 |
 |
I would drop the firewalls on the PDC and failing DC and see if replication occurs. If so, your firewall is too restrictive. I've had this problem before. http://support.microsoft.com/kb/555381 this kbase article is a good guide for setting the File Replication services to use a specific port to make the firewall configuration a snap to maintain. Just assign a static port to the service, then add that exclusion to your firewall rules. To drop the firewall if you're enforcing it with a GPO, just run 'net stop sharedaccess' at the command prompt. Also, the Security Configuration Wizard works wonders for automatically configuring the required exclusions on the firewall, based on what services are running on the server. Jon Galbreath MCSE/Security+ Systems Administrator International Studies and Programs Ph: 517-884-2144 [log in to unmask]<mailto:[log in to unmask]> From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse Howard Sent: Monday, July 27, 2009 10:26 AM To: [log in to unmask] Subject: [MSUNAG] Demoting DC that can't replicate I have an old domain controller that has been having DNS and replication errors for some time now. The PDC in the domain was recently brought up to windows 2003 server service pack 2, and now replication with the failing DC is completely gone. The current PDC is holding all FSMO roles. My question is; can I safely ADPREP the domain, DCPROMO a new DC (2003 R2), and then demote the old DC that can't replicate? Thanks, Jesse Howard _______________________ IT Administrator Michigan State University Press [log in to unmask]<mailto:[log in to unmask]> www.msupress.msu.edu<http://www.msupress.msu.edu/>