500 Easy Points - See URL below.
https://www.experts-exchange.com/questions/22040753/AD-Replication-denied-by-Root-AD-server.html
I have 5 DCs in a WAN environment. Yesterday my Root DC stopped replying to one of those DCs. Now the servers do send/receive information but the Root doesn't replicate with the one DC anymore. The DC that cannot replicate states that the Root DC's RPC isn't available. All of the other DC's work properly and do not report any problems replicating.
I have tried removing and re-adding the site in sites and services, I have tried having that server added to a different site to see if it could replicate with any other of the DC's but that gives another error.
More information supplied at the question in the URL above.
Thank You
I have 5 DCs in a WAN environment. Yesterday my Root DC stopped replying to one of those DCs. Now the servers do send/receive information but the Root doesn't replicate with the one DC anymore. The DC that cannot replicate states that the Root DC's RPC isn't available. All of the other DC's work properly and do not report any problems replicating.
I have tried removing and re-adding the site in sites and services, I have tried having that server added to a different site to see if it could replicate with any other of the DC's but that gives another error.
More information supplied at the question in the URL above.
Thank You
ASKER
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
DC=enclos,DC=glass,DC=com
Source domain controller:
CN=NTDS Settings,CN=MSPROOT,CN=Ser
Source domain controller address:
44418113-2098-45d3-a3f9-a8
Intersite transport (if any):
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
1722 The RPC server is unavailable.
Directory partition:
DC=enclos,DC=glass,DC=com
Source domain controller:
CN=NTDS Settings,CN=MSPROOT,CN=Ser
Source domain controller address:
44418113-2098-45d3-a3f9-a8
Intersite transport (if any):
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
1722 The RPC server is unavailable.
ASKER
C:\WINDOWS>dcdiag /test:netlogons
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: STL\STLDC1
Starting test: Connectivity
......................... STLDC1 passed test Connectivity
Doing primary tests
Testing server: STL\STLDC1
Starting test: NetLogons
......................... STLDC1 passed test NetLogons
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : enclos
Running enterprise tests on : enclos.glass.com
C:\WINDOWS>dcdiag /test:replications
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: STL\STLDC1
Starting test: Connectivity
......................... STLDC1 passed test Connectivity
Doing primary tests
Testing server: STL\STLDC1
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
STLDC1: Current time is 2006-10-30 07:33:38.
DC=ForestDnsZones,DC=enclo
Last replication recieved from YULDC1 at 2006-10-28 01:07:02.
Last replication recieved from MSPROOT at 2006-10-28 00:56:45.
Last replication recieved from SNADC1 at 2006-10-28 00:45:02.
Last replication recieved from BWIDC1 at 2006-10-28 00:45:02.
Last replication recieved from PLSDC1 at 2006-10-28 00:45:03.
Last replication recieved from MNLDC1 at 2006-10-28 00:45:02.
Last replication recieved from LAXDC1 at 2006-10-28 00:45:02.
DC=DomainDnsZones,DC=enclo
Last replication recieved from YULDC1 at 2006-10-28 01:07:02.
Last replication recieved from MSPROOT at 2006-10-28 00:56:45.
Last replication recieved from SNADC1 at 2006-10-28 00:45:00.
Last replication recieved from BWIDC1 at 2006-10-28 00:45:00.
Last replication recieved from PLSDC1 at 2006-10-28 00:45:01.
Last replication recieved from MNLDC1 at 2006-10-28 00:45:01.
Last replication recieved from LAXDC1 at 2006-10-28 00:45:00.
CN=Schema,CN=Configuration
Last replication recieved from YULDC1 at 2006-10-28 01:06:40.
Last replication recieved from MSPROOT at 2006-10-28 00:56:45.
Last replication recieved from SNADC1 at 2006-10-28 00:44:58.
Last replication recieved from BWIDC1 at 2006-10-28 00:44:58.
Last replication recieved from PLSDC1 at 2006-10-28 00:44:58.
Last replication recieved from MNLDC1 at 2006-10-28 00:44:57.
Last replication recieved from LAXDC1 at 2006-10-28 00:44:58.
CN=Configuration,DC=enclos
Last replication recieved from YULDC1 at 2006-10-28 01:06:40.
Last replication recieved from MSPROOT at 2006-10-28 00:56:44.
