We help IT Professionals succeed at work.

Experienced the following operational errors trying to retrieve replication information

Hi people,

When I'm executing the repadmin /replsum command in one of my Win 2012 R2 DC/GC somehow I can see there is one line of error message that I don't understand:

Experienced the following operational errors trying to retrieve replication information:
          58 - 9f90702b-2983-4601-bb73-5f6fe88f79c2._msdcs.MyDomain.com

Open in new window


what is that means or should I be worry about it ?
Comment
Watch Question

Distinguished Expert 2018
Commented:
This kind of error usually occurs when communications are failing to even retrieve replication information from active directory. Look into DNS, RPC, and WMI communications failing it bring blocked.

Author

Commented:
ok, what about the AD sites, Does it have to be in the same AD sites or can be different ?

the server can still ping each other.
DeadmanIT Consultant
Commented:
Try Dcdiag to see if there are any errors reported from the endpoint mapper.

Make sure your firewall rules are not blocking communication between your domain controllers.

check below link settings with your dc controllers
https://citruspk.wordpress.com/2012/11/29/active-directory-replication/
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
58 - 9f90702b-2983-4601-bb73-5f6fe88f79c2._msdcs.MyDomain.com
Based on the error message above this clearly indicates a missing SRV record in the _msdcs.domain.com folder as it is referencing the GUID. Try restarting the Netlogon service and run the command again.

Also, if the above does not work I would suggest going through all of the subfolder for each service gc, pdc, dc, domains also DomainDnsZones and ForestDnsZones as well to ensure there are no orphaned objects listed. If there are any entries that point to an old DC that may not have been removed properly delete it.

Also check Sites and Services to ensure there are no computer objects from old DC's as well.

Will.

Author

Commented:
ok, do you mean restarting the NETLOGON service in the affected DC where it is failing running the DCDiag command ?

and then find the missing entry of that DC in the  _msdcs.domain.com folder
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
ok, do you mean restarting the NETLOGON service in the affected DC where it is failing running the DCDiag command ?

 and then find the missing entry of that DC in the  _msdcs.domain.com folder

That is correct. Usually when a GUID is present and not the friendly name most cases it is due to the entry not being present anymore (deleted). Some cases is that it cannot be read properly because of the Netlogon service is not functioning properly.

Delete objects is the more probable cause, I find.

Will.

Author

Commented:
Will,

Thanks for the pointer. After browsing to the domain.com\_msdcs\gc folder from the DNS console:

I couldn't found the name of the DC where I got the error when running the repadmin /replsum command earlier.

I also found some offline entries from the old DC that has been turned off, so my question:

1. For the old DC: Can I safely delete the old entries on that folder ? gc._msdcs.domain.com
2. For the existing DC where I cannot find the IP address, how can I add the Host (A) entry ? because all of the other entries got timestamp on it ? so it must be automated somehow.

Author

Commented:
I have not enabled the DNS scavenging options in all of my DC/DNS servers.
Could this be the issue ?

Author

Commented:
ok, I have just rebooted the whole server and then wait for few minutes to perform the DCDIAG /V /C /D command, somehow I still find the below error:

FYI from the network adapter of this server:
192.168.235.10 - this server itself and Primary DNS server in the SiteOffice2 AD site
192.168.2.2 - Secondary DNS server in the Data Center AD site

	Error: Record registrations cannot be found for all the network adapters

	 Warning: 
	 Missing SRV record at DNS server 192.168.2.2:
	 _kerberos._udp.domain.com
	 
	 Warning: 
	 Missing SRV record at DNS server 192.168.2.2:
	 _kpasswd._tcp.domain.com

	 Error: 
	 Missing SRV record at DNS server 192.168.2.2:
	 _gc._tcp.SiteOffice2._sites.domain.com
	 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Open in new window

Author

Commented:
Can I manually add the missing SRV records pointing back to the DC where I got this problem ?
Senior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
If it was deleted manually you can recreate them. Take a look a the below TechNet for proper syntax.
https://technet.microsoft.com/en-us/library/ff793405.aspx

Will.

Author

Commented:
Thanks !