Replication and AD Domain sevices errors between 2 Domain Controllers

Similar Messages

• DNS setup on server bound to AD and using domain controllers for DNS

  My server is bound to our AD network and in the network pref I have entered the two IPs for the domain controllers on our network that serve DNS.
  My question is, am I right not to enable/configure and start the DNS service on the Mac server since it is getting DNS already?
  If yes, how do I confirm that my Mac server is correctly listed in our domain controllers DNS? Should I be concerned that I get the following?
  knws3135:~ mactech$ sudo changeip -checkhostname
  Password:
  Primary address = 10.31.3.135
  Current HostName = knws3135.ad.ewsad.net
  The DNS hostname is not available, please repair DNS and re-run this tool.

  Hi
  It looks all OK to me? As for the hostname having capitals could pose a problem but only if the Mac Server was its own KDC. Which it is not. If the hostname is defined as you have it now in the AD's DNS Service then leave it alone.
  Sometimes even when DNS checks out OK you can still have fundamental errors that only demotion to Standalone will cure. I think this is the point that you are at now. To be honest I would do this. Judging from what you've said there would be very little to lose when you do this apart from managed preferences. These can easily be re-applyed on successful promotion.
  needs to be changed so it is configured in Open Directory as connected to a Directory Server
  Not sure what you mean by this?
  If you have or are about to update your Server to 10.5.4 - which I recommend you do. Then you could follow this procedure:
  Demote to Standalone
  Stop all Services
  Restart the Server
  Update to 10.5.4. Restart the Server (this happens anyway)
  Make sure your Server resolves on the forward and reverse pointers (again)
  If you want run changeip again (you may be surprised)
  Use the Active Directory plug in in Directory Utility to bind the Server to the AD. Make sure you use an AD admin account that has authority to do this. De-select 'force home directory creation on startup disk' I have a feeling this will be de-selected anyway.
  After successful binding quit out of Directory Utility and launch Server Admin
  Select the Open Directory Service
  Change the role from Standalone to Open Directory Master
  Create the Directory Administrator account's username and password. Don't be tempted to change the UID or use the system admin account's user name. You can use the same password if you wish. What I've done before in the past is to create the diradmin account on the AD first with full authority for the domain.
  On successful promotion you should now see in the Overview Pane everything running apart from Kerberos which should be Stopped. This is how it should be. Apple's 10.5.4 Update has took a lot of the donkey work out of this whole process. No need for the command line. Simply click.
  If you launch Directory Utility you should now see the server's loopback address has been added in the LDAPv3 Plugin. Also the Server should be topmost in the Search Order under the Authentication and Contacts field. Bind your clients first to the AD and then the OD (make sure use for authentication and contacts are unchecked).
  Browse the two nodes, add your groups and apply MCX in the usual way.
  Does this help?
  Tony

• 2012 Essentials and Backup Domain Controllers

  I understand that 2012 Essentials wants to be the domain controller but what happens if I install a second one on the same network/what is the option for a backup domain controller? Is it recommended to have one 2012E and one 2012S?

  As far as I can find you can have a second "replica" domain controller, but you can only have one essentials box in the domain (so the replica would just be Windows Server standard), and that must be the master server, eg it must own the FSMO roles.
  Check out
  http://blogs.technet.com/b/sbs/archive/2007/10/04/debunking-the-myth-about-additional-domain-controllers-replica-dcs-in-an-sbs-domain.aspx which covers many of the limitations and requirements. It doesn't relate to 2012, but I believe the same rules still
  apply.

• Active Directory Integrated DNS Zones, replicate only to specific domain controllers

  I have a customer with a fairly large Active Directory forest with many domains that they are trying to consolidate into a single domain which likely take 18 to 24 months according to their timeline.  During this time, they would like all DNS zones
  to be serviced directly from the new domain controllers, meaning, domain A would have replicas of domain B, C, D, E, etc.  Because the environment is complex and some domain controllers in domains other than A are in a very sad state and replication problems
  abound, they would like to avoid replicating all zones forest wide.  
  I've never done this before, or even considered it necessary, is it even possible?  I don't have a ton of time for trial and error, but based on this there seems to be some hope:
  https://technet.microsoft.com/en-us/library/cc753801.aspx?f=255&MSPPError=-2147217396
  Is this telling me how to do what I want to do?
  Thanks
  J
  Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise Administrator

