Upgraded DNS server will not replicate :(

[BJ]

We have a child domain with two Domain Controllers running AD DNS. One
server no matter what we do will NOT replicate DNS in AD. WE had to make it
a secondary zone in order to get any changes. No errors in the event log,
etc.

any ideas?

BJ

[Todd J Heron]

Top three causes of AD replication failure:

1) Missing or incorrect DNS settings on one or more DCs
2) Firewall is enabled on the network interface of one or more DCs
3) Incorrect date/time on one or more DCs

I think your problem was #3 above b/c you have primary/secondary replication
working which doesn't rely on correct time but instead on sequence number
timestamp in the zone file.

Domain authentication relies on Kerberos and Kerberos relies on accurate
time in the domain. If the time between client and server is off by more
than 5 minutes (either plus or minus) Kerberos authentication will fail, and
if the same is true on one or more DCs, AD replication will fail between
those DCs. Fix your date/time and post back the results.

Troubleshooting Active Directory Replication Problems
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/maintain/opsguide/Part1/adogd12.asp

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT

[Todd J Heron]

Actually AD relies on a sequence number for updates too but it still
requires time to be synched (or within +/- 5 min.) or else replication will
not occur.