We have 2 Windows Server 2008 R2 domain controllers, one PDC and a secondary which are not replicating the SYSVOL. Everything appears fine with AD, as all users, computers and DNS settings are replicating correctly. The DC’s are separated by a firewall. Here is a recap of the problem.
1. Created a new OU in AD and moved the PDC into it.
2. Created a new GPO and when we ran gpupdate /force received an error
3. Noticed that the Sysvol was not replicating between DC’s
4. Moved the PDC back to the original OU
5. Now gpupdate /force runs without any errors.
6. Sysvol is still not replicating.
The event log on both DC’s have the following error: The DFS Replication service failed to communicate with partner (other DC) for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server.
Error 1722 (The RPC server is unavailable)
Verified start-up value and service status is correct for the RPC (Started/Automatic), RPC Locator (Not started Manual) and Kerberos Key Distribution Center Started Automatic)
Verified the ClientProtocols key exists under HKLM\Software\Microsoft\Rpc and that it contains the correct default protocols.
Here is a list of the ports open between the two DC’s.
tcp destination eq 135
udp destination eq 135
tcp destination eq 137
udp destination eq netbios-ns
udp destination eq netbios-dgm
tcp destination eq netbios-ssn
udp destination eq 389
tcp destination eq 445
tcp destination eq 88
tcp destination eq domain
udp destination eq domain
udp destination eq ntp
udp destination eq 88
tcp destination eq 1025
tcp destination eq ldap
udp destination eq 445
tcp destination eq ldaps
tcp destination eq 3268
tcp destination eq 3269
tcp destination eq 1026
tcp destination eq 1272
tcp destination eq 1190
tcp destination eq 1053
tcp destination eq 464
udp destination eq 46
tcp destination range 49152 63999
As a last ditch effort we forcefully demoted the Secondary DC using DCPromo and then cleaned up the metadata. We then promoted it again using DCPromo. Same results, event log on both DC’s show same Error 1722 noted above and in addition, the Event Log of the Secondary DC has an event stating that “The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner (the PDC).
DCDIAG runs clean on the PDC, as does repadmin /syncall.
Repadmin /replsum does not show any errors.
Repadmin /showrepl shows all the Last attempts were successful.
All of the above tests also ran clean on the Secondary DC before we demoted and promoted it.
Appreciate any suggestions.