locked
Repadmin /syncall causes DC01 to try and replicate to itself and gets "Access Denied" RRS feed

  • Question

  • Hi Everyone. I have been trying to figure out this peculiar behavior from one of our DC's. We have 3 DCs in our environment and I can force replication on DC02 and DC03 with no issues. By issuing "repadmin /syncall" on DC02 and DC03, I get the following success message:

    DC02: repadmin /syncall

        From: a9326fa6-e465-4a55-8fe4-143f4d2100e8._msdcs.test.com
        To  : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
    CALLBACK MESSAGE: The following replication completed successfully:
        From: a9326fa6-e465-4a55-8fe4-143f4d2100e8._msdcs.test.com
        To  : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
    CALLBACK MESSAGE: The following replication is in progress:
        From: 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.com
        To  : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
    CALLBACK MESSAGE: The following replication completed successfully:
        From: 83ce846e-4d0a-485e-a414-4ac5abc39bc5._msdcs.test.com
        To  : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com

    However, from DC01: repadmin /syncall

    CALLBACK MESSAGE: Error contacting server 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net (network error): 5 (0x5):
        Access is denied.

    SyncAll exited with fatal Win32 error: 8440 (0x20f8): The naming context specified for this replication operation is invalid.

    The peculiar thing is that "83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net" is actually DC01 itself:

    DC01: nslookup 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net

    Server:  dc02.test.net
    Address:  x.x.x.40

    Name:    dc01.test.net
    Address:  x.x.x.120
    Aliases:  83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net

    So why is DC01 trying to replicate to itself and not the other DCs? Or am I just looking at this wrong? We have only 1 site in Sites and Services, and all the DC's  have the correct connection links in NTDS Settings. 

    Replication in our environment still works - just not when initiated from DC01. I can also manually replicate from DC01 when I specify the partition to replicate.

    DC01: repadmin /replicate dc02 dc01 "CN=configuration,DC=test,DC=com"

    Sync from DC01 to DC02 completed successfully.

    Any ideas on why I cant do a repadmin /syncall on DC01?

    Thanks!

    Thursday, March 24, 2016 8:40 PM

Answers

All replies

  • Hi Everyone. I have been trying to figure out this peculiar behavior from one of our DC's. We have 3 DCs in our environment and I can force replication on DC02 and DC03 with no issues. By issuing "repadmin /syncall" on DC02 and DC03, I get the following success message:

    DC02: repadmin /syncall

        From: a9326fa6-e465-4a55-8fe4-143f4d2100e8._msdcs.test.com
        To  : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
    CALLBACK MESSAGE: The following replication completed successfully:
        From: a9326fa6-e465-4a55-8fe4-143f4d2100e8._msdcs.test.com
        To  : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
    CALLBACK MESSAGE: The following replication is in progress:
        From: 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.com
        To  : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
    CALLBACK MESSAGE: The following replication completed successfully:
        From: 83ce846e-4d0a-485e-a414-4ac5abc39bc5._msdcs.test.com
        To  : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com

    However, from DC01: repadmin /syncall

    CALLBACK MESSAGE: Error contacting server 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net (network error): 5 (0x5):
        Access is denied.

    SyncAll exited with fatal Win32 error: 8440 (0x20f8): The naming context specified for this replication operation is invalid.

    The peculiar thing is that "83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net" is actually DC01 itself:

    DC01: nslookup 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net

    Server:  dc02.test.net
    Address:  x.x.x.40

    Name:    dc01.test.net
    Address:  x.x.x.120
    Aliases:  83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net

    So why is DC01 trying to replicate to itself and not the other DCs? Or am I just looking at this wrong? We have only 1 site in Sites and Services, and all the DC's  have the correct connection links in NTDS Settings. 

    Replication in our environment still works - just not when initiated from DC01. I can also manually replicate from DC01 when I specify the partition to replicate.

    DC01: repadmin /replicate dc02 dc01 "CN=configuration,DC=test,DC=com"

    Sync from DC01 to DC02 completed successfully.

    Any ideas on why I cant do a repadmin /syncall on DC01?

    Thanks!



    • Edited by David_Gleason Thursday, March 24, 2016 5:52 PM
    • Merged by Alvwan Friday, March 25, 2016 7:56 AM dup case
    Thursday, March 24, 2016 5:39 PM
  • You are likely to have better luck asking about weirdness in Active Directory by asking in the Active Directory forum - https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS  That's where the really knowledgeable DS folks reside.  Here we tend to have the general knowledge of AD.

    . : | : . : | : . tim

    Thursday, March 24, 2016 7:50 PM
  • Will do, thanks!
    Thursday, March 24, 2016 8:32 PM
  • Hi

     Possible reasons,

    dns misconfig issue,check for ; https://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    lingering object replication issue ; check for ; http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx

    necessary port are open for AD replication.check for ; https://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx

    Also you can checl ports with "PortQryUI" ; https://www.microsoft.com/en-us/download/details.aspx?id=24009

    Last thing you should also check DC01 haelth with "dcdiag"...


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by Alvwan Wednesday, March 30, 2016 7:25 AM
    • Marked as answer by Alvwan Tuesday, April 5, 2016 8:29 AM
    Thursday, March 24, 2016 9:08 PM
  • Try running the command using an elevated prompt in CMD and check again. Also, check that your DCs DNS records are correct.

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    • Proposed as answer by Alvwan Wednesday, March 30, 2016 7:25 AM
    • Marked as answer by Alvwan Tuesday, April 5, 2016 8:29 AM
    Friday, March 25, 2016 12:50 AM
  • Hi,

    About the error “CALLBACK MESSAGE: Error contacting server 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net (network error): 5 (0x5): Access is denied.” You could refer to the troubleshooting steps that mentioned in the following article:

    Troubleshooting AD Replication error 5: Access is denied

    https://support.microsoft.com/en-us/kb/2002013

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 25, 2016 3:21 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 28, 2016 2:00 AM