  He actually didn't specify much about dynamic updates requirements for old domains, if they don't need secure dynamic updates then a primary zone would work:
  The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server that is configured to load
  either a standard primary or directory-integrated zone.
  REF: Understanding Dynamic updates
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• Clustering Configuration with Primary & Secondary Domain Controllers

  Hello.
  I am trying to configure Failover Clustering on my Server 2012 computers.
  I have a primary domain, as well as a secondary domain.
  We will call them dc1.domain.com and dc2.domain.com.
  I have Failover Clustering Manager installed on both servers.
  Upon adding them both to the Create A Cluster Wizard, I receive the following error message on my report.
  (My account is fairly new, so it will not let me attach an image, but I assure you, it is safe)
  s14.postimg.org/lssjm2vu9/Screenshot_1.png

  More that trying to avoid clustering domain controllers, you simply cannot do it.  Active Directory has high availability built into it.  It is known as multimaster, meaning there is no primary and secondary domain controllers.  All are 'masters',
  meaning you can make changes on any domain controller and the change will be replicated to the other DCs.
  If you only have two physical servers and you want to cluster them, you will first need to install the Hyper-V role on the servers (it is not recommended to install both Hyper-V and Domain Controller on the same box, so we will get this fixed).  Once
  you have Hyper-V installed, build a VM on each server, join them to the domain, and promote them to domain controllers.  On one of the VMs, seize the FSMO roles from the FSMO master.  Then demote the physical hosts from being domain controllers. 
  You can now form a cluster of the two physical servers.
  . : | : . : | : . tim

• Connect two domain controllers to SAN storage

  Hi everyone
  I have primary and secondary domain controllers, I want to connect them to SAN storage as a cluster, I tried to configure Failover Clustering on them, but when adding them both to the Create A Cluster Wizard, I receive the following error (see the link)
  http://s14.postimg.org/lssjm2vu9/Screenshot_1.png
  so, is there any solution for this error, or may be there is another way to connect both DCs to the storage as cluster.
  any help will be appreciated,

  Hi,
  as I know this configuration is not supported.
  http://support.microsoft.com/kb/2795523/en-us
  Regards
  Guido

• Domain Admin Account cannot logon to member servers by remote. It can only logon to Domain Controllers

  Our environment has both 2008R2 and 2012R2 Domain Controllers. Recently one of our Domain Admins started having problems logging onto all servers by remote desktop except for domain controllers. The error message is as follows:
  "To log on to this remote computer, you must be granted the Allow log on through Terminal
  Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote
  Desktop Users group or another group that has this right, or if the Remote Desktop Users group does not have this right, you must be granted this right manually"
  All the other Domain Admin Accounts do not have this problem. Suggested solutions recommend checking local policies on the individual servers however I feel that is not
  right. Also there many servers hence doing that in each member server would be cumbersome. There must be solution that requires a single action for all servers and also does not  involve creating a new account. The account was recently used to implement
  a Windows 2012R2 WSUS server and besides the DC's, it is the only other server the account can remote into. This is strange. Help please.

  Hi,
  Does that user has permission for remoting before?
  To start with, there are two types of user rights; Logon rights & Privileges. In simpler terms these are: 
  1) Remote Logon: rights to machine
  2) Logon: privileges for access to the RDP-TCP Listener
  The Remote Logon is governed by the “Allow Logon through Terminal Services” group policy. This is under
  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
  Also check RDP-TCP listener properties. More information.
  “Allow Logon through Terminal Services” group policy and “Remote Desktop Users” group.
  http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Replication Error between DC and PDC after a reboot.

