I have a previous question up about this, but I've come to some new information and I figured I would start a new post to stir up some new discussion. To start, I will give you all a short description of our network setup (from the way I understand it). We have 2 stores. We'll call them CP, and HQ. Now HQ is a domain controller, and we have a local domain called billsgs.net. Each store basically operates on its own. They each have a firewall, and their own server running windows server 2008 R2. The only time they interact is through replication. We have specified replicated directories, which are mostly user profiles, and our database files. This is for backup for the most part. Now to get onto the problem... a few weeks ago (early June) we noticed the replication service on the HQ server was hogging a ton of memory, and by a ton, I mean ALL of the available memory it could get its hands on. We have 13gbs and within 10 minutes of running DFS it was about 98% memory usage. So we stopped it. We havent really been bothered by this, but if something crashes, we are pretty much screwed on the backups. We have ran some hot fixes but nothing has worked. So as of right now, DFS is not running. Now, a couple of weeks ago the firewalls operating system was

Getting a lot of DCDiag errors... Been having some DNS issues. Infrastructure is single domain, 3 2003 DC's (Primary is PRIMARYSERVER, Secondary is SECONDARYSERVER and Tertiary is (the one with the problems) BADSERVER) DCDiag returns no errors on PRIMARYSERVER. Haven't gotten to SECONDARYSERVER yet. Looks like DNS is not replicating on badserver as well. Starting test: Replications [Replications Check,BADSERVER] A recent replication attempt failed: From SECONDARYSERVER to BADSERVER Naming Context: CN=Schema,CN=Configuration,DC=DOMAIN,DC=com The replication generated an error (1908): Could not find the domain controller for this domain. The failure occurred at 2008-08-12 11:25:01. The last success occurred at 2008-08-12 10:57:13. 1 failures have occurred since the last success. Kerberos Error. A KDC was not found to authenticate the call. Check that sufficient domain controllers are available. [SECONDARYSERVER] DsBindWithSpnEx() failed with error 1722, The RPC server is unavailable.. [Replications Check,BADSERVER] A recent replication attempt failed: From PRIMARYSERVER to BADSERVER Naming Context: CN=Schema,CN=Configuration,DC=DOMAIN,DC=com The replication generated an error (1908): Could not find the domain controller for this dom

How to fix Kerberos error 68 when setting up a Kerberos Realm in IWA Adapter 3.x Published:09/08/2014 Problem:An IWA 3.0 or 3.1 adapter has been set up, single sign-on(SSO) is not working, and the server.log shows: 2013-06-27 10:45:09,720 tid:8e937cd4c ERROR [com.pingidentity.adapters.iwa.idp.KerberosValidator] Unable to login to KDC When retrying the Manage Domain/Realm name resolution process in the Admin Console and trying "Test Domain/Realm Connectivity", the Console shows the error: "Domain/Realm test failed: null (68)"Solution:Error code 68 refers to an incorrect domain in the initial credentials validation.It could be as simple as you are using the incorrect realm/domain in the IWA adapter or the service account is not in the same domain. Here are some detailed steps if it is not a simple configuration issue:The first step in troubleshooting a Key Distribution Center(KDC) connectivity problem is to make sure that a KDC is being properly selected. There are two options: 1. If no KDC name is specified, the setup process will do a server(SRV) record lookup in domain name services(DNS) to find an authoritative KDC for the specified Realm. If the SRV record lookup fails, an error message will report that a KDC was not found. This method cannot be used if the SRV lookup will fail or if the lookup is likely to return a server which is not actually reachable. 2. If a KDC name is entered, no DNS SRV lookup will be done. Instead the fully qualified domain name(FQDN) will be constructed using that name as machine name and the Realm value as the DNS Domain. A normal lookup will then be done to resolve that FQDN to an Internet Protocol(IP) address. That lookup will be satisfied by a record in /etc/hosts 


