Forum

NTDS Replication ha...
 
Bildirimler
Hepsini Temizle

[Çözüldü] NTDS Replication hatası

13 Yazılar
7 Üyeler
0 Reactions
11.3 K Görüntüleme
(@eraydeniz)
Gönderiler: 62
Trusted Member
Konu başlatıcı
 

selamlar

domain controller üzerinde Event ID : 1411 Source : NTDS Replication Category : DS RPC Client şeklinde bir event alıyorum. detayı aşağıdaki gibi. net üzerinde yaptığım aramalarda "3d04a7f9-477a-441a-b737-8554d6c2006a._msdcs.abc.local" kaydını DNS 'ten temizlemem gerktiği bilgisine ulaştım.  

ADSI Edit üzerinde query mi doğru çalıştıramadım onuda kestirebilmiş değilim. doğru query için yardımcı olacak var mı acaba ?  çünkü DNS üzerinde tek tek bakmama rağmen göremediğim gibi ADSIEdit ile de arattığımda sonuç alamıyorum. 

yada bu problemi halledebileceğim başka çözüm önerilerinizi de alabilirim.

Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller. 

Domain controller:
3d04a7f9-477a-441a-b737-8554d6c2006a._msdcs.abc.local 

The call was denied. Communication with this domain controller might be affected.

Additional Data
Error value:
8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 
Gönderildi : 06/01/2012 18:15

(@selahattinsadoglu)
Gönderiler: 826
Prominent Member
 

Merhaba,

Merhaba,

DC üzerinde komut satırını yönetici olarak açınız.Sonrasında komut olarak ;

repadmin /showreps 

giriniz.Çıktısını bizimle paylaşınız.
Sonrasında  komut olarak ;

dcdiag /fix  komutunu çalıştırınız.

Sonrasında hataların testi için yazmanız gereken komut ;

dcdiag /test:OutboundSecureChannels /testdomain:domain

domain olan kısmı siz kendi domain adınızı yazınız.

Sonrasında bununda bizimle çıktısını paylaşınız.Ayrıca Event Manager
içinde ek olarak hata alırsanız onuda bizimle paylaşınız.

En son olarak komut olarak aşağıdaki deneyiniz.

repadmin /syncall domain

domain olan yazılı kısmı kendi kullandığınız domain adını giriniz.

Saygılar,

 
Gönderildi : 06/01/2012 22:37

(@sakaryafirat)
Gönderiler: 274
Honorable Member
 

Merhaba

aynı problem benim sistemimdede var. üsteki komutları 

repadmin /showreps   ve repadmin /syncall domain çıktıları aşşağıadır.

 

C:\Users\aa.>repadmin /showreps

Default-First-Site-Name\SUBEADC

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 78f5e3e3-62f1-4cb6-9d11-09d03530f661

DSA invocationID: 99c322fa-0dfc-49c7-a109-f55de798b46b

==== INBOUND NEIGHBORS ======================================

DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:57:18 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:58:01 was successful.

CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

CN=Schema,CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=ForestDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=DomainDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:46:00 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

C:\Users\555>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   Home Server = SUBEADC

   * Identified AD Forest.

   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SUBEADC

      Starting test: Connectivity

         ......................... SUBEADC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SUBEADC

      Starting test: Advertising

         ......................... SUBEADC passed test Advertising

      Starting test: FrsEvent

         ......................... SUBEADC passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after t

         SYSVOL has been shared.  Failing SYSVOL replication problems may c

         Group Policy problems.

         ......................... SUBEADC failed test DFSREvent

      Starting test: SysVolCheck

         ......................... SUBEADC passed test SysVolCheck

      Starting test: KccEvent

         ......................... SUBEADC passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... SUBEADC passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... SUBEADC passed test MachineAccount

      Starting test: NCSecDesc

         ......................... SUBEADC passed test NCSecDesc

      Starting test: NetLogons

         [SUBEADC] User credentials does not have permission to perform t

         operation.

         The account used for this test must have network logon privileges

         for this machine's domain.

         ......................... SUBEADC failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... SUBEADC passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,SUBEADC] DsReplicaGetInfo(PENDING_OPS, NULL)

         failed, error 0x2105 "Replication access was denied."

         ......................... SUBEADC failed test Replications

      Starting test: RidManager

         ......................... SUBEADC passed test RidManager

      Starting test: Services

            Could not open NTDS Service on SUBEADC, error 0x5

            "Access is denied."

