I’ve been having issues with AD replication on my win 2008 r2 DC. Its taking around 3 hours for it to replicate to a DC on the west coast. I’ve tried numerous troubleshooting steps. I THINK DNS is ok. The eventlogs are clean.
I found the following Microsoft article explain the ports needed for AD replication: http://technet.microsoft.com/en-us/library/bb727063.aspx
I noticed the only ports that don’t seem to be open are the following:
RPC endpoint mapper 135/UDP
RPC dynamic assignment 1024-65535/tcp
WINS replication 42/tcp, 42/udp
Could the above closed ports be causing the delay ?
This is the only event error I’m getting:
Log Name: Directory Service
Date: 10/16/2010 12:59:11 PM
Event ID: 2087
Task Category: DS RPC Client
User: ANONYMOUS LOGON
Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
Source domain controller:
Failing DNS host name:
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:
22 DS RPC Client
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
5) For further analysis of DNS error failures see KB 824449:
11004 The requested name is valid, but no data of the requested type was found.
c959516}" EventSourceName="NTDS Replication" />
<Execution ProcessID="492" ThreadID="2256" />
<Security UserID="S-1-5-7" />
<Data>The requested name is valid, but no data of the requested type was found.</Data>
<Data>22 DS RPC Client</Data>