Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4536
  • Last Modified:

AD Replication Problem

Hi,

I have a problem with the AD replication. We have two domain controller as the below.

Head Office
DC1 - Windows 2008 R2

Branch Office
DC2 - Windows 2003 R2

When I replicate mannually from ADSS, it if fine. Also when I used REPADMIN /SHOWRES command on DC1 it is fine. But when I used REPADMIN /SHOWREPS command on DC3 it fails by time to time and success sometimes. See the message below.

C:\Documents and Settings\Administrator.COMPANY>repadmin /showreps
HeadOffice\DC2
DC Options: IS_GC
Site Options: (none)
DC object GUID: 278a591d-34e6-40e6-9b17-95950dcdc6f8
DC invocationID: 270ec0d2-ea86-495b-bb8b-1568d67dd818

==== INBOUND NEIGHBORS ======================================

DC=COMPANY,DC=co,DC=uk
    HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 14:15:45 was successful.

CN=Configuration,DC=COMPANY,DC=co,DC=uk
   HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 13:47:21 failed, result 1727 (0x6bf):
            Can't retrieve message string 1727 (0x6bf), error 1815.
        1 consecutive failure(s).
        Last success @ 2010-08-27 12:50:04.


CN=Schema,CN=Configuration,DC=COMPANY,DC=co,DC=uk
    HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 13:48:04 was successful.

DC=DomainDnsZones,DC=COMPANY,DC=co,DC=uk
    HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 13:48:04 was successful.

DC=ForestDnsZones,DC=COMPANY,DC=co,DC=uk
    HeadOffice\DC1 via RPC
        DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
        Last attempt @ 2010-08-27 13:48:04 was successful.

Source: HeadOffice\DC1
******* 1 CONSECUTIVE FAILURES since 2010-08-27 12:50:04
Last error: 1727 (0x6bf):
            Can't retrieve message string 1727 (0x6bf), error 1815.

C:\Documents and Settings\Administrator.COMPANY>

Can any expert help me to sort this problem please?

Thanks
Shalin
0
SHALINDRA
Asked:
SHALINDRA
  • 8
  • 4
  • 2
  • +4
2 Solutions
 
bubbagump2002Commented:
Check AD Sites and Services and make sure you have in each NTDS setting a connection identified.  Also since this is a 2008 / 2003 environment what is your forest functional level, is the 2008 server setup as a RO DC?  Need some more information as you mentioned DC3 in your list but I only see DC1 and DC2 in your output
0
 
SHALINDRAAuthor Commented:
Sorry for spelling mistake, There is no DC3, it should be DC2
0
 
SHALINDRAAuthor Commented:
Hi,

In ADSS I can see the NTDS connections and mannually I can replicate without any problems. Forest functional level is windows 2003. Windows 2008 is not a RODC.

Thanks
Shal
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
zsaurabhCommented:
FRS and DFRS Servies are running
0
 
Justin OwensITIL Problem ManagerCommented:
You should see corresponding Event Log entries when you are having replication errors.  What do your logs on DC2 show?
0
 
dhruvarajpCommented:
1 CONSECUTIVE FAILURES since 2010-08-27 12:50:04

.. that time is only it failed
and after that when you triggred manually replication suceeded

do you see errors in evnet viewer around that time ?

might be network issue that is no more persistant
0
 
SHALINDRAAuthor Commented:
Yes, FRS and DFRS services are running. As I mentioned before this problem is comes on adhoc basis, sometimes it disappers after next sheduled replication. Also this happens to the only confgurations or domain replication results.

Thanks
0
 
Gianpiero RossiSystem AdministratorCommented:
try the following steps on the dc that fails the syncronization

repadmin /options servername -DISABLE_INBOUND_REPL
repadmin /options servername -DISABLE_OUTBOUND_REPL
repadmin /syncall  
restart services netlogon and Ntfrs

0
 
SHALINDRAAuthor Commented:
There is no events in the Directory services or file replications logs logged since last restarted the server.
0
 
JaoibhCommented:
Hi,

I assume you setup the server in head office configured the DNS and then shipped it to site?

This is a very simple config with 2 x server 2003 machines It shouldnt be much of a problem with 2008 and 2003.

Check event viewer and see if there is anything about replication in file replication services
Also check DNS which is the cause of most of the problems when it comes to active directory.

Let me know how you get on
0
 
bubbagump2002Commented:
Since this appears to be WAN separated (assume a L2L vpn) or E1 connection at this point, have you looked into changing the replication cycle to peak vs off peak times. Of course you will need to find the balance between what is a good sync vs others.

