Tracy Strub
asked on
Remote DC Connection issue
Hi all,
We have run into an issue where our DC in the Seattle office has started having some serious connection issues with our main office.
We have a static tunnel that connects the two sites and general connectivity seems unaffected, but within the past couple of weeks we are finding a number of issues, including replication errors, dns resolution problems from the Seattle site.
A quick check of the firewalls shows no ports blocked and full access should be possible. However, looking at a dcdiag of the Seattle dc (leseadc01) shows a multitude of problems. Would be very interested in hearing how others would organize and tackle this issue. Does it make sense to create a secondary DC in the office as well? I have attached the dcdiag output and look forward to any advice anyone may have.
Thanks
TS
leseadc01-dcdiag
We have run into an issue where our DC in the Seattle office has started having some serious connection issues with our main office.
We have a static tunnel that connects the two sites and general connectivity seems unaffected, but within the past couple of weeks we are finding a number of issues, including replication errors, dns resolution problems from the Seattle site.
A quick check of the firewalls shows no ports blocked and full access should be possible. However, looking at a dcdiag of the Seattle dc (leseadc01) shows a multitude of problems. Would be very interested in hearing how others would organize and tackle this issue. Does it make sense to create a secondary DC in the office as well? I have attached the dcdiag output and look forward to any advice anyone may have.
Thanks
TS
leseadc01-dcdiag
ASKER
Thanks - yeah, the LEDC01 was our very old, soon-to-be retired 2003 box - appreciate the assistance!
ASKER
I believe that dns issues are a major part of the issue. When I run an repadmin command to sync, I receive this:
CALLBACK MESSAGE: The following replication is in progress:
From: CN=NTDS Settings,CN=LE-DC-01,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LE-DC-01,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: The following replication is in progress:
From: CN=NTDS Settings,CN=LE-DC-02,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LE-DC-02,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: SyncAll Finished.
SyncAll reported the following errors:
Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LEDC01,CN=Serv
uration,DC=Company,DC=com
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LE-DC-01,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LE-DC-02,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: The following replication is in progress:
From: CN=NTDS Settings,CN=LE-DC-01,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LE-DC-01,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: The following replication is in progress:
From: CN=NTDS Settings,CN=LE-DC-02,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LE-DC-02,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
CALLBACK MESSAGE: SyncAll Finished.
SyncAll reported the following errors:
Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LEDC01,CN=Serv
uration,DC=Company,DC=com
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LE-DC-01,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
Error issuing replication: 8452 (0x2104):
The naming context is in the process of being removed or is not replicated f
rom the specified server.
From: CN=NTDS Settings,CN=LE-DC-02,CN=Se
iguration,DC=Company,DC=co
To : CN=NTDS Settings,CN=LESEADC01,CN=S
guration,DC=Company,DC=com
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks all for your input - I have spent some more time reviewing the remote DC and have discovered that at some point, somebody had installed an AV product on the box. When I removed this, the DC began resolving and was able to establish healthy replication with the other DCs.
It goes without saying that I am going to make sure the word is put out that we will not be touching this box with in this regard in the future. Thanks again.
It goes without saying that I am going to make sure the word is put out that we will not be touching this box with in this regard in the future. Thanks again.
I'm glad you found the problem.
Please close the question as you feel appropriate.
Please close the question as you feel appropriate.
I would just go through things methodically. Search for info on each error you see in dcdiag. Also check event logs. Then start verifying information (like DNS, SPNs, etc), starting with the simplest first. A useful tool is the AD Replication Status Tool -
https://www.microsoft.com/en-us/download/details.aspx?id=30005
Helps point you to KBs for errors found.
I doubt that adding another DC to the mix would help. Unless one was corrupt and needed to be removed, a new one would most likely just inherit any problems that already exist.