Active Directory Replication Issues

All,

I am testing my AD replication, we have multiple sites, 2 in Mexico, 2 in the US (Texas and Las Vegas), and one in Switzerland.

The logs below are showing replication issues between both sites in Mexico, we have ruled out DNS, and connectivity physically speaking, can anyone help elaborate as to what I should investigate or what the issues below could be as I believe this issue is causing intermittent email delivery issues? :

Running enterprise tests on : domain.local

      Starting test: LocatorCheck

         ......................... domain.local passed test LocatorCheck

      Starting test: Intersite

         Doing intersite inbound replication test on site Schaffhausen:
         Doing intersite inbound replication test on site Texas:
         Doing intersite inbound replication test on site Hacienda:
            *Warning: Remote bridgehead GDL\GDPDC2 has some replication syncs

            failing.  It will  be 1 hours 25 minutes before the bridgehead is

            considered ineligible to be a bridgehead.
            ***Error: The remote site GDL, has no servers that can act as

            bridgeheads between the GDL and the local site Hacienda for the

            writeable NC DomainDnsZones.  Replication will not continue until

            this is resolved.
            ***Error: The remote site GDL, has no servers that can act as

            bridgeheads between the GDL and the local site Hacienda for the

            writeable NC domain.  Replication will not continue until

            this is resolved.
LVL 1
smyers051972Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Can you run repadmin /replsum and check the result. Also did you checked the AD sites and service ndts setting, for quick solution, create one manual connector and replicate.
0
smyers051972Author Commented:
GDP -> HDP

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:00:42

Beginning data collection for replication summary, this may take awhile:
  .............


Source DSA          largest delta    fails/total %%   error
GDPDC1                    10m:02s    0 /  14    0
GDPDC2                    09m:57s    0 /  20    0
HDPDC1                    08m:44s    0 /  12    0
HDPDC2                    14m:11s    1 /  12    8  (2148074255) The message or
signature supplied for verification has been altered
SDPDC1                    10m:02s    0 /  12    0
SDPDC2                    09m:59s    0 /  12    0
TDPDC1                    09m:59s    0 /  12    0
TDPDC2                    09m:58s    0 /  12    0
VDPDC1                    07m:40s    0 /  10    0
VDPDC2                    10m:02s    0 /  14    0


Destination DSA     largest delta    fails/total %%   error
GDPDC1                    15m:38s    1 /  20    5  (2148074255) The message or
signature supplied for verification has been altered
GDPDC2                    08m:45s    0 /  22    0
HDPDC2                    08m:37s    0 /  12    0
VDPDC1                    10m:46s    0 /  38    0
VDPDC2                    07m:41s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC2.domain.local
          58 - TDPDC2.domain.local
          58 - SDPDC1.domain.local
          58 - TDPDC1.domain.local
        1003 - HDPDC1.mx.domain.local

C:\>
0
smyers051972Author Commented:
HDP -> GDP
C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:01:01

Beginning data collection for replication summary, this may take awhile:
  .............


Source DSA          largest delta    fails/total %%   error
GDPDC1                    26m:23s    1 /  20    5  (1825) A security package sp
ecific error occurred.
GDPDC2                    11m:23s    0 /  26    0
HDPDC1                    09m:03s    0 /  12    0
HDPDC2                    14m:30s    1 /  18    5  (2148074255) The message or
signature supplied for verification has been altered
SDPDC1                    10m:21s    0 /  12    0
SDPDC2                    10m:18s    0 /  12    0
TDPDC1                    10m:18s    0 /  12    0
TDPDC2                    10m:17s    0 /  12    0
VDPDC1                    07m:59s    0 /  10    0
VDPDC2                    10m:21s    0 /  14    0


Destination DSA     largest delta    fails/total %%   error
GDPDC1                    15m:58s    1 /  20    5  (2148074255) The message or
signature supplied for verification has been altered
GDPDC2                    10m:31s    0 /  22    0
HDPDC1                    27m:51s    1 /  18    5  (1825) A security package sp
ecific error occurred.
HDPDC2                    08m:57s    0 /  12    0
VDPDC1                    10m:23s    0 /  38    0
VDPDC2                    08m:00s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC1.domain.local
          58 - SDPDC2.domain.local
          58 - TDPDC1.domain.local
          58 - TDPDC2.domain.local

C:\>
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

AmitIT ArchitectCommented:
When you rebooted these servers last time? If long back, I suggest you to reboot and check again after some time. Not all, just DC's showing error, one at a time.
0
smyers051972Author Commented:
All DC's were rebooted yesterday as a matter of fact... :/
0
smyers051972Author Commented:
After a reboot, GDP shows this:

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:35:46

Beginning data collection for replication summary, this may take awhile:
  .............




Destination DSA     largest delta    fails/total %%   error
 GDPDC1                    02m:06s    0 /  20    0
 GDPDC2                    28m:47s    2 /  22    9  (2148074255) The message or
signature supplied for verification has been altered
 VDPDC1                    45m:50s    0 /  38    0
 VDPDC2                    42m:45s    0 /  38    0


Experienced the following operational errors trying to retrieve replication information:
          58 - SDPDC2.domain.local
          58 - TDPDC2.domain.local
          58 - SDPDC1.domain.local
          58 - TDPDC1.domain.local
 -2146893041 - HDPDC2
        1003 - HDPDC1.mx.domain.local
0
smyers051972Author Commented:
HDP Shows this:

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:37:13

Beginning data collection for replication summary, this may take awhile:
  .............




Destination DSA     largest delta    fails/total %%   error
GDPDC1                    03m:35s    0 /  20    0
HDPDC1                    34m:04s    7 /  18   38  (1723) The RPC server is too busy to complete this operation.
HDPDC2                    45m:10s    0 /  12    0
VDPDC1                    46m:36s    0 /  38    0
VDPDC2                    44m:12s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC1.domain.local
          58 - SDPDC2.domain.local
          58 - TDPDC1.domain.local
          58 - TDPDC2.domain.local
           5 - GDPDC2
0
smyers051972Author Commented:
C:\>dcdiag /test:checksecurityerror /replsource:hdpdc2

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = GDPDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: GDL\GDPDC2
      Starting test: Connectivity
         ......................... GDPDC2 passed test Connectivity

Doing primary tests

   Testing server: GDL\GDPDC2
      Starting test: CheckSecurityError
         Source DC HDPDC2 was requested for a manual security error check.  Diagnosing...
               Could not open pipe with [HDPDC2]:failed with 53: The network path was not found.
               Could not get NetBIOSDomainName
               Failed can not test for HOST SPN
               Failed can not test for HOST SPN
               [HDPDC2] An LDAP operation failed with error 31
               A device attached to the system is not functioning..
               Fatal Error: Cannot retrieve SID
         ......................... GDPDC2 failed test CheckSecurityError


   Running partition tests on : DomainDnsZones

   Running partition tests on : mx

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running enterprise tests on : domain.local
0
AmitIT ArchitectCommented:
run dcdiag /v
run netdiag
check logs for error
run nslookup
Did you update or installed anything recently or any other change done.
0
smyers051972Author Commented:
Connectivity issue, resolved it myself.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
smyers051972Author Commented:
Problem was related to a wireless repeater on a mountain that needed a reboot.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.