Site replication problems in AD

Posted on 2007-07-28
Last Modified: 2010-04-18
I'm having some issues with AD replication. Our configuration was done by two separate vendors that I'm not sure they agreed on how to setup the different sites and link. This is what I have:

One main site in Phoenix with 3 DC's. One of these have the FSMO roles.
We have over 15 sites with DC's on them. The network is not fully routed so I need all these sites to replicate back to the Phoenix location.
All servers are Server 2003.
When I create an object on the DC in Phoenix I can see the changes in the others sites DC's but if I do a change in one of those sites I don't always see the changes back in Phoenix.
If I do a replmon from Phoenix I see that everything is replicating but I know that's not the case.
We have links configured in AD using IP. All sites are configured to use the same link as they all have similar DSL connections.
Not all the servers at the site are configured as bridgeheads. (I wonder if that's the problem)
At the Event Viewer in Phoenix I have a bunch of 1865, 1311 & 1566 entries.

I know something is not right but I'm not sure where to start to look at. I tried to document here as much information as I think could help you experts out there. Most likely I miss something. Please let me know and I'll do my best to provide the info. Any help with this will be greatly appreciated.

Question by:menendeza
    LVL 23

    Assisted Solution

    I think you need to set replication in both directions.

    In AD Sites & Services, add all your DCs (inc the remote site) there. Expand any of them and you should see something call NTDS settings. You should be seeing your remote DCs are replicated FROM your Phoenix DC. You need to configure on Phoenix DC to be replicated from other remote site DCs.

    You can define your own replication topology. Here are some guideline and best practise to define your topology. Hope it helps.,289483,sid1_gci1211924,00.html
    LVL 30

    Expert Comment

    If your network is not fully routed, you should disable the "Bridge All Site Links" option under IP-->Properties and configure one or more Site Link Bridges as appropriate to your topology, otherwise you're going to have Spoke Site A trying to create a replication connection with Spoke Site B because it doesn't know any better.

    How are your site links configured?  You should have one site link between Phoenix and each hub site, each containing PHX and the hub site in question, like PHX-PHL, PHX-Flagstaff, PHX-Tempe, etc.

    The best place to start troubleshooting replication is to install the Windows Support Tools on your DCs and run the following 3 commands:

    dcdiag /v
    netdiag /v
    repadmin /replsum

    Author Comment

    Sorry it took me so long to reply but we had a12 hours power outage last night and I was without Internet for that long! Working from home though.

    Yes, I have diable the "Bride All Site Links" options. However the site links are configured as one site link between Phoenix and Tucson. (Tucson is a fairly big hub) and then I have another site link that I use for the other sites. There is no one link per site but rather one link that I use for all sites. This was designed by one of the vendors so I figure with all the money we paid them they must know what they are doing, although I'm questioning now.

    I didn't have connections back to all the sites, just a few. I figure that explain why I couldn't get the changes of certain sites. I'm afraid this has been like this for quite a while so I might have DC's with old replicas. If that's the case I believe that after 90 days is a tombstone right? So I would have to run DCPROMO again, right?

    Thanks to both of you!
    LVL 30

    Accepted Solution

    If you have DCs that have not replicated in 60 days or more, you need to forcibly demote those DCs, perform a metadata cleanup and then re-run dcpromo.  Otherwise you run the risk of encountering USN rollback as described here:

    Author Comment

    Ok, I ran repadmin /showrepl and found the tombstones servers I will do the forcibly demote and clean the metadata as you suggested. The messages at the event viewer relates now to those servers than not being able to find them at all which I believe is some progress. The question I have now is in regards to automatically generated connections between the sites that keeps showing up after I made sure that only one connection is created to the Phoenix site. I made all the changes in the main DC in Phoenix, shouldn't all those changes replicate as well? I know they won't replicate to the tomstone servers but the ones that are still valid should get all those changes, right?

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now