Hola, me podrían ayudar con la replicación de DC y Ldap de mis servidores

-

tengo 5 servidores win2k3 r2 ubicados remotamente, un principal y un backup en el mismo sitio y 3 servidores remotos  y en los ultimos días se presentan errores en los host que no se permiten logear con el siguiente error "el nombre de equipo no tiene la relacion de confianza en la base de datos del servidor" y al equipo debo literalmente sacarlo y volverlo ingresar al dominio para que vuelva permitir al  usuario ingresarse sin problemas.

y en otras ocaciones al ingresar pero no se aplicar las políticas de usuario que no deja ingrasar remotamente carpetas compartidas pues sus documentos estan redireccionados y es como si no tuvieran los permisos necesarios para trabajar en la red.

revisando un poco los foros e investigando se logro instalar support tools y me presenta el siguiente reporte del equipo dc principal:



c:\archivos de programa\support tools>dcdiag /test:checksecurityerror /e /s:srvd
c01

domain controller diagnosis

performing initial setup:
   done gathering initial info.

doing initial required tests

   testing server: default-first-site\srvdc01
      starting test: connectivity
         ......................... srvdc01 passed test connectivity

   testing server: default-first-site\srvbk01
      starting test: connectivity
         ......................... srvbk01 passed test connectivity

   testing server: default-first-site\srvdc03
      starting test: connectivity
         ......................... srvdc03 passed test connectivity

   testing server: default-first-site\srvhpdc01
      starting test: connectivity
         host f0a62faa-2e4b-4d38-a45d-cb049f0d9495._msdcs.hidroagoyan.int co
uld not resolved an
         ip address.  check dns server, dhcp, server name, etc
         ......................... srvhpdc01 failed test connectivity

   testing server: default-first-site\srvdc04
      starting test: connectivity
         ......................... srvdc04 passed test connectivity

   testing server: default-first-site\srvdc02
      starting test: connectivity
         ......................... srvdc02 passed test connectivity

doing primary tests

   testing server: default-first-site\srvdc01
      starting test: checksecurityerror
         [srvdc01] no security related replication errors found on dc!
  target connection specific source dc use /replsource:<dc>.
         ......................... srvdc01 passed test checksecurityerror

   testing server: default-first-site\srvbk01
      starting test: checksecurityerror
         [srvbk01] no security related replication errors found on dc!
  target connection specific source dc use /replsource:<dc>.
         ......................... srvbk01 passed test checksecurityerror

   testing server: default-first-site\srvdc03
      starting test: checksecurityerror
         [srvdc03] no security related replication errors found on dc!
  target connection specific source dc use /replsource:<dc>.
         ......................... srvdc03 passed test checksecurityerror

