none
repadmin /replsum dcdiag and nltest errors 1818.

    Question

  • Hi,

    I just started receiving these error this week. This happens on all of the DC listed below except on server01 which give the 55 error. This error also show up using "Microsoft Active Directory Replication Status Tool\repl.exe"

    Please see details below. 

    C:\>repadmin /replsum
    Replication Summary Start Time: 2017-01-27 14:00:47
    Beginning data collection for replication summary, this may take awhile:
    Source DSA          largest delta    fails/total %%   error
     server01               (unknown)        5 /  10   50  (1818) The remote procedure call was cancelled.
     server02                     13m:53s    0 /  10    0
     server05                     04m:51s    0 /  10    0
     server06                     13m:53s    0 /  10    0
     server07                     10m:32s    0 /  10    0
     server16                     13m:40s    0 /  10    0


    Destination DSA     largest delta    fails/total %%   error
     server01                     01m:01s    0 /  10    0
     server02                     10m:32s    0 /   5    0
     server05                     09m:38s    0 /  10    0
     server06                     13m:35s    5 /  10   50  (1818) The remote procedure call was cancelled.
     server07                     13m:54s    0 /  10    0
     server16                     04m:54s    0 /  15    0

    Experienced the following operational errors trying to retrieve replication information:
              58 - server01.domain.local

    From server01

    C:\>repadmin /replsum
    Replication Summary Start Time: 2017-01-27 14:04:36
    Beginning data collection for replication summary, this may take awhile:
     Source DSA          largest delta    fails/total %%   error
     server01                     13m:27s    0 /   5    0
     server02                     17m:42s    0 /   5    0
     server05                     04m:49s    0 /   5    0
     server06                     02m:42s    0 /   5    0
     server07                     14m:21s    0 /  10    0
     server16                     13m:27s    0 /   5    0


    Destination DSA     largest delta    fails/total %%   error
     server01                     04m:50s    0 /  10    0
     server02                     14m:22s    0 /   5    0
     server05                     13m:27s    0 /  10    0
     server07                     17m:42s    0 /  10    0


    Experienced the following operational errors trying to retrieve replication information:
              55 - server16.domain.local
              55 - server06.domain.local


    portqueryui.exe and nmap shows all ports open.

    PORT      STATE SERVICE

    53/tcp    open  domain

    88/tcp    open  kerberos-sec

    135/tcp   open  msrpc

    139/tcp   open  netbios-ssn

    389/tcp   open  ldap

    445/tcp   open  microsoft-ds

    464/tcp   open  kpasswd5

    593/tcp   open  http-rpc-epmap

    636/tcp   open  ldapssl

    3268/tcp  open  globalcatLDAP

    3269/tcp  open  globalcatLDAPssl

    3389/tcp  open  ms-wbt-server

    49152/tcp open  unknown

    49153/tcp open  unknown

    49154/tcp open  unknown

    49155/tcp open  unknown

    49158/tcp open  unknown

    49159/tcp open  unknown

    53/udp    open  domain

    137/udp   open  netbios-ns

    Mixed Windows 2012 R2 and Windows 2008 R2sp1; both Standard.

    Any ideas I am stumped.

    Thanks

    Jeff

    Friday, January 27, 2017 7:43 PM

Answers

  • I applied these latest update and rebooted the server and the problem is solved.

    Note: I have rebooted the servers two times in troubleshooting this, so that was not the solution. The solution is somewhere in these patches applied today.

    Security Update for Windows Server 2012 R2 (KB3172729)

    Installation date: ‎2/‎1/‎2017 8:40 AM

    Installation status: Succeeded

    December, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3205401)

    Installation date: ‎2/‎1/‎2017 8:40 AM

    Installation status: Succeeded

    December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404)

    Installation date: ‎2/‎1/‎2017 8:39 AM

    Installation status: Succeeded

    Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - January 2017 (KB890830)

    Installation date: ‎2/‎1/‎2017 8:35 AM

    Installation status: Succeeded

    Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB3021952)

    Installation date: ‎2/‎1/‎2017 8:33 AM

    Installation status: Succeeded


    • Marked as answer by DRUMDUDESAN Wednesday, February 1, 2017 1:58 PM
    Wednesday, February 1, 2017 1:58 PM

All replies

  • Hi,

    I forgot to note that new objects (users, DNS A Records, members of groups etc.) will replicate to all servers within 30 minutes. I have never seen this error before on-site and I am concerned something is going wrong.

