Solved

Event 1188 1232 NTDS Replication problems

Posted on 2007-12-03
3
5,992 Views
Last Modified: 2012-05-05
Hello, I'm experiencing some problems concernign replication between my 3 Domain Controllers. 2 DC's are on the same Lan (named DC1005 and DC1006), one is on another location connected through a WAN 6Mbit line (named DCNOC001). A couple of times per week I'm experiencing replication problems between DCNOC001 and the DC1005 or DC1006. In the event viewer on the DCNOC001 there are the following event id's: 1188 and 1232.
From the DCNOC001 I cannot RDP to the DC1005.
I can ping DC1005 from the DCNOC001
I can do a nslookup on the DCNOC001 and DC1005 and DC1006, works fine
The only thing I can do to solve this is to reboot the DC1005.
I hope someone can give me some advise.
Thank you in advance.

DCDIAG on the DC1005 gets stuck on the replication test.
Dcdiag on the DCNOC001 tells me the following:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DCNOC001
      Starting test: Connectivity
         ......................... DCNOC001 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DCNOC001
      Starting test: Replications
         [Replications Check,DCNOC001] A recent replication attempt failed:
            From DC1005 to DCNOC001
            Naming Context: DC=ForestDnsZones,DC=ds-opm,DC=lan
            The replication generated an error (1726):
            The remote procedure call failed.
            The failure occurred at 2007-12-03 08:06:17.
            The last success occurred at 2007-12-01 12:45:12.
            43 failures have occurred since the last success.
            The replication RPC call executed for too long at the server and
            was cancelled.
            Check load and resouce usage on DC1005.
         [Replications Check,DCNOC001] A recent replication attempt failed:
            From DC1005 to DCNOC001
            Naming Context: DC=DomainDnsZones,DC=ds-opm,DC=lan
            The replication generated an error (1726):
            The remote procedure call failed.
            The failure occurred at 2007-12-03 08:03:13.
            The last success occurred at 2007-12-01 12:45:12.
            43 failures have occurred since the last success.
            The replication RPC call executed for too long at the server and
            was cancelled.
            Check load and resouce usage on DC1005.
         [Replications Check,DCNOC001] A recent replication attempt failed:
            From DC1005 to DCNOC001
            Naming Context: CN=Schema,CN=Configuration,DC=ds-opm,DC=lan
            The replication generated an error (1726):
            The remote procedure call failed.
            The failure occurred at 2007-12-03 07:54:10.
            The last success occurred at 2007-12-01 12:45:12.
            43 failures have occurred since the last success.
            The replication RPC call executed for too long at the server and
            was cancelled.
            Check load and resouce usage on DC1005.
         [Replications Check,DCNOC001] A recent replication attempt failed:
            From DC1005 to DCNOC001
            Naming Context: CN=Configuration,DC=ds-opm,DC=lan
            The replication generated an error (1726):
            The remote procedure call failed.
            The failure occurred at 2007-12-03 08:40:46.
            The last success occurred at 2007-12-01 13:05:40.
            103 failures have occurred since the last success.
            The replication RPC call executed for too long at the server and
            was cancelled.
            Check load and resouce usage on DC1005.
         [Replications Check,DCNOC001] A recent replication attempt failed:
            From DC1005 to DCNOC001
            Naming Context: DC=ds-opm,DC=lan
            The replication generated an error (1726):
            The remote procedure call failed.
            The failure occurred at 2007-12-03 08:36:34.
            The last success occurred at 2007-12-01 13:42:05.
            328 failures have occurred since the last success.
            The replication RPC call executed for too long at the server and
            was cancelled.
            Check load and resouce usage on DC1005.
         ......................... DCNOC001 passed test Replications
      Starting test: NCSecDesc
         ......................... DCNOC001 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DCNOC001 passed test NetLogons
      Starting test: Advertising
         ......................... DCNOC001 passed test Advertising
      Starting test: KnowsOfRoleHolders
         [DC1005] LDAP bind failed with error 1053,
         The service did not respond to the start or control request in a timely
 fashion..
         Warning: DC1005 is the Schema Owner, but is not responding to LDAP Bind
.
         Warning: DC1005 is the Domain Owner, but is not responding to LDAP Bind
.
         Warning: DC1005 is the PDC Owner, but is not responding to LDAP Bind.
         Warning: DC1005 is the Rid Owner, but is not responding to LDAP Bind.
         Warning: DC1005 is the Infrastructure Update Owner, but is not respondi
ng to LDAP Bind.
         ......................... DCNOC001 failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DCNOC001 passed test RidManager
      Starting test: MachineAccount
         ......................... DCNOC001 passed test MachineAccount
      Starting test: Services
         ......................... DCNOC001 passed test Services
      Starting test: ObjectsReplicated
         ......................... DCNOC001 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DCNOC001 passed test frssysvol
      Starting test: frsevent
         ......................... DCNOC001 passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x8000072F
            Time Generated: 12/03/2007   08:45:13
            (Event String could not be retrieved)
         ......................... DCNOC001 failed test kccevent
      Starting test: systemlog
         ......................... DCNOC001 passed test systemlog
      Starting test: VerifyReferences
         ......................... DCNOC001 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : ds-opm
      Starting test: CrossRefValidation
         ......................... ds-opm passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ds-opm passed test CheckSDRefDom