   testing server: default-first-site\srvhpdc01

   testing server: default-first-site\srvdc04
      starting test: checksecurityerror
            authoritative attribute dbcspwd on srvdc01 (writeable)
               usnlocalchange = 7123723
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 7123723
               timelastoriginatingchange = 2010-03-04 09:55:15
               versionlastoriginatingchange = 14
            out-of-date attribute dbcspwd on srvdc04 (writeable)
               usnlocalchange = 1542668
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 6604534
               timelastoriginatingchange = 2010-01-02 11:44:38
               versionlastoriginatingchange = 12
            authoritative attribute lastlogontimestamp on srvdc01 (writeable)
               usnlocalchange = 7173199
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 7173199
               timelastoriginatingchange = 2010-03-09 23:00:17
               versionlastoriginatingchange = 27
            out-of-date attribute lastlogontimestamp on srvdc04 (writeable)
               usnlocalchange = 1959041
               lastoriginatingdsa = srvdc04
               usnoriginatingchange = 1959041
               timelastoriginatingchange = 2010-03-08 07:59:27
               versionlastoriginatingchange = 25
            authoritative attribute lmpwdhistory on srvdc01 (writeable)
               usnlocalchange = 7123723
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 7123723
               timelastoriginatingchange = 2010-03-04 09:55:15
               versionlastoriginatingchange = 14
            out-of-date attribute lmpwdhistory on srvdc04 (writeable)
               usnlocalchange = 1542668
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 6604534
               timelastoriginatingchange = 2010-01-02 11:44:38
               versionlastoriginatingchange = 12
            authoritative attribute ntpwdhistory on srvdc01 (writeable)
               usnlocalchange = 7123723
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 7123723
               timelastoriginatingchange = 2010-03-04 09:55:15
               versionlastoriginatingchange = 14
            out-of-date attribute ntpwdhistory on srvdc04 (writeable)
               usnlocalchange = 1542668
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 6604534
               timelastoriginatingchange = 2010-01-02 11:44:38
               versionlastoriginatingchange = 12
            authoritative attribute pwdlastset on srvdc01 (writeable)
               usnlocalchange = 7123723
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 7123723
               timelastoriginatingchange = 2010-03-04 09:55:15
               versionlastoriginatingchange = 14
            out-of-date attribute pwdlastset on srvdc04 (writeable)
               usnlocalchange = 1542668
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 6604534
               timelastoriginatingchange = 2010-01-02 11:44:38
               versionlastoriginatingchange = 12
            authoritative attribute supplementalcredentials on srvdc01 (writeabl
e)
               usnlocalchange = 7123724
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 7123724
               timelastoriginatingchange = 2010-03-04 09:55:15
               versionlastoriginatingchange = 13
            out-of-date attribute supplementalcredentials on srvdc04 (writeable)

               usnlocalchange = 1542668
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 6604535
               timelastoriginatingchange = 2010-01-02 11:44:38
               versionlastoriginatingchange = 11
            authoritative attribute unicodepwd on srvdc01 (writeable)
               usnlocalchange = 7123723
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 7123723
               timelastoriginatingchange = 2010-03-04 09:55:15
               versionlastoriginatingchange = 14
            out-of-date attribute unicodepwd on srvdc04 (writeable)
               usnlocalchange = 1542668
               lastoriginatingdsa = srvdc01
               usnoriginatingchange = 6604534
               timelastoriginatingchange = 2010-01-02 11:44:38
               versionlastoriginatingchange = 12
         unable verify convergence of machine account (cn=srvdc04,ou
=domain controllers,dc=hidroagoyan,dc=int) on these dc's (srvdc04,srvdc01).  doe
s machine account password need reseting?
         [srvdc04] no security related replication errors found on dc!
  target connection specific source dc use /replsource:<dc>.
         ......................... srvdc04 passed test checksecurityerror

   testing server: default-first-site\srvdc02
      starting test: checksecurityerror
         [srvdc02] no security related replication errors found on dc!
  target connection specific source dc use /replsource:<dc>.
         ......................... srvdc02 passed test checksecurityerror

   running partition tests on : forestdnszones

   running partition tests on : domaindnszones

   running partition tests on : schema

   running partition tests on : configuration

   running partition tests on : hidroagoyan

   running enterprise tests on : hidroagoyan.int

c:\archivos de programa\support tools>


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::y en otra captura realizando en el servidor que parece estar con problemas se reporta lo siguiente::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

