asked on

AD Errors and Replication

I haven't touched my DC's in a while, they are 2008 and I thought I'd deploy some new ones on 2012 R2 and migrate. Ran into an error, that appears to be on ARDC2 . I've attached the results of repadmin /showreps (ran from both machines), looks like it has been having issues since June. It appears to be related to ardc2. I tested the normal things, nslook and ping all look good to ardc2. However when I try to just browse to \\ardc2 it cannot find that machine. I can browse to \\ardc fine and see the netlogon and sysvol shares. So something is definitely up with 2.

ARDC has all the FSMO roles, so my first reaction was to just demote 2 (since that is the goal once I get the new 2012 boxes going), but if there is a way I can re-establish communication before demoting it I would feel better.

results repadmin /showreps from ARDC

Default-First-Site-Name\ARDC

DSA Options: IS_GC 

Site Options: (none)

DSA object GUID: 9182ab87-4ba8-4c67-ae9b-94326af7f9ad

DSA invocationID: fc3f686d-3c2c-44af-8b42-05b7c364f6b0



==== INBOUND NEIGHBORS ======================================



DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC2 via RPC

        DSA object GUID: 62638e39-7c88-4469-b194-65effcdf2a18

        Last attempt @ 2017-10-18 14:05:23 failed, result 1722 (0x6ba):

            The RPC server is unavailable.

        443764 consecutive failure(s).

        Last success @ 2017-06-15 03:21:10.



CN=Configuration,DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC2 via RPC

        DSA object GUID: 62638e39-7c88-4469-b194-65effcdf2a18

        Last attempt @ 2017-10-18 13:56:31 failed, result 1722 (0x6ba):

            The RPC server is unavailable.

        3128 consecutive failure(s).

        Last success @ 2017-06-15 02:45:24.



CN=Schema,CN=Configuration,DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC2 via RPC

        DSA object GUID: 62638e39-7c88-4469-b194-65effcdf2a18

        Last attempt @ 2017-10-18 13:56:52 failed, result 1722 (0x6ba):

            The RPC server is unavailable.

        3119 consecutive failure(s).

        Last success @ 2017-06-15 02:45:24.



DC=DomainDnsZones,DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC2 via RPC

        DSA object GUID: 62638e39-7c88-4469-b194-65effcdf2a18

        Last attempt @ 2017-10-18 13:56:10 failed, result 1256 (0x4e8):

            The remote system is not available. For information about network troubleshooting, see Windows Help.

        4293 consecutive failure(s).

        Last success @ 2017-06-15 02:45:25.



DC=ForestDnsZones,DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC2 via RPC

        DSA object GUID: 62638e39-7c88-4469-b194-65effcdf2a18

        Last attempt @ 2017-10-18 13:56:10 failed, result 1256 (0x4e8):

            The remote system is not available. For information about network troubleshooting, see Windows Help.

        3122 consecutive failure(s).

        Last success @ 2017-06-15 02:45:25.



Source: Default-First-Site-Name\ARDC2

******* 443736 CONSECUTIVE FAILURES since 2017-06-15 03:21:10

Last error: 1722 (0x6ba):

            The RPC server is unavailable.

Open in new window

results repadmin /showreps from ARDC2

Default-First-Site-Name\ARDC2

DSA Options: IS_GC 

Site Options: (none)

DSA object GUID: 62638e39-7c88-4469-b194-65effcdf2a18

DSA invocationID: 237a952e-2318-4c32-a27d-8ad8d7e5dd14



==== INBOUND NEIGHBORS ======================================



DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC via RPC

        DSA object GUID: 9182ab87-4ba8-4c67-ae9b-94326af7f9ad

        Last attempt @ 2017-10-18 13:51:33 was successful.



CN=Configuration,DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC via RPC

        DSA object GUID: 9182ab87-4ba8-4c67-ae9b-94326af7f9ad

        Last attempt @ 2017-10-18 13:51:32 was successful.



CN=Schema,CN=Configuration,DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC via RPC

        DSA object GUID: 9182ab87-4ba8-4c67-ae9b-94326af7f9ad

        Last attempt @ 2017-10-18 13:51:32 was successful.



DC=DomainDnsZones,DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC via RPC

        DSA object GUID: 9182ab87-4ba8-4c67-ae9b-94326af7f9ad

        Last attempt @ 2017-10-18 13:51:33 was successful.



DC=ForestDnsZones,DC=alanritchey,DC=loc

    Default-First-Site-Name\ARDC via RPC

        DSA object GUID: 9182ab87-4ba8-4c67-ae9b-94326af7f9ad

        Last attempt @ 2017-10-18 13:51:33 was successful.

Open in new window

bhieb

ASKER

Little more info. They are both DNS servers as well, they have and ipconfig that points to the other as dns1 and themselves as dns2.

They are on the same subnet.

RPC , netlogon,and keybrose services are all started.

bhieb

ASKER

Results of netdom query fsmo (same from both)

Schema master               ARDC.alanritchey.loc
Domain naming master        ARDC.alanritchey.loc
PDC                         ARDC.alanritchey.loc
RID pool manager            ARDC.alanritchey.loc
Infrastructure master       ARDC.alanritchey.loc
The command completed successfully.

Open in new window

Shaun Vermaak

Stop KDC on non-PDCe and do a NETDOM RESETPWD
https://support.microsoft.com/en-za/help/325850/how-to-use-netdom-exe-to-reset-machine-account-passwords-of-a-windows

bhieb

ASKER

No luck. I still cannot even browse to \\ardc2 (the win firewall is off) , also I found this in the File Replication Service Log. Once i saw a cannot resolve DNS ardc2.alanritchey.loc event, even though a NSLOOKUP works fine.

The File Replication Service is having trouble enabling replication from ARDC to ARDC2 for c:\windows\sysvol\domain using the DNS name ARDC.alanritchey.loc. FRS will keep retrying. 
 Following are some of the reasons you would see this warning. 
 
 [1] FRS can not correctly resolve the DNS name ARDC.alanritchey.loc from this computer. 
 [2] FRS is not running on ARDC.alanritchey.loc. 
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. 
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Open in new window

bhieb

ASKER

One more thing even though this screams to me DNS, I also cannot browse to it via IP \\192.168.0.xxx

bhieb

ASKER

Ok so I solved the browsing issue, the Computer Browser service had been disabled. Still getting RPC Server is unavailable.

bhieb

ASKER

strike that the service was down, but still can't browse.

bhieb

ASKER

maybe this will help attached are the results of DCDIAG /TEST:DNS /V /E from both ardc and ardc2. ardc2 runs with no errors, ardc is full of issues.
ARDC_dcdiagdns.txt
ARDC2_dcdiagdns.txt

bhieb

ASKER

FYI I also tried your instructions on ARDC once did it on ARDC2 just to see if the computer account there might be an issue.

bhieb

ASKER

any others want to chime in? Opening a ticket in 2 days with MS if I can't figure it out.

ASKER CERTIFIED SOLUTION

bhieb

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

bhieb

ASKER

No fix found.