Problems replicating domain controllers

Posted on 2006-11-09
Last Modified: 2012-08-14
I currently have 4 Windows 2000 domain controllers. I bought 2 new servers and loaded them with Server 2003 (to replace and retire the old 2000 DCs). I ran the domain and forest prep tools and they worked just fine. I then used dcpromo to make one of the 2003 servers a dc and it appears to have worked just fine. Now, when I go into AD Sites and Services to set up a replication partner it says this:

"The following error occurred during the attempt to contact the domain controller DC01: The RPC server is unavailable.

This condition may be caused by a DNS lookup problem. For information about troubleshooting common DNS lookup problems, please see the following Microsoft Web site: http://go."

I have looked at this site and many others and cannot figure out my problem. If anyone has any ideas please let me know. Thanks

Question by:jhwebb55
  • 3
  • 3
  • 2
  • +1
LVL 16

Expert Comment

ID: 17908539
I'm sure you've done this, but have you checked that the RPC Server is actually running in Services?


Author Comment

ID: 17908659
Yes. That was the first thing I did.
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 17908724
Have you checked to be sure that the RPC service on either server is not hung or spiking the CPU?  Also, how is your DNS zone set up - AD integrated?  What DNS server is the new Win2K3 server pointing to? Check to be sure it is pointing to the correct server and that you have good comm. between the new server and the DNS server.  That's the basics.  If that's all good, then you need to run dcdiag on the new server to see where it's failing and what's going on.

Hope this helps!
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

LVL 33

Expert Comment

ID: 17908973
"Now, when I go into AD Sites and Services to set up a replication partner it says this:"  Should's have to do this,.... when you do the DCPROMO, it will automatically configure replication partners for your new DC.  Not sure what you are doing here....


Author Comment

ID: 17909007
I believe it is AD Integrated. The new 2K3 server is pointing to one of the W2K DCs for DNS. An article I read said to make it point to itself but that didn't do anything. I have ran dcdiag /test:dns and this is what I got:

C:\Documents and Settings\admin acct>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         The host fd7f4831-8a68-40ad-a8c6-b8513078f3b1._msdcs.<my domain name> could not
be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (fd7f4831-8a68-40ad-a8c6-b8513078f3b1._msdcs.<my domain name>) couldn't be
         resolved, the server name ( resolved to the IP
         address ( and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... DC01 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : <my domain name>

   Running enterprise tests on : <my domain name>
      Starting test: DNS
         Test results for domain controllers:

            Domain: <my domain name>

               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Error: The A record for this DC was not found

               TEST: Records registration (RReg)
                  Network Adapter [00000007] Intel(R) PRO/1000 MT Network Connec
                     Error: Missing A record at DNS server :

               Error: Record registrations cannot be found for all the network a

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            Domain: <my domain name>
               dc01                      PASS FAIL PASS PASS PASS FAIL n/a

         ......................... <my domain name> failed test DNS

C:\Documents and Settings\admin acct>

Can you all make anything of this?
LVL 33

Assisted Solution

NJComputerNetworks earned 250 total points
ID: 17909097
1) Make sure that All DC's are using the same DNS servers.  These should be servers from inside your AD domain.   In fact, to make it simple, you should point all of you DC's to the same primary DNS server(this is probably one of you DC's.)

2) Point all of DC's to this center DNS servers.  This means, going into TCP/IP settings on each DC and pointing DNS 1 to the same DNS server (again, this should be inside your network and probably one of your DC's with the DNS service installed....)

3) wait....  It is important to make sure that DNS is working properly before doing anything else....   you should test DNS...  using NSLOOKUP from a command prompt.  Some example tests:

NSLOOKUP domainname.local  <enter>     This should return the IP address of every DC in your domain.

NSLOOKUP dcname.domainname.local <enter>  You should get the IP address of your DC

NSLOOKUP xx.xx.xx.xx.<enter>  (where xx.xx.xx.xx. is an ip address of a computer in your domain... it will return the name)

You should get DNS working properly in your environment before troubleshooting replication problems....  it is recommended to install the DNS service on each domain controller....if you are using AD Integrated...

LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 17909139
OK -

1.  After you ran forestprep and adprep, did you make sure that the changes were replicated to all of your Win2K servers before promoting the new server? If not, this could cause problems.

2.  Check your DNS zone and see if the new server has registered itself in the zone and if it shows up correctly on all of your DNS servers.  Also, check the DNS records for DC01 and make sure that they are there and are all correct.  You also need to check the folder in DNS to see if the GUID name appears and references DC01 correctly. Also, check to see if there is a GUID name entry for the new server correctly referencing that server name.

Please post responses. It looks liked a failed dcpromo to me, but let's see what you come up with on these two things.  Your best bet may be to run dcpromo again and see if you can get this server to gracefully "unpromote" itself and recover from whatever is causing the problem.  If that's successful, then you could try to re-promote it.

Author Comment

ID: 17909609
I can nslookup an IP and it return the name and vice versa. I don't think we have a failover DNS server. The DCs in AD should all act as DNS servers, right? I ran the dcdiag tool on my existing DCs and they all tested good. Also, I saw in my connectivity tests that the server is showing up as <server name>.<DNS server ip> instead of <server name>.<domain name> Why is this? Would that have something to do with it? When I first loaded the new 2K3 server (before I promoted it to a DC) I added created the Host record in DNS so I know that it is in there.

I have tried to dcpromot (demote) but it doesn't work. It is giving me the same DNS problems.
LVL 38

Accepted Solution

Hypercat (Deb) earned 250 total points
ID: 17915036
The DCs will only act as DNS servers if DNS is installed and authorized on that server.  If you didn't set up these servers yourself, you'd have to check to see if they are name servers or not.  Microsoft does recommend that in an AD-integrated DNS setup any DC should be running DNS, but not everyone does it that way.

The dcdiag test on the new server indicates that it is not finding the domain record.  It can find the server IP address, but it is not seeing the records that identify the server(s) as DC(s). This is where that _msdcs.domain folder in the DNS zone is important.  Did you check this folder?  In the top level of this folder, you should see a record with a long complex GUID for each DC, with the corresponding FQDN for that DC listed next to it.  The dcdiag results on DC01 indicate that this record is missing.  If one or more of these records don't exist, then that is at least part of the problem.

Check DNS again for the new server name and to confirm which server(s) are DNS server(s).  In the main DNS zone, if a server is a DC but NOT a DNS server, there should be two records:

1.  An "A" (host) record at the top similar to the following:

(same as parent folder)      Host (A)

2.  An "A" (host) record listing the IP and server name:


If it is also a DNS server, there should be a name server record as well:

(same as parent folder)     Name Server (NS)

If you could post the results from checking DNS for these records and for the records in the main folder, maybe we can determine if/where it is going wrong.

Also, take a look at these MS knowledgebase articles and see if any of them help you out:


Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question