Link to home
Start Free TrialLog in
Avatar of chuckycharms
chuckycharmsFlag for United States of America

asked on

No active directory replication

Hello All,

I have an issue with AD replication in my domain. My enviroment is 4 buildings each with their own DC, and are on seperate subnets in a locally routed network. No replication is happening between domain controllers. I believe replication is properly setup. I had worked in the past, however recently stopped working after my PDC failed, elected a new DC as the PDC, rebuilt the failed DC and re-elected the original PDC. Would there be any suggestions on how to track this down?

Thank You for your time!
ASKER CERTIFIED SOLUTION
Avatar of Smart_Man
Smart_Man
Flag of Egypt image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of chuckycharms

ASKER

Here is a dcdiag....looks like a few problems.
C:\Documents and Settings\Administrator.PLT3>dcdiag.exe

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: PES\PES-AD
      Starting test: Connectivity
         ......................... PES-AD passed test Connectivity

Doing primary tests

   Testing server: PES\PES-AD
      Starting test: Replications
         REPLICATION-RECEIVED LATENCY WARNING
         PES-AD:  Current time is 2008-03-05 14:35:11.
            DC=DomainDnsZones,DC=PLT3,DC=local
               Last replication recieved from TES-AD at 2008-01-23 15:56:37.
               Last replication recieved from TMS-AD at 2008-01-23 15:56:22.
            DC=ForestDnsZones,DC=PLT3,DC=local
               Last replication recieved from TES-AD at 2008-01-23 15:55:26.
               Last replication recieved from TMS-AD at 2008-01-23 15:55:26.
            CN=Schema,CN=Configuration,DC=PLT3,DC=local
               Last replication recieved from TES-AD at 2008-01-23 15:55:26.
               Last replication recieved from TMS-AD at 2008-01-23 15:55:26.
            CN=Configuration,DC=PLT3,DC=local
               Last replication recieved from TES-AD at 2008-01-23 15:55:26.
               Last replication recieved from TMS-AD at 2008-01-23 15:55:26.
            DC=PLT3,DC=local
               Last replication recieved from TES-AD at 2008-01-23 16:00:21.
               Last replication recieved from TMS-AD at 2008-01-23 15:59:00.
         REPLICATION-RECEIVED LATENCY WARNING
          Source site:
         CN=NTDS Site Settings,CN=TMS,CN=Sites,CN=Configuration,DC=PLT3,DC=local

          Current time: 2008-03-05 14:35:11
          Last update time: 2008-01-23 15:53:14
          Check if source site has an elected ISTG running.
          Check replication from source site to this server.
         ......................... PES-AD passed test Replications
      Starting test: NCSecDesc
         ......................... PES-AD passed test NCSecDesc
      Starting test: NetLogons
         ......................... PES-AD passed test NetLogons
      Starting test: Advertising
         ......................... PES-AD passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PES-AD passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PES-AD passed test RidManager
      Starting test: MachineAccount
         ......................... PES-AD passed test MachineAccount
      Starting test: Services
         ......................... PES-AD passed test Services
      Starting test: ObjectsReplicated
         ......................... PES-AD passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... PES-AD passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... PES-AD failed test frsevent
      Starting test: kccevent
         ......................... PES-AD passed test kccevent
      Starting test: systemlog
         ......................... PES-AD passed test systemlog
      Starting test: VerifyReferences
         ......................... PES-AD passed test VerifyReferences

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : PLT3
      Starting test: CrossRefValidation
         ......................... PLT3 passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... PLT3 passed test CheckSDRefDom

   Running enterprise tests on : PLT3.local
      Starting test: Intersite
         ......................... PLT3.local passed test Intersite
      Starting test: FsmoCheck
         ......................... PLT3.local passed test FsmoCheck
!!! looks like they are replicating and happy.

why you said they are not replicating ?

waiting for your reply
Ok, so this is the DCDiag from one of the child DCs. Sorry. Ok so what I have found is some errors in the File Replication log on the PDC. Here is one of the errors, there is one for each DC:

The File Replication Service is having trouble enabling replication from TES-AD to PHS-AD for c:\windows\sysvol\domain using the DNS name tes-ad.PLT3.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name tes-ad.PLT3.local from this computer.
 [2] FRS is not running on tes-ad.PLT3.local.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at
I have verified all but option 3, how can I verify this?
I also can not force a replication - it states that the RPC server on on the remote DC is not available. But I have verified that it is.
Ok, found one problem. A wireless router that I replaced a month back or so had a default firewall rule to block RPC traffic. Took that out and now I do not get that error. however, when I create a new user, it is not replicated to any of the DCs. Any thoughts?
Ok, so Im getting closer I think. When forcing a replication from witin sites and services I recieve the following error:

"The following error occurred during the attempt to sychronize naming context PLT3.local from domain controller PES-AD to domain controller PHS-AD:
The naming context is in the process of being removed or is not replicated from the specified server.

This operation will not continue."

Any thoughts?
As per this article http://support.microsoft.com/kb/319202 , I have determined that I am missing some SRV records under msdcs/dc/_sites/ .

It only shows the local site, where as the other 3 DC's show all 4 sites. Why is DNS not propagating to this one DC?

(Im a little concerned with the amount of traffic my question is not experiencing, any help would be GREATLY appreciated!)
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
looks like dns problem.


can you post your dns configuration on the sites

waiting for your reply
Avatar of kiachet
kiachet

Hello?
Ok. So since this is a school district, I have not been able to work on this until this fall again. I have tried to catch up from my work last spring. One collegue suggested that I just remove the DC from the domain and re-add it. Any thoughts? And thanks for coming to help on a really old question. I promise I am actively working on this now, and will award points when resolved.

Thanks!
This was an issue that was resolved by hiring an outside consultant. Do not know the reason of the fix. I will award points across all that participated for the efforts.