Windows 2003 server: The local domain controller was unable to replicate changes to the following remote domain controller

We have a windows 2003 file server that used to be a Domain controller.
We demoted it from being a DC to just a fileserver few months back. I have just noticed that in the event log, I am getting the following error.


This server has to NICs. I noticed that both cards had thier secondary DNS server point to the one of the NIC's on itself ( the same server). But, the primary DNS was fine and was pointing to the right DC.
I also ran netdiag /fix and I think it looked fine. I now took the secondary DNS out and changed it to a secondary dns.


Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      2023
Date:            11/1/2007
Time:            8:15:16 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      ourfileserver
Description:
The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition.
 
Remote domain controller:
8f886a1b-4dec-4315-b89e-46fe440c6f64._msdcs.ourdomainname.com
Directory partition:
CN=Schema,CN=Configuration,DC=ourdomainname,DC=com
 
The local domain controller cannot complete demotion.  
 
User Action
Investigate why replication between these two domain controllers cannot be performed. Then, try to demote this domain controller again.
 
Additonal Data
Error value:
1722 The RPC server is unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

LVL 1
netcompAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tigin44Commented:
check that the RPC serv ice is running on the server...

also check that the administrative shares (c$, d$, IPC$, e.g.) are open... DC use these saheres to replicate data between them...
you can chect the shares by isueing the command "net share" in the command promt
0
Darius GhassemCommented:
If you want to remove the server you can do a dcpromo /forceremoval then do a metadata cleanup on AD.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
netcompAuthor Commented:
Ok, we are having  the real proglme now.
Now when we do \\servername from the run command, we get an error saying " the specified network name is no longer avalible". This is a new problem . I even trayed \\IpAddress and does not work

Also, the logon scrip that normaly maped drives is now askng for passwords for the same server after it runs.    
I trayed \\servername from another DC and it works file and I see all the shares, but it does not work from any of the workstation. Thank you,

I checked and RPC is running and and all the share are there.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Darius GhassemCommented:
What error messages are you getting in the Event Log? What have you done since the post? Do you have DNS pointing at only local DNS servers? You might need to reset the secure channel password.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23629068.html
0
netcompAuthor Commented:
Ok, I take back the  last post. It seems to be an issue only at one site over site to site vpn.
But we still get the same error in event log ( my first point) on the server.

What does dcpromo /forceremoval do. Should I run this on the same server that is having the problem.
0
Darius GhassemCommented:
The dcpromo /forceremoval removes the DC and demotes it. I don't think I meant to post that here. If you have two NICs then you should only register one with DNS byt unchecking this option in the TCP\IP settings. Also you need to make DNS listen on one NIC too.

http://technet.microsoft.com/en-us/library/cc740071.aspx
0
netcompAuthor Commented:
When we do nbtstat -a servername for the same server we get no info saying host not found. That's on any computer or server ( even on itself). We have two sites and I triyed it on each site with diffrent wins servers that replicate.  At his point  I need to solve the issue of nbtstat -a servername to respond. I may need to open new qeustion for this.
0
Darius GhassemCommented:
Do a netdiag then post results.
0
netcompAuthor Commented:
here is a netdian :

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.ourdomain>netdiag

.....................................

    Computer Name: FILESERVER
    DNS Host Name: fileserver.ourdomain.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB921503
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933360
        KB933729
        KB933854
        KB935839
        KB935840
        KB935966
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB938464
        KB939653
        KB939653-IE7
        KB941202
        KB941568
        KB941569
        KB941644
        KB941693
        KB942615-IE7
        KB942763
        KB942830
        KB942831
        KB943055
        KB943460
        KB943485
        KB943729
        KB944533-IE7
        KB944653
        KB945553
        KB946026
        KB947864-IE7
        KB948496
        KB948590
        KB948881
        KB950759-IE7
        KB950760
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951748
        KB952954
        KB953838-IE7
        KB953839
        KB954211
        KB955069
        KB956390-IE7
        KB956391
        KB956803
        KB956841
        KB957095
        KB957097
        KB958644
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 3

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : fileserver
        IP Address . . . . . . . . : 192.168.1.11
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . : 192.168.1.14
                                     192.168.100.4


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : fileserver
        IP Address . . . . . . . . : 192.168.1.10
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Primary WINS Server. . . . : 192.168.1.14
        Dns Servers. . . . . . . . : 192.168.1.14
                                     192.168.100.4


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{8E8F8730-6E42-4DAF-970F-68F56AFB3533}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{8E8F8730-6E42-4DAF-970F-68F56AFB3533}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{8E8F8730-6E42-4DAF-970F-68F56AFB3533}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'ourdomain' is to '\\apollo.ourdomain.com'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.ourdomain>
0
Darius GhassemCommented:
If you have Two nics then you need to configure DNS to listen on one interface.

http://technet.microsoft.com/en-us/library/cc740071.aspx

Also, you need to uncheck register this address with DNS under the DNS tab within your TCP\IP properties.

Is this a netdiag of a DC?

These two DNS servers 192.168.1.14 192.168.100.4 are on different subnets, right?

                                     
0
netcompAuthor Commented:
The netdiag is on the fileserver that  we are having the issue with.  Yes, the DNS servers are on two different sites.

0
Darius GhassemCommented:
If you want to demote this fully then you need to run the dcpromo /forceremoval if AD is still on the fileserver you want to remove. Second you will need to do a metadata cleanup to remove this failed DC out of AD.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
netcompAuthor Commented:
dariusg,
We have alrady done a dcpromo to demote the server long time agao. We I do dcpromo /forceremoval, I still get the wizard to make a DC. I think this is becuse it find that it is not a DC .

I have no idea what happend , but after running the netdiag (with out any switches), the issue with browsing the server went away.  But, I still like to solve the repalication issue with the event log above.
0
netcompAuthor Commented:
Please see my last post first. Could you also tell me how to do a Metadata cleanup in AD. I also noticed that I had this new error in AD form few 10 days agao, but I no longer get it. Not sure if it important.


Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      2023
Date:            11/1/2007
Time:            8:15:16 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:       The name of our FI LESERVER
Description:
The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition.
 
Remote domain controller:
8f886a1b-4dec-4315-b89e-46fe440c6f64._msdcs.dpz.com
Directory partition:
CN=Schema,CN=Configuration,DC=dpz,DC=com
 
The local domain controller cannot complete demotion.  
 
User Action
Investigate why replication between these two domain controllers cannot be performed. Then, try to demote this domain controller again.
 
Additonal Data
Error value:
1722 The RPC server is unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Darius GhassemCommented:
This is the article on metadata cleanup.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.