         * security permissions check for
           dc=domaindnszones,dc=hidroagoyan,dc=int
            (ndnc,version 2)
         * security permissions check for
           cn=schema,cn=configuration,dc=hidroagoyan,dc=int
            (schema,version 2)
         * security permissions check for
           cn=configuration,dc=hidroagoyan,dc=int
            (configuration,version 2)
         * security permissions check for
           dc=hidroagoyan,dc=int
            (domain,version 2)
         ......................... srvdc04 passed test ncsecdesc
      starting test: netlogons
         * network logons privileges check
         verified share \\srvdc04\netlogon
         verified share \\srvdc04\sysvol
         ......................... srvdc04 passed test netlogons
      starting test: advertising
         dc srvdc04 advertising dc , having ds.
         dc srvdc04 advertising ldap server
         dc srvdc04 advertising having writeable directory
         dc srvdc04 advertising key distribution center
         dc srvdc04 advertising time server
         ......................... srvdc04 passed test advertising
      starting test: knowsofroleholders
         role schema owner = cn=ntds settings,cn=srvdc01,cn=servers,cn=default-f
irst-site,cn=sites,cn=configuration,dc=hidroagoyan,dc=int
         [srvdc01] dsbindwithspnex() failed error -2146893022,
         win32 error -2146893022.
         warning: srvdc01 schema owner, not responding ds rpc b
ind.
         [srvdc01] ldap bind failed error 8341,
         win32 error 8341.
         warning: srvdc01 schema owner, not responding ldap bin
d.
         role domain owner = cn=ntds settings,cn=srvdc01,cn=servers,cn=default-f
irst-site,cn=sites,cn=configuration,dc=hidroagoyan,dc=int
         warning: srvdc01 domain owner, not responding ds rpc b
ind.
         warning: srvdc01 domain owner, not responding ldap bin
d.
         role pdc owner = cn=ntds settings,cn=srvdc01,cn=servers,cn=default-firs
t-site,cn=sites,cn=configuration,dc=hidroagoyan,dc=int
         warning: srvdc01 pdc owner, not responding ds rpc bind
.
         warning: srvdc01 pdc owner, not responding ldap bind.
         role rid owner = cn=ntds settings,cn=srvdc01,cn=servers,cn=default-firs
t-site,cn=sites,cn=configuration,dc=hidroagoyan,dc=int
         warning: srvdc01 rid owner, not responding ds rpc bind
.
         warning: srvdc01 rid owner, not responding ldap bind.
         role infrastructure update owner = cn=ntds settings,cn=srvdc01,cn=serve
rs,cn=default-first-site,cn=sites,cn=configuration,dc=hidroagoyan,dc=int
         warning: srvdc01 infrastructure update owner, not respond
ing ds rpc bind.
         warning: srvdc01 infrastructure update owner, not respond
ing ldap bind.
         ......................... srvdc04 failed test knowsofroleholders
      starting test: ridmanager
         * available rid pool domain 7105 1073741823
         * srvdc01.hidroagoyan.int rid master
         ......................... srvdc04 failed test ridmanager
      starting test: machineaccount
         checking machine account dc srvdc04 on dc srvdc04.
         * spn found :ldap/srvdc04.hidroagoyan.int/hidroagoyan.int
         * spn found :ldap/srvdc04.hidroagoyan.int
         * spn found :ldap/srvdc04
         * spn found :ldap/srvdc04.hidroagoyan.int/hidroagoyan
         * spn found :ldap/c38277f8-005b-4d01-bab2-cd1772943648._msdcs.hidroagoy
an.int
         * spn found :e3514235-4b06-11d1-ab04-00c04fc2dcd2/c38277f8-005b-4d01-ba
b2-cd1772943648/hidroagoyan.int
         * spn found :host/srvdc04.hidroagoyan.int/hidroagoyan.int
         * spn found :host/srvdc04.hidroagoyan.int
         * spn found :host/srvdc04
         * spn found :host/srvdc04.hidroagoyan.int/hidroagoyan
         * spn found :gc/srvdc04.hidroagoyan.int/hidroagoyan.int
         ......................... srvdc04 passed test machineaccount
      starting test: services
         * checking service: dnscache
         * checking service: ntfrs
         * checking service: ismserv
         * checking service: kdc
         * checking service: samss
         * checking service: lanmanserver
         * checking service: lanmanworkstation
         * checking service: rpcss
         * checking service: w32time
         * checking service: netlogon
         ......................... srvdc04 passed test services
      test omitted user request: outboundsecurechannels
      starting test: objectsreplicated
         srvdc04 in domain dc=hidroagoyan,dc=int
         checking cn=srvdc04,ou=domain controllers,dc=hidroagoyan,dc=int in
domain dc=hidroagoyan,dc=int on 1 servers
            object up-to-date on servers.
         checking cn=ntds settings,cn=srvdc04,cn=servers,cn=default-first-si
te,cn=sites,cn=configuration,dc=hidroagoyan,dc=int in domain cn=configuration,dc
