Active Directory Replication Problems

Dear all, have a great festive season.

Guys we have an issue with one of our domain controllers. Server name is "ServerA"

We cannot replicate TO this DC, nor can we replicate FROM this DC.

Step 1: While RDPed on ServerA, replicating to this DC from another DC fails.

Error is a follows:

"The following error occurred during the attempt to contact the domain controller ServerA:
The RPC server is unavailable."

I tried stopping and starting ntfrs but that did not help.

Step 2: While RDPed on ServerA, replicating from this DC to another DC fails.

Error is a follows:

"The following error occurred during the attempt to synchronize naming context from domain controller serverA to domain controller serverB:
The naming context is in the process of being removed or is not replicated from the specified server.
This operation will not continue."

Would love some help on where to start and what things to do to resolve the problem.

Thank you in advance.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ping the Domain Controller. To do so, type at the command prompt, and then press ENTER.

If you receive a reply that the ping request could not find the host, the domain controller's SRV record is not populated in the DNS Database.
Check the configuration of DNS and make sure that Allow Dynamic Updates is enabled. To do this, follow these steps:
Click Start, point to Programs, click Administrative Tools, and then click DNS.
Expand the DNS folder.
Expand the Forward Lookup Zones folder.
Right-click the folder, and then click Properties.
In the Allow Dynamic Updates box, click Yes.
Click OK.
Stop and then restart DNS.
Stop and then restart the Netlogon service on YourDomainController.

By doing this, you force the domain controller to register the appropriate SRV records. The change is then replicated to DNS
Hi Simon,

This error is related to DNS failure.You may try the following steps

1.Run repadmin /showreps >r.txt and then open the r.txt file.It would show you the replication error of the DC which is failing.Copy the GUID of the DC which is failing replication with serverA and add ( is the name of your domain) ,check if the GUID is pingable.
2.Check the NIC Binding order on the problem DC
3.Check if the DNS zones are transfering to the correct server in the name server tab
4.Run the following command nltest / this command will check the Secure Channel of the DC with the replicating partner if you encounter error message then reset the secure channel
5.To rest the secure channel follow the following steps
A.stop KDC service
B.Run the following command netdom /resetpwd /server: /userd:domain\user/passwordd:
where Domain is your domain,User is the admin account with which you logged in and passwordd is the password of the admin account with which you are logged in
C.Download and install resource kit and use KERBTRAY to purge the old kerberos tickets of the DC by doing right click and further clicking on purge.
D.Start KDC service
6.Check the SYSVOL structure if its correct or not.Check KB --315457
7.Finally check if the DNS servers mentioned in Name Server tab are resolving the correct IP address or not.

Hope this works for you !!!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hi Simon,

The error message that you get clearly indicates on the DNS.
==> Check if you can ping both the servers A and server B from each other and Vice versa.
==> Check if the Zone transfer is proper " Secure and Unsecure"
==> On the server A try the Below commanda
 Net stop netlogon
 Net stop DNS
 Net stop DHCP
Net start DHCP
Net start DNS
Net start Netlogon
==> Try to replicate it.
Check if your server A is a PDC role holder the reason if it is a PDC role holder then NEVER DO a NET STOP KDC ( The reason your server will take a long time to come up)
Run the following command
netdom /resetpwd /server:ServerA(HostName) /userd:domain\user/passwordd:
where Domain is your domain,User is the admin account with which you logged in and passwordd is the password of the admin account with which you are logged in

NOTE: From my experience the above command will not Help if it is a DC but still give it a try because some times i have seen it working

The only option left with you then is to Demote and Repromote it back but if it is a role holder do transfer the roles to the other DC.

Hope this Solution works for you ...:)

Suresh Kumar
Simon336697Author Commented:
Wow 3 BRILLIANT answers a HUGE HUGE thank you to you 3 very skilled and talented people. Have a great and safe festive season with your loved ones and from my family to yours, we hope your new year is the best yet for all of you.
Hello Suresh,

Key Distribution center (KDC) has noting to do with the server reboot / boot process.Its just to stop the allocation of any new Kerberos ticket to the DC when you are clearing the old tickets.

You can run the following command in one go !!!

net stop ntfrs & net start ntfrs & net stop dns & net stop netlogon & ipconfig /flushdns & nbtstat -RR & nbtstat -R & net start dns & net start netlogon & ipconfig /registerdns & repadmin /syncall & gpupdate /force

Hope this helps you !!!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.