Jaa

Active Directory Replication Problems Solved with Preparation Wizard

  • Artikkeli

For those of you who are new to these tools, we’ve talked about the Preparation and Planning

Wizards before on our blog. We also have a dedicated page for it here. As well, the team over at

TechNet Edge did an article on the tools.

 

These tools are not just for customers with Essential Business Server or those who are planning to

deploy this solution in their environments. These tools are for anyone with Active Directory in

their network who would like to verify the health of their environment.

 

Today I would like to focus on a special category of issues that these tools help resolve around

Active Directory replication.

 

As a member of the EBS team, I see a lot of mid-sized networks (25-300 PCs) where

Active Directory replication errors are very common. These issues are also very hard to troubleshoot, mostly because there are quite a few potential causes of these problems. To name just a few, AD replication may fail due to DNS issues, connectivity problems, security issues, time synchronization problems, etc. etc. TechNet has a great description of some of these potential causes.

How do the tools help find and resolve AD replication issues?

Preparation Wizard is a great tool that helps troubleshoot Active Directory replication issues. The tool scans the existing network, identifies the source of AD replication errors and provides links to knowledge based articles that explain how to correct these issues. In order to identify the source of Active Directory replication errors, Preparation Wizard uses LDAP, DNS queries and WMI to contact each server in the network and run a set of checks to verify that AD replication is functioning correctly. In addition, the tool specifically looks for events that indicate Active Directory replication problems. Note that Preparation Wizard does not change the environment, so the tool is completely safe to run at any time!

How is it different from other tools?

Unlike many other known tools which simply dump large amounts of networking data collected from a single source (such as event logs, for instance), Preparation Wizard is able to gather data from many different areas( Active Directory, DNS, SYSVOL, event logs, etc.), cross reference that data, and make conclusions about the overall health of the network. Preparation Wizard has over 100 different checks which are based on most common issues resolved by Microsoft Customer Support Services over the past 10 years!

Specifics tool verifies?

There are several tests that Preparation Wizard runs to ensure AD replication functions correctly. Among others, the tool verifies that:

· Network connectivity is available and network settings are properly configured

· Name resolution for all domain controllers is functioning properly

· Inbound AD replication is enabled for all domain controller

· Outbound AD replication is enabled for all domain controllers

· AD replication with corrupt partners is disabled

· Each domain controller replicates changes within a certain threshold (AD replication is fast enough)

· Domain, Schema, and Configuration naming contexts are defined on all domain controllers in the Active Directory sites

· All naming contexts can replicate successfully

· Knowledge Consistency Checker's automatic generation of intra-site or inter-site topology management is enabled

Go get it – it’s FREE!

https://www.microsoft.com/ebs/en/us/preparation.aspx

Link to supporting documents and other resources on troubleshooting Active Directory replication:

https://www.windowsnetworking.com/articles_tutorials/Active-Directory-Troubleshooting-Part1.html

https://searchwindowsserver.techtarget.com/generic/0,295582,sid68_gci1263312,00.html#

 

Thanks!

Julia Kuzminova
EBS Community Program Manager

Comments

  • Anonymous
    January 01, 2003
    Have you tried troubleshooting WMI as suggested in this article: http://support.microsoft.com/kb/875605 (Preparation Wizard should be pointing to this article) ? Also, how did you disable the firewall on the Security Server?  net stop "microsoft firewall"?

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    You should be ready to upgrade :). To answer you questions: .Com or .Local does not matter -- you should be ok with this configuration. Exchange 2007 does allow you to have over 2GB per mailbox, so you will be able to migrate those mailoxes just fine. EBS has the Active-Sync feature with Exchange 2007 as well, so you can use it (our default firewall rules allow Active Sync communication with Exchange). As far as Blackberry, you will need to check with your vendor about its compatibility with Exchange 2007 (but most likely it will work).

