Solved

AD Replication Problem

Posted on 2010-08-27
19
4,063 Views
Last Modified: 2012-05-10
Hi,

I have a problem with the AD replication. We have two domain controller as the below.

Head Office
DC1 - Windows 2008 R2

Branch Office
DC2 - Windows 2003 R2

When I replicate mannually from ADSS, it if fine. Also when I used REPADMIN /SHOWRES command on DC1 it is fine. But when I used REPADMIN /SHOWREPS command on DC3 it fails by time to time and success sometimes. See the message below.

C:\Documents and Settings\Administrator.COMPANY>repadmin /showreps
HeadOffice\DC2
DC Options: IS_GC
Site Options: (none)
DC object GUID: 278a591d-34e6-40e6-9b17-95950dcdc6f8
DC invocationID: 270ec0d2-ea86-495b-bb8b-1568d67dd818

==== INBOUND NEIGHBORS ======================================

DC=COMPANY,DC=co,DC=uk
    HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 14:15:45 was successful.

CN=Configuration,DC=COMPANY,DC=co,DC=uk
   HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 13:47:21 failed, result 1727 (0x6bf):
            Can't retrieve message string 1727 (0x6bf), error 1815.
        1 consecutive failure(s).
        Last success @ 2010-08-27 12:50:04.


CN=Schema,CN=Configuration,DC=COMPANY,DC=co,DC=uk
    HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 13:48:04 was successful.

DC=DomainDnsZones,DC=COMPANY,DC=co,DC=uk
    HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 13:48:04 was successful.

DC=ForestDnsZones,DC=COMPANY,DC=co,DC=uk
    HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 13:48:04 was successful.

Source: HeadOffice\DC1
******* 1 CONSECUTIVE FAILURES since 2010-08-27 12:50:04
Last error: 1727 (0x6bf):
            Can't retrieve message string 1727 (0x6bf), error 1815.

C:\Documents and Settings\Administrator.COMPANY>

Can any expert help me to sort this problem please?

Thanks
Shalin
0
Comment
Question by:SHALINDRA
  • 8
  • 4
  • 2
  • +4
19 Comments
 
LVL 1

Expert Comment

by:bubbagump2002
ID: 33541721
Check AD Sites and Services and make sure you have in each NTDS setting a connection identified.  Also since this is a 2008 / 2003 environment what is your forest functional level, is the 2008 server setup as a RO DC?  Need some more information as you mentioned DC3 in your list but I only see DC1 and DC2 in your output
0
 
LVL 1

Author Comment

by:SHALINDRA
ID: 33541737
Sorry for spelling mistake, There is no DC3, it should be DC2
0
 
LVL 1

Author Comment

by:SHALINDRA
ID: 33541753
Hi,

In ADSS I can see the NTDS connections and mannually I can replicate without any problems. Forest functional level is windows 2003. Windows 2008 is not a RODC.

Thanks
Shal
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33541855
FRS and DFRS Servies are running
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 33541872
You should see corresponding Event Log entries when you are having replication errors.  What do your logs on DC2 show?
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 33541875
1 CONSECUTIVE FAILURES since 2010-08-27 12:50:04

.. that time is only it failed
and after that when you triggred manually replication suceeded

do you see errors in evnet viewer around that time ?

might be network issue that is no more persistant
0
 
LVL 1

Author Comment

by:SHALINDRA
ID: 33541891
Yes, FRS and DFRS services are running. As I mentioned before this problem is comes on adhoc basis, sometimes it disappers after next sheduled replication. Also this happens to the only confgurations or domain replication results.

Thanks
0
 
LVL 9

Expert Comment

by:Gianpiero Rossi
ID: 33541895
try the following steps on the dc that fails the syncronization

repadmin /options servername -DISABLE_INBOUND_REPL
repadmin /options servername -DISABLE_OUTBOUND_REPL
repadmin /syncall  
restart services netlogon and Ntfrs

0
 
LVL 1

Author Comment

by:SHALINDRA
ID: 33541903
There is no events in the Directory services or file replications logs logged since last restarted the server.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Expert Comment

by:Jaoibh
ID: 33541912
Hi,

I assume you setup the server in head office configured the DNS and then shipped it to site?

This is a very simple config with 2 x server 2003 machines It shouldnt be much of a problem with 2008 and 2003.

Check event viewer and see if there is anything about replication in file replication services
Also check DNS which is the cause of most of the problems when it comes to active directory.

Let me know how you get on
0
 
LVL 1

Expert Comment

by:bubbagump2002
ID: 33541914
Since this appears to be WAN separated (assume a L2L vpn) or E1 connection at this point, have you looked into changing the replication cycle to peak vs off peak times. Of course you will need to find the balance between what is a good sync vs others.