         ......................... SUBEADC failed test Services

      Starting test: SystemLog

         ......................... SUBEADC passed test SystemLog

      Starting test: VerifyReferences

         ......................... SUBEADC passed test VerifyReferences

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValida

   Running partition tests on : SIRKET

      Starting test: CheckSDRefDom

         ......................... SIRKET passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... SIRKET passed test CrossRefValidation

   Running enterprise tests on : SIRKET.COM.TR

      Starting test: LocatorCheck

         ......................... SIRKET.COM.TR passed test LocatorCheck

      Starting test: Intersite

         ......................... SIRKET.COM.TR passed test Intersite

C:\Users\74745>repadmin /showreps

Default-First-Site-Name\SUBEADC

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 78f5e3e3-62f1-4cb6-9d11-09d03530f661

DSA invocationID: 99c322fa-0dfc-49c7-a109-f55de798b46b

==== INBOUND NEIGHBORS ======================================

DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:57:18 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:59:36 was successful.

CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

CN=Schema,CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=ForestDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=DomainDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:59:06 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:59:21 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

C:\Users\ali.koca>repadmin /syncall SIRKET.com.tr

CALLBACK MESSAGE: The following replication is in progress:

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: The following replication is in progress:

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: SyncAll Finished.

SyncAll reported the following errors:

Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

 
Gönderildi : 07/01/2012 13:06

(@selahattinsadoglu)
Gönderiler: 826
Prominent Member
 

Merhaba

aynı problem benim sistemimdede var. üsteki komutları 

repadmin /showreps   ve repadmin /syncall domain çıktıları aşşağıadır.

 

C:\Users\aa.>repadmin /showreps

Default-First-Site-Name\SUBEADC

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 78f5e3e3-62f1-4cb6-9d11-09d03530f661

DSA invocationID: 99c322fa-0dfc-49c7-a109-f55de798b46b

==== INBOUND NEIGHBORS ======================================

DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:57:18 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:58:01 was successful.

CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

CN=Schema,CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=ForestDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=DomainDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:46:00 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

C:\Users\555>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   Home Server = SUBEADC

   * Identified AD Forest.

   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SUBEADC

      Starting test: Connectivity

         ......................... SUBEADC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SUBEADC

      Starting test: Advertising

         ......................... SUBEADC passed test Advertising

      Starting test: FrsEvent

         ......................... SUBEADC passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after t

         SYSVOL has been shared.  Failing SYSVOL replication problems may c

         Group Policy problems.

         ......................... SUBEADC failed test DFSREvent

      Starting test: SysVolCheck

         ......................... SUBEADC passed test SysVolCheck

      Starting test: KccEvent

         ......................... SUBEADC passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... SUBEADC passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... SUBEADC passed test MachineAccount

      Starting test: NCSecDesc

         ......................... SUBEADC passed test NCSecDesc

      Starting test: NetLogons

         [SUBEADC] User credentials does not have permission to perform t

         operation.

         The account used for this test must have network logon privileges

         for this machine's domain.

         ......................... SUBEADC failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... SUBEADC passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,SUBEADC] DsReplicaGetInfo(PENDING_OPS, NULL)

         failed, error 0x2105 "Replication access was denied."

         ......................... SUBEADC failed test Replications

      Starting test: RidManager

         ......................... SUBEADC passed test RidManager

      Starting test: Services

            Could not open NTDS Service on SUBEADC, error 0x5

            "Access is denied."

         ......................... SUBEADC failed test Services

      Starting test: SystemLog

         ......................... SUBEADC passed test SystemLog

      Starting test: VerifyReferences

         ......................... SUBEADC passed test VerifyReferences

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValida

   Running partition tests on : SIRKET

      Starting test: CheckSDRefDom

         ......................... SIRKET passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... SIRKET passed test CrossRefValidation

   Running enterprise tests on : SIRKET.COM.TR

      Starting test: LocatorCheck

         ......................... SIRKET.COM.TR passed test LocatorCheck

      Starting test: Intersite

         ......................... SIRKET.COM.TR passed test Intersite

C:\Users\74745>repadmin /showreps

Default-First-Site-Name\SUBEADC

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 78f5e3e3-62f1-4cb6-9d11-09d03530f661

DSA invocationID: 99c322fa-0dfc-49c7-a109-f55de798b46b

==== INBOUND NEIGHBORS ======================================

DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:57:18 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:59:36 was successful.

CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

CN=Schema,CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=ForestDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=DomainDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:59:06 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:59:21 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

C:\Users\ali.koca>repadmin /syncall SIRKET.com.tr

CALLBACK MESSAGE: The following replication is in progress:

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: The following replication is in progress:

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: SyncAll Finished.

SyncAll reported the following errors:

Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

Merhaba,

 
Genellikle bu tür problemlerin temel nedeni kaynak DC sunucunuzun ağdaki
diğer ADC olan sunucunuzu bulamadığından dolayı gerekli replikasyon
değişikliklerini karşı tarafa bildirememektedir.
Bundan dolayı da bu tür problemler ortaya çıkmaktadır.
Öncelikle sizden cevabını almam gerekenler şunlar olacaktır.
1-Ortamdan herhangi bir DC kaldırılma operasyonu oldu mu?
2-Ve ya bu kaldırılan DC'nin sunucusu çöktü mü?
3-Eğer DC sistemden kaldırılmışsa ardından "metadata cleanup" yapıldı mı?

Eğer sistemden hatalı bir DC  düzgün bir şekilde kaldırılmamışsa
aşağıdaki link işinizi görecektir.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Ayrıca ,alttaki linklerede bakarak sorununuza çözüm getirebilirsiniz.

http://www.eventid.net/display.asp?eventid=1411&eventno=1264&source=NTDS%20Replication&phase=1

http://networkadminkb.com/KB/a33/error-messages-occur-after-demoting-promoting-domain.aspx

Son olarak komut satırından  "Enterprise Admin" üyesi bir kullanıcı ile aşağıdaki satırı çalıştırınız.

Repadmin /syncall DC_name /APed

Buradaki  DC_name kısmı sizin her iki DC üzerinden çalıştırmanız gerektiğinden sırasıyla hangi DC sunucu üzerinden çalıştırılacaksa onun adını yazınız.

2.olarak da;

Repadmin /syncall /Pe dc_name naming_context

dc_name  kısmına sunucunuzun adını ,   naming_context olan kısmada sizin
DC=SIRKET,DC=COM,DC=TR   yazmanız gerekiyor.
Sonrasında bu komutunda çıktısını bizimle paylaşınız.Eğer komut çıktısında herhangi bir hata alırsanız hemen
alttaki komutu çalıştırınız.Bununda çıktısını bize gönderiniz.

Repadmin /replsummary *

 

Saygılarımla,

 
Gönderildi : 07/01/2012 15:06

(@eraydeniz)
Gönderiler: 62
Trusted Member
Konu başlatıcı
 

hocam selamlar tekrar;

dediğiniz işlemleri yapmadan önce buyuk bir sorun yaşadık ve dc coktu daha dogrusu reboot sonrası applying computer settings ekranında saatlerce cakılı kaldı. acronis ile backuptan donup seize ile rolleri aktardık sonra tekrar sorun yarattı bu sfer AD yi kaldırdık vs..şimdi sistem biraz daha stabil çalışır oldu. 

benim sormak istediğim bir başka konu daha var.

calıstıgım firmada zamanında Domain ortamı kurulurken firmaadi.com.tr şeklinde kurulmuş.

DNS kayıtları altında da firmaadi.com.tr diye zone açılmış (web sitesi için)

yani; DNS'te forward lookup zones altında _msdcs.abc.com.tr olduğu gibi aynı zamanda abc.com.tr diye bir zone daha var haliyle... domaine katılan her makine abc.com.tr zone unun altında kendini oluşturuyor. _msdcs.abc.com.tr altına düşmüyor. bir başka sorun ise _msdcs.abc.com.tr altındaki _sites linkinde 4 adet site var (bunlar doğru olanlar) ancak abc.com.tr altında Domain Dns Zones altındaki sites tabında daha fazla (hatta olmayan) kayıtlar var. 

merak ettiğim şu ben abc.com.tr altında olmaması gereken kayıtları elle temizlesem ne olur + diyelim ki sorun olmaz ve temizliği yaptım sonrasında ipconfig /registerDNS komutu ile DNS servisi taşıyan tüm DC 'lerime bu yapıyı dağıtabilirmiyim ?

daha anlaşılır ve incelenebilir olması için söz konusu durumun resmini paylaşıyorum şimdiden yardımlarınız için teşekkürler.

 

 

Merhaba

aynı problem benim sistemimdede var. üsteki komutları 

repadmin /showreps   ve repadmin /syncall domain çıktıları aşşağıadır.