    Thanks

    Jeff



    • Edited by DRUMDUDESAN Friday, January 27, 2017 8:17 PM
    Friday, January 27, 2017 8:15 PM
  • Hi

     for 1818) The remote procedure call was cancelled,check this ms toubleshooting article;

    https://support.microsoft.com/en-us/help/2694215/troubleshooting-ad-replication-error-1818-the-remote-procedure-call-was-cancelled

    All these necessary ports needs to be available between all DC's.for error 55 & 58 check this article;

    https://technet.microsoft.com/en-us/library/cc949120%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Saturday, January 28, 2017 11:59 AM
  • Hi Jeff,
    In my experience of error 58 when running repadmin command , a set of firewall rules may be blocking communication, so, please make sure to check firewall rules between your domain controllers.
    And you could look at the logs in Event Viewer and see if we could get more error information there
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 30, 2017 6:26 AM
    Moderator
  • The errors have disappeared.

    So a busy WAN link? Misbehaving or overloaded switch? It's really hard to figure out the source cause of this now in my opinion.

    Jeff

    Tuesday, January 31, 2017 5:46 PM
  • largest delta is unknown because the first replication cycle not yet completed and the connection object been created recently, yes you need to allow some time to complete this

    http://www.windowstricks.in/2015/07/replsummary-showing-unknown-for-largest-delta-on-ad-replication-checks.html


    Regards,
    Ganesamoorthy.S
    www.windowstricks.in)


    Tuesday, January 31, 2017 6:27 PM
  • Now we are getting there from the source servers to WAN sites I cannot connect to the \\server01 to see the netlogon and sysvol. It states the server: "NETLOGON is not accessible. You might not have permission to use this network resource.... does not have the rights"

    I can access by ip-address from one WAN but not the short name or FQDN but both resolv from the command prompt.

    This is confusing.

    Any idea what the problem is now?


    • Edited by DRUMDUDESAN Tuesday, January 31, 2017 10:43 PM
    Tuesday, January 31, 2017 9:45 PM
  • Seems to be a DNS issue,please share "ipconfig /all" ,"dcdiag /test:dns" result from problematic DC.

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, February 1, 2017 11:37 AM
  • So I can access the syslog volume but not the netlogon when trying to access server01 by ipaddrress \\server01's -ipaddress

    All other servers can access server01 netlogon and syslog

    Could this be part of the problem for Windows 2012 R2?

    https://blogs.technet.microsoft.com/askpfeplat/2016/07/05/who-broke-my-user-gpos/


    :\Windows\system32>dcdiag.exe /test:dns

    irectory Server Diagnosis

    erforming initial setup:
      Trying to find home server...
      Home Server = server06
      * Identified AD Forest.
      Done gathering initial info.

    oing initial required tests

      Testing server: Prod\server06
         Starting test: Connectivity
            ......................... server06 passed test Connectivity

    oing primary tests

      Testing server: Prod\server06

         Starting test: DNS

            DNS Tests are running and not hung. Please wait a few minutes...
            ......................... server06 passed test DNS

      Running partition tests on : ForestDnsZones

      Running partition tests on : DomainDnsZones

      Running partition tests on : Schema

      Running partition tests on : Configuration

      Running partition tests on : Domain

      Running enterprise tests on : domain.local
         Starting test: DNS
            ......................... domain.local passed test DNS

    :\Windows\system32>


    • Edited by DRUMDUDESAN Monday, February 6, 2017 2:50 PM revealed private info'
    Wednesday, February 1, 2017 12:30 PM
  • The plot thickens....but is the protocol the same. So it looks like it is not a rights issue and something is mucked up with Windows 2012 DNS or it is a bug?

    If I use net use \\ipaddress\netlogon I can map to all the servers to and from.

    Wednesday, February 1, 2017 1:37 PM
  • I applied these latest update and rebooted the server and the problem is solved.

    Note: I have rebooted the servers two times in troubleshooting this, so that was not the solution. The solution is somewhere in these patches applied today.

    Security Update for Windows Server 2012 R2 (KB3172729)

    Installation date: ‎2/‎1/‎2017 8:40 AM

    Installation status: Succeeded

    December, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3205401)

    Installation date: ‎2/‎1/‎2017 8:40 AM

    Installation status: Succeeded

    December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404)

    Installation date: ‎2/‎1/‎2017 8:39 AM

    Installation status: Succeeded

    Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - January 2017 (KB890830)

    Installation date: ‎2/‎1/‎2017 8:35 AM

    Installation status: Succeeded

    Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB3021952)

    Installation date: ‎2/‎1/‎2017 8:33 AM

    Installation status: Succeeded


    • Marked as answer by DRUMDUDESAN Wednesday, February 1, 2017 1:58 PM
    Wednesday, February 1, 2017 1:58 PM