You may also want to delete the automatic connections and build manual ones.

If it continues to fail try

http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=enDownload the MPSRPT DriSvc.exe and run it against the failing DC and the replication partner.  This will wrap all of the logs into a nice .cab file - search the logs on both ends for failures.  

This should provide the detail needed to solve the problem.
0
 
LVL 10

Assisted Solution

by:dhruvarajp
dhruvarajp earned 200 total points
ID: 33541928
1727 (0x6BF)
RPC_S_CALL_FAILED_DNE
means:
The remote procedure call failed and did not execute.

that might be temporary network issue or remote server performance issue

 
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 33541932
Honestly, if you were having actual replication errors, you should see event Logs with those errors.  REPADMIN is a good tool, but it measures replication, it doesn't actually replicate.  You indicate that you get sporadic errors with the tool, but you haven't indicated that you actually have errors replicating your AD data.  What makes you think that you are actually experiencing replication errors?
0
 
LVL 1

Author Comment

by:SHALINDRA
ID: 33541982
Hi bubbagump2,

Could you please give me the correct link to download the tool?

Thanks
Shal
0
 
LVL 1

Expert Comment

by:bubbagump2002
ID: 33542002
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en

I just tested it the page comes up as the Product Support Reports Tool.  At the bottom of the page you will see the link for 86 and 64 OS
0
 
LVL 1

Author Comment

by:SHALINDRA
ID: 33542023
See the lates results. two areas of the replication fails.

C:\Documents and Settings\Administrator.COMPANY>repadmin /showreps
HeadOffice\DC2
DC Options: IS_GC
Site Options: (none)
DC object GUID: 278a591d-34e6-40e6-9b17-95950dcdc6f8
DC invocationID: 270ec0d2-ea86-495b-bb8b-1568d67dd818

==== INBOUND NEIGHBORS ======================================

DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:53:04 was successful.

CN=Configuration,DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:47:21 failed, result 1727 (0x6bf):
Can't retrieve message string 1727 (0x6bf), error 1815.
2 consecutive failure(s).
Last success @ 2010-08-27 12:50:04.

CN=Schema,CN=Configuration,DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:49:21 failed, result 1727 (0x6bf):
Can't retrieve message string 1727 (0x6bf), error 1815.
1 consecutive failure(s).
Last success @ 2010-08-27 13:48:04.

DC=DomainDnsZones,DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:53:03 was successful.

DC=ForestDnsZones,DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:53:04 was successful.

Source: HeadOffice\DC1
******* 2 CONSECUTIVE FAILURES since 2010-08-27 14:42:45
Last error: 1727 (0x6bf):
Can't retrieve message string 1727 (0x6bf), error 1815.

C:\Documents and Settings\Administrator.COMPANY>
0
 
LVL 1

Accepted Solution

by:
bubbagump2002 earned 300 total points
ID: 33542116
Have you run a wireshark trace and or validated you are not having a transient network failure on the WAN.

Start with the basics

1. Are all ports hard coded on speed and duplex end to end
2. Drivers up to date
3. Check DNS for proper zone replication (enable the DNS testing / logging)
4. If you are using WINS is the push pull replication working properly

If this is going between two firewalls on a s2s vpn have you validated that all ports required to be open for DC replication is setup properly (link provided below)

http://technet.microsoft.com/en-us/library/bb727063.aspx

If you could post your Application / System event logs from both boxes that would help and screen shots of your replication settings it would help also.


0
 
LVL 1

Author Comment

by:SHALINDRA
ID: 33542373
Hi,

Even I think, this is some thing to do with VPN connection as manual replication also takes about 1 min to replicate.

Let me work around all of your ideas. I will give you an update when I get a time to complete these.

Thanks
Shal
0
 
LVL 1

Author Comment

by:SHALINDRA
ID: 33552591
Hi,

I have done many test past two days and managed to get rid of the problem.

As dhruvarajp and bubbagump2002 commented, the issue was with RPC perfomance and conflict with the WINS. Basically recently I have introduced the 2008 DC to the network and it was a replacement for out of warranty 2003 box. When I add 2008 DC, I installed WINs on it as old 2003 server was WINs installed. We had only one WINs server on the network since company has started.

But when I follow the below link, I understand WINs is not necessary in windows 2008. So I have just removed WINs role from 2008 box. Since then the replication is ok. So I think the problem was some where in the WINs configurations.

http://www.experts-exchange.com/Networking/Windows_Networking/Internet_Protocols/WINS/Q_23674872.html

I highly appriciated all of your comments on this case.

Thanks
Shal
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now