Active Directory Replication Errors

11,262

There are a couple things that could be causing this problem. 1. ensure both servers are on the same subnet 2. check your DNS settings primary DNS should be DC1 3. check your firewall settings, there is a chance that the firewall settings on one of your servers is blocking access from within your network

I once had a client that had a similar issue and weirdly enough the problem then was that DC2 was taken from a different working environment and still had registry values pointing to the old domain.

11,262

Utkarsh Mahajan

Updated on September 18, 2022

Comments

Utkarsh Mahajan almost 2 years

We just installed a second Domain Controller on our domain. The installation of DC 2 went along with no hiccups. However I am running into an issue with replication. I cannot seem to get DC1 and DC2 to replicate from each other. The strange thing is I get different error messages from both servers when I try to "Replicate Now...". On DC1 I get this error "The following error occurred during the attempt to contact the Domain Controller DC2: The RPC server is unavailable."

I have checked that all services involving RPC are running and that the firewall is not blocking it. I have search and searched but haven't found the answer yet.

The error I get on DC2 is this: "The naming context is in the process of being removed or is not replicated from the specified serer. This operation will not continue"

The help offered by Microsoft on this one is terrible; "Wait". I was wondering if any of you have had this issue and, if so, what you did to correct it?

I am more than willing to learn, read articles, give more error feedback, etc. I am just stumped on this. Both our servers are running Server 2008 R2.

Command Output

Frome DC2:

CALLBACK MESSAGE: The following replication is in progress: From: d7d9c5a3-5473-447c-a726-92f3732dc8c9._msdcs.EEIMach.local.com To : b53ad717-2a90-4838-bca9-da00955566cc._msdcs.EEIMach.local.com CALLBACK MESSAGE: The following replication completed successfully: From: d7d9c5a3-5473-447c-a726-92f3732dc8c9._msdcs.EEIMach.local.com To : b53ad717-2a90-4838-bca9-da00955566cc._msdcs.EEIMach.local.com CALLBACK MESSAGE: SyncAll Finished. SyncAll terminated with no errors.

REPADMIN /SHOWREPS Default-First-Site-Name\EEIDC2 DSA Options: IS_GC Site Options: (none) DSA object GUID: b53ad717-2a90-4838-bca9-da00955566cc DSA invocationID: 8c1a9a72-a21d-48ea-a88f-7e1d878ae142

==== INBOUND NEIGHBORS ======================================

DC=EEIMach,DC=local,DC=com Default-First-Site-Name\WIN-332ECLDBVK1 via RPC DSA object GUID: d7d9c5a3-5473-447c-a726-92f3732dc8c9 Last attempt @ 2015-02-10 09:05:59 was successful.

CN=Configuration,DC=EEIMach,DC=local,DC=com Default-First-Site-Name\WIN-332ECLDBVK1 via RPC DSA object GUID: d7d9c5a3-5473-447c-a726-92f3732dc8c9 Last attempt @ 2015-02-10 09:18:37 was successful.

CN=Schema,CN=Configuration,DC=EEIMach,DC=local,DC=com Default-First-Site-Name\WIN-332ECLDBVK1 via RPC DSA object GUID: d7d9c5a3-5473-447c-a726-92f3732dc8c9 Last attempt @ 2015-02-10 09:05:59 was successful.

DC=DomainDnsZones,DC=EEIMach,DC=local,DC=com Default-First-Site-Name\WIN-332ECLDBVK1 via RPC DSA object GUID: d7d9c5a3-5473-447c-a726-92f3732dc8c9 Last attempt @ 2015-02-10 09:05:59 was successful.

DC=ForestDnsZones,DC=EEIMach,DC=local,DC=com Default-First-Site-Name\WIN-332ECLDBVK1 via RPC DSA object GUID: d7d9c5a3-5473-447c-a726-92f3732dc8c9 Last attempt @ 2015-02-10 09:05:59 was successful.

From DC1:

REPADMIN /SYNCALL CALLBACK MESSAGE: The following replication is in progress: From: b53ad717-2a90-4838-bca9-da00955566cc._msdcs.EEIMach.local.com To : d7d9c5a3-5473-447c-a726-92f3732dc8c9._msdcs.EEIMach.local.com CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105): Replication access was denied. From: b53ad717-2a90-4838-bca9-da00955566cc._msdcs.EEIMach.local.com To : d7d9c5a3-5473-447c-a726-92f3732dc8c9._msdcs.EEIMach.local.com CALLBACK MESSAGE: SyncAll Finished.

SyncAll reported the following errors: Error issuing replication: 8453 (0x2105): Replication access was denied. From: b53ad717-2a90-4838-bca9-da00955566cc._msdcs.EEIMach.local.com To : d7d9c5a3-5473-447c-a726-92f3732dc8c9._msdcs.EEIMach.local.com

Default-First-Site-Name\WIN-332ECLDBVK1 DSA Options: IS_GC Site Options: (none) DSA object GUID: d7d9c5a3-5473-447c-a726-92f3732dc8c9 DSA invocationID: d7d9c5a3-5473-447c-a726-92f3732dc8c9

DsReplicaGetInfo() failed with status 8453 (0x2105): Replication access was denied. DsReplicaGetInfo() failed with status 8453 (0x2105): Replication access was denied.

Naming Context: CN=Configuration,DC=EEIMach,DC=local,DC=com Source: Default-First-Site-Name\EEIDC2 ******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: CN=Schema,CN=Configuration,DC=EEIMach,DC=local,DC=com Source: Default-First-Site-Name\EEIDC2 ******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: DC=EEIMach,DC=local,DC=com Source: Default-First-Site-Name\EEIDC2 ******* WARNING: KCC could not add this REPLICA LINK due to error.
- Citizen over 9 years
  
  Are these servers in the same subnet?
- serverstackqns over 9 years
  
  What is the output of these commands, in both the servers..? REPADMIN /SYNCALL REPADMIN /SHOWREPS
- Utkarsh Mahajan over 9 years
  
  Yes the servers are on the same subnet
Utkarsh Mahajan over 9 years

Both servers are definitely on the same subnet. Other than checking DNS settings on the network and sharing menu, is there somewhere else I can check to make sure it isn't using old settings? Because on both DCs the other DC is the primary DNS. 3. I turned firewall off on both machines and still couldn't get them to replicate.
Utkarsh Mahajan over 9 years

I just checked and I am able to replicate both ways now. I think it was the firewall. However I am only able to control replication from DC2. If I try to tell DC1 to replicate now I still get that "RPC Server Unavailable" error.