Solved

Windows 2003 AD Replication not working

Posted on 2010-11-24
36
542 Views
Last Modified: 2012-05-10
Hi all,
having an issue with my AD. Situation is this...I have 3 locations, New York, New Jersey, & China. All 3 have their own DC's. NY & NJ are Win 2003's, CH is a 2008. In the AD Sites & Services I originally had all servers under the Default-First group & everything was working perfectly except that some of my people here in the US were using the China logon server, so I followed the directions to split these into 3 separate sites & thats when my replication broke.
What I did was, create the 3 separate sites, move the appropriate servers into the site where it belongs, set up the subnet for each site, & made a bulkhead DC in each site.
From there, one by one the Automatic Replication partners started to disappear so I set them up manually on all servers & did a Replicate Now. If I do a replication & watch in ReplMon I get no red x's & everything says successful.
I even created a fake batch script with different names on each of the servers to see if they will replicate & they do not. I also modified the description of a user in AD UC & that has not replicated either...
Any help would be more than appreciated with this!

Thanks.
Jon
0
Comment
Question by:Jon DeVito
  • 21
  • 8
  • 7
36 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34207557
How long have they been unable to replicate?

Can you post the output of repadmin /showreps

I would suggest you leave the replication obejct as automatic and not create an manual entries. But lets see the out put of repadmin first.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34207661
All day today. Ok what I did was delete the manual entries & let the auto pick them back up, that actually seemed to fix the problem for NY to NJ (even thouse the naming looks a little weird). CH is still having the issue though. Here is the output from the CH server:


Microsoft Windows [Version 6.1.7600]

Copyright (c) 2009 Microsoft Corporation.  All rights reserved.



C:\Users\Administrator>repadmin /showreps

Shanghai\WIN2008FS-CH

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: e6cde72f-7782-4317-99be-97837008b0f4

DSA invocationID: d327c9b5-d45c-4c67-88bf-61e8aab753ee



==== INBOUND NEIGHBORS ======================================



DC=DOMAIN,DC=local

    Showroom\WIN2003FS-NY via RPC

        DSA object GUID: d38e8a08-eae6-4375-bfc0-b356c0d101e5

        Last attempt @ 2010-11-24 23:59:57 was successful.

    Warehouse\WIN2003FS-NJ via RPC

        DSA object GUID: eb14377c-7bd9-4cb5-b024-31041727b677

        Last attempt @ 2010-11-25 00:00:01 was successful.



CN=Configuration,DC=DOMAIN,DC=local

    Warehouse\WIN2003FS-NJ via RPC

        DSA object GUID: eb14377c-7bd9-4cb5-b024-31041727b677

        Last attempt @ 2010-11-25 02:10:10 was successful.

    Showroom\WIN2003FS-NY via RPC

        DSA object GUID: d38e8a08-eae6-4375-bfc0-b356c0d101e5

        Last attempt @ 2010-11-25 02:10:28 was successful.



CN=Schema,CN=Configuration,DC=DOMAIN,DC=local

    Showroom\WIN2003FS-NY via RPC

        DSA object GUID: d38e8a08-eae6-4375-bfc0-b356c0d101e5

        Last attempt @ 2010-11-25 00:00:01 was successful.

    Warehouse\WIN2003FS-NJ via RPC

        DSA object GUID: eb14377c-7bd9-4cb5-b024-31041727b677

        Last attempt @ 2010-11-25 00:00:01 was successful.



DC=DomainDnsZones,DC=DOMAIN,DC=local

    Showroom\WIN2003FS-NY via RPC

        DSA object GUID: d38e8a08-eae6-4375-bfc0-b356c0d101e5

        Last attempt @ 2010-11-25 00:00:02 was successful.

    Warehouse\WIN2003FS-NJ via RPC

        DSA object GUID: eb14377c-7bd9-4cb5-b024-31041727b677

        Last attempt @ 2010-11-25 00:00:02 was successful.



DC=ForestDnsZones,DC=DOMAIN,DC=local

    Showroom\WIN2003FS-NY via RPC

        DSA object GUID: d38e8a08-eae6-4375-bfc0-b356c0d101e5

        Last attempt @ 2010-11-25 00:00:02 was successful.

    Warehouse\WIN2003FS-NJ via RPC

        DSA object GUID: eb14377c-7bd9-4cb5-b024-31041727b677

        Last attempt @ 2010-11-25 00:00:03 was successful.

Open in new window

0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34207667
Keep in mind that they are 13hrs ahead of us so the time may be off from the US.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34207753
Did you setup site links between the sites? (China to NY site link...just an example)

Thanks

Mike
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34207817
Thanks Mike, yes I did. After deleting the manual entries & letting it pick back up all seems to be working but so ridiculously slow it can't be right. Previously if I added a 1kb file to the Netlogon share of one of the servers it was instantaniously transferred to the other servers (especially NJ to NY) now its like 10 minutes or more. Any ideas why that would be all of a sudden with this setup?

Thanks.
Jon
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34207828
What is your replication interval set to on the site link.

