[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 2003 server: The local domain controller was unable to replicate changes to the following remote domain controller

Posted on 2008-11-07
15
Medium Priority
?
1,524 Views
Last Modified: 2012-05-05
We have a windows 2003 file server that used to be a Domain controller.
We demoted it from being a DC to just a fileserver few months back. I have just noticed that in the event log, I am getting the following error.


This server has to NICs. I noticed that both cards had thier secondary DNS server point to the one of the NIC's on itself ( the same server). But, the primary DNS was fine and was pointing to the right DC.
I also ran netdiag /fix and I think it looked fine. I now took the secondary DNS out and changed it to a secondary dns.


Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      2023
Date:            11/1/2007
Time:            8:15:16 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      ourfileserver
Description:
The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition.
 
Remote domain controller:
8f886a1b-4dec-4315-b89e-46fe440c6f64._msdcs.ourdomainname.com
Directory partition:
CN=Schema,CN=Configuration,DC=ourdomainname,DC=com
 
The local domain controller cannot complete demotion.  
 
User Action
Investigate why replication between these two domain controllers cannot be performed. Then, try to demote this domain controller again.
 
Additonal Data
Error value:
1722 The RPC server is unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0
Comment
Question by:netcomp
  • 7
  • 7
15 Comments
 
LVL 26

Expert Comment

by:tigin44
ID: 22909486
check that the RPC serv ice is running on the server...

also check that the administrative shares (c$, d$, IPC$, e.g.) are open... DC use these saheres to replicate data between them...
you can chect the shares by isueing the command "net share" in the command promt
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22914878
If you want to remove the server you can do a dcpromo /forceremoval then do a metadata cleanup on AD.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
LVL 1

Author Comment

by:netcomp
ID: 22956380
Ok, we are having  the real proglme now.
Now when we do \\servername from the run command, we get an error saying " the specified network name is no longer avalible". This is a new problem . I even trayed \\IpAddress and does not work

Also, the logon scrip that normaly maped drives is now askng for passwords for the same server after it runs.    
I trayed \\servername from another DC and it works file and I see all the shares, but it does not work from any of the workstation. Thank you,

I checked and RPC is running and and all the share are there.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22959394
What error messages are you getting in the Event Log? What have you done since the post? Do you have DNS pointing at only local DNS servers? You might need to reset the secure channel password.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23629068.html
0
 
LVL 1

Author Comment

by:netcomp
ID: 22968216
Ok, I take back the  last post. It seems to be an issue only at one site over site to site vpn.
But we still get the same error in event log ( my first point) on the server.

What does dcpromo /forceremoval do. Should I run this on the same server that is having the problem.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22975777
The dcpromo /forceremoval removes the DC and demotes it. I don't think I meant to post that here. If you have two NICs then you should only register one with DNS byt unchecking this option in the TCP\IP settings. Also you need to make DNS listen on one NIC too.

http://technet.microsoft.com/en-us/library/cc740071.aspx
0
 
LVL 1

Author Comment

by:netcomp
ID: 22980876
When we do nbtstat -a servername for the same server we get no info saying host not found. That's on any computer or server ( even on itself). We have two sites and I triyed it on each site with diffrent wins servers that replicate.  At his point  I need to solve the issue of nbtstat -a servername to respond. I may need to open new qeustion for this.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22994167
Do a netdiag then post results.
0
 
LVL 1

Author Comment

by:netcomp
ID: 23017111
here is a netdian :

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.ourdomain>netdiag

.....................................

    Computer Name: FILESERVER
    DNS Host Name: fileserver.ourdomain.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB921503
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933360
        KB933729
        KB933854
        KB935839
        KB935840
        KB935966
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB938464
        KB939653
        KB939653-IE7
        KB941202
        KB941568
        KB941569
        KB941644
        KB941693
        KB942615-IE7
        KB942763
        KB942830
        KB942831
        KB943055
        KB943460
        KB943485
        KB943729
        KB944533-IE7
        KB944653
        KB945553
        KB946026
        KB947864-IE7
        KB948496
        KB948590
        KB948881
        KB950759-IE7
        KB950760
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951748
        KB952954
        KB953838-IE7
        KB953839
        KB954211
        KB955069
        KB956390-IE7
        KB956391
        KB956803
        KB956841
        KB957095
        KB957097
        KB958644
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 3

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : fileserver
        IP Address . . . . . . . . : 192.168.1.11
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . : 192.168.1.14
                                     192.168.100.4


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : fileserver
        IP Address . . . . . . . . : 192.168.1.10
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Primary WINS Server. . . . : 192.168.1.14
        Dns Servers. . . . . . . . : 192.168.1.14
                                     192.168.100.4


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{8E8F8730-6E42-4DAF-970F-68F56AFB3533}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{8E8F8730-6E42-4DAF-970F-68F56AFB3533}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{8E8F8730-6E42-4DAF-970F-68F56AFB3533}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'ourdomain' is to '\\apollo.ourdomain.com'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.ourdomain>
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 23017290
If you have Two nics then you need to configure DNS to listen on one interface.

http://technet.microsoft.com/en-us/library/cc740071.aspx

Also, you need to uncheck register this address with DNS under the DNS tab within your TCP\IP properties.

Is this a netdiag of a DC?

These two DNS servers 192.168.1.14 192.168.100.4 are on different subnets, right?

                                     
0
 
LVL 1

Author Comment

by:netcomp
ID: 23017478
The netdiag is on the fileserver that  we are having the issue with.  Yes, the DNS servers are on two different sites.

0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 1500 total points
ID: 23017516
If you want to demote this fully then you need to run the dcpromo /forceremoval if AD is still on the fileserver you want to remove. Second you will need to do a metadata cleanup to remove this failed DC out of AD.
0
 
LVL 1

Author Comment

by:netcomp
ID: 23021631
dariusg,
We have alrady done a dcpromo to demote the server long time agao. We I do dcpromo /forceremoval, I still get the wizard to make a DC. I think this is becuse it find that it is not a DC .

I have no idea what happend , but after running the netdiag (with out any switches), the issue with browsing the server went away.  But, I still like to solve the repalication issue with the event log above.
0
 
LVL 1

Author Comment

by:netcomp
ID: 23021704
Please see my last post first. Could you also tell me how to do a Metadata cleanup in AD. I also noticed that I had this new error in AD form few 10 days agao, but I no longer get it. Not sure if it important.


Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      2023
Date:            11/1/2007
Time:            8:15:16 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:       The name of our FI LESERVER
Description:
The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition.
 
Remote domain controller:
8f886a1b-4dec-4315-b89e-46fe440c6f64._msdcs.dpz.com
Directory partition:
CN=Schema,CN=Configuration,DC=dpz,DC=com
 
The local domain controller cannot complete demotion.  
 
User Action
Investigate why replication between these two domain controllers cannot be performed. Then, try to demote this domain controller again.
 
Additonal Data
Error value:
1722 The RPC server is unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 23027915
This is the article on metadata cleanup.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question