Solved

Active Directory Replication Issues

Posted on 2014-07-30
11
494 Views
Last Modified: 2014-08-05
All,

I am testing my AD replication, we have multiple sites, 2 in Mexico, 2 in the US (Texas and Las Vegas), and one in Switzerland.

The logs below are showing replication issues between both sites in Mexico, we have ruled out DNS, and connectivity physically speaking, can anyone help elaborate as to what I should investigate or what the issues below could be as I believe this issue is causing intermittent email delivery issues? :

Running enterprise tests on : domain.local

      Starting test: LocatorCheck

         ......................... domain.local passed test LocatorCheck

      Starting test: Intersite

         Doing intersite inbound replication test on site Schaffhausen:
         Doing intersite inbound replication test on site Texas:
         Doing intersite inbound replication test on site Hacienda:
            *Warning: Remote bridgehead GDL\GDPDC2 has some replication syncs

            failing.  It will  be 1 hours 25 minutes before the bridgehead is

            considered ineligible to be a bridgehead.
            ***Error: The remote site GDL, has no servers that can act as

            bridgeheads between the GDL and the local site Hacienda for the

            writeable NC DomainDnsZones.  Replication will not continue until

            this is resolved.
            ***Error: The remote site GDL, has no servers that can act as

            bridgeheads between the GDL and the local site Hacienda for the

            writeable NC domain.  Replication will not continue until

            this is resolved.
0
Comment
Question by:smyers051972
  • 8
  • 3
11 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 40229918
Can you run repadmin /replsum and check the result. Also did you checked the AD sites and service ndts setting, for quick solution, create one manual connector and replicate.
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230146
GDP -> HDP

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:00:42

Beginning data collection for replication summary, this may take awhile:
  .............


Source DSA          largest delta    fails/total %%   error
GDPDC1                    10m:02s    0 /  14    0
GDPDC2                    09m:57s    0 /  20    0
HDPDC1                    08m:44s    0 /  12    0
HDPDC2                    14m:11s    1 /  12    8  (2148074255) The message or
signature supplied for verification has been altered
SDPDC1                    10m:02s    0 /  12    0
SDPDC2                    09m:59s    0 /  12    0
TDPDC1                    09m:59s    0 /  12    0
TDPDC2                    09m:58s    0 /  12    0
VDPDC1                    07m:40s    0 /  10    0
VDPDC2                    10m:02s    0 /  14    0


Destination DSA     largest delta    fails/total %%   error
GDPDC1                    15m:38s    1 /  20    5  (2148074255) The message or
signature supplied for verification has been altered
GDPDC2                    08m:45s    0 /  22    0
HDPDC2                    08m:37s    0 /  12    0
VDPDC1                    10m:46s    0 /  38    0
VDPDC2                    07m:41s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC2.domain.local
          58 - TDPDC2.domain.local
          58 - SDPDC1.domain.local
          58 - TDPDC1.domain.local
        1003 - HDPDC1.mx.domain.local

C:\>
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230148
HDP -> GDP
C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:01:01

Beginning data collection for replication summary, this may take awhile:
  .............


Source DSA          largest delta    fails/total %%   error
GDPDC1                    26m:23s    1 /  20    5  (1825) A security package sp
ecific error occurred.
GDPDC2                    11m:23s    0 /  26    0
HDPDC1                    09m:03s    0 /  12    0
HDPDC2                    14m:30s    1 /  18    5  (2148074255) The message or
signature supplied for verification has been altered
SDPDC1                    10m:21s    0 /  12    0
SDPDC2                    10m:18s    0 /  12    0
TDPDC1                    10m:18s    0 /  12    0
TDPDC2                    10m:17s    0 /  12    0
VDPDC1                    07m:59s    0 /  10    0
VDPDC2                    10m:21s    0 /  14    0


Destination DSA     largest delta    fails/total %%   error
GDPDC1                    15m:58s    1 /  20    5  (2148074255) The message or
signature supplied for verification has been altered
GDPDC2                    10m:31s    0 /  22    0
HDPDC1                    27m:51s    1 /  18    5  (1825) A security package sp
ecific error occurred.
HDPDC2                    08m:57s    0 /  12    0
VDPDC1                    10m:23s    0 /  38    0
VDPDC2                    08m:00s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC1.domain.local
          58 - SDPDC2.domain.local
          58 - TDPDC1.domain.local
          58 - TDPDC2.domain.local

C:\>
0
 
LVL 41

Expert Comment

by:Amit
ID: 40230170
When you rebooted these servers last time? If long back, I suggest you to reboot and check again after some time. Not all, just DC's showing error, one at a time.
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230178
All DC's were rebooted yesterday as a matter of fact... :/
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230262
After a reboot, GDP shows this:

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:35:46

Beginning data collection for replication summary, this may take awhile:
  .............




Destination DSA     largest delta    fails/total %%   error
 GDPDC1                    02m:06s    0 /  20    0
 GDPDC2                    28m:47s    2 /  22    9  (2148074255) The message or
signature supplied for verification has been altered
 VDPDC1                    45m:50s    0 /  38    0
 VDPDC2                    42m:45s    0 /  38    0


Experienced the following operational errors trying to retrieve replication information:
          58 - SDPDC2.domain.local
          58 - TDPDC2.domain.local
          58 - SDPDC1.domain.local
          58 - TDPDC1.domain.local
 -2146893041 - HDPDC2
        1003 - HDPDC1.mx.domain.local
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230269
HDP Shows this:

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:37:13

Beginning data collection for replication summary, this may take awhile:
  .............




Destination DSA     largest delta    fails/total %%   error
GDPDC1                    03m:35s    0 /  20    0
HDPDC1                    34m:04s    7 /  18   38  (1723) The RPC server is too busy to complete this operation.
HDPDC2                    45m:10s    0 /  12    0
VDPDC1                    46m:36s    0 /  38    0
VDPDC2                    44m:12s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC1.domain.local
          58 - SDPDC2.domain.local
          58 - TDPDC1.domain.local
          58 - TDPDC2.domain.local
           5 - GDPDC2
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230431
C:\>dcdiag /test:checksecurityerror /replsource:hdpdc2

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = GDPDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: GDL\GDPDC2
      Starting test: Connectivity
         ......................... GDPDC2 passed test Connectivity

Doing primary tests

   Testing server: GDL\GDPDC2
      Starting test: CheckSecurityError
         Source DC HDPDC2 was requested for a manual security error check.  Diagnosing...
               Could not open pipe with [HDPDC2]:failed with 53: The network path was not found.
               Could not get NetBIOSDomainName
               Failed can not test for HOST SPN
               Failed can not test for HOST SPN
               [HDPDC2] An LDAP operation failed with error 31
               A device attached to the system is not functioning..
               Fatal Error: Cannot retrieve SID
         ......................... GDPDC2 failed test CheckSecurityError


   Running partition tests on : DomainDnsZones

   Running partition tests on : mx

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running enterprise tests on : domain.local
0
 
LVL 41

Expert Comment

by:Amit
ID: 40231041
run dcdiag /v
run netdiag
check logs for error
run nslookup
Did you update or installed anything recently or any other change done.
0
 
LVL 1

Accepted Solution

by:
smyers051972 earned 0 total points
ID: 40232683
Connectivity issue, resolved it myself.
0
 
LVL 1

Author Closing Comment

by:smyers051972
ID: 40240787
Problem was related to a wireless repeater on a mountain that needed a reboot.
0

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now