You may also want to delete the automatic connections and build manual ones.

If it continues to fail try

http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=enDownload the MPSRPT DriSvc.exe and run it against the failing DC and the replication partner.  This will wrap all of the logs into a nice .cab file - search the logs on both ends for failures.  

This should provide the detail needed to solve the problem.
0
 
dhruvarajpCommented:
1727 (0x6BF)
RPC_S_CALL_FAILED_DNE
means:
The remote procedure call failed and did not execute.

that might be temporary network issue or remote server performance issue

 
0
 
Justin OwensITIL Problem ManagerCommented:
Honestly, if you were having actual replication errors, you should see event Logs with those errors.  REPADMIN is a good tool, but it measures replication, it doesn't actually replicate.  You indicate that you get sporadic errors with the tool, but you haven't indicated that you actually have errors replicating your AD data.  What makes you think that you are actually experiencing replication errors?
0
 
SHALINDRAAuthor Commented:
Hi bubbagump2,

Could you please give me the correct link to download the tool?

Thanks
Shal
0
 
bubbagump2002Commented:
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en

I just tested it the page comes up as the Product Support Reports Tool.  At the bottom of the page you will see the link for 86 and 64 OS
0
 
SHALINDRAAuthor Commented:
See the lates results. two areas of the replication fails.

C:\Documents and Settings\Administrator.COMPANY>repadmin /showreps
HeadOffice\DC2
DC Options: IS_GC
Site Options: (none)
DC object GUID: 278a591d-34e6-40e6-9b17-95950dcdc6f8
DC invocationID: 270ec0d2-ea86-495b-bb8b-1568d67dd818

==== INBOUND NEIGHBORS ======================================

DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:53:04 was successful.

CN=Configuration,DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:47:21 failed, result 1727 (0x6bf):
Can't retrieve message string 1727 (0x6bf), error 1815.
2 consecutive failure(s).
Last success @ 2010-08-27 12:50:04.

CN=Schema,CN=Configuration,DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:49:21 failed, result 1727 (0x6bf):
Can't retrieve message string 1727 (0x6bf), error 1815.
1 consecutive failure(s).
Last success @ 2010-08-27 13:48:04.

DC=DomainDnsZones,DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:53:03 was successful.

DC=ForestDnsZones,DC=COMPANY,DC=co,DC=uk
HeadOffice\DC1 via RPC
DC object GUID: 17724d8e-2f74-4cb9-8015-99282f2e1004
Last attempt @ 2010-08-27 14:53:04 was successful.

Source: HeadOffice\DC1
******* 2 CONSECUTIVE FAILURES since 2010-08-27 14:42:45
Last error: 1727 (0x6bf):
Can't retrieve message string 1727 (0x6bf), error 1815.

C:\Documents and Settings\Administrator.COMPANY>
0
 
bubbagump2002Commented:
Have you run a wireshark trace and or validated you are not having a transient network failure on the WAN.

Start with the basics

1. Are all ports hard coded on speed and duplex end to end
2. Drivers up to date
3. Check DNS for proper zone replication (enable the DNS testing / logging)
4. If you are using WINS is the push pull replication working properly

If this is going between two firewalls on a s2s vpn have you validated that all ports required to be open for DC replication is setup properly (link provided below)

http://technet.microsoft.com/en-us/library/bb727063.aspx

If you could post your Application / System event logs from both boxes that would help and screen shots of your replication settings it would help also.


0
 
SHALINDRAAuthor Commented:
Hi,

Even I think, this is some thing to do with VPN connection as manual replication also takes about 1 min to replicate.

Let me work around all of your ideas. I will give you an update when I get a time to complete these.

Thanks
Shal
0
 
SHALINDRAAuthor Commented:
Hi,

I have done many test past two days and managed to get rid of the problem.

As dhruvarajp and bubbagump2002 commented, the issue was with RPC perfomance and conflict with the WINS. Basically recently I have introduced the 2008 DC to the network and it was a replacement for out of warranty 2003 box. When I add 2008 DC, I installed WINs on it as old 2003 server was WINs installed. We had only one WINs server on the network since company has started.

But when I follow the below link, I understand WINs is not necessary in windows 2008. So I have just removed WINs role from 2008 box. Since then the replication is ok. So I think the problem was some where in the WINs configurations.

http://www.experts-exchange.com/Networking/Windows_Networking/Internet_Protocols/WINS/Q_23674872.html

I highly appriciated all of your comments on this case.

Thanks
Shal
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 8
  • 4
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now