none
DC servers not replicating - DCDiag shows DNS error RRS feed

  • Question

  • We have a remote site connected to head office through VPN. 

    2 DCs on head office and 1 DC in remote office.

    everything was working fine until a few days ago. 

    now the DCs don't replicate.

    last successful replication involving remote site DC was 31/01 where as the local DC replicate normally.

    this causes huge troubles on all sites

    - PCs joining domain appear only on remote site and then we cannot login/authenticate

    - users lock their passwords on one DC but not on the other

    - group policies don't sync and as a result don't apply normally to all PCs  

    - whatever else you can think of that has anything to do with Active Directory 

    i run the DCDIAG test on all DCs.

    from cy-dc-02 (local DC)

                                    Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: premiernic.com

                   CY-DC-02                     PASS PASS PASS PASS PASS PASS n/a  
                   DCATH                        FAIL FAIL n/a  n/a  n/a  n/a  n/a  
                   PDC1                         PASS PASS PASS PASS PASS PASS n/a 

    from PDC1 (other local DC) 

    _________________________________________________________________
                Domain: premiernic.com

                   DCATH                        FAIL FAIL n/a  n/a  n/a  n/a  n/a  
                   PDC1                         PASS PASS PASS PASS PASS PASS n/a  
                   CY-DC-02                     PASS PASS PASS PASS PASS PASS n/a  

    from DCATH - remote site DC

                                    Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: premiernic.com

                   PDC1                         PASS WARN PASS PASS PASS WARN n/a  
                   CY-DC-02                     PASS WARN PASS PASS PASS WARN n/a  
                   DCATH                        PASS WARN PASS PASS PASS WARN n/a  

    from the results above i think its a networking issue but after investigating firewall logs i don't see any packets dropped. 

    both local DCs are W2K8 and remote site DC is W2K12 . functional domain level is 2008 

    any ideas ?

    Monday, February 8, 2016 1:16 PM

Answers

All replies

  • Hi

     Please share "ipconfig /all" , "dcdiag" and "repadmin /replsum" results on OneDrive.Also you can check port avability with PortQry

    https://www.microsoft.com/en-us/download/details.aspx?id=24009


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, February 8, 2016 3:23 PM
  • I would recommend that you refer to the troubleshooting steps I shared here: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Tuesday, February 9, 2016 12:08 AM
  • Hi Dimitri Shukuroglou,

    In addition to the above, you may also turn to the following article for help:

    Troubleshooting Active Directory Replication Problems:

    https://technet.microsoft.com/en-us/library/cc738415%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, February 9, 2016 6:00 AM
    Moderator
  • Dear Burak,

    please follow the link to find the above requested info

    https://premiershukuroglou-my.sharepoint.com/personal/g_kourtellas_premier_com_cy/Documents/DC%20Replication%20problem

    Tuesday, February 9, 2016 7:16 AM
  • Hi

     Please upload them on OneDrive,can't Access your link

    https://onedrive.live.com/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, February 9, 2016 8:26 AM
  • done

    fiels in public folder in onedrive 

    Tuesday, February 9, 2016 9:16 AM
  • share link please..

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, February 9, 2016 9:24 AM
  • https://onedrive.live.com/?id=D7A00C9E6290C1C2%21108&cid=D7A00C9E6290C1C2
    Tuesday, February 9, 2016 1:11 PM
  • Hi

    PDC1
    LDAP query to port 389 failed
    TCP port 42 (nameserver service): NOT LISTENING

    CY_DC_02
    TCP port 3268 (msft-gc service): NOT LISTENING
    TCP port 3269 (msft-gc-ssl service): NOT LISTENING
    TCP port 42 (nameserver service): NOT LISTENING

     DCATH
    TCP port 3268 (msft-gc service): NOT LISTENING
    TCP port 3269 (msft-gc-ssl service): NOT LISTENING
    UDP port 138 (netbios-dgm service): LISTENING or FILTERED
    TCP port 42 (nameserver service): NOT LISTENING

     DCATH             26d.22h:07m:14s   10 /  10  100  (1727) The remote procedure call failed and did not execute.
    DCATH             26d.22h:08m:59s   10 /  10  100  (1726) The remote procedure call failed.

    1772

    https://technet.microsoft.com/en-us/library/replication-error-1722-the-rpc-server-is-unavailable(v=ws.10).aspx


    On all DC dns ip addresses should be configure itself.(just configure on all dns)

    You have port issues,please check the port avability on FW&routers,etc.(recommend set to full Access.)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, February 9, 2016 1:40 PM
  • the thing is that we checked with our firewall expert and found nothing being blocked and it worked fine until 13/1 and then it just stopped. 


    what could have possibly changed ? maybe firewall ?  


    Tuesday, February 9, 2016 1:54 PM
  • P.S. i scan PDC1 with "Advanced port Scanner" and i see that the ports mentioned above are open 
    Tuesday, February 9, 2016 2:06 PM
  • Dear Burak,

    if ports are the problem, then why the 2 local servers (who appear to have closed ports) replicate without nay problems with each other? 

    Thursday, February 11, 2016 1:00 PM
  • Please see below this little exercise i did:

    Logged on server Replicate to Replicate from Result Error
    CY-DC-02 CY-DC-02 PDC1 Success N/A
    CY-DC-02 CY-DC-02 DCATH Fail The remote procedure call faield and did not execute
    CY-DC-02 DCATH CY-DC-02 Fail The target principal name is incorrect
    CY-DC-02 DCATH PDC1 Fail The target principal name is incorrect
    CY-DC-02 PDC1 CY-DC-02 Success N/A
    CY-DC-02 PDC2 DCATH Success N/A
    PDC1 CY-DC-02 PDC1 Success N/A
    PDC1 CY-DC-02 DCATH Fail The remote procedure call faield and did not execute
    PDC1 DCATH CY-DC-02 Fail The target principal name is incorrect
    PDC1 DCATH PDC1 Fail The target principal name is incorrect
    PDC1 PDC1 CY-DC-02 Success N/A
    PDC1 PDC1 DCATH Success N/A
    DCATH CY-DC-02 PDC1 Fail The target principal name is incorrect
    DCATH CY-DC-02 DCATH Fail The target principal name is incorrect
    DCATH DCATH CY-DC-02 Fail The target principal name is incorrect
    DCATH DCATH PDC1 Fail The target principal name is incorrect
    DCATH PDC1 CY-DC-02 Fail The target principal name is incorrect
    DCATH PDC1 DCATH Fail The target principal name is incorrect


    Thursday, February 11, 2016 1:25 PM
  • Hi

     for "the target principal name is incorrect" check the ms article; https://technet.microsoft.com/en-us/library/replication-error-2146893022-the-target-principal-name-is-incorrect%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

     and check for resolution ; https://support.microsoft.com/en-us/kb/288167


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, February 11, 2016 3:53 PM
  • Dear all,

    help you all for the help.

    after exhausting all possibilities, i uninstalled Panda.

    didn't do it before because Panda was installed on all servers for at least 2-3 months and everything was working fine with Panda installed. 

    Wednesday, March 2, 2016 7:35 AM