Windows Server 2008 User Account Control Gotcha #3

By | February 4, 2009

Okay, okay, I realise that I may be labouring the point somewhat.  I’ve already written two blog entries (here and here) about UAC in Windows Server 2008 and this is the third and (probably) last.

When you check DC replication using the repadmin /showreps command from a privileged command window you might see something like this:

SITE1\DC1
DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 0f28ec82-687f-4a16-81fb-bc7dc6b67fa9

DSA invocationID: 498ceb24-0a84-40a9-b8cb-63b1ff9a8ed1

==== INBOUND NEIGHBORS ======================================

DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

CN=Configuration,DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

CN=Schema,CN=Configuration,DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

DC=ForestDnsZones,DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

DC=DomainDnsZones,DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

Howerver, when you run the same command from an unprivileged command window, you might see the error shown below.

SITE1\DC1

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 0f28ec82-687f-4a16-81fb-bc7dc6b67fa9

DSA invocationID: 498ceb24-0a84-40a9-b8cb-63b1ff9a8ed1

==== INBOUND NEIGHBORS ======================================

DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

CN=Configuration,DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

CN=Schema,CN=Configuration,DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

DC=ForestDnsZones,DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

DC=DomainDnsZones,DC=MYCO,DC=COM

SITE0\DC2 via RPC

DSA object GUID: 04f70cfc-c73d-4e3c-9c8f-42c3ad146bb2

Last attempt @ 2009-02-04 13:48:49 was successful.

DsReplicaGetInfo() failed with status 8453 (0x2105):

Replication access was denied.

DsReplicaGetInfo() failed with status 8453 (0x2105):

Replication access was denied.

Note that the information returned is identical.  The only difference is that you see the errors at the end when running in an unprivileged window.  I believe the errors relate to a missing “Monitor Replication Topology” extended right at the root of each of the directory naming contexts (partitions).

 As with other UAC annoyances, the errors can potentially be confusing.  I guess the moral of the story with Windows Server 2008 is to always be aware of when you need to run commands with full privileges.  In my case it clearly takes some getting used to.  🙂

5 thoughts on “Windows Server 2008 User Account Control Gotcha #3

  1. Hilde

    Excellent tips! UAC in the ‘real world’ of a production MS enterprise can be tricky and, as you point out, complicated by obscure and unobvious errors/indications.

    I had a case where running LDP w/out elevation returned odd query results but elevation ‘fixed’ the issue.

    Reply
  2. Ak_Help

    Hi
    I was facing the same issues but I am continuously facing the same issues while performing the replication my org structure

    Site 1 : Site1\Administrator
    Site 2 : Site2\Administrator (Child DC)

    Server : Windows Server 2008R2,Windows Server 2012R2

    When I am trying to perform replication
    Site1 to Site2 its working but when I am doing it from
    Site2 to Site1 its giving Access denied Error issuing replication: 8453 (0x2105)

    Reason Permission issue

    1. You must be belongs to Enterprise Admin
    2. Perform Replication using Run as Admin

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.