Jimbo Jones
asked on
Help with AD RODC replication issues
Hi,
Hoping to get some help with a new RODC that I have deployed.
I think it has replication issues, and is not functioning correctly.
DCDIAG is showing -
A recent replication attempt failed
Starting test: Replications
[Replications Check,XX2] A recent replication attempt
failed:
From XX1 to XX2
Naming Context: DC=ForestDnsZones,DC=XXX,D
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2018-11-19 13:23:18.
The last success occurred at 2018-11-19 10:12:26.
12 failures have occurred since the last success.
There are other errors in dcdiag with KCC & group policy on this RODC. But I thought I would start here.
Any assistance would be great.
Thanks
Hoping to get some help with a new RODC that I have deployed.
I think it has replication issues, and is not functioning correctly.
DCDIAG is showing -
A recent replication attempt failed
Starting test: Replications
[Replications Check,XX2] A recent replication attempt
failed:
From XX1 to XX2
Naming Context: DC=ForestDnsZones,DC=XXX,D
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2018-11-19 13:23:18.
The last success occurred at 2018-11-19 10:12:26.
12 failures have occurred since the last success.
There are other errors in dcdiag with KCC & group policy on this RODC. But I thought I would start here.
Any assistance would be great.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey guys,Thanks for the responses. It ended up being a time sync issue.
All issues came from that, DNS wouldn't sync and couldn't find other DC's to sync with.
Once I sorted that out everything slowly came good & DC started replicating.
Really confused with the IPV4 DNS settings......
so -
DNS 1 = PDC
DNS 2 = Other DC
DNS 3 - Loopback
read heaps of contradicting info on this Some are saying that the loopback address should be first DNS.
Thanks
All issues came from that, DNS wouldn't sync and couldn't find other DC's to sync with.
Once I sorted that out everything slowly came good & DC started replicating.
Really confused with the IPV4 DNS settings......
so -
DNS 1 = PDC
DNS 2 = Other DC
DNS 3 - Loopback
read heaps of contradicting info on this Some are saying that the loopback address should be first DNS.
Thanks
No, DC's should always point to a different DC for their DNS.
in your scenario
DC1 - use DC2 and DC3 for DNS
DC2 - use DC1 and DC3 for DNS
DC3 - use DC1 and DC2 for DNS
if a DC points to itself for DNS - you can end up with what is commonly referred to as a "DC island" - where an error occurs, and all it ever does is look at itself and cannot recognize changes.
this is documented in many places and has been an issue for many years e.g.
https://redmondmag.com/Articles/2004/04/13/The-Island-Effect.aspx
http://techgenix.com/windows-dns-mistakes/
in your scenario
DC1 - use DC2 and DC3 for DNS
DC2 - use DC1 and DC3 for DNS
DC3 - use DC1 and DC2 for DNS
if a DC points to itself for DNS - you can end up with what is commonly referred to as a "DC island" - where an error occurs, and all it ever does is look at itself and cannot recognize changes.
this is documented in many places and has been an issue for many years e.g.
https://redmondmag.com/Articles/2004/04/13/The-Island-Effect.aspx
http://techgenix.com/windows-dns-mistakes/
ASKER
Really confusing because when I run the Best Practices analyzer it tells me that:
DNS servers on NIC 1 should include the lookpback address.....but not as the first entry.
How could they be wrong.
DNS servers on NIC 1 should include the lookpback address.....but not as the first entry.
How could they be wrong.
having the local machine as the 3rd, or even 2nd option, sure go for it.
https://support.microsoft.com/en-in/help/2200187/active-directory-replication-error-1256-the-remote-system-is-not-avail