Please run;
- Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
- repadmin /showrepl >C:\repl.txt
- ipconfig /all > C:\dc1.txt
- ipconfig /all > C:\dc2.txt
- (etc. as other DC's exist)
then put unzipped text files up on OneDrive and share a link.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I had a major issue with one of my domain controllers where it could not be gracefully demoted and had to be restored from backup. I know this is a no no but there was no other option at the time. Unfortunately I went back too far, 1 month to be precise, and since then my domain has had some big replication issues. I have been using dcdiag to try and diagnose the issues and I am receiving this error when I attempt to replicate to any of the other DCs from my FSMO master:
TEST: Authentication (Auth)
Error: Authentication failed with specified credentials
[Error details: 1326 (Type: Win32 - Description: The user name or password is incorrect.) - Add connection failed]
TEST: Basic (Basc)
Error: No LDAP connectivity
Error: No WMI connectivity
[Error details: 0x80070005 (Type: HRESULT - Facility: Win32, Description: Access is denied.) - Connection to WMI server failed]
No host records (A or AAAA) were found for this DC
I do see host records for all of the DCs in ADS&S so I don't understand that error message. At first I believed that this had to do with KDC/Kerberos more than anything because the secure channel between my failed DC & the rest of the domain was broken. Trying to fix the secure channel has been a headache, not really sure where to go from here.
I did find this article useful and I think it pertains to me: https://support.microsoft.com/en-us/help/2002013/active-directory-replication-error-5-access-is-denied
These are the resources/guides that I have tried using:
Any leads would be appreciated as I'm really trying everything to repair this. Once I figure out one error, it leads to another, and so on... Thank you
Also, I did try posting this in TechNet and it keeps redirecting me to here... please let me know if this is incorrect.
Please run;
then put unzipped text files up on OneDrive and share a link.
Ok, sounds like you have successfully seized roles
https://support.microsoft.com/en-us/help/255504/using-ntdsutil-exe-to-transfer-or-seize-fsmo-roles-to-a-domain-control
then perform cleanup.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
after cleanup put up the files I requested.
then put unzipped text files up on OneDrive and share a link.
Please put up the files I requested.
then put unzipped text files up on OneDrive and share a link.
Hello Alex,
Thank you so much for your reply.
May I know the current situation of our issue? Hope our issue could be resolved soon.
According to the screenshot of the AD replication, FSMOOld DC is UnHealthyDC1? Have we got any other error messages when checking the AD replication? From the provided screenshot of replication, the replication seems to work properly for other healthy DCs. But as per the UnhealthyDC1, may I know more information about this DC, such as dcdiag, repadmin /showrepl?
Besides, we also mentioned that the healthy DCs failed some tests, such as Advertising, KCC, DFSRevent and Systemlog. All the healthy DCs have these error messages? More information will be needed to judge these error messages.
As Dave mentioned, we could help to collect the requested files. Thanks so much for your time and support.
Best regards,
Hannah Xiong