DNS issue - ping successful but replication failing

**ps3cheats** · 15-Mar-2007, 03:11 AM

Hi Experts. Would be profoundly grateful for any help on this. This is both an Exchange and windows AD question but mostly AD/DNS I suspect.
Our company encompasses four sites -
The head office where all applications of any importance are, and three others connected via VPN.
We have a single windows domain covering all four sites. There are single DCs at three of the sites which are small satellite offices and each DC at the satellite sites is also a GC, DNS and DHCP server.
There were three DCs at the main site.
The three DCs at the main site were/are a SQL server, an Exchange Server and a file and print server.
All has been working very well (particularly Exchange 2003) until.....

We had problems with our Exchange Server - the system attendant would not start, and as the problem seemed to be related in some way to communication between AD and Exchange we rashly took the decision to demote it from a DC to a member server. I know (now!) that MS does not support this however at the time it worked and the services all started ok.

Not long afterwards however things started to behave strangely. Outlook 2000 clients at remote sites hang when connecting to Exchange. Some Outlook 2003 clients do but not all it seems. Removing the outlook profile completely and recreating it seems to address the problem temporarily but it recurs. Outlook users at the head office have no issues with connection to the Exchange Server.

We are having issues with replication of DCs between the satellite sites and the main site - KCC errors 1311 and 1865, and NTDS replication errors of 1232 and 1188. These would suggest that names cannot be resolved or their is no IP connectivity.

Internal DNS name resolution is not working for clients at satellites trying to conect to intranet sites at the head office. When pinging by the same host name it works fine.
I have changed the DNS client of my DCs at the remote sites to point to a DNS server at the head office but this has not had any effect.
I have made any number of changes to sites and services to try and persuade the DCs to see each other. My understanding is that most of this is done automatically but I have nonetheless manually set bridgehead servers between the spokes and the hub.

DNS would seem to be the culprit but there is something darned strange going on that is bewildering me. DNS appears to be working fine! Everything resolves OK when pinging and all the relevant records seem to be present in the DNS servers at each site.

This is not an IP issue as far as i can see - we have never had issues with our IP connectivity and at the IP level everything seems to work as before. I have checked with portqry to see if the ports are all available and they certainly seem to be. It just seems to be an issue of name resolution that is not resolving (except when you ping!).

Any help much appreciated.

**ps3cheats** · 15-Mar-2007, 03:11 AM

Just checking you've ruled the bugs out: (See EventID.Net) and you've got the time synced ok between DC's at the various sites. Anything over about five minutes will stop replication (if this is obvious my apologies but wasn't sure what you'd checked out so far)

Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based computers
Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based or Windows Vista-based computers
Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail
Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail

15-Mar-2007, 03:11 AM	#1 (permalink)
ps3cheats Fixed Error! Posts: 1,497 Join Date: Mar 2007 Rep Power: 3 IM:	DNS issue - ping successful but replication failing Hi Experts. Would be profoundly grateful for any help on this. This is both an Exchange and windows AD question but mostly AD/DNS I suspect. Our company encompasses four sites - The head office where all applications of any importance are, and three others connected via VPN. We have a single windows domain covering all four sites. There are single DCs at three of the sites which are small satellite offices and each DC at the satellite sites is also a GC, DNS and DHCP server. There were three DCs at the main site. The three DCs at the main site were/are a SQL server, an Exchange Server and a file and print server. All has been working very well (particularly Exchange 2003) until..... We had problems with our Exchange Server - the system attendant would not start, and as the problem seemed to be related in some way to communication between AD and Exchange we rashly took the decision to demote it from a DC to a member server. I know (now!) that MS does not support this however at the time it worked and the services all started ok. Not long afterwards however things started to behave strangely. Outlook 2000 clients at remote sites hang when connecting to Exchange. Some Outlook 2003 clients do but not all it seems. Removing the outlook profile completely and recreating it seems to address the problem temporarily but it recurs. Outlook users at the head office have no issues with connection to the Exchange Server. We are having issues with replication of DCs between the satellite sites and the main site - KCC errors 1311 and 1865, and NTDS replication errors of 1232 and 1188. These would suggest that names cannot be resolved or their is no IP connectivity. Internal DNS name resolution is not working for clients at satellites trying to conect to intranet sites at the head office. When pinging by the same host name it works fine. I have changed the DNS client of my DCs at the remote sites to point to a DNS server at the head office but this has not had any effect. I have made any number of changes to sites and services to try and persuade the DCs to see each other. My understanding is that most of this is done automatically but I have nonetheless manually set bridgehead servers between the spokes and the hub. DNS would seem to be the culprit but there is something darned strange going on that is bewildering me. DNS appears to be working fine! Everything resolves OK when pinging and all the relevant records seem to be present in the DNS servers at each site. This is not an IP issue as far as i can see - we have never had issues with our IP connectivity and at the IP level everything seems to work as before. I have checked with portqry to see if the ports are all available and they certainly seem to be. It just seems to be an issue of name resolution that is not resolving (except when you ping!). Any help much appreciated.

15-Mar-2007, 03:11 AM	#2 (permalink)
ps3cheats Fixed Error! Posts: 1,497 Join Date: Mar 2007 Rep Power: 3 IM:	Re: DNS issue - ping successful but replication failing Just checking you've ruled the bugs out: (See EventID.Net) and you've got the time synced ok between DC's at the various sites. Anything over about five minutes will stop replication (if this is obvious my apologies but wasn't sure what you'd checked out so far) Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based computers Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based or Windows Vista-based computers Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)