  Hi,
  We have a very small  server environment and having one DC and one ADC.  Last week ADC got a sudden restart. After booting it shown one service failed error.  Since then the ADC  is not replicating with DC.  Giving below the diagnosis
  results of Dcdiag and FSMO check.  
  Domain Controller Diagnosis
  Performing initial setup:
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\DC
        Starting test: Connectivity
           ......................... DC passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\DC
  DNS Tests are running and not hung. Please wait a few minutes...
     Running partition tests on : ForestDnsZones
     Running partition tests on : DomainDnsZones
     Running partition tests on : Schema
     Running partition tests on : Configuration
     Running partition tests on : bannaridc
     Running enterprise tests on : bannaridc.com
        Starting test: DNS
           ......................... bannaridc.com passed test DNS
  Domain Controller Diagnosis
  Performing initial setup:
     * Verifying that the local machine backupdc, is a DC. 
     * Connecting to directory service on server backupdc.
     * Collecting site info.
     * Identifying all servers.
     * Identifying all NC cross-refs.
     * Found 2 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\BACKUPDC
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           * Active Directory RPC Services Check
           ......................... BACKUPDC passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\BACKUPDC
        Starting test: Replications
           * Replications Check
           [Replications Check,BACKUPDC] A recent replication attempt failed:
              From DC to BACKUPDC
              Naming Context: DC=ForestDnsZones,DC=bannaridc,DC=com
              The replication generated an error (1256):
              The remote system is not available. For information about network troubleshooting, see Windows Help.
              The failure occurred at 2014-05-15 12:29:41.
              The last success occurred at 2014-05-12 09:23:27.
              76 failures have occurred since the last success.
           REPLICATION LATENCY WARNING
           ERROR: Expected notification link is missing.
           Source DC
           Replication of new changes along this path will be delayed.
           This problem should self-correct on the next periodic sync.
           [Replications Check,BACKUPDC] A recent replication attempt failed:
              From DC to BACKUPDC
              Naming Context: DC=DomainDnsZones,DC=bannaridc,DC=com
              The replication generated an error (1256):
              The remote system is not available. For information about network troubleshooting, see Windows Help.
              The failure occurred at 2014-05-15 12:29:41.
              The last success occurred at 2014-05-12 09:33:40.
              76 failures have occurred since the last success.
           REPLICATION LATENCY WARNING
           ERROR: Expected notification link is missing.
           Source DC
           Replication of new changes along this path will be delayed.
           This problem should self-correct on the next periodic sync.
           [Replications Check,BACKUPDC] A recent replication attempt failed:
              From DC to BACKUPDC
              Naming Context: CN=Schema,CN=Configuration,DC=bannaridc,DC=com
              The replication generated an error (5):
              Access is denied.
              The failure occurred at 2014-05-15 12:29:41.
              The last success occurred at 2014-05-12 09:23:26.
              76 failures have occurred since the last success.
           [Replications Check,BACKUPDC] A recent replication attempt failed:
              From DC to BACKUPDC
              Naming Context: CN=Configuration,DC=bannaridc,DC=com
              The replication generated an error (5):
              Access is denied.
              The failure occurred at 2014-05-15 12:29:41.
              The last success occurred at 2014-05-12 09:23:26.
              76 failures have occurred since the last success.
           REPLICATION LATENCY WARNING
           ERROR: Expected notification link is missing.
           Source DC
           Replication of new changes along this path will be delayed.
           This problem should self-correct on the next periodic sync.
           [Replications Check,BACKUPDC] A recent replication attempt failed:
              From DC to BACKUPDC
              Naming Context: DC=bannaridc,DC=com
              The replication generated an error (5):
              Access is denied.
              The failure occurred at 2014-05-15 12:29:42.
              The last success occurred at 2014-05-12 09:42:25.
              95 failures have occurred since the last success.
           REPLICATION LATENCY WARNING
           ERROR: Expected notification link is missing.
           Source DC
           Replication of new changes along this path will be delayed.
           This problem should self-correct on the next periodic sync.
           * Replication Latency Check
           REPLICATION-RECEIVED LATENCY WARNING
           BACKUPDC:  Current time is 2014-05-15 13:24:11.
              DC=ForestDnsZones,DC=bannaridc,DC=com