  • Anonymous
    January 01, 2003
    Lev, We opened a support case for you, but need additional contact info details from you. I sent you an email with all the details. Julia

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    PingBack from http://bh-server.com/the-essential-business-server-team-blog-active-directory/

  • Anonymous
    January 01, 2003
    If WBEMTEST is not working, the issue is not with the tool.  The issue is that WMI is still being blocked. We would like to open a support case for you to figure out what is going on, but we do need your contact information (name and phone number)  to do that.  Can you please reply with your contact information (when you reply to this post, we will not post your information publicly, so only EssentialBloggers will be able to see it)?

  • Anonymous
    April 05, 2009
    The comment has been removed

  • Anonymous
    April 11, 2009
    The comment has been removed

  • Anonymous
    April 11, 2009
    The comment has been removed

  • Anonymous
    May 07, 2009
    Thank you reply I have tried all the stuff listed here: http://social.microsoft.com/Forums/ru-RU/netfxbcl/thread/4207c95f-bfbc-4b04-8d99-27abd5c0d96b getting exatcly the same feedback. No luck. In addition I have tried to stop the Microsoft Firewall with the Services mmc GUI snapin, and check again. No difference.

  • Anonymous
    May 09, 2009
    >>net stop fwsrv done; also, I have surely shut down the "Windows Firewall with Advanced Security" on both the Management and Security servers Wbemtest (from the Management Server): still can't connect to \security.mango.localrootcimv2 ???

  • Anonymous
    June 07, 2009
    next attempt tried installing update rollup, no luck also I have reinstalled a brand new Security Server The freshly upodated Preparation Wizard fails running from different computers Remote WMI access is enabled on servers Error: The <securityserver.my.domain> server could not be accessed using WMI. Actions that you can perform to resolve this issue might include stopping the firewall before you run the wizard, ensuring that the server is available, installing WMI provider on a Windows 2000 server, enabling WMI access on the server, or removing the server object from Active Directory Sites and Services if the server has been decommissioned. See also: KB 875605, KB 216364, KB 682138

  • Anonymous
    June 12, 2009
    Follow-up with Lev: If you are running the Planning and Preparation wizards in an EBS Environment (or any environment with TMG/ISA, really), we have to be able to query WMI on the TMG server from the workstation or server you are running the wizards on.  If you can sacrifice taking the entire network offline while the wizards run (this obviously won't work if you have remote sites), running "net stop fweng /y" from the TMG server will allow the wizards to run. The more complete way to do this is to temporarily open up TMG to allow the wizards to run:

  1.  Create a bi-directional allow-all access rule between the two machines: Name:  Allow all Protocols:  All outbound traffic From:  local host; machine running wizards To:  local host; machine running wizards Users:  All users Right-click on the rule, choose "Configure RPC Protocol", and de-select "Enforce strict RPC compliance"
  2.  Edit the 'RPC (all interfaces)' protocol in toolbox and deselect the RPC filter.
  3.  Right-click on Firewall Policy, Choose 'edit system policy ...', and choose 'Active Directory'.   De-select "Enforce strict RPC compliance" Click apply and ok to save the settings, and refresh MonitoringConfiguration until it shows 'Server configuration matches the Configuration Storage server configuration'

  • Anonymous
    July 12, 2009
    I am getting the same error: "Connectivity did not occur during the prerequisite validation phase" The majority of the tests are skipped because of this.   The Windows Firewall is not enabled and we are not running ISA.  WBEMTest appears to connect and display objects using Enum Objects/Recursive.

  • Anonymous
    July 12, 2009
    FIXED my problem! I ran DCDIAG with Win2K3 SP2 Support Tools and found that both the Windows Time and Intersite Messaging services were set to Disabled.  I set to Automatic and started them both, and the EBS Preparation Wizard ran correctly. Just wanted to share with others.  Thanks.

  • Anonymous
    July 28, 2009
    Hi the Preparation Wizard gave me an impression of its capability to install a fresh servers trinity (i.e. new instance of EBS 2008) in existent EBS domain But this impression is false: the Planning wizard denies an attempt installing new Management instance while the first one is connected. It forces the "single server replacement" scenario inadvertenly. The Preparation wizard may check this condition in the first screen.