Last replication recieved from SNADC1 at 2006-10-28 00:44:53.
Last replication recieved from BWIDC1 at 2006-10-28 00:44:55.
Last replication recieved from PLSDC1 at 2006-10-28 00:44:57.
Last replication recieved from MNLDC1 at 2006-10-28 00:44:56.
Last replication recieved from LAXDC1 at 2006-10-28 00:44:54.
DC=enclos,DC=glass,DC=com
Last replication recieved from YULDC1 at 2006-10-28 01:06:39.
Last replication recieved from MSPROOT at 2006-10-28 00:56:44.
Last replication recieved from SNADC1 at 2006-10-28 00:44:59.
Last replication recieved from BWIDC1 at 2006-10-28 00:44:59.
Last replication recieved from PLSDC1 at 2006-10-28 00:45:00.
Last replication recieved from MNLDC1 at 2006-10-28 00:44:51.
Last replication recieved from LAXDC1 at 2006-10-28 00:44:59.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=BWI,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:18:26
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=Enclos-HQ,CN=S
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:34:49
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=LAX,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:14:49
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=MNL,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:20:08
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=SNA,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:01:09
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=YUL,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:47:24
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=PLS,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:03:55
Check if source site has an elected ISTG running.
Check replication from source site to this server.
......................... STLDC1 passed test Replications
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : enclos
Running enterprise tests on : enclos.glass.com
C:\WINDOWS>
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: STL\STLDC1
Starting test: Connectivity
......................... STLDC1 passed test Connectivity
Doing primary tests
Testing server: STL\STLDC1
Starting test: NetLogons
......................... STLDC1 passed test NetLogons
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : enclos
Running enterprise tests on : enclos.glass.com
C:\WINDOWS>dcdiag /test:replications
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: STL\STLDC1
Starting test: Connectivity
......................... STLDC1 passed test Connectivity
Doing primary tests
Testing server: STL\STLDC1
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
STLDC1: Current time is 2006-10-30 07:33:38.
DC=ForestDnsZones,DC=enclo
Last replication recieved from YULDC1 at 2006-10-28 01:07:02.
Last replication recieved from MSPROOT at 2006-10-28 00:56:45.
Last replication recieved from SNADC1 at 2006-10-28 00:45:02.
Last replication recieved from BWIDC1 at 2006-10-28 00:45:02.
Last replication recieved from PLSDC1 at 2006-10-28 00:45:03.
Last replication recieved from MNLDC1 at 2006-10-28 00:45:02.
Last replication recieved from LAXDC1 at 2006-10-28 00:45:02.
DC=DomainDnsZones,DC=enclo
Last replication recieved from YULDC1 at 2006-10-28 01:07:02.
Last replication recieved from MSPROOT at 2006-10-28 00:56:45.
Last replication recieved from SNADC1 at 2006-10-28 00:45:00.
Last replication recieved from BWIDC1 at 2006-10-28 00:45:00.
Last replication recieved from PLSDC1 at 2006-10-28 00:45:01.
Last replication recieved from MNLDC1 at 2006-10-28 00:45:01.
Last replication recieved from LAXDC1 at 2006-10-28 00:45:00.
CN=Schema,CN=Configuration
Last replication recieved from YULDC1 at 2006-10-28 01:06:40.
Last replication recieved from MSPROOT at 2006-10-28 00:56:45.
Last replication recieved from SNADC1 at 2006-10-28 00:44:58.
Last replication recieved from BWIDC1 at 2006-10-28 00:44:58.
Last replication recieved from PLSDC1 at 2006-10-28 00:44:58.
Last replication recieved from MNLDC1 at 2006-10-28 00:44:57.
Last replication recieved from LAXDC1 at 2006-10-28 00:44:58.
CN=Configuration,DC=enclos
Last replication recieved from YULDC1 at 2006-10-28 01:06:40.
Last replication recieved from MSPROOT at 2006-10-28 00:56:44.
Last replication recieved from SNADC1 at 2006-10-28 00:44:53.
Last replication recieved from BWIDC1 at 2006-10-28 00:44:55.
Last replication recieved from PLSDC1 at 2006-10-28 00:44:57.
Last replication recieved from MNLDC1 at 2006-10-28 00:44:56.