                 Last replication recieved from DC at 2014-05-12 09:23:27.
                 Latency information for 2 entries in the vector were ignored.
                    2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
              DC=DomainDnsZones,DC=bannaridc,DC=com
                 Last replication recieved from DC at 2014-05-12 09:33:40.
                 Latency information for 2 entries in the vector were ignored.
                    2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
              CN=Schema,CN=Configuration,DC=bannaridc,DC=com
                 Last replication recieved from DC at 2014-05-12 09:23:26.
                 Latency information for 2 entries in the vector were ignored.
                    2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
              CN=Configuration,DC=bannaridc,DC=com
                 Last replication recieved from DC at 2014-05-12 09:23:26.
                 Latency information for 2 entries in the vector were ignored.
                    2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
              DC=bannaridc,DC=com
                 Last replication recieved from DC at 2014-05-12 09:42:25.
                 Latency information for 2 entries in the vector were ignored.
                    2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
           * Replication Site Latency Check 
           ......................... BACKUPDC passed test Replications
        Test omitted by user request: Topology
        Test omitted by user request: CutoffServers
        Starting test: NCSecDesc
           * Security Permissions check for all NC's on DC BACKUPDC.
           * Security Permissions Check for
             DC=ForestDnsZones,DC=bannaridc,DC=com
              (NDNC,Version 2)
           * Security Permissions Check for
             DC=DomainDnsZones,DC=bannaridc,DC=com
              (NDNC,Version 2)
           * Security Permissions Check for
             CN=Schema,CN=Configuration,DC=bannaridc,DC=com
              (Schema,Version 2)
           * Security Permissions Check for
             CN=Configuration,DC=bannaridc,DC=com
              (Configuration,Version 2)
           * Security Permissions Check for
             DC=bannaridc,DC=com
              (Domain,Version 2)
           ......................... BACKUPDC passed test NCSecDesc
        Starting test: NetLogons
           * Network Logons Privileges Check
           Verified share \\BACKUPDC\netlogon
           Verified share \\BACKUPDC\sysvol
           ......................... BACKUPDC passed test NetLogons
        Starting test: Advertising
           The DC BACKUPDC is advertising itself as a DC and having a DS.
           The DC BACKUPDC is advertising as an LDAP server
           The DC BACKUPDC is advertising as having a writeable directory
           The DC BACKUPDC is advertising as a Key Distribution Center
           Warning: BACKUPDC is not advertising as a time server.
           ......................... BACKUPDC failed test Advertising
        Starting test: KnowsOfRoleHolders
           Role Schema Owner = CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bannaridc,DC=com
           Role Domain Owner = CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bannaridc,DC=com
           Role PDC Owner = CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bannaridc,DC=com
           Role Rid Owner = CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bannaridc,DC=com
           Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bannaridc,DC=com
           ......................... BACKUPDC passed test KnowsOfRoleHolders
        Starting test: RidManager
           * Available RID Pool for the Domain is 3107 to 1073741823
           * DC.bannaridc.com is the RID Master
           * DsBind with RID Master was successful
           * rIDAllocationPool is 2607 to 3106
           * rIDPreviousAllocationPool is 2607 to 3106
           * rIDNextRID: 2771
           ......................... BACKUPDC passed test RidManager
        Starting test: MachineAccount
           Checking machine account for DC BACKUPDC on DC BACKUPDC.
           * SPN found :LDAP/backupdc.bannaridc.com/bannaridc.com
           * SPN found :LDAP/backupdc.bannaridc.com
           * SPN found :LDAP/BACKUPDC
           * SPN found :LDAP/backupdc.bannaridc.com/BANNARIDC
           * SPN found :LDAP/bcbf105f-e755-4c24-b846-01d447834480._msdcs.bannaridc.com
           * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/bcbf105f-e755-4c24-b846-01d447834480/bannaridc.com
           * SPN found :HOST/backupdc.bannaridc.com/bannaridc.com
           * SPN found :HOST/backupdc.bannaridc.com
           * SPN found :HOST/BACKUPDC
           * SPN found :HOST/backupdc.bannaridc.com/BANNARIDC
           * SPN found :GC/backupdc.bannaridc.com/bannaridc.com
           ......................... BACKUPDC passed test MachineAccount
        Starting test: Services
           * Checking Service: Dnscache
           * Checking Service: NtFrs
           * Checking Service: IsmServ
           * Checking Service: kdc
           * Checking Service: SamSs
           * Checking Service: LanmanServer
           * Checking Service: LanmanWorkstation
