticate user (per event log) error stating user doesn't have access system.  in event log event id 1306 message of "remote desktop connection broker client faile...
Read more

Como saber quien entro a mi PC por la Red

-
quisiera saber si es posible, o existe forma de auditar quien accedió a mi pc vía red, es decir se que hay software que perminten auditar el file server para saber quien entro y modifico y/o borro un archivo... pero si alguien entro mi pc \\pcname\c$ hay forma de determinar que usuario entro al disco c de una pc en especifica y copio, modifico o borro un archivo...   y la otra pregunta cuales son las mejores herramientas para auditar la red y el file server   gracias una forma de detectar quien esta conectado tu pc es través del comando net user entra en cmd y escribes net user eso muestra los usuarios que están conectados en tu equipo en un momento determinado, se que no es lo que pides pero puede servir para descubir alguien en determinado momento. para que no este compartido le dan clic derecho sobre mi pc>propiedades>remoto y le desmarcan donde dice ''permitir que este equipo envíe invitaciones ...
Read more