?
Solved

Active Directory Replication Issues

Posted on 2014-07-30
11
Medium Priority
?
570 Views
Last Modified: 2014-08-05
All,

I am testing my AD replication, we have multiple sites, 2 in Mexico, 2 in the US (Texas and Las Vegas), and one in Switzerland.

The logs below are showing replication issues between both sites in Mexico, we have ruled out DNS, and connectivity physically speaking, can anyone help elaborate as to what I should investigate or what the issues below could be as I believe this issue is causing intermittent email delivery issues? :

Running enterprise tests on : domain.local

      Starting test: LocatorCheck

         ......................... domain.local passed test LocatorCheck

      Starting test: Intersite

         Doing intersite inbound replication test on site Schaffhausen:
         Doing intersite inbound replication test on site Texas:
         Doing intersite inbound replication test on site Hacienda:
            *Warning: Remote bridgehead GDL\GDPDC2 has some replication syncs

            failing.  It will  be 1 hours 25 minutes before the bridgehead is

            considered ineligible to be a bridgehead.
            ***Error: The remote site GDL, has no servers that can act as

            bridgeheads between the GDL and the local site Hacienda for the

            writeable NC DomainDnsZones.  Replication will not continue until

            this is resolved.
            ***Error: The remote site GDL, has no servers that can act as

            bridgeheads between the GDL and the local site Hacienda for the

            writeable NC domain.  Replication will not continue until

            this is resolved.
0
Comment
Question by:smyers051972
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
11 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 40229918
Can you run repadmin /replsum and check the result. Also did you checked the AD sites and service ndts setting, for quick solution, create one manual connector and replicate.
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230146
GDP -> HDP

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:00:42

Beginning data collection for replication summary, this may take awhile:
  .............


Source DSA          largest delta    fails/total %%   error
GDPDC1                    10m:02s    0 /  14    0
GDPDC2                    09m:57s    0 /  20    0
HDPDC1                    08m:44s    0 /  12    0
HDPDC2                    14m:11s    1 /  12    8  (2148074255) The message or
signature supplied for verification has been altered
SDPDC1                    10m:02s    0 /  12    0
SDPDC2                    09m:59s    0 /  12    0
TDPDC1                    09m:59s    0 /  12    0
TDPDC2                    09m:58s    0 /  12    0
VDPDC1                    07m:40s    0 /  10    0
VDPDC2                    10m:02s    0 /  14    0


Destination DSA     largest delta    fails/total %%   error
GDPDC1                    15m:38s    1 /  20    5  (2148074255) The message or
signature supplied for verification has been altered
GDPDC2                    08m:45s    0 /  22    0
HDPDC2                    08m:37s    0 /  12    0
VDPDC1                    10m:46s    0 /  38    0
VDPDC2                    07m:41s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC2.domain.local
          58 - TDPDC2.domain.local
          58 - SDPDC1.domain.local
          58 - TDPDC1.domain.local
        1003 - HDPDC1.mx.domain.local

C:\>
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230148
HDP -> GDP
C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:01:01

Beginning data collection for replication summary, this may take awhile:
  .............


Source DSA          largest delta    fails/total %%   error
GDPDC1                    26m:23s    1 /  20    5  (1825) A security package sp
ecific error occurred.
GDPDC2                    11m:23s    0 /  26    0
HDPDC1                    09m:03s    0 /  12    0
HDPDC2                    14m:30s    1 /  18    5  (2148074255) The message or
signature supplied for verification has been altered
SDPDC1                    10m:21s    0 /  12    0
SDPDC2                    10m:18s    0 /  12    0
TDPDC1                    10m:18s    0 /  12    0
TDPDC2                    10m:17s    0 /  12    0
VDPDC1                    07m:59s    0 /  10    0
VDPDC2                    10m:21s    0 /  14    0


Destination DSA     largest delta    fails/total %%   error
GDPDC1                    15m:58s    1 /  20    5  (2148074255) The message or
signature supplied for verification has been altered
GDPDC2                    10m:31s    0 /  22    0
HDPDC1                    27m:51s    1 /  18    5  (1825) A security package sp
ecific error occurred.
HDPDC2                    08m:57s    0 /  12    0
VDPDC1                    10m:23s    0 /  38    0
VDPDC2                    08m:00s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC1.domain.local
          58 - SDPDC2.domain.local
          58 - TDPDC1.domain.local
          58 - TDPDC2.domain.local

C:\>
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 44

Expert Comment

by:Amit
ID: 40230170
When you rebooted these servers last time? If long back, I suggest you to reboot and check again after some time. Not all, just DC's showing error, one at a time.
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230178
All DC's were rebooted yesterday as a matter of fact... :/
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230262
After a reboot, GDP shows this:

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:35:46

Beginning data collection for replication summary, this may take awhile:
  .............




Destination DSA     largest delta    fails/total %%   error
 GDPDC1                    02m:06s    0 /  20    0
 GDPDC2                    28m:47s    2 /  22    9  (2148074255) The message or
signature supplied for verification has been altered
 VDPDC1                    45m:50s    0 /  38    0
 VDPDC2                    42m:45s    0 /  38    0


Experienced the following operational errors trying to retrieve replication information:
          58 - SDPDC2.domain.local
          58 - TDPDC2.domain.local
          58 - SDPDC1.domain.local
          58 - TDPDC1.domain.local
 -2146893041 - HDPDC2
        1003 - HDPDC1.mx.domain.local
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230269
HDP Shows this:

C:\>repadmin /replsum
Replication Summary Start Time: 2014-07-30 15:37:13

Beginning data collection for replication summary, this may take awhile:
  .............




Destination DSA     largest delta    fails/total %%   error
GDPDC1                    03m:35s    0 /  20    0
HDPDC1                    34m:04s    7 /  18   38  (1723) The RPC server is too busy to complete this operation.
HDPDC2                    45m:10s    0 /  12    0
VDPDC1                    46m:36s    0 /  38    0
VDPDC2                    44m:12s    0 /  38    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - SDPDC1.domain.local
          58 - SDPDC2.domain.local
          58 - TDPDC1.domain.local
          58 - TDPDC2.domain.local
           5 - GDPDC2
0
 
LVL 1

Author Comment

by:smyers051972
ID: 40230431
C:\>dcdiag /test:checksecurityerror /replsource:hdpdc2

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = GDPDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: GDL\GDPDC2
      Starting test: Connectivity
         ......................... GDPDC2 passed test Connectivity

Doing primary tests

   Testing server: GDL\GDPDC2
      Starting test: CheckSecurityError
         Source DC HDPDC2 was requested for a manual security error check.  Diagnosing...
               Could not open pipe with [HDPDC2]:failed with 53: The network path was not found.
               Could not get NetBIOSDomainName
               Failed can not test for HOST SPN
               Failed can not test for HOST SPN
               [HDPDC2] An LDAP operation failed with error 31
               A device attached to the system is not functioning..
               Fatal Error: Cannot retrieve SID
         ......................... GDPDC2 failed test CheckSecurityError


   Running partition tests on : DomainDnsZones

   Running partition tests on : mx

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running enterprise tests on : domain.local
0
 
LVL 44

Expert Comment

by:Amit
ID: 40231041
run dcdiag /v
run netdiag
check logs for error
run nslookup
Did you update or installed anything recently or any other change done.
0
 
LVL 1

Accepted Solution

by:
smyers051972 earned 0 total points
ID: 40232683
Connectivity issue, resolved it myself.
0
 
LVL 1

Author Closing Comment

by:smyers051972
ID: 40240787
Problem was related to a wireless repeater on a mountain that needed a reboot.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month13 days, 8 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question