           * Checking Service: RpcSs
           * Checking Service: w32time
           * Checking Service: NETLOGON
           ......................... BACKUPDC passed test Services
        Test omitted by user request: OutboundSecureChannels
        Starting test: ObjectsReplicated
           BACKUPDC is in domain DC=bannaridc,DC=com
           Checking for CN=BACKUPDC,OU=Domain Controllers,DC=bannaridc,DC=com in domain DC=bannaridc,DC=com on 1 servers
              Object is up-to-date on all servers.
           Checking for CN=NTDS Settings,CN=BACKUPDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bannaridc,DC=com in domain CN=Configuration,DC=bannaridc,DC=com on 1 servers
              Object is up-to-date on all servers.
           ......................... BACKUPDC passed test ObjectsReplicated
        Starting test: frssysvol
           * The File Replication Service SYSVOL ready test 
           File Replication Service's SYSVOL is ready 
           ......................... BACKUPDC passed test frssysvol
        Starting test: frsevent
           * The File Replication Service Event log test 
           ......................... BACKUPDC passed test frsevent
        Starting test: kccevent
           * The KCC Event log test
           Found no KCC errors in Directory Service Event log in the last 15 minutes.
           ......................... BACKUPDC passed test kccevent
        Starting test: systemlog
           * The System Event log test
           An Error Event occured.  EventID: 0xC25A001D
              Time Generated: 05/15/2014   12:30:20
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0xC25A001D
              Time Generated: 05/15/2014   12:49:04
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x40000004
              Time Generated: 05/15/2014   12:53:20
              Event String: The kerberos client received a
  KRB_AP_ERR_MODIFIED error from the server
  host/backupdc.bannaridc.com.  The target name
  used was
  LDAP/bcbf105f-e755-4c24-b846-01d447834480._msdcs.bannaridc.com.
   This indicates that the password used to encrypt
  the kerberos service ticket is different than
  that on the target server. Commonly, this is due
  to identically named  machine accounts in the
  target realm (BANNARIDC.COM), and the client
  realm.   Please contact your system
  administrator. 
           An Error Event occured.  EventID: 0xC25A001D
              Time Generated: 05/15/2014   13:12:19
              (Event String could not be retrieved)
           ......................... BACKUPDC failed test systemlog
        Test omitted by user request: VerifyReplicas
        Starting test: VerifyReferences
           The system object reference (serverReference)
           CN=BACKUPDC,OU=Domain Controllers,DC=bannaridc,DC=com and backlink on
           CN=BACKUPDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bannaridc,DC=com
           are correct. 
           The system object reference (frsComputerReferenceBL)
           CN=BACKUPDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=bannaridc,DC=com
           and backlink on CN=BACKUPDC,OU=Domain Controllers,DC=bannaridc,DC=com
           are correct. 
           The system object reference (serverReferenceBL)
           CN=BACKUPDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=bannaridc,DC=com
           and backlink on
           CN=NTDS Settings,CN=BACKUPDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bannaridc,DC=com
           are correct. 
           ......................... BACKUPDC passed test VerifyReferences
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: CheckSecurityError
     Running partition tests on : ForestDnsZones
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
     Running partition tests on : DomainDnsZones
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
     Running partition tests on : Schema
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
     Running partition tests on : Configuration
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
     Running partition tests on : bannaridc
        Starting test: CrossRefValidation
           ......................... bannaridc passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... bannaridc passed test CheckSDRefDom
     Running enterprise tests on : bannaridc.com
        Starting test: Intersite
           Skipping site Default-First-Site-Name, this site is outside the scope
           provided by the command line arguments provided. 
           ......................... bannaridc.com passed test Intersite
        Starting test: FsmoCheck
           GC Name: \\DC.bannaridc.com
           Locator Flags: 0xe00003fd
           PDC Name: \\DC.bannaridc.com
           Locator Flags: 0xe00003fd
           Time Server Name: \\DC.bannaridc.com
           Locator Flags: 0xe00003fd
           Preferred Time Server Name: \\DC.bannaridc.com
           Locator Flags: 0xe00003fd
           KDC Name: \\backupdc.bannaridc.com
           Locator Flags: 0xe00001b8
           ......................... bannaridc.com passed test FsmoCheck
        Test omitted by user request: DNS
        Test omitted by user request: DNS
  Please help me to resolve this issue.
  Regards,
  suren

