Announcement

Collapse
No announcement yet.

AD replication errors

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD replication errors

    Following on from my DNS post, here is some of the problems we are getting with replication to a child site in another country.

    This is to do with replication to our child domain in Sydney, Australia.

    In AD Sites and Services, no Connection appears under the NTDS settings for Sydney. I have manually added one.
    However, the KCC has automatically created one for AUS-SYD-DC1 under the UK site.

    If I try and force a replication to that connection, I get the error:

    The following error occured during the attempt to synchronise naming context sydney.witwood.local from Domain Controller AUS-SYD-DC1 to Domain Controller UK-BAN-DC1.
    The naming context is in the process of being removed or is not replicated from the specified server.
    This operation will not continue.


    So I ran DCDiag from UK-BAN-DC1. No switches, just dcdiag.exe
    These are the errors:

    Naming Context: DC=ForestDNSZones, DC=Witwood, DC=local

    Replication generated an error (1256):
    Win32 Error 1256

    Naming Context: CN=Schema, CN=Configuration, DC=Witwood, DC=local

    Replication generated an error (1727):
    Win32 Error 1727

    Naming Context: CN=Configuration, DC=Witwood, DC=local

    Replication generated an error (1727):
    Win32 Error 1727


    Then I get a Latency warning -
    DC=Sydney, DC=Witwood, DC=local

    This latency is over the Tombstone Lifetime of 60 days!!


    Then when it runs the tests

    Starting test: kccevent

    A Warning Event has occured. Event ID: 0x80000786

    (^^ This appears 3 times)

    All other tests pass successfully.


    Replmon

    When running replmon from UK-BAN-DC1, the following errors appear.

    DC=ForestDNSZones, DC=witwood, DC=local

    SYDNEY\AUS-SYD-DC1 (white X in a red circle)

    Replication failure: the reason is: The Remote System is not available

    CN=Configuration, DC=witwood, DC=local

    SYDNEY\AUS-SYD-DC1 (white X in a red circle)

    Replication failure: the reason is: The RPC server is unavailable

    CN=schema, CN=configuation, DC=witwood, DC=local

    SYDNEY\AUS-SYD-DC1 (white X in a red circle)

    Replication failure: the reason is: The Remote Procedure Call failed and did not execute.


    When I searched the domain for Replication Errors, I got back the 3 that are shown in DCDiag results above.


    Replication to another child domain is fine, and no problems exist. I'm rather confused to what is causing the problems, and searching on the net brings about 100 answers to each question.

    Any one here ever seen these problems and know the correct procedure to clear them up?

    Advice would be grately appriciated.

    Kind Regards,
    Luke

  • #2
    Re: AD replication errors

    OK so no one has replied, but hopefully someone will work out this problem :

    I think I've found what is causing the issue - running PortQryUI from Server UK to Server Aus fails at port 389 TCP & UDP - it just hangs.
    I've tried from several PCs on the UK domain and the same happens, however a few of the PCs manage to talk and get a response. All PCs are XP Pro SP2 with the same updates installed.

    Anyone seen this before? We thought it may be the switch doing some weird routing thing, but I've swapped my PC over to a different switch and am still not getting any reply.

    Help much appriciated
    Regards
    Luke

    EDIT - I forgot to mention that from my PC, I can run PortQry to 389 BOTH for our other remote site in Thailand - everything comes back OK. It's only the Australia server that is having issues - and there is only 1 DC out there doing everything.

    EDIT 2 - Now for something really strange....

    389 TCP UDP LDAP - Hangs
    3268 TCP LDAP GC - Hangs
    636 TCT LDAP SSL - Response OK
    3269 TCP LDAP GC SSL - Response OK

    So the SSL seems to be OK, but the "normal" seems to hang and not do anything....
    Last edited by Jimwes; 27th July 2006, 10:16.

    Comment


    • #3
      Re: AD replication errors

      Well I figured this out, but seeing as I've had no response from anyone I'm not sure if I'm willing to divuldge any information

      OK...well this is what I think! :

      A router between UK firewall and Aus firewall dropping all packets with an MTU higher than 1372.
      UK firewall to Thailand firewall is OK, with a maximum of 1460. UK to a website, 1460. Aus to a website, 1460.

      This explains why;
      a) Replication suddenly stopped and would not continue
      b) our remote client control software (Radmin) was inconsistent connecting to Aus
      c) PortQry wouldn't run on a lot of the ports needed for Domains and Trusts replications

      So I found that to reset the MTU to a set size, you have to add a D_Word Value to the registry key:
      HKLM\System\CurrentControlSet\Services\TCPIP\Param eters\Interfaces\{Adapter ID}
      ^ where {Adapter ID} is the ID of the network adapter you are using, this is easy to spot when using Static IP as it's the only ID in the list with an IP address.

      So the D_Word Value;
      Name = MTU
      Value data = 55c (Hex) OR 1372 (Binary) -> Both equal the same value


      Reboot the DCs and hey presto!
      Port Query now runs successfully on both DCs to each other on the Domains and Trusts test.
      Replication has started up again but I've got an issue with the Aus DC being Tombstoned...that's going to cause a few issues as it's the only DC out there (for now, we will be implementing a 2nd DC as a resilience to problems like these)

      Luke

      Comment


      • #4
        Re: AD replication errors

        Thank you for posting that Jim and nice work on figuring out the problem! I'm sure if someone had any ideas on your problem they would have posted.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: AD replication errors

          Originally posted by Jimwes
          Then I get a Latency warning -
          DC=Sydney, DC=Witwood, DC=local

          This latency is over the Tombstone Lifetime of 60 days!!
          Interesting... Even after fixing the replication issues causes, this naming context should not replicate as the replication has been broken for more than 60 days.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: AD replication errors

            Is the only way around this to demote and repromote the DC in australia?

            We only have 1 DC out there currently, I have passed all relevant info onto my boss who is trying to sort out a 2nd DC to stop problems like this.

            Comment

            Working...
            X