You could enable change notification if you need a fast response time.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 34207843
Previously you were using intrasite replication which can almost be thought of as "instant"  (15 seconds with a small offset in 2003)

You could decrease the replication interval or maybe even test enabling change notification for the NJ/NY site link   http://www.frickelsoft.net/blog/?p=145

Thanks

Mike
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34207869
Thanks Ken, are you talking about under Inter-Site Transport / IP, for the interval. If so, its set to 180.
How would I enable Change Notification?
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34207881
Just saw your post Mike, looking at it now.

Thanks.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34207885
Look at that blog link from Florian...shows you how to enable change notification.

yes 180/3 hours is the default.  You can lower that to 15 minutes via the GUI.

I wouldn't start by enabling change notification from the US to China.  

Thanks

Mike
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34207886
Take a look at the link Mike posted, that has a good step by step process and explanation.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208055
Thanks, maybe I'm looking at it wrong but it doesnt give an option for doing individual sites. From the article its on the Transport link.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208136
Even doing it at that level, I just deleted a 1kb file from the netlogon in NY, its over 5 minutes & it still hasn't replicated to NJ. Do I need to restart a service or something to get the change to take effect?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34208138
This setting is on the Site link not the site itself.
Do you have a single site link for all sites or a separate site link for every site. Can you post a screen shot of your site links and sites.

As Mike said try to set the replication interval to 15 minutes and see if that will work for you. If it does not then you can start testing change notification.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34208184
Mike can correct me if I am wrong, but I do not think the sysvol supports the change notification flag since you are still using FRS.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208188
Gotcha, Yes I have a single site, screen shot is attached.
15 minutes is way too long for this though, I really need this to work as close to instant as I possibly can, especially NY to NJ...if the US to China & vice versa takes a few mins its not a big deal but the sites in the US between each other are.
11-24-2010-2-17-09-PM.jpg
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208195
It replicates the netlogon faster than the interval though, its about 5-6 minutes.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34208200
Just to understand this better, Why do you need this to replicate that fast to the sites?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208218
We have admins in NJ that only have access to the NJ DC, so if we fire someone (or hire) we need the changes to be immediate in NY.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34208246
Right on Ken; FRS does not support the intersite change notification flag

In your screenshot you are still using the default site link.  You could also create individual site lins

NY to NJ
NY to China

Then play/experiment with the replication intervals.  I'm guessing the link between China and NY is not as good as NJ to NY.

Thanks

Mike
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208258
That stinks. Ok, so I would not need one from nj to china doing it this way, correct? Also, the lower Cost is faster?
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208260
Correct BTW that the link to China is much slower.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208266
Also, would I need any Site-Link Bridge?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34208336
It all depends on how you want your AD topology to look. It sounds like you want a hub and spoke where NY is the hub. In this senerio you would create two site links, one NY to CH and one NY to NJ.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34208343
A hub-spoke design is what  I'd go with (assuming NY is your HQ)

So the two site links could be NY to NJ  & China to NY

The China interval would be higher and you might even enable change notification on the NJ to NY link.

In this setup you don't have to worry about sit link bridges or cost.

Thanks

Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34208356
Quick question, are the admins in NJ domain admins?  Just wondering what you mean when you say you restrict them to the NJ DCs only.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208400
Gotcha with the Hub & Spoke design. I think I'm doing something wrong here though, I made the change to the 2 links instead of 1 but it is still taking forever to replicate between NY & NJ. I made the change in adsi for the new site link but didnt seem to help. Am I missing something?
11-24-2010-2-17-09-PM.jpg
2.jpg
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208407
Yes they are Domain Admins, I just give them an RDP to the server they are allowed to use.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34208483
On screenshot 2 in the details/right pane there should be the site links listed is that where you are right clicking and selecting options.

On another note the NJ DA's could access all your DCs....if they know what they are doing :)

Thanks

Mike
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208512
Yes thats where I am right clicking, on the US link.
You are 100% correct, lol. Its less of a security thing than ease of use & speed of the servers.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34208743
If I force the replication it works instantaniously, its gotta be something with the change notification. I saw some people saying its only on account lockouts, so I tried that & even that didnt replicate quickly.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34208867
How long is the replciation taking?

you can run test using powershell, Brandon Shell has a really good script in a blog post to test replication.

http://bsonposh.com/archives/276
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34212894
Sorry I got booted from the building for the holiday weekend. What an awesome script! I'll run it tonight & see what I get. Thanks again for the help with this whole thing!!

Jon
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34218747
That script is awesome. Its actually showing me something VERY unexpected...the China site replicated very quickly, the NY site took forever! Any idea where I could start digging to figure out why?

Thanks.
Jon
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 34240011
I'm actually going to open that as a new question. I think you both have helped me enough to get my stuff working & answer the original question. I really appreciate all of the help!!

Thanks.
Jon
0
 
LVL 3

Author Closing Comment

by:Jon DeVito
ID: 34240039
Thank you both for all of the help!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now