 

C:\Users\aa.>repadmin /showreps

Default-First-Site-Name\SUBEADC

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 78f5e3e3-62f1-4cb6-9d11-09d03530f661

DSA invocationID: 99c322fa-0dfc-49c7-a109-f55de798b46b

==== INBOUND NEIGHBORS ======================================

DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:57:18 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:58:01 was successful.

CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

CN=Schema,CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=ForestDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=DomainDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:46:00 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

C:\Users\555>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   Home Server = SUBEADC

   * Identified AD Forest.

   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SUBEADC

      Starting test: Connectivity

         ......................... SUBEADC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SUBEADC

      Starting test: Advertising

         ......................... SUBEADC passed test Advertising

      Starting test: FrsEvent

         ......................... SUBEADC passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after t

         SYSVOL has been shared.  Failing SYSVOL replication problems may c

         Group Policy problems.

         ......................... SUBEADC failed test DFSREvent

      Starting test: SysVolCheck

         ......................... SUBEADC passed test SysVolCheck

      Starting test: KccEvent

         ......................... SUBEADC passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... SUBEADC passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... SUBEADC passed test MachineAccount

      Starting test: NCSecDesc

         ......................... SUBEADC passed test NCSecDesc

      Starting test: NetLogons

         [SUBEADC] User credentials does not have permission to perform t

         operation.

         The account used for this test must have network logon privileges

         for this machine's domain.

         ......................... SUBEADC failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... SUBEADC passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,SUBEADC] DsReplicaGetInfo(PENDING_OPS, NULL)

         failed, error 0x2105 "Replication access was denied."

         ......................... SUBEADC failed test Replications

      Starting test: RidManager

         ......................... SUBEADC passed test RidManager

      Starting test: Services

            Could not open NTDS Service on SUBEADC, error 0x5

            "Access is denied."

         ......................... SUBEADC failed test Services

      Starting test: SystemLog

         ......................... SUBEADC passed test SystemLog

      Starting test: VerifyReferences

         ......................... SUBEADC passed test VerifyReferences

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValida

   Running partition tests on : SIRKET

      Starting test: CheckSDRefDom

         ......................... SIRKET passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... SIRKET passed test CrossRefValidation

   Running enterprise tests on : SIRKET.COM.TR

      Starting test: LocatorCheck

         ......................... SIRKET.COM.TR passed test LocatorCheck

      Starting test: Intersite

         ......................... SIRKET.COM.TR passed test Intersite

C:\Users\74745>repadmin /showreps

Default-First-Site-Name\SUBEADC

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 78f5e3e3-62f1-4cb6-9d11-09d03530f661

DSA invocationID: 99c322fa-0dfc-49c7-a109-f55de798b46b

==== INBOUND NEIGHBORS ======================================

DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:57:18 was successful.

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:59:36 was successful.

CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

CN=Schema,CN=Configuration,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=ForestDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:45:59 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:45:59 was successful.

DC=DomainDnsZones,DC=SIRKET,DC=COM,DC=TR

    Default-First-Site-Name\ANADC via RPC

        DSA object GUID: 7f599154-5e44-46db-8a4c-57ba809def02

        Last attempt @ 2012-01-07 09:59:06 was successful.

    Default-First-Site-Name\dc2 via RPC

        DSA object GUID: b9fa2e36-5026-4a8c-a752-004dc5945de7

        Last attempt @ 2012-01-07 09:59:21 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):

    Replication access was denied.

C:\Users\ali.koca>repadmin /syncall SIRKET.com.tr

CALLBACK MESSAGE: The following replication is in progress:

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: The following replication is in progress:

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

CALLBACK MESSAGE: SyncAll Finished.

SyncAll reported the following errors:

Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: 7f599154-5e44-46db-8a4c-57ba809def02._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

Error issuing replication: 8453 (0x2105):

    Replication access was denied.

    From: b9fa2e36-5026-4a8c-a752-004dc5945de7._msdcs.SIRKET.COM.TR

    To  : 78f5e3e3-62f1-4cb6-9d11-09d03530f661._msdcs.SIRKET.COM.TR

Merhaba,

 
Genellikle bu tür problemlerin temel nedeni kaynak DC sunucunuzun ağdaki
diğer ADC olan sunucunuzu bulamadığından dolayı gerekli replikasyon
değişikliklerini karşı tarafa bildirememektedir.
Bundan dolayı da bu tür problemler ortaya çıkmaktadır.
Öncelikle sizden cevabını almam gerekenler şunlar olacaktır.
1-Ortamdan herhangi bir DC kaldırılma operasyonu oldu mu?
2-Ve ya bu kaldırılan DC'nin sunucusu çöktü mü?
3-Eğer DC sistemden kaldırılmışsa ardından "metadata cleanup" yapıldı mı?

