Replication problem

I have 2 DC; DC1 and DC2, they are windows 2003 SP2 and I’m trying to migrate to windows 2008, when I run adprep /forestprep I got this (see attach) how do I even begin troubleshooting this problem. I’m not an expert and I will appreciate all the help I can get.
Forestprep.PNG
narce100Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
A couple of possibilities: your two existing DCs aren't replicating, which you'll have to fix. Look for event logs on each domain controller to find the exact cause for the replication issues. The command-line dcdiag can help.

Or there is a reference to an old DC still that has been decommissioned or has failed and obviously changes can't replicate to this phantom. Again, DCDiag will reveal that, and you can do an object and metadata cleanup if necessary.

But it all starts with your event logs and dcdiag. TechNet has detailed usage of dcdiag and troubleshooting steps. Start there. Better than me cutting and pasting all the content.
0
narce100Author Commented:
There have been 196 failures before the last time the server was rebooted or had a successful replication, also a lot of errors and problems all related to AC or DNS. I can ping both servers back and forward but I guess that does not help a lot. Is there a way to cleanup AC to eliminate these problems?
0
Cliff GaliherCommented:
There usually is, but you haven't shared the nature of the errors. It is a lot easier to fix a fender bender than it is a head-on collision...
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

SandeshdubeySenior Server EngineerCommented:
Can you post the dcdiag /q and repadmin /replsum output from both DCs.
0
narce100Author Commented:
Yes I'm working on it
0
narce100Author Commented:
Sorry apparently my note didn’t’ to trough here It is:

Those commands will only run in the PDC didn’t work on the other server see attach
sjffcc-DC.PNG
0
Life1430Commented:
As per screenshots it is clear that replicartion between two existing DC's are broken
First you need to resolve this as a primary step you need to check if the connectivity between two DC's are good
make sure the connectivity is good and run repadmin /syncall /adep let us know the result
0
SandeshdubeySenior Server EngineerCommented:
You are getting the error "The RPC server is unavailable" relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic

Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.
http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx
0
narce100Author Commented:
I will try all that and post the results but so you know I can ping from one server to the other fine, either using ip address or server name, another thing to notice is that replication was working until one week ago.
0
narce100Author Commented:
Here's what I got when I ran repadmin (see attach)
Screenshot-3.PNG
0
SandeshdubeySenior Server EngineerCommented:
Please post dcdiag /q and ipconfig / all details of both DC.Also check the links and recommendation already posted.
0
narce100Author Commented:
OK here are ipconfig and cddiag for both server I also included the result from a prtqry from sjffcc2 to dc2.
dc-diag-and-ipconfig-on-sjffcc2.txt
dcdiag-and-ipconfig-on-DC2.txt
result-portqury.txt
0
narce100Author Commented:
0
narce100Author Commented:
0
SandeshdubeySenior Server EngineerCommented:
Most of the ports are filtered check the log for the same you already posted.

TCP port 135 (epmap service): FILTERED
TCP port 389 (ldap service): FILTERED
TCP port 636 (ldaps service): FILTERED
TCP port 3268 (msft-gc service): FILTERED
TCP port 53 (domain service): FILTERED
TCP port 3269 (msft-gc-ssl service): FILTERED
TCP port 88 (kerberos service): FILTERED

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx 

Alternate dns setting on DC2 is not set.sjffcc2 primary dns setting is pointing to loopback which is not recommended.See this which is posted:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Disable the windows firewall and Antivirus too.Check the firewall port for required port to be open.
0
narce100Author Commented:
Sorry for the delay, I'll try to stay more time on this problem now. I did all of the above but still not getting any results, in addition, I ran a metadata cleanup but the server (DC2) that I want to remove is not an option when  you get to where you select the server, any other ideas?
0
SandeshdubeySenior Server EngineerCommented:
You need to first fix the port filtering issue.Before you proceed with metadata cleanup of any DC.If the server DC is offiline and cannot be brought back then see this for metadata:http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
narce100Author Commented:
The idea here is to demote the dc2 server and eliminate any replication problems with sjffcc2, I can create another DC in windows 2008 later on. Here's what I get when running dcpromo on server DC2 (see attach)
file-5.PNG
0
narce100Author Commented:
On the other hand both servers have their windows firewalls off and there's no other firewall or virus application on.
0
SandeshdubeySenior Server EngineerCommented:
It seems to be you are performing normal demotion.If there is replication issue you cannot demote Dc normal you need to perfrom forcefull removal also if the server is fsmo role holder server you need to sieze the role on other DC.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
narce100Author Commented:
I'm on the process of doing this. I'' keep you posted.
0
narce100Author Commented:
I finally got it to work; thanks for all your help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.