Replication problem between 2 Windows 2003 domain controller

Posted on 2010-11-18
Last Modified: 2012-06-21

We have problem where 2 DC's will replicate and communicate fine with other DC's but not with each other.  Nothing has changed on either server since this problem appeared, and in total across all sites there are about 25 DC's.

I will try and explain further, but will only talk about 2 sites.

Site A has 2 DC's which are as follows:  dca.blah.local  and also dca2.sub.blah.local (second dc in a child domain)

Site B has 2 DC's which are as follows:  dcb.blah.local and also dcb2.sub.blah.local (again second dc in child domain)

dca2 can communicate and replicate info with dca and dcb and all other dc's, but not dcb2.  dcb2 can also replicate and communicate fine with dca and dcb and all other dc's, but will not replicate with dca2.

On the DNS side of things we are able to ping dca2 from dcb2 and vice versa.  When running replmon.exe on either dca2 or dcb2 we can connect to other dc's but not each other.  When trying to connect using replmon from dca2 to dcb2 or the other way around we get the error RPC Server Unavailable, yet we can connect from either of these to other dc's fine.

It is possible to telnet to port 135 from dca2 or dcb2 to any other dc, but not each other.

dca2 is running Windows 2003 Server SP2 and dcb2 is running Windows 2003 Server SP1 - this is how these servers have been for a long time, and no patches have been applied around when this problem started happening.

Any help would be appreciated.

Question by:biggles70
  • 3
  • 2

Assisted Solution

Trackhappy earned 500 total points
ID: 34169924
I would suggest that you apply SP2 to the other DC as a first step. It is not good practice to keep DC's at different service pack levels. If you were to go as far as logging this with Microsoft, the first thing they would tell you is to install the latest service packs on both machines.

Author Comment

ID: 34169994
I knew you were going to say that, as it is what my first thought as well.  Because the SP1 machine is looked after by a different group I figured that it would take a bit longer to get done, and was hoping for some other things to try in the mean time. Given the known RPC problems with an SP1 machine I will get the team to upgrade and see how that goes - will post the resuts when I know.

Expert Comment

ID: 34170094
Sorry.. ;)

Accepted Solution

biggles70 earned 0 total points
ID: 34210093
I ran a dcdiag on the affected dc's and double checked that something added in the child domain was appearing in the parent domain - all in all it was actually repliating around, and appeared to be working.  

The main reason I found for the problem was due to users in a group not being able to access a sharepoint site on the parent domain.  The security group in question was created as a global group, which meant the visibility was only in the child domain.  Once I changed this to a universal group and it replicated around the visibility became forest wide and users were able to access.

As for the machine with SP2 on it - that is the only one on the network and as such was unathorised. I guess we'll have to see what happens there.

There are still some replication errors showing up, and I without getting all machines to the same SP level it would be hard to find out what is happening until everything is on the same SP.    

Author Closing Comment

ID: 34228846
Changing the group from a global group to a universal one allowed security access in the parent domain.  Replication errors were a bit of a red herring.

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now