Eğer sistemden hatalı bir DC  düzgün bir şekilde kaldırılmamışsa
aşağıdaki link işinizi görecektir.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Ayrıca ,alttaki linklerede bakarak sorununuza çözüm getirebilirsiniz.

http://www.eventid.net/display.asp?eventid=1411&eventno=1264&source=NTDS%20Replication&phase=1

http://networkadminkb.com/KB/a33/error-messages-occur-after-demoting-promoting-domain.aspx

Son olarak komut satırından  "Enterprise Admin" üyesi bir kullanıcı ile aşağıdaki satırı çalıştırınız.

Repadmin /syncall DC_name /APed

Buradaki  DC_name kısmı sizin her iki DC üzerinden çalıştırmanız gerektiğinden sırasıyla hangi DC sunucu üzerinden çalıştırılacaksa onun adını yazınız.

2.olarak da;

Repadmin /syncall /Pe dc_name naming_context

dc_name  kısmına sunucunuzun adını ,   naming_context olan kısmada sizin
DC=SIRKET,DC=COM,DC=TR   yazmanız gerekiyor.
Sonrasında bu komutunda çıktısını bizimle paylaşınız.Eğer komut çıktısında herhangi bir hata alırsanız hemen
alttaki komutu çalıştırınız.Bununda çıktısını bize gönderiniz.

Repadmin /replsummary *

 

Saygılarımla,

 
Gönderildi : 10/01/2012 13:01

(@Anonim)
Gönderiler: 0
 

Aynı sorunla bende karşılaşmaktayım.

Repadmin /replsummary * çalıştırdıgım da aşagıdaki hatayı almaktayım.

Beginning data collection for replication summary, this may take awhile:

.....

Source DSA          largest delta    fails/total %%   error

BACKUP      60d.05h:54m:46s    5 /   5  100  (8457) The destination server is currently rejecting replication requests.

BILISIM     51d.02h:00m:29s    5 /   5  100  (1908) Could not find the domain controller for this domain.

Destination DSA     largest delta    fails/total %%   error

BACKUP      51d.02h:00m:31s    5 /   5  100  (1908) Could not find the domain controller for this domain.

BILISIM     60d.05h:54m:46s    5 /   5  100  (8457) The destination server is currently rejecting replication requests.

 
Gönderildi : 15/10/2012 19:58

(@alperakkus)
Gönderiler: 3
New Member
 

Merhaba,

Bende aynı sorunu yaşıyorum çözüme kavuşturabilen var mıdır?
DC yanında lokasyon sayımızdan dolayı 4 adet ADC(adc,adc2,adc3,adc4) bulunuyor. Bunların bazılarının arasında replikasyon yapılamıyor..

işe yarayacağını düşündüğüm komutları çalıştırdım sonuç değişmedi

(Repadmin /replicate adc3 dc dc=SIRKET,dc=net

Repadmin /syncall dc /APed

Repadmin /syncall /Pe dc dc=SIRKET,dc=net)

Repadmin /replsummary komutunda çıkan hata:

Beginning data collection for replication summary, this may take awhile:

Destination DSA largest delta fails/total %% error
ADC 32m:44s 0 / 10 0
DC 33m:52s 0 / 5 0
ADC2 12m:07s 0 / 5 0
ADC3 22h:03m:57s 6 / 10 60 (8457) The destination serve
r is currently rejecting replication requests.
ADC4 10d.20h:40m:40s 6 / 15 40 (8606) Insufficient attribut
es were given to create an object. This object may not exist because it may have
been deleted and already garbage collected.

repadmin /showrepl sonucu:

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\DC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5d109ad8-fbdf-4b5e-a4aa-0d214fea5b99
DSA invocationID: 5d109ad8-fbdf-4b5e-a4aa-0d214fea5b99

==== INBOUND NEIGHBORS ======================================

DC=ŞİRKET,DC=net
Default-First-Site-Name\ADC via RPC
DSA object GUID: c17a4cac-a0c1-4d57-85fe-69f4666b6e08
Last attempt @ 2016-05-12 13:37:30 was successful.