   Running enterprise tests on : ds-opm.lan
      Starting test: Intersite
         ......................... ds-opm.lan passed test Intersite
      Starting test: FsmoCheck
         ......................... ds-opm.lan passed test FsmoCheck

0
Comment
Question by:LeonesIT
  • 2
3 Comments
 
LVL 28

Expert Comment

by:Michael Pfister
Comment Utility
Do you have servicepack 2 installed on your DCs?

Get PortQryUI http://support.microsoft.com/kb/310456/en-us
and follow the instructions to verify connectivity between the 3 DC's

It could be a VPN issue or firewall issue.

0
 

Accepted Solution

by:
LeonesIT earned 0 total points
Comment Utility
Hello, I think it's not a firewall issue. Tried the PortQuery tool and it's working just fine. Just now I have the same problems again. Event 1188, followed by Event 1232, Only thing to do is restart the DC.
One DC, DCNOC001, is with SP2, the other two, DC1005 and DC1006 are with SP1. RDP from DC1006 to DCNOC001 works fine, RDP from DCNOC001 to DC1006 is not working fine.

DCDIAG /e on the DC1006:
 Testing server: DSOGNOC\DCNOC001
    Starting test: Connectivity
       [DCNOC001] LDAP bind failed with error 1053,
       The service did not respond to the start or control request in a timely
    Running enterprise tests on : ds-opm.lan
      Starting test: Intersite
         Doing intersite inbound replication test on site
         Default-First-Site-Name:
            Remote bridgehead DSOGNOC\DCNOC001 also couldn't be contacted by
            dcdiag.  Check this server.
         Doing intersite inbound replication test on site DSOGNOC:
            [DCNOC001] DsBindWithSpnEx() failed with error 1727,
            The remote procedure call failed and did not execute..
            ***Error: The current ISTG is down in site DSOGNOC and further
            dcdiag could not contact any other servers in the site that could
            take the ISTG role.  Ensure there is at least one up DC.  Must
            abandon inbound intersite replication test for this site.
         ......................... ds-opm.lan failed test Intersite

DCDIAG /e on the DCNOC001:
   Testing server: Default-First-Site-Name\DC1006
      Starting test: Connectivity
         [DC1006] LDAP bind failed with error 1053,
         The service did not respond to the start or control request in a timely
 fashion..
         ......................... DC1006 failed test Connectivity
   Testing server: Default-First-Site-Name\DC1006
      Skipping all tests, because server DC1006 is
      not responding to directory service requests

   Testing server: DSOGNOC\DCNOC001
      Starting test: Replications
         [Replications Check,DCNOC001] A recent replication attempt failed:
            From DC1006 to DCNOC001
            Naming Context: DC=ds-opm,DC=lan
            The replication generated an error (1818):
            The remote procedure call was cancelled.
            The failure occurred at 2007-12-06 11:11:01.
            The last success occurred at 2007-12-06 09:31:10.
            4 failures have occurred since the last success.
   Running enterprise tests on : ds-opm.lan
      Starting test: Intersite
         Doing intersite inbound replication test on site
         Default-First-Site-Name:
         Doing intersite inbound replication test on site DSOGNOC:
            *Warning: Remote bridgehead Default-First-Site-Name\DC1006 is not
            eligible as a bridgehead due to too many failures.  Replication may
            be disrupted into the local site DSOGNOC.
            Remote bridgehead Default-First-Site-Name\DC1006 also couldn't be
            contacted by dcdiag.  Check this server.

What I found was the following link:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21761621.html
and
http://support.microsoft.com/kb/898060/en-us

I'll try this out.
0
 
LVL 28

Expert Comment

by:Michael Pfister
Comment Utility
Would have been my next question, if you are current with post SP1 hotfixes...

I'd recommend 2 things:

- Upgrade network card drivers on all DCs with the latest version from the vendor
- Upgrade to SP2 on the 2 servers with SP1

Hope it helps,

Michael
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now