Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 600
  • Last Modified:

Active Directory Replication Issues

All,

I am testing my AD replication, we have multiple sites, 2 in Mexico, 2 in the US (Texas and Las Vegas), and one in Switzerland.

The logs below are showing replication issues between both sites in Mexico, we have ruled out DNS, and connectivity physically speaking, can anyone help elaborate as to what I should investigate or what the issues below could be as I believe this issue is causing intermittent email delivery issues? :

Running enterprise tests on : domain.local

      Starting test: LocatorCheck

         ......................... domain.local passed test LocatorCheck

      Starting test: Intersite

         Doing intersite inbound replication test on site Schaffhausen:
         Doing intersite inbound replication test on site Texas:
         Doing intersite inbound replication test on site Hacienda:
            *Warning: Remote bridgehead GDL\GDPDC2 has some replication syncs

            failing.  It will  be 1 hours 25 minutes before the bridgehead is

            considered ineligible to be a bridgehead.
            ***Error: The remote site GDL, has no servers that can act as

            bridgeheads between the GDL and the local site Hacienda for the

            writeable NC DomainDnsZones.  Replication will not continue until

            this is resolved.
            ***Error: The remote site GDL, has no servers that can act as

            bridgeheads between the GDL and the local site Hacienda for the

            writeable NC domain.  Replication will not continue until

            this is resolved.
0
smyers051972
Asked:
smyers051972
  • 8
  • 3
1 Solution
 
AmitIT ArchitectCommented:
Can you run repadmin /replsum and check the result. Also did you checked the AD sites and service ndts setting, for quick solution, create one manual connector and replicate.
0
 
smyers051972Author Commented:
GDP -> HDP

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:00:42

Beginning data collection for replication summary, this may take awhile:
  .............


Source DSA          largest delta    fails/total %%   error
GDPDC1                    10m:02s    0 /  14    0
GDPDC2                    09m:57s    0 /  20    0
HDPDC1                    08m:44s    0 /  12    0
HDPDC2                    14m:11s    1 /  12    8  (2148074255) The message or
signature supplied for verification has been altered
SDPDC1                    10m:02s    0 /  12    0
SDPDC2                    09m:59s    0 /  12    0
TDPDC1                    09m:59s    0 /  12    0
TDPDC2                    09m:58s    0 /  12    0
VDPDC1                    07m:40s    0 /  10    0
VDPDC2                    10m:02s    0 /  14    0


Destination DSA     largest delta    fails/total %%   error
GDPDC1                    15m:38s    1 /  20    5  (2148074255) The message or
signature supplied for verification has been altered
GDPDC2                    08m:45s    0 /  22    0
HDPDC2                    08m:37s    0 /  12    0
VDPDC1                    10m:46s    0 /  38    0
VDPDC2                    07m:41s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC2.domain.local
          58 - TDPDC2.domain.local
          58 - SDPDC1.domain.local
          58 - TDPDC1.domain.local
        1003 - HDPDC1.mx.domain.local

C:\>
0
 
smyers051972Author Commented:
HDP -> GDP
C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:01:01

Beginning data collection for replication summary, this may take awhile:
  .............


Source DSA          largest delta    fails/total %%   error
GDPDC1                    26m:23s    1 /  20    5  (1825) A security package sp
ecific error occurred.
GDPDC2                    11m:23s    0 /  26    0
HDPDC1                    09m:03s    0 /  12    0
HDPDC2                    14m:30s    1 /  18    5  (2148074255) The message or
signature supplied for verification has been altered
SDPDC1                    10m:21s    0 /  12    0
SDPDC2                    10m:18s    0 /  12    0
TDPDC1                    10m:18s    0 /  12    0
TDPDC2                    10m:17s    0 /  12    0
VDPDC1                    07m:59s    0 /  10    0
VDPDC2                    10m:21s    0 /  14    0


Destination DSA     largest delta    fails/total %%   error
GDPDC1                    15m:58s    1 /  20    5  (2148074255) The message or
signature supplied for verification has been altered
GDPDC2                    10m:31s    0 /  22    0
HDPDC1                    27m:51s    1 /  18    5  (1825) A security package sp
ecific error occurred.
HDPDC2                    08m:57s    0 /  12    0
VDPDC1                    10m:23s    0 /  38    0
VDPDC2                    08m:00s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC1.domain.local
          58 - SDPDC2.domain.local
          58 - TDPDC1.domain.local
          58 - TDPDC2.domain.local

C:\>
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
AmitIT ArchitectCommented:
When you rebooted these servers last time? If long back, I suggest you to reboot and check again after some time. Not all, just DC's showing error, one at a time.
0
 
smyers051972Author Commented:
All DC's were rebooted yesterday as a matter of fact... :/
0
 
smyers051972Author Commented:
After a reboot, GDP shows this:

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:35:46

Beginning data collection for replication summary, this may take awhile:
  .............




Destination DSA     largest delta    fails/total %%   error
 GDPDC1                    02m:06s    0 /  20    0
 GDPDC2                    28m:47s    2 /  22    9  (2148074255) The message or
signature supplied for verification has been altered
 VDPDC1                    45m:50s    0 /  38    0
 VDPDC2                    42m:45s    0 /  38    0


Experienced the following operational errors trying to retrieve replication information:
          58 - SDPDC2.domain.local
          58 - TDPDC2.domain.local
          58 - SDPDC1.domain.local
          58 - TDPDC1.domain.local
 -2146893041 - HDPDC2
        1003 - HDPDC1.mx.domain.local
0
 
smyers051972Author Commented:
HDP Shows this:

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:37:13

Beginning data collection for replication summary, this may take awhile:
  .............




Destination DSA     largest delta    fails/total %%   error
GDPDC1                    03m:35s    0 /  20    0
HDPDC1                    34m:04s    7 /  18   38  (1723) The RPC server is too busy to complete this operation.
HDPDC2                    45m:10s    0 /  12    0
VDPDC1                    46m:36s    0 /  38    0
VDPDC2                    44m:12s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC1.domain.local
          58 - SDPDC2.domain.local
          58 - TDPDC1.domain.local
          58 - TDPDC2.domain.local
           5 - GDPDC2
0
 
smyers051972Author Commented:
C:\>dcdiag /test:checksecurityerror /replsource:hdpdc2

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = GDPDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: GDL\GDPDC2
      Starting test: Connectivity
         ......................... GDPDC2 passed test Connectivity

Doing primary tests

   Testing server: GDL\GDPDC2
      Starting test: CheckSecurityError
         Source DC HDPDC2 was requested for a manual security error check.  Diagnosing...
               Could not open pipe with [HDPDC2]:failed with 53: The network path was not found.
               Could not get NetBIOSDomainName
               Failed can not test for HOST SPN
               Failed can not test for HOST SPN
               [HDPDC2] An LDAP operation failed with error 31
               A device attached to the system is not functioning..
               Fatal Error: Cannot retrieve SID
         ......................... GDPDC2 failed test CheckSecurityError


   Running partition tests on : DomainDnsZones

   Running partition tests on : mx

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running enterprise tests on : domain.local
0
 
AmitIT ArchitectCommented:
run dcdiag /v
run netdiag
check logs for error
run nslookup
Did you update or installed anything recently or any other change done.
0
 
smyers051972Author Commented:
Connectivity issue, resolved it myself.
0
 
smyers051972Author Commented:
Problem was related to a wireless repeater on a mountain that needed a reboot.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now