Last replication recieved from LAXDC1 at 2006-10-28 00:44:54.
DC=enclos,DC=glass,DC=com
Last replication recieved from YULDC1 at 2006-10-28 01:06:39.
Last replication recieved from MSPROOT at 2006-10-28 00:56:44.
Last replication recieved from SNADC1 at 2006-10-28 00:44:59.
Last replication recieved from BWIDC1 at 2006-10-28 00:44:59.
Last replication recieved from PLSDC1 at 2006-10-28 00:45:00.
Last replication recieved from MNLDC1 at 2006-10-28 00:44:51.
Last replication recieved from LAXDC1 at 2006-10-28 00:44:59.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=BWI,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:18:26
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=Enclos-HQ,CN=S
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:34:49
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=LAX,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:14:49
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=MNL,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:20:08
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=SNA,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:01:09
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=YUL,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:47:24
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNING
Source site: CN=NTDS Site Settings,CN=PLS,CN=Sites,C
Current time: 2006-10-30 07:33:39
Last update time: 2006-10-28 00:03:55
Check if source site has an elected ISTG running.
Check replication from source site to this server.
......................... STLDC1 passed test Replications
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : enclos
Running enterprise tests on : enclos.glass.com
C:\WINDOWS>
ASKER
C:\WINDOWS>nltest.exe /dsregdns
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully
ASKER
When restarting Netlogon Service on the troubled DC many of the following error occur for each Record:
The dynamic registration of the DNS record 'ForestDnsZones.enclos.gla
DNS server IP address: 172.16.77.121
Returned Response Code (RCODE): 5
Returned Status Code: 10060
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
The dynamic registration of the DNS record 'ForestDnsZones.enclos.gla
DNS server IP address: 172.16.77.121
Returned Response Code (RCODE): 5
Returned Status Code: 10060
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
ASKER
This problem has been solved.
It was a corrupted Riverbed Steelhead. It caused just enough of a transmission problem that RPC couldn't resolve to the troubled server.
I bypassed the Steelhead and I was able to add the server back into the Domain, DCPromo it back to a DC.
So if you use Riverbed Steelheads be watchful. If the RED light comes on, that means the Steelhead has a problem. Do NOT trust the passthru switch! Either get it fixed or bypass it until it can be fixed.
I have these on 3 of my DC connections, when they are working they work great! Now I know what to look for if my DC starts falling apart.
Thanks to all of those that tried helping!
It was a corrupted Riverbed Steelhead. It caused just enough of a transmission problem that RPC couldn't resolve to the troubled server.
I bypassed the Steelhead and I was able to add the server back into the Domain, DCPromo it back to a DC.
So if you use Riverbed Steelheads be watchful. If the RED light comes on, that means the Steelhead has a problem. Do NOT trust the passthru switch! Either get it fixed or bypass it until it can be fixed.
I have these on 3 of my DC connections, when they are working they work great! Now I know what to look for if my DC starts falling apart.
Thanks to all of those that tried helping!
What is Riverbed Steelheads?
NITADMIN
NITADMIN
ASKER
Riverbed Steelheads are Netowrk caching devices. Basically they contain Harddrives and they cache the network files between sites. Obviously the HD size depends on the sites size.
For example, you have two sites that need to share a Finance Share. One site hosts the Finance share locally. Both sites have Steelheads installed. When users at the remote site access files from the Finance share, those files are technically copied to the Steelhead. They make changes to that file and the Steelhead send back only the tiny block changes. That makes the use of shared files much quicker as each user can open the files locally.
Keep in mind that the Steelheads are really using the files from the shared folder - so two users can't have the same file open and writable at the same time similar to a LAN.
For example, you have two sites that need to share a Finance Share. One site hosts the Finance share locally. Both sites have Steelheads installed. When users at the remote site access files from the Finance share, those files are technically copied to the Steelhead. They make changes to that file and the Steelhead send back only the tiny block changes. That makes the use of shared files much quicker as each user can open the files locally.
Keep in mind that the Steelheads are really using the files from the shared folder - so two users can't have the same file open and writable at the same time similar to a LAN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There has to be some error events associated with your problem.
Let us know what you find.
Also run dcdiag test. And copy and paste the result here.
Cheers,
NITADMIN