Replication problem between 2 Windows 2003 domain controller

Posted on 2010-11-18
Medium Priority
Last Modified: 2012-06-21

We have problem where 2 DC's will replicate and communicate fine with other DC's but not with each other.  Nothing has changed on either server since this problem appeared, and in total across all sites there are about 25 DC's.

I will try and explain further, but will only talk about 2 sites.

Site A has 2 DC's which are as follows:  dca.blah.local  and also dca2.sub.blah.local (second dc in a child domain)

Site B has 2 DC's which are as follows:  dcb.blah.local and also dcb2.sub.blah.local (again second dc in child domain)

dca2 can communicate and replicate info with dca and dcb and all other dc's, but not dcb2.  dcb2 can also replicate and communicate fine with dca and dcb and all other dc's, but will not replicate with dca2.

On the DNS side of things we are able to ping dca2 from dcb2 and vice versa.  When running replmon.exe on either dca2 or dcb2 we can connect to other dc's but not each other.  When trying to connect using replmon from dca2 to dcb2 or the other way around we get the error RPC Server Unavailable, yet we can connect from either of these to other dc's fine.

It is possible to telnet to port 135 from dca2 or dcb2 to any other dc, but not each other.

dca2 is running Windows 2003 Server SP2 and dcb2 is running Windows 2003 Server SP1 - this is how these servers have been for a long time, and no patches have been applied around when this problem started happening.

Any help would be appreciated.

Question by:biggles70
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Assisted Solution

Trackhappy earned 2000 total points
ID: 34169924
I would suggest that you apply SP2 to the other DC as a first step. It is not good practice to keep DC's at different service pack levels. If you were to go as far as logging this with Microsoft, the first thing they would tell you is to install the latest service packs on both machines.

Author Comment

ID: 34169994
I knew you were going to say that, as it is what my first thought as well.  Because the SP1 machine is looked after by a different group I figured that it would take a bit longer to get done, and was hoping for some other things to try in the mean time. Given the known RPC problems with an SP1 machine I will get the team to upgrade and see how that goes - will post the resuts when I know.

Expert Comment

ID: 34170094
Sorry.. ;)

Accepted Solution

biggles70 earned 0 total points
ID: 34210093
I ran a dcdiag on the affected dc's and double checked that something added in the child domain was appearing in the parent domain - all in all it was actually repliating around, and appeared to be working.  

The main reason I found for the problem was due to users in a group not being able to access a sharepoint site on the parent domain.  The security group in question was created as a global group, which meant the visibility was only in the child domain.  Once I changed this to a universal group and it replicated around the visibility became forest wide and users were able to access.

As for the machine with SP2 on it - that is the only one on the network and as such was unathorised. I guess we'll have to see what happens there.

There are still some replication errors showing up, and I without getting all machines to the same SP level it would be hard to find out what is happening until everything is on the same SP.    

Author Closing Comment

ID: 34228846
Changing the group from a global group to a universal one allowed security access in the parent domain.  Replication errors were a bit of a red herring.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question