[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Replication from Primary DC

Posted on 2016-07-31
3
Medium Priority
?
714 Views
1 Endorsement
Last Modified: 2016-08-02
HI Guys,

At one of our clients we have following setup:

City A :  DC1  ( Primary holding FSMO roles )
City B:   DC2 ( Server 2008 R2  in a process of decommissioning )
              DC-NEW  ( Server 2012 R2 is in process of becoming the only DC for City B  after DC2 shuts down. DC roles are installed  )

Currently facing two issues which may be related ( not sure ) and may be simple but not sure what is wrong:

First:

I wanted to make sure the replication for DC-NEW is working fine so I did following:
Ran repadmin /showrepl command which showed no errors. So that's good.
Under group Policy management tried created test GPO and showed up on the other dc with no errors.
Checked by creating a new user and no errors.

Under Group Policy Management Clicked on domain.com and under Status tab after clicking detect now on the DC-NEW and it shows:

DC1 is the baseline domain controller for this domain

2 domain controller with replication in progress:
DC2   AD - ACLs and SysVol inaccessible
DC-NEW  AD - ACLs and SysVol inaccessible

When I click on inaccessible it shows me list of all GPOs but doesn't pin point whats happening.
Why is it showing in inaccessible on both secondary DCs ? should I be worried ?


SECOND:

Under AD site and services I checked Servers DC2 and DC-New NTDS settings
DC2 is showing  replicating from DC1 and DC-New
This is ideal

But the new DC-NEW  is showing only DC2 ( automatically generated ) and not DC1. Why ?
Specially because I am going to take DC1 down. Shouldn't there be DC1 automatically generated as well ? Am I missing any step here ?
I can manually add  DC1 by clicking New and add a new connection but I am curious why is it not automatically getting generated ?

Thank you all.
1
Comment
Question by:jeremy22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
Mr Tortur earned 2000 total points
ID: 41737226
Hi,

well about that FIRST :
When I click on inaccessible it shows me list of all GPOs but doesn't pin point whats happening.
Why is it showing in inaccessible on both secondary DCs ? should I be worried ?

Is there any firewall between DC1 (city A) and other DC (City B), which could be blocking gpo replications?
But I don't know this error.
Check this if by chance this is related :
https://social.technet.microsoft.com/Forums/en-US/f8287c6c-a8a4-4b06-97ed-c4cdeec84493/gpo-replication-sysvol-inaccessible?forum=winserverGP


SECOND :
But the new DC-NEW  is showing only DC2 ( automatically generated ) and not DC1. Why ?
It is normal as you have 2 sites, so there should be 2 sites configured in you AD too, and as a result AD will replicate only one DC per site with the main DC at main site. In order to not generate lot of WAN traffic.
So I think, if there is no replication between DC1 and DC new, if you check there must be one AD replication between DC1 and DC2.
If you delete DC2 one day, then an AD replication will be created between DC1 and DC new.

Shouldn't there be DC1 automatically generated as well ? Am I missing any step here ?
No, this is normal IMHO.

I can manually add  DC1 by clicking New and add a new connection but I am curious why is it not automatically getting generated ?
No you should not.

Specially because I am going to take DC1 down
Not sure if that was a typo, but you want to delete DC1 too? If so, don't forget to transfer fsmo roles properly to one remaining DC.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 41737254
Is there any error when you run dcdiag from DC-NEW  or DC2 or DC1?

What are the IP addresses on each of the DC?

Sudeep
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 41737428
Before demoting a DC I like to uncheck GC and set a different one as bridgehead.  That way it's being used as little as possible before decom.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question