=hidroagoyan,dc=int on 1 servers
            object up-to-date on servers.
         ......................... srvdc04 passed test objectsreplicated
      starting test: frssysvol
         * file replication service sysvol ready test
         file replication service's sysvol ready
         ......................... srvdc04 passed test frssysvol
      starting test: frsevent
         * file replication service event log test
         there warning or error events within last 24 hours after the
         sysvol has been shared.  failing sysvol replication problems may cause
         group policy problems.
         warning event occured.  eventid: 0x800034c4
            time generated: 03/14/2010   19:14:37
            (event string not retrieved)
         warning event occured.  eventid: 0x800034c4
            time generated: 03/14/2010   20:27:18
            (event string not retrieved)
         warning event occured.  eventid: 0x800034c4
            time generated: 03/14/2010   21:41:40
            (event string not retrieved)
         warning event occured.  eventid: 0x800034c4
            time generated: 03/14/2010   22:20:47
            (event string not retrieved)
         warning event occured.  eventid: 0x800034c5
            time generated: 03/15/2010   13:44:08
            (event string not retrieved)
         ......................... srvdc04 failed test frsevent
      starting test: kccevent
         * kcc event log test
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:38
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:38
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:38
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:38
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:38
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:38
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:39
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:39
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:39
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:40
            (event string not retrieved)
         warning event occured.  eventid: 0x80000785
            time generated: 03/15/2010   14:31:42
            (event string not retrieved)
         ......................... srvdc04 failed test kccevent
      starting test: systemlog
         * system event log test
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   13:45:39
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   13:57:12
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:01:14
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:01:14
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:05:05
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:09:04
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:09:04
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:12:03
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:16:20
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:16:20
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:16:36
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:16:39
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:21:05
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:24:35
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:27:15
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:27:33
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:44:57
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:44:57
            (event string not retrieved)
         error event occured.  eventid: 0x40000004
            time generated: 03/15/2010   14:44:58
            (event string not retrieved)
         ......................... srvdc04 failed test systemlog
      test omitted user request: verifyreplicas
      starting test: verifyreferences
         system object reference (serverreference)
         cn=srvdc04,ou=domain controllers,dc=hidroagoyan,dc=int , backlink on
         cn=srvdc04,cn=servers,cn=default-first-site,cn=sites,cn=configuration,d
c=hidroagoyan,dc=int
          correct.
         system object reference (frscomputerreferencebl)
         cn=srvdc04,cn=domain system volume (sysvol share),cn=file replication s
ervice,cn=system,dc=hidroagoyan,dc=int
         , backlink on cn=srvdc04,ou=domain controllers,dc=hidroagoyan,dc=int
         correct.
         system object reference (serverreferencebl)
         cn=srvdc04,cn=domain system volume (sysvol share),cn=file replication s
ervice,cn=system,dc=hidroagoyan,dc=int
         , backlink on
         cn=ntds settings,cn=srvdc04,cn=servers,cn=default-first-site,cn=sites,c
n=configuration,dc=hidroagoyan,dc=int
         correct.
         ......................... srvdc04 passed test verifyreferences
      test omitted user request: verifyenterprisereferences
      test omitted user request: checksecurityerror