  Hi suren,
  Error 1256 is logged as the replication status per partition as a result of the destination DC cancelling the sync request from the source DC due to a connectivity failure previously encountered.
  Please refer to the articles below to troubleshoot the issue:
  Troubleshooting AD Replication error 1256: The remote system is not available.
  http://support.microsoft.com/kb/2200187
  Troubleshooting AD Replication error 5: Access is denied
  http://support.microsoft.com/kb/2002013
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Replication with Domain and Sub domain in Active directory sites and services

  I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically because
  it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?

  I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically
  because it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?
  Two way transitive trusts are configured automatically when you create a child domain or tree root domain. You don't have to worry about site/subnet or replication part at least from trust perspective. But make sure site's names are unique in each domain.
  How Domain and Forest Trusts Work
  http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
  http://technet.microsoft.com/en-us/library/cc730868.aspx
  http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• Crc error between 2950 and 3620 router

  I have connected the 2950 to the 3620, and the running-config of 2950 below:
  2950#show running-config
  Building configuration...
  Current configuration : 1279 bytes
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname 2950
  enable secret xxxx
  no ip subnet-zero
  no ip finger
  no ip domain-lookup
  interface FastEthernet0/1
  duplex half
  speed 10
  interface FastEthernet0/2
  interface FastEthernet0/23
  interface FastEthernet0/24
  interface FastEthernet0/24.122
  interface FastEthernet0/24.123
  interface Vlan1
  bandwidth 10000
  ip address 192.168.10.200 255.255.255.0
  no ip route-cache
  delay 100
  ip default-gateway 192.168.10.254
  no ip http server
  line con 0
  transport input none
  line vty 0 4
  password xxx
  login
  line vty 5 15
  login
  end
  And the 3620 router just set the interface ethernet0/3:
  interface Ethernet0/3
  ip address 192.168.10.254 255.255.255.0
  half-duplex
  I have connected the f0/1 of switch to the eth0/3 of router. There are many crc errors between the switch and router, and try to change the duplex and speed rate, but it didn't take effect. I ensure the cable is good.
  Thank you for your suggestion!

  First, thank you for your notice of my problems.
  Yes. When I ping from both directions, I'm seeing the CRC error only in the switch. And I have cleared the counters in both ends.
  And I try to connect to another port of the router, It exists the same problem.
  I'm seeing both of the input errors and CRC errors.
  The interface of f0/1 (in switch)is following:
  2950#show int f0/1
  FastEthernet0/1 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0007.84fc.d1c1 (bia 0007.84fc.d
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
  reliability 219/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10Mb/s
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:03:10, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:11:25
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 1000 bits/sec, 1 packets/sec
  5 minute output rate 1000 bits/sec, 3 packets/sec
  299 packets input, 39511 bytes, 0 no buffer
  Received 5 broadcasts, 0 runts, 0 giants, 0 throttles
  164 input errors, 164 CRC, 0 frame, 0 overrun, 33 ignored
  0 input packets with dribble condition detected
  1058 packets output, 81544 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier
  0 output buffer failures, 0 output buffers swapped out
  2950#

• RFC connection error between BW 3.5 and ECC 6.0

  Hi gurus,
  We've defined an RFC destination between BW 3.5 and ECC 6.0. Connection test  (SM59) is ok, but authorization one fails and ALEREMOTE users block. These users on both systems have good profiles. We look ST22 and find a runtime error on CALL_FUNCTION_REMOTE_ERROR. We've cleaned source system on BW and RFC destination and we've created one more time, but error doesn't disappear. We've looked OSS but don't find anything.
  Any idea? Is there any other place (users, RFC) where we have to change user password on system?
  Thanks a lot!
  Regards,
  Iván.
  Edited by: Iván Cabezas Castillo on Nov 6, 2009 12:09 PM

  Solved!
  This is because of the incompatibility of password handling between
  640 and 700 systems.
  We have to use a maximum 8 character long password with only capital letters (numbers are also allowed) for the user "ALEREMOTE".
  1. Change the password for the user in SAP R/3.
  2. Maintain the password in SAP BW for the RFC destination (transaction SM59 - Logon/Security tab)
  3. Authorization test is now successful.
  (SM59 - Test - Authorization).
  Regards!

• My Mac is doing strange things: delaying between users, mouse flickering and bouncing, gets stuck with rainbow wheel flickering. I ran the appel hardware test and it detected an error: 4MOT/4/40000003:HDD-1233 Does anybody know what that means? HELP!

  My imac is doing strange things:
  -delaying between users: when closing session it goes to blue, then takes a while to appear users signin box, and then wont recognize mouse command to enter until a couple of minutes later... then everything seems alright until....
  -it gets stuck between things, the rainbow wheel appears and its just delays there forever....
  -and every now and then the mouse starts flickering and bouncing wildly onscreen.
  I ran the appel hardware test and it detected an error:
  4MOT/4/40000003:HDD-1233
  Does anybody know what that means? HELP!

