DFSR Replication problem - only replicating in one direction
I am trying to setup DFSR on a number of server 2008 machines and am not having alot of joy.
We have two file servers in our head office and one in a branch office, the DFS setup i want is as follows.
1. HOFS1 (head office file server 1) Applications drive synched with BFS01 (branch file server)
2. BFS01 sending up two folders onto HOFS2 (for backups)
In order to do this i setup a replication group for each situation, what is happening is the branch server is receiving replication from the Head office servers but the Head office servers receive no replication from the branch server.
ie. if i create a folder at head office it does replicate to the branch server but if i create the file on the branch server it won't replicate to head office.
On the HO servers i get the following error-
--------------------------
The DFS Replication service encountered an error communicating with partner RYDDC1 for replication group Applications Drive DFS.
Partner DNS address: bfs01.contoso.local
Optional data if available:
Partner WINS Address: bfs01
Partner IP Address: 172.19.22.3
The service will retry the connection periodically.
Additional Information:
Error: 1753 (There are no more endpoints available from the endpoint mapper.)
Connection ID: E90D977A-6A6D-4D9C-869B-1A
Replication Group ID: 9B1324F5-5945-4511-9F83-BC
--------------------------
On the Branch file server i get the following error-
--------------------------
The DFS Replication service failed to communicate with partner WFS02 for replication group ryddc1 to wfs02 dfs test. The partner did not recognize the connection or the replication group configuration.
Partner DNS Address: hofs02.rap.local
Optional data if available:
Partner WINS Address: hofs02
Partner IP Address: 172.19.12.10
The service will retry the connection periodically.
Additional Information:
Error: 9026 (The connection is invalid)
Connection ID: 7DA245B6-AD8A-4032-9A59-E8
Replication Group ID: C5DB2B5A-B524-4880-9B8B-F2
--------------------------
Any ideas what could be going on?
I've turned off local firewalls completely, disabled anti-virus and gotten an 'any' rule created on our corporate firewall between these servers.
Ohh the branch server bfs01 is also a domain controller, while the two head office servers are just running file services.
I setup a test replication group between the two head office servers and everything worked fine which led me to think it was corporate firewall, however any communication between these servers.
Really appreciate some help with this been struggling away at it for a week now without real success.
We have two file servers in our head office and one in a branch office, the DFS setup i want is as follows.
1. HOFS1 (head office file server 1) Applications drive synched with BFS01 (branch file server)
2. BFS01 sending up two folders onto HOFS2 (for backups)
In order to do this i setup a replication group for each situation, what is happening is the branch server is receiving replication from the Head office servers but the Head office servers receive no replication from the branch server.
ie. if i create a folder at head office it does replicate to the branch server but if i create the file on the branch server it won't replicate to head office.
On the HO servers i get the following error-
--------------------------
The DFS Replication service encountered an error communicating with partner RYDDC1 for replication group Applications Drive DFS.
Partner DNS address: bfs01.contoso.local
Optional data if available:
Partner WINS Address: bfs01
Partner IP Address: 172.19.22.3
The service will retry the connection periodically.
Additional Information:
Error: 1753 (There are no more endpoints available from the endpoint mapper.)
Connection ID: E90D977A-6A6D-4D9C-869B-1A
Replication Group ID: 9B1324F5-5945-4511-9F83-BC
--------------------------
On the Branch file server i get the following error-
--------------------------
The DFS Replication service failed to communicate with partner WFS02 for replication group ryddc1 to wfs02 dfs test. The partner did not recognize the connection or the replication group configuration.
Partner DNS Address: hofs02.rap.local
Optional data if available:
Partner WINS Address: hofs02
Partner IP Address: 172.19.12.10
The service will retry the connection periodically.
Additional Information:
Error: 9026 (The connection is invalid)
Connection ID: 7DA245B6-AD8A-4032-9A59-E8
Replication Group ID: C5DB2B5A-B524-4880-9B8B-F2
--------------------------
Any ideas what could be going on?
I've turned off local firewalls completely, disabled anti-virus and gotten an 'any' rule created on our corporate firewall between these servers.
Ohh the branch server bfs01 is also a domain controller, while the two head office servers are just running file services.
I setup a test replication group between the two head office servers and everything worked fine which led me to think it was corporate firewall, however any communication between these servers.
Really appreciate some help with this been struggling away at it for a week now without real success.
Please run a DFS-R health report using dfsmgmt.msc as it will show you the exact connection object that is invalid,it can be removed & recreated to add it back.
Use Dfsrdiag pollad /mem:<member name> to force a poll & see if error goes away.
http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/953be9ef-e9e3-4885-a5c4-47fc475ba562
Use Dfsrdiag pollad /mem:<member name> to force a poll & see if error goes away.
http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/953be9ef-e9e3-4885-a5c4-47fc475ba562
Also check for Dns & AD replication is working correctly.
# Cause:
DFSR servers do not have permission to read AD information on themself or their
partners.
This has been changed by the customer, there are no bugs here.
Without auditing you will not be able to determine show changed these permissions
and only infer when they were changed.
# Solution:
Verify that "Authenticated Users" is set with the default READ permission on:
- The computer object in AD
- The DFSR-LocalSettings object under the computer
- The msdfsr-subscriber object under the localsettings object
- The msdfsr-subscription object under the subscriber object
(and that there are no denies set for groups that the servers could be a member of).
Once permissions are correct, use DFSRDIAG POLLAD to pick up the changes.
DFSR servers do not have permission to read AD information on themself or their
partners.
This has been changed by the customer, there are no bugs here.
Without auditing you will not be able to determine show changed these permissions
and only infer when they were changed.
# Solution:
Verify that "Authenticated Users" is set with the default READ permission on:
- The computer object in AD
- The DFSR-LocalSettings object under the computer
- The msdfsr-subscriber object under the localsettings object
- The msdfsr-subscription object under the subscriber object
(and that there are no denies set for groups that the servers could be a member of).
Once permissions are correct, use DFSRDIAG POLLAD to pick up the changes.
ASKER
Thanks very much for the reply Awinish.
The DFSR Health Report comes up with errors on one connection and warnings on the other connection, not sure what you mean by invalid but i've tried deleting and recreating them both without success.
DNS & AD Replication is all working correctly from what i can see.
I checked the permissions in adsiedit.msc that you listed and they all seem correct except i'm unable to find any msdfsr-subscriber or msdfsr-subscription objects. Are these still used in Server 2008? All i can see under the local settings object is another object with a GUID name and this has correct permissions anyway.
I'm considering demoting the branch server from being a domain controller and giving DFSR a shot after that, however it's a big job as i'll need to do it after hours etc. Can you see that being worthwhile or just going to be wasting my time?
The DFSR Health Report comes up with errors on one connection and warnings on the other connection, not sure what you mean by invalid but i've tried deleting and recreating them both without success.
DNS & AD Replication is all working correctly from what i can see.
I checked the permissions in adsiedit.msc that you listed and they all seem correct except i'm unable to find any msdfsr-subscriber or msdfsr-subscription objects. Are these still used in Server 2008? All i can see under the local settings object is another object with a GUID name and this has correct permissions anyway.
I'm considering demoting the branch server from being a domain controller and giving DFSR a shot after that, however it's a big job as i'll need to do it after hours etc. Can you see that being worthwhile or just going to be wasting my time?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just can't figure what else is different between the servers, there is just the location (branch office so different subnet) and the fact it's running domain services.