Solved

Windows 2008 Active directory replication issue

Posted on 2009-05-20
3
2,826 Views
Last Modified: 2012-05-07
Hi all,

i got a very strange problem with replication in active directory.

Scenario:

2 sites called AR and GI
AR site 192.168.30.0/24
GI site 192.168.40.0/24
The sites are connected via Vpn site-to-site
There is one domain controller per site.
DC are global catalog
DCA1 is in AR site
DCG1 is in GI site
IPV6 disabled on DCs

If i use only one site, putting all DC in the same site, replication is good.

If i put DCA1 in AR site and DCG1 in GI site the replication function for some time (one hour more or less)
After this replication stops with RPC call failed and never complete again until i put all DCs in the same site.

To avoid long logon times and unnecessary use of Vpn i have to correct this situation.

Other info:

Ping and Rpcping between DCs is always ok.
I have configured AD sites with the right subnets using an IP site link.
Tried to config the two DCs as bridgehead server.
Forest and domain functional level: windows 2003

In event viewer on DCG1 i found a lot of:

Warning 1232 DS RPC client: "Active Directory Domain Services attempted to perform a remote procedure call (RPC) to the following server.  The call timed out and was cancelled."

Error 1311 KCC: "The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
 Directory partition:
CN=Configuration,DC=company,DC=lan
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers. "

A lot of FRS warnings
0
Comment
Question by:Point-In-Cyberspace
  • 2
3 Comments
 
LVL 26

Assisted Solution

by:Pber
Pber earned 250 total points
ID: 24433048
I definetely seems to be a timeout issue over your VPN connections.  I've seen this issue before in 2000/2003.
This article might help, it refers to 2000/2003, but the parameter may still be valid in 2008: http://support.microsoft.com/kb/830746
0
 
LVL 26

Expert Comment

by:Pber
ID: 24433082
After further diging, this way address some of the issues, once again refers to 2003, but may still be valid:
http://support.microsoft.com/kb/911799
 
See this too:
http://www.eventid.net/display.asp?eventid=1232&eventno=3527&source=NTDS%20Replication&phase=1 
0
 
LVL 8

Accepted Solution

by:
Point-In-Cyberspace earned 0 total points
ID: 24491827
Pber, sorry for the delay.
I made some other tests to better understand.

I was altready view he links you gave me but i didn't use those info because the network speed should not be an issue.

The vpn channel works at standard transfer of 1Mb so it's more than ad replication needs.
As i said before, replication runs well with no sites configured so this should be a trial that bandwitch is ok.

Even when there are no AD updates the replication fails with sites configured, so i think there is something about site to site transport isn't functioning correctly but i cannot figure out what.

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question