CN=Configuration,DC=ŞİRKET,DC=net
Default-First-Site-Name\ADC via RPC
DSA object GUID: c17a4cac-a0c1-4d57-85fe-69f4666b6e08
Last attempt @ 2016-05-12 12:52:49 was successful.

CN=Schema,CN=Configuration,DC=ŞİRKET,DC=net
Default-First-Site-Name\ADC via RPC
DSA object GUID: c17a4cac-a0c1-4d57-85fe-69f4666b6e08
Last attempt @ 2016-05-12 12:52:49 was successful.

DC=DomainDnsZones,DC=ŞİRKET,DC=net
Default-First-Site-Name\ADC via RPC
DSA object GUID: c17a4cac-a0c1-4d57-85fe-69f4666b6e08
Last attempt @ 2016-05-12 13:36:57 was successful.

DC=ForestDnsZones,DC=ŞİRKET,DC=net
Default-First-Site-Name\ADC via RPC
DSA object GUID: c17a4cac-a0c1-4d57-85fe-69f4666b6e08
Last attempt @ 2016-05-12 12:52:49 was successful.

Source: Default-First-Site-Name\ADC3
**** 1 CONSECUTIVE FAILURES since 2016-05-12 13:28:00
Last error: 8456 (0x2108):
The source server is currently rejecting replication requests.

Naming Context: DC=ŞİRKET,DC=net
Source: Default-First-Site-Name\ADC3
* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: DC=DomainDnsZones,DC=ŞİRKET,DC=net
Source: Default-First-Site-Name\ADC3
* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: CN=Schema,CN=Configuration,DC=ŞİRKET,DC=net
Source: Default-First-Site-Name\ADC3
* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: CN=Configuration,DC=ŞİRKET,DC=net
Source: Default-First-Site-Name\ADC3
* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: DC=ForestDnsZones,DC=ŞİRKET,DC=net
Source: Default-First-Site-Name\ADC3
**** WARNING: KCC could not add this REPLICA LINK due to error.

 
Gönderildi : 12/05/2016 16:17

(@ugurdemir)
Gönderiler: 9886
Illustrious Member
 

Selamlar, 

Göründüğü kadarıyla ADC3 te problem var. Bunu ortamdan silin, zorla silmek zorunda kalırsanız metadataclenup kullanabilirsiniz. http://www.cozumpark.com/forums/post/177435.aspx

 Akabinde yeni bir sunucu ile ADC3 yapılandırabilirsiniz.

Kolay gelsin.

 
Gönderildi : 08/07/2016 00:38

(@alperakkus)
Gönderiler: 3
New Member
 

Uğur Hocam Merhaba,

Adc3 ü kaldırmadan onarabileceğim bir yöntem farklı bir çözüm var mıdır?

 
Gönderildi : 11/07/2016 14:16

(@OzcanSAHIN)
Gönderiler: 198
Estimable Member
 

"ADC3 22h:03m:57s 6 / 10 60 (8457) The destination server is currently rejecting replication requests.
ADC4 10d.20h:40m:40s 6 / 15 40 (8606) Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected."

Snapshot'tan geri donus mu yaptiniz, emareler USN Rollback'i gosteriyor.
NTDS log'larini kontrol edin USN Rollback occured gibi bir log var mi (event id 2103 ntds general)
(Microsoft Server 2012' ye kadar tam olarak sanallastrimayi desteklemiyor yani 2012 oncesinde snapshot'a donus desteklenmiyor.)
Eger USN Rollback meydana geldiyse onerilen ilgili DC'yi ortamdan kaldirip sonrasinda yeniden Additional DC olarak domaine katmaktir.

Ancak yeniden kurmadan once yapabiliceginiz bir kaç islem var :
Sorunlu olan ADC3 ve ADC4 'te, oncelikle ;
- Netlogon servisini ve "dcdiag" komutu ile dns kayitlarinda ve diger servislerde bir sorun olup olmadigini kontrol edin,
- registery'de "HKLM\System\CurrentControlSet\Services\NTDS\DSA not writable" key'inin degerine bakin, bu tur durumlarda hatanin nedeni buraya kaydediliyor.