   running partition tests on : forestdnszones
      starting test: crossrefvalidation
         ......................... forestdnszones passed test crossrefvalidation

      starting test: checksdrefdom
         ......................... forestdnszones passed test checksdrefdom

   running partition tests on : domaindnszones
      starting test: crossrefvalidation
         ......................... domaindnszones passed test crossrefvalidation

      starting test: checksdrefdom
         ......................... domaindnszones passed test checksdrefdom

   running partition tests on : schema
      starting test: crossrefvalidation
         ......................... schema passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... schema passed test checksdrefdom

   running partition tests on : configuration
      starting test: crossrefvalidation
         ......................... configuration passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... configuration passed test checksdrefdom

   running partition tests on : hidroagoyan
      starting test: crossrefvalidation
         ......................... hidroagoyan passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... hidroagoyan passed test checksdrefdom

   running enterprise tests on : hidroagoyan.int
      starting test: intersite
         skipping site default-first-site, site outside scope
         provided command line arguments provided.
         ......................... hidroagoyan.int passed test intersite
      starting test: fsmocheck
         warning: couldn't verify server gc in servers ad.
         gc name: \\srvdc01.hidroagoyan.int
         locator flags: 0xe00003fd
         pdc name: \\srvdc01.hidroagoyan.int
         locator flags: 0xe00003fd
         time server name: \\srvdc04.hidroagoyan.int
         locator flags: 0xe00001f8
         preferred time server name: \\srvdc01.hidroagoyan.int
         locator flags: 0xe00003fd
         kdc name: \\srvdc04.hidroagoyan.int
         locator flags: 0xe00001f8
         ......................... hidroagoyan.int passed test fsmocheck
      test omitted user request: dns
      test omitted user request: dns

c:\archivos de programa\support tools>

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::.existe otra captura:::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

c:\archivos de programa\support tools>dcdiag /test:checksecurityerror /e /s:srvd
c01

domain controller diagnosis

performing initial setup:
   [srvdc01] ldap bind failed error 8341,
   win32 error 8341.

espero me puedan dar un ayuda y en los equipo que han presentadp problemas menciona que hay una diferencia entre los servidores principales de dominio y el equipo al cual esta mas cercano..

hi,

 

please understand technet forum english support only. thus, not best resource troubleshoot issue. suggest having discussion in forum or newsgroup language. thank understanding.

 

i have included following links, through can find newsgroup language or area reference.

 

http://www.microsoft.com/communities/newsgroups/default.mspx?icp=mscom&slcid=us&newsgroup=microsoft.public.word.word97vba&ipagenumber=1

 

tim quan - msft



Windows Server  >  Server Core



Comments

Post a Comment

Popular posts from this blog

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more

ADFS 3.0 Event ID 4625 | An Error occurred During Logon | Status: 0xC000035B

-
we're getting these random errors on our adfs security logs, how can track down generating them? an account failed log on. subject: security id: null sid account name: - account domain: - logon id: 0x0 logon type: 3 account logon failed: security id: null sid account name: account domain: failure information: failure reason: an error occured during logon. status: 0xc000035b sub status: 0x0 process information: caller process id: 0x0 caller process name: - network information: workstation name: - source network address: - source port: - detailed authentication information: logon process: kerberos authentication package: kerberos transited services: - package name (ntlm only): - key length: 0 event generated when logon request fails. generated on computer access attempted. subject fields indicate account on local system requested logon. commonly service such server service, or local process such ...
Read more

DFSR RPC replication errors 5014 1726 with large files over VPN

-
i have similar issue ryan in reply http://social.technet.microsoft.com/forums/en-gb/winserverfiles/thread/6d49fd71-2236-4fcb-9763-bf1c03459ee8 cited below. start additional thread here because other 1 related windows server 2003 (r2) , i'm (as ryan) on windows 2008 r2 x64. here first of post ryan: i've got same problem on 2008 r2 dfsr server.  the spoke server has 2x intel 1 gigb on-board nics in active/standby teamed configuration. the hub server (running on vmware using 10gbit vmnet3 nic driver) logs dfsr event 5014 every 2-15mins (usually around 5mins). the spoke server not log event. replication running slowly. initial sync/replication. had re-configure replication folder because of lost dfsr database on spoke server.  could teamed nic on spoke causing error on host? a note: last time did initial sync on folder processed @ 30k files , hour. time it's doing few hundred and hour. another note: hub server has several replication groups , conne...
Read more