Replication Issue (Maybe)?
Hello Experts,
Following is a brief description of my Active Directory environment:
- My Active Directory has two sites, our primary site and a remote site. In each site there are two domain controllers. Our primary site has the following domain controllers: DC2 and DC4. Our secondary site has the following domain controllers: DC1 and DC2.
- DC1 and DC2 are running Windows Server 2008.
- DC3 and DC4 are running Windows Server 2008.
Over this last weekend our remote site experienced some downtime (several hours due to power issues at the site). When power was restored and the domain controllers in the remote site were brought back online, replication was tested by creating a user account on DC 2, forcing replication using Active Directory Sites and Services and verifying the account was replicated over to DC1 and 3. The account replicated as expected and it appeared we were good to go.
This morning I was doing some work on DC1 and wanted to force replication. To force replication, I ran the following command with elevated rights: repadmin /syncall /APeD. I received the following errors:
SyncAll reported the following errors:
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: 1850a3f9-f6d6-4159-9e8c-7e
To : b6b357c0-4487-4448-a97a-66
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: b6b357c0-4487-4448-a97a-66
To : 75740dd1-3e87-4c14-8340-f1
I ran the same replication command on DC2 and received the following:
SyncAll reported the following errors:
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: 7a88d3de-9e0a-4810-819c-a7
To : 75740dd1-3e87-4c14-8340-f1
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: 75740dd1-3e87-4c14-8340-f1
To : b6b357c0-4487-4448-a97a-66
I ran the same replication command from DC3 and DC4 and did not receive any errors.
In researching the error, there were several posts stating to run the command from an administrative command prompt. I was already doing that but reran the command after insuring I was running as admin and got the same results.
I found several posts that recommended running dcdiag /q. I ran that on both DC1 and DC2 and nothing was displayed.
I ran the following command on DC1 and DC2 saw no errors: repadmin /showrepl
I guess my questions are:
1. Do I really have a problem? How can I tell?
Any help would be greatly appreciated.
Following is a brief description of my Active Directory environment:
- My Active Directory has two sites, our primary site and a remote site. In each site there are two domain controllers. Our primary site has the following domain controllers: DC2 and DC4. Our secondary site has the following domain controllers: DC1 and DC2.
- DC1 and DC2 are running Windows Server 2008.
- DC3 and DC4 are running Windows Server 2008.
Over this last weekend our remote site experienced some downtime (several hours due to power issues at the site). When power was restored and the domain controllers in the remote site were brought back online, replication was tested by creating a user account on DC 2, forcing replication using Active Directory Sites and Services and verifying the account was replicated over to DC1 and 3. The account replicated as expected and it appeared we were good to go.
This morning I was doing some work on DC1 and wanted to force replication. To force replication, I ran the following command with elevated rights: repadmin /syncall /APeD. I received the following errors:
SyncAll reported the following errors:
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: 1850a3f9-f6d6-4159-9e8c-7e
To : b6b357c0-4487-4448-a97a-66
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: b6b357c0-4487-4448-a97a-66
To : 75740dd1-3e87-4c14-8340-f1
I ran the same replication command on DC2 and received the following:
SyncAll reported the following errors:
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: 7a88d3de-9e0a-4810-819c-a7
To : 75740dd1-3e87-4c14-8340-f1
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: 75740dd1-3e87-4c14-8340-f1
To : b6b357c0-4487-4448-a97a-66
I ran the same replication command from DC3 and DC4 and did not receive any errors.
In researching the error, there were several posts stating to run the command from an administrative command prompt. I was already doing that but reran the command after insuring I was running as admin and got the same results.
I found several posts that recommended running dcdiag /q. I ran that on both DC1 and DC2 and nothing was displayed.
I ran the following command on DC1 and DC2 saw no errors: repadmin /showrepl
I guess my questions are:
1. Do I really have a problem? How can I tell?
Any help would be greatly appreciated.
Even without the dcdiag results, my gut reaction was that "access denied" would point to an issue with the account you were attempting to run the command under. Then I read that dcdiag is coming back clean. If that's true across all servers then you are very very likely fine as far as replication. You may have an account permissions issue. But that wouldn't impact replication.
Technical Consultant
Does repadmin /replsummary show any fails or is the largest delta time greater than your configured replication interval? One last thing that I check is sysvol replication, especially after migrating to Server 2008 which is the first year that DFSR can be used in place of FRS for AD replication. You can update a GPO or create a simple test GPO to test replication of sysvol.
Senior Systems Engineer
CERTIFIED EXPERT
Please execute the below Powershell script that can be downloaded from: https://gallery.technet.microsoft.com/Active-Directory-Health-3ce0e0ea
It will give you the status of which domain controllers are broken.
Follow this guide for troubleshooting the issue with replication: https://www.itprotoday.com/active-directory/identifying-and-solving-active-directory-replication-problems
It will give you the status of which domain controllers are broken.
Follow this guide for troubleshooting the issue with replication: https://www.itprotoday.com/active-directory/identifying-and-solving-active-directory-replication-problems