Experienced the following operational errors trying to retrieve replication information

Hi people,

When I'm executing the repadmin /replsum command in one of my Win 2012 R2 DC/GC somehow I can see there is one line of error message that I don't understand:

Experienced the following operational errors trying to retrieve replication information:
          58 - 9f90702b-2983-4601-bb73-5f6fe88f79c2._msdcs.MyDomain.com

Open in new window


what is that means or should I be worry about it ?
LVL 11
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
This kind of error usually occurs when communications are failing to even retrieve replication information from active directory. Look into DNS, RPC, and WMI communications failing it bring blocked.
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, what about the AD sites, Does it have to be in the same AD sites or can be different ?

the server can still ping each other.
DeadmanIT ConsultantCommented:
Try Dcdiag to see if there are any errors reported from the endpoint mapper.

Make sure your firewall rules are not blocking communication between your domain controllers.

check below link settings with your dc controllers
https://citruspk.wordpress.com/2012/11/29/active-directory-replication/
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Will SzymkowskiSenior Solution ArchitectCommented:
58 - 9f90702b-2983-4601-bb73-5f6fe88f79c2._msdcs.MyDomain.com
Based on the error message above this clearly indicates a missing SRV record in the _msdcs.domain.com folder as it is referencing the GUID. Try restarting the Netlogon service and run the command again.

Also, if the above does not work I would suggest going through all of the subfolder for each service gc, pdc, dc, domains also DomainDnsZones and ForestDnsZones as well to ensure there are no orphaned objects listed. If there are any entries that point to an old DC that may not have been removed properly delete it.

Also check Sites and Services to ensure there are no computer objects from old DC's as well.

Will.
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, do you mean restarting the NETLOGON service in the affected DC where it is failing running the DCDiag command ?

and then find the missing entry of that DC in the  _msdcs.domain.com folder
Will SzymkowskiSenior Solution ArchitectCommented:
ok, do you mean restarting the NETLOGON service in the affected DC where it is failing running the DCDiag command ?

 and then find the missing entry of that DC in the  _msdcs.domain.com folder

That is correct. Usually when a GUID is present and not the friendly name most cases it is due to the entry not being present anymore (deleted). Some cases is that it cannot be read properly because of the Netlogon service is not functioning properly.

Delete objects is the more probable cause, I find.

Will.
Senior IT System EngineerIT ProfessionalAuthor Commented:
Will,

Thanks for the pointer. After browsing to the domain.com\_msdcs\gc folder from the DNS console:

I couldn't found the name of the DC where I got the error when running the repadmin /replsum command earlier.

I also found some offline entries from the old DC that has been turned off, so my question:

1. For the old DC: Can I safely delete the old entries on that folder ? gc._msdcs.domain.com
2. For the existing DC where I cannot find the IP address, how can I add the Host (A) entry ? because all of the other entries got timestamp on it ? so it must be automated somehow.
Senior IT System EngineerIT ProfessionalAuthor Commented:
I have not enabled the DNS scavenging options in all of my DC/DNS servers.
Could this be the issue ?
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, I have just rebooted the whole server and then wait for few minutes to perform the DCDIAG /V /C /D command, somehow I still find the below error:

FYI from the network adapter of this server:
192.168.235.10 - this server itself and Primary DNS server in the SiteOffice2 AD site
192.168.2.2 - Secondary DNS server in the Data Center AD site

	Error: Record registrations cannot be found for all the network adapters

	 Warning: 
	 Missing SRV record at DNS server 192.168.2.2:
	 _kerberos._udp.domain.com
	 
	 Warning: 
	 Missing SRV record at DNS server 192.168.2.2:
	 _kpasswd._tcp.domain.com

	 Error: 
	 Missing SRV record at DNS server 192.168.2.2:
	 _gc._tcp.SiteOffice2._sites.domain.com
	 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Open in new window

Senior IT System EngineerIT ProfessionalAuthor Commented:
Can I manually add the missing SRV records pointing back to the DC where I got this problem ?
Will SzymkowskiSenior Solution ArchitectCommented:
If it was deleted manually you can recreate them. Take a look a the below TechNet for proper syntax.
https://technet.microsoft.com/en-us/library/ff793405.aspx

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.