Sonrasinda "repadmin /options *" komutunu çalistirip inbound/outbound replikasyon trafigi disable edilmismi kontrol edin.(cmd 'yi run as administrator haklariyla çalistirin)
hangi yonde disable edimis ise ilgili komut ile aktif edin.
repadmin /options localhost -DISABLE_INBOUND_REPL
repadmin /options localhost -DISABLE_OUTBOUND_REPL

repadmin /option * çiktisinda herhangi bir "disable inboud/outbound repl" gibi bir deger olmamalidir var ise yukaridaki komut ile duzeltin.
Daha sonra replikasyon durumunu izleyebilirsiniz.

Kolay gelsin

 
Gönderildi : 11/07/2016 18:41

(@alperakkus)
Gönderiler: 3
New Member
 

Özcan Hocam çok teşekkür ederim repadmin / options komutu işe yaratı Sonuç: Current DSA Options: IS_GC
kim nasıl disable etmiş o ayrı bir case
Bu arada konuyu yazdıktan 2 gün sonra adc4 ü repadmin komutlarından biriyle çözmüştüm.
Desteğiniz için teşekkür ederim.

 
Gönderildi : 11/07/2016 19:10

(@ugurdemir)
Gönderiler: 9886
Illustrious Member
 

Özcan Hocam çok teşekkür ederim repadmin / options komutu işe yaratı Sonuç: Current DSA Options: IS_GC
kim nasıl disable etmiş o ayrı bir case
Bu arada konuyu yazdıktan 2 gün sonra adc4 ü repadmin komutlarından biriyle çözmüştüm.
Desteğiniz için teşekkür ederim.

http://www.ugurdemir.net/2012/02/the-source-server-is-currently-rejecting-replication-requests/  incelermisin.

Merhaba,

Sisteminizdeki DC ve ADC’yi imaj restoredan bir gün önceye ( daha da öncesi olabilir) döndüğünüzde, Acitve Directory Site and Services kısmında replikasyonu elle tetiklediğinizde The source server is currently rejecting replication requests hatası alıyorsanız.

Ya da DC olan bir ortama ADC eklerken The source server is currently rejecting replication requests hatası alıyorsanız. Replikasyon sorunu nedeniyle DC olan ortama  ADC ekleyemiyorsunuz demektir.

Server isimlerini örnek olarak şunlar olsun. DC Name: Server1 , ADC Name: Server2

Bu durumda  yapmanız gereken işlemeler aşağıdaki gibidir.

  • DC üzerinde repadmin /showrepl  komutu çalıştırıyoruz.
  • C:\Users\Administrator>repadmin /showrepl
    
    Repadmin: running command /showrepl against full DC localhost
    Default-First-Site-Name\Server1
    DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
    Site Options: (none)
    DSA object GUID: 53331672-66fe-45ee-ab03-30dc3fb5306e
    DSA invocationID: 53331672-66fe-45ee-ab03-30dc3fb5306e
  • Yukarıda görüldüğü gibi inbound ve outbound replikasyon kapalı durumda. İnbound ve outbound replikasyonu açmamız gerekmektedir. Açmak için ise sırasıyla aşağıdaki komutları  kullanıyoruz..
  • C:\Users\Administrator>repadmin /options Server1 -DISABLE_OUTBOUND_REPL
    Current DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
    New DSA Options: IS_GC DISABLE_INBOUND_REPL
  • C:\Users\Administrator>repadmin /options Server1 -DISABLE_INBOUND_REPL
    Current DSA Options: IS_GC DISABLE_INBOUND_REPL
    New DSA Options: IS_GC
  • Replikasyn durumunu görmek için DC üzerinde tekrar repadmin /showrepl komutunu çalışıtıyoruz.
  • C:\Users\Administrator>repadmin /showrepl
    
    Repadmin: running command /showrepl against full DC localhost
    Default-First-Site-Name\Server1
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: 53331672-66fe-45ee-ab03-30dc3fb5306e
    DSA invocationID: 53331672-66fe-45ee-ab03-30dc3fb5306e
  • Görüldüğü gibi DSA Options: IS_GC moduna gelmiş durumdadır. Artık ortama yeni bir ADC ekleyebiliriz.

Faydalı olması dileğiyle.

 Kaynak

 
Gönderildi : 11/07/2016 19:18

(@OzcanSAHIN)
Gönderiler: 198
Estimable Member
 

Rica ederim.

Tutarsiz bir durum oldugunda replikasyonun tek yada çift yonlu disable olmasi normal bir durum, loglari incelemek lazim.

Kolay gelsin

 
Gönderildi : 11/07/2016 19:18

Paylaş: