Solved

AD replication issues

Posted on 2014-12-18
3
327 Views
Last Modified: 2015-01-05
Hello Experts,

I have a customer who is been running into some replication issues for a while. After running DCDIAG, we have discovered following errors.

The company has 16 sites, and is facing different GPO issues, most likely is caused by this FRS replication issues. Please see the logs below.

Forest/Domain functional level 2008 R2

DCs: Windows 2008 R2

So far, replication issues found on 3 Domain controllers

Can anyone provide me instructions step-by-step to fix this replication issues? Provide as much details as you can. I can provide the DCdiaglog and replmon if required, but basically you will see same information below

Please see each error and their corresponding code

From JAX00-dcdiag
Starting test: FrsEvent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         A warning event occurred.  EventID: 0x800034C4
            Time Generated: 12/17/2014   02:05:15
            Event String:
            The File Replication Service is having trouble enabling replication from HOU1 to JAX00 for c:\windows\sysvol\domain using the DNS name HOU1.domaincompany.com. FRS will keep retrying.  
             Following are some of the reasons you would see this warning.  
             
             [1] FRS can not correctly resolve the DNS name HOU1.domaincompany.com from this computer.  
             [2] FRS is not running on HOU1.domaincompany.com.  
             [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.  
             
             This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
         A warning event occurred.  EventID: 0x800034C4
            Time Generated: 12/17/2014   11:10:40
            Event String:
            The File Replication Service is having trouble enabling replication from JUP1 to JAX00 for c:\windows\sysvol\domain using the DNS name JUP1.domaincompany.com. FRS will keep retrying.  
             Following are some of the reasons you would see this warning.  
             
             [1] FRS can not correctly resolve the DNS name JUP1.domaincompany.com from this computer.  
             [2] FRS is not running on JUP1.domaincompany.com.  
             [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.  
             
             This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
         ......................... JAX00 passed test FrsEvent
Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=domaincompany,DC=com
               Latency information for 55 entries in the vector were ignored.
                  55 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=domaincompany,DC=com
               Latency information for 55 entries in the vector were ignored.
                  55 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=domaincompany,DC=com
               Latency information for 85 entries in the vector were ignored.
                  85 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=domaincompany,DC=com
               Latency information for 85 entries in the vector were ignored.
                  85 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=domaincompany,DC=com
               Latency information for 85 entries in the vector were ignored.
                  85 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... JAX00 passed test Replications

tarting test: SystemLog
         * The System Event log test
         An error event occurred.  EventID: 0x000016AD
            Time Generated: 12/17/2014   13:38:56
            Event String:
            The session setup from the computer JAX4921 failed to authenticate. The following error occurred:  
            Access is denied.
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 12/17/2014   13:57:38
            Event String:
            The session setup from computer 'JX1906VM' failed because the security database does not contain a trust account 'JX1906VM$' referenced by the specified computer.  
             
            USER ACTION  
            If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'JX1906VM$' is a legitimate machine account for the computer 'JX1906VM' then 'JX1906VM' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  
             
            If 'JX1906VM$' is a legitimate machine account for the computer 'JX1906VM', then 'JX1906VM' should be rejoined to the domain.  
             
            If 'JX1906VM$' is a legitimate interdomain trust account, then the trust should be recreated.  
             
            Otherwise, assuming that 'JX1906VM$' is not a legitimate account, the following action should be taken on 'JX1906VM':  
             
            If 'JX1906VM' is a Domain Controller, then the trust associated with 'JX1906VM$' should be deleted.  
             
            If 'JX1906VM' is not a Domain Controller, it should be disjoined from the domain.
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 12/17/2014   13:57:51
            Event String:
            The session setup from computer 'JX8581' failed because the security database does not contain a trust account 'JX8581$' referenced by the specified computer.  
             
            USER ACTION  
            If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'JX8581$' is a legitimate machine account for the computer 'JX8581' then 'JX8581' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  
             
            If 'JX8581$' is a legitimate machine account for the computer 'JX8581', then 'JX8581' should be rejoined to the domain.  
             
            If 'JX8581$' is a legitimate interdomain trust account, then the trust should be recreated.  
             
            Otherwise, assuming that 'JX8581$' is not a legitimate account, the following action should be taken on 'JX8581':  
             
            If 'JX8581' is a Domain Controller, then the trust associated with 'JX8581$' should be deleted.  
             
            If 'JX8581' is not a Domain Controller, it should be disjoined from the domain.
         ......................... JAX00 failed test SystemLog
0
Comment
Question by:Jerry Seinfield
  • 2
3 Comments
 
LVL 4

Expert Comment

by:Sabi Goraya
ID: 40508285
Hi
As you would imagine due to the complexity of the setup i can provide you my initial though on the issue rather than a straight answer.
here we go.

From the initial look at th error looks like the common cause of replication failure is JAX00
Replication depends on DNS and hence the first thing to test is: are you able to resolve the JAX00 FQDN from  JUP1 and HOU1?

Also is the replication service running on JAX00 and as a matter on fact on other server?
0
 
LVL 4

Accepted Solution

by:
Sabi Goraya earned 500 total points
ID: 40508309
Also

Most of the time it is DNS misconfig or network connectivity issue.
1.Check the DNS setting on the Server's it should point to itself assuming DNS role is installed on the server.If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.
If 127.0.0.1 is entered as dns remove the same and add ip address.Add alternate DNS setting.

2.Check NIC binding the NIC which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.

3.Run ipconfig /flushdns and ipconfig /registerdns.Restart the netlogon and DNS service

4.Check the windows firewall is disabled.

5.Run repadmin /syncall /AdeP on all DC to force the replication
6.Once done ran dcdiag /q  and repadmin /replsum to check for any errors and post the same

7.Check the firewall ports.http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx
0
 

Author Comment

by:Jerry Seinfield
ID: 40521129
Hello Sabi,

I did check all DNS servers and everything seems to be OK. no public IPs are being used or the 127.0.0.1

Ipconfig/flushdns and IP config/registerDNS ran, and both services restarted

Windows firewall is disabled

Any other ideas?

Can someone else provide me with an action plan to resolve this issue?
0

Join & Write a Comment

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now