  WZZZ answered about where to get iStat. And do check the SMART status. If it is an overheating problem due to a fan or logic board problem, your hard drive is possibly cooking itself to death. If so it isn't a faulty hard drive even though the hard drive might fail. So assuming it's a temperature problem, even if you are able to repair things on the disk with software, that is working on symptoms, not causes. I could be wrong however.
  RE: AppleCare: Your iMac came with one year of AppleCare (Apple's warranty program), but within the first year you can buy 2 more years. You have to extend by the one year anniversary of purchase of the computer. Your 10,1 is too old to still be in the first year, and since you asked what it was, I'm sure you don't have it. Bottom line meaning is that whatever this problem turns out to be, you'll have to pay for it. Unless there is something like this. It is for 2011 iMacs with certain Seagate drives. You can put in your serial number for fun, but it looks like yours is too old. Lastly, some people have had Apple help them anyway if it is just out of warranty, but many have not. Your machine is one of these. Type in 10,1 in the search box. Is there an Apple Store near you? Just b/c it's out of warranty doesn't mean you shouldn't have it looked at by Apple. But no one here can say at all what Apple will or will not do.
  Hope you get it taken care of!

• Autodiscover, domain controllers, and certificate errors

  I have just deployed and Exchange 2013 server in one of my sites. I'm having tons of issues with it, but one issue I'm having trouble thinking through goes like this:
  All users have email addresses that are [email protected] Domain.com is our internal domain name and also a public domain. Now, in a Windows environment, if you were to nslookup domain.com within our network it
  will resolve to any one of the domain controllers. On our infrastructure master DC there is an IIS website, with SSL, that handles certificate services for our internal CA.
  Here's my problem: When a user opens Outlook and autodiscover attempts to find their Exchange connection info it first tries to reach the site
  https://domain.com/autodiscover/autodiscover.xml. If that PC happens to resolve domain.com to the DC that has our certificate services website on it then the Outlook client sends a certificate error.
  If the client is prior to Outlook 2013, the mailbox configuration just halts and throws an error.
  What do I do to prevent this?

  Hi,
  Yes, we can have the following “switchers”
  PreferLocalXML
  ExcludeHttpRedirect
  ExcludeHttpsAutoDiscoverDomain
  ExcludeHttpsRootDomain
  ExcludeScpLookup
  ExcludeSrvRecord
  ExcludeLastKnownGoodUR
  Thanks,
  Simon Wu
  TechNet Community Support

• PI Control Error Between Process Variable and Set Point

  I've developed a PI program that uses measurements from a pressure transducer as the process variable to control air pressure released from a motorized valve. The program works great at lower pressures, but as the set point pressure increases the error between the process variable and set point increases. I've tried several things....adjusting the P seems to initially increase the overshoot but the process variable always settles down below the set point....tried adjusting the EGU min and max values but no real pattern develops with this. It appears as the process variable get closer to the max EGU value of 70000 pascals the error increases.
  I've attached three screen shots showing the process variable curve and setpoint value. The graph of interest is the one in the upper right hand corner.
  Any recommendation or advice would be appreciated.
  tks, Terry
  Attachments:
  Low Pressure.JPG ‏267 KB
  High Pressure.JPG ‏398 KB
  Mid Pressure.JPG ‏266 KB

  Kyle,
  First off....I appreciate your comments. No...there is no value is system represented as U16.
  Actually errors start to develop quite a bit before the maximum. If you look at the mid pressure.jpg file you'll notice that the set point (~28125 Pascals) and process variable (~25625 Pascals) are roughly off by about 2500 Pascals. Then if you look at the high pressure.jpg file you'll notice that the set point (~53000 Pascals) and process variable (~45500 Pascals) are roughly off by about 7500 Pascals. Therefore it appears as the setpoint pressure increases towards maximum the error tends to increase.
  I was curious about something....the set point value I'm inputting into the PID.VI , shown in the high pressure.jpg file, is from EGU to percent.VI. It would look exactly like the EGU to percent VI feeding the process variable input of the PID.VI with the set point value feeding the EGU to percent.VI input. Would I be better off feeding the actual set point value to the PID.VI input instead of percentage?
  Thanks, Terry

• I have a communication error between Lightroom 5 and my printer. It prints photos about 1/2 strength in color. Printer checks out ok. WHAT CAN I DO?

  I have a communication error between Lightroom 5 and my printer. It prints photos about 1/2 strength in color.. The printer checks out ok. What can I do?