Link to home
Start Free TrialLog in
Avatar of Member_2_2473503
Member_2_2473503Flag for Philippines

asked on

AD Replication working but receiving many errors/ warnings in eventlog

I have a few domain controllers that are replicating fine but I am getting many events showing NTDS reapplication problems (events posted below).  I have run replmon and it shows all zones are up to date.  I have also run DCDIAG and NETDIAG and all tests pass fine.  I have tried pinging all the DC's that these servers are trying to replicate with and they all respond to ping.

A little over view of our network:
We have a large international flat domain (domain.net).  AD is broken up into many sites and each site has at least one DC.  All sites are connected by VPN established with either a PIX 501e or an ASA 5505 with out any traffic blocked between the remote site and the main site.  Most remote sites do not have any connection directly to any other remote site, only to the main site.


Events

Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      DS RPC Client
Event ID:      1232
Date:            7/23/2008
Time:            10:06:30 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      KABUL
Description:
Active Directory attempted to perform a remote procedure call (RPC) to the following server.  The call timed out and was cancelled.
 
Server:
7982bcb3-6304-4aaf-9a69-afb632046a37._msdcs.domain.net
Call Timeout (Mins):
5
Thread ID:
248
 
Additional Data
Internal ID:
5000bf2

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


*****

Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1864
Date:            7/23/2008
Time:            5:10:20 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      KABUL
Description:
This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
DC=ForestDnsZones,DC=domain,DC=net
 
The local domain controller has not recently received replication information from a number of domain controllers.   The count of domain controllers is shown, divided into the following intervals.
 
More than 24 hours:
7
More than a week:
6
More than one month:
4
More than two months:
2
More than a tombstone lifetime:
0
Tombstone lifetime (days):
180
 Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


*****

Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1864
Date:            7/23/2008
Time:            5:10:20 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      KABUL
Description:
This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
DC=DomainDnsZones,DC=domain,DC=net
 
The local domain controller has not recently received replication information from a number of domain controllers.   The count of domain controllers is shown, divided into the following intervals.
 
More than 24 hours:
7
More than a week:
6
More than one month:
4
More than two months:
2
More than a tombstone lifetime:
0
Tombstone lifetime (days):
180
 Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


*****

Does any one have any idea what might be causing this and what I can check?

ASKER CERTIFIED SOLUTION
Avatar of heyyou488
heyyou488
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Member_2_2473503

ASKER

Nope all the domain controllers mentioned are still active and any time we decomishion we demote, though I will double check this.

I am able to nslookup and ping the GUIDs referenced in 1232 event.

eb
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
All the servers are online and they are all replicating fine but the errors are showing up that is what concerns me.

eb
OK just ran dcdiag /v on the server with the errors in the event log

You will see the following
               Last replication recieved from TASHKENT at 2008-06-06 20:22:44.
               Last replication recieved from MAZAR at 2008-07-23 08:26:44.
               Last replication recieved from KINSHASA at 2008-06-13 17:29:10.
               Last replication recieved from LUSHNJE at 2008-02-05 00:43:53.
               Last replication recieved from GARDEZ1 at 2008-07-09 11:26:15.
               Last replication recieved from TOBA at 2008-05-27 18:57:17.
               Last replication recieved from MALABO1 at 2008-07-16 14:32:52.
               Last replication recieved from KENYA at 2008-06-25 17:26:08.
Most of these servers are all off line at the moment and some have been off line for some time.  This is due to ISP problems, relocation, and other various issues.  However, GARDEZ1 should be available as it responds to ping.


dcdiag2.txt
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
These servers are all going to be brought back online in the near future and none of them have been off for more than 60 days.

As far as network traffic being blocked I have already checked into that and nothing is being blocked by the ISP, the ISP issues I refer to include things like service outages or exceeding monthly bandwidth allowance.  Both are issues with some of our ISPs in the more remote locations.

eb
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Lushnje is still online and replicating fine with our PDC, however it is in a different site and there is no VPN connectivity between it and the DCs that are having the problems.  This is by design and most of our sites do not have intersite VPN tunnels, they only have connectivity to HQ
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I'm saying that replication with the PDC is fine, and the server is not configured to replicate with any of the other servers that are showing as problems.  How do I make sure the server is only replicating with the PDC and nothing else?

eb
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
already
 have that setup, and I have checked the site links, the servers this one is having difficulty replicating with are not in the link.

eb
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
OK I've done a little reading on bridge all site links and I think it is a good idea to disable it, however before I do I need to know how this will affect the rest of the network as it seems to be an all or none kninde of thing.

eb
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
So you are basically saying I can ignore these errors as the server is able to replicate with the PDC in HQ but not some of the other sites so replication is working.  That's what I figured but I just wanted to be able to support that conclusion.

eb
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
OK since I already have the inter site links created then all I need to do is disable bridge all site links.

BTW thanks for the assistance on this one.

eb
Thank you all for your input.  I think wayne is right when he says everything is working as it should, but due to the nature of my network there are just some DCs that can not be reached by others and that is a fact of life.

I will look into disabling 'bridge all site links' but as I am fairly new here I need to consult with the rest of the team before making any domain wide changes like this.

eb