none
repadmin /replsum shows wrong output when executed remotely

    Question

  • Hello,

    I have a strange issue with checking the replication using repadmin /replsum command. The thing is, it returns two different results when executed locally and remotely. I'm using PowerShell to connect from DC1 to DC3 (and vice versa).

    Things I've already done:

    1. Manually check replication - it works fine and object are available on both DCs.
    2. Check network connectivity - there is no network issue, both DCs can resolve ping and nslookup via name or IP.
    3. Check DNS - both DCs have valid A, NS and SRV records in both domain and forest zones.
    4. Check credentials - I'm using the same account when issuing both remote and local commands.
    5. IPv6 - it is disabled, both DCs communicate only via IPv4.

    The results are:

    LOCAL:

    Replication Summary Start Time: 2017-03-20 12:48:06

    Beginning data collection for replication summary, this may take awhile:
      .....

    Source DSA          largest delta    fails/total %%   error
     DC-03           49m:22s    0 /   5    0
     DC-01           57m:32s    0 /   5    0

    Destination DSA     largest delta    fails/total %%   error
     DC-03           57m:32s    0 /   5    0
     DC-01           49m:22s    0 /   5    0


    REMOTE:

    Replication Summary Start Time: 2017-03-20 12:46:28
    
    Beginning data collection for replication summary, this may take awhile:
      .....
    
    Source DSA          largest delta    fails/total %%   error
     DC-01           55m:54s    0 /   5    0  
    
    Destination DSA     largest delta    fails/total %%   error
     DC-03           55m:55s    0 /   5    0  
    
    Experienced the following operational errors trying to retrieve replication information:
             110 - DC-01.contoso.local


    repadmin /showrepl result (BOTH local and remote - the result is exactly the same):

    Repadmin: running command /showrepl against full DC localhost
    Default-First-Site-Name\DC-03
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: e375f598-7b9a-4982-98e8-2cb428c59964
    DSA invocationID: e375f598-7b9a-4982-98e8-2cb428c59964
    
    ==== INBOUND NEIGHBORS ======================================
    
    DC=contoso,DC=local
        Default-First-Site-Name\DC-01 via RPC
            DSA object GUID: 367de262-9341-4693-920c-d362e75ba86b
            Last attempt @ 2017-03-20 12:53:03 was successful.
    
    CN=Configuration,DC=contoso,DC=local
        Default-First-Site-Name\DC-01 via RPC
            DSA object GUID: 367de262-9341-4693-920c-d362e75ba86b
            Last attempt @ 2017-03-20 12:53:17 was successful.
    
    CN=Schema,CN=Configuration,DC=contoso,DC=local
        Default-First-Site-Name\DC-01 via RPC
            DSA object GUID: 367de262-9341-4693-920c-d362e75ba86b
            Last attempt @ 2017-03-20 12:50:34 was successful.
    
    DC=DomainDnsZones,DC=contoso,DC=local
        Default-First-Site-Name\DC-01 via RPC
            DSA object GUID: 367de262-9341-4693-920c-d362e75ba86b
            Last attempt @ 2017-03-20 12:50:34 was successful.
    
    DC=ForestDnsZones,DC=contoso,DC=local
        Default-First-Site-Name\DC-01 via RPC
            DSA object GUID: 367de262-9341-4693-920c-d362e75ba86b
            Last attempt @ 2017-03-20 13:00:35 was successful.

    Any help would be greatly appreciated.


    • Edited by Marcin P Monday, March 20, 2017 12:11 PM checklist update
    Monday, March 20, 2017 12:10 PM

Answers

  • Okay, after 4 days of battle I finally pinned down the issue. It seems it is caused by the PowerShell itself, not the Active Directory.

    I can't find a proper documentation on this, but it looks like when you issue remote commands (either via New-PSSession, or Invoke-Command) you only get authenticated at the very beginning when you establish the connection. However, your credentials aren't passed further and all commands you issue to other computers (here: asking for answers from other DCs) run from, I guess, the machine account of DC you are directly connected to.

    From there it looks like repadmin /replsum can't identify you as the user, and returns an error as the machine account can't prompt other DCs. To get it working, you have to specify the credentials it will work under: repadmin /replsum /u:Username /p:password.

    Wednesday, March 22, 2017 1:15 PM

All replies

  • May check port accessibility between DC's.You can check with PortQryUI;

    https://www.microsoft.com/en-us/download/details.aspx?id=24009


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 20, 2017 12:17 PM
  • Burak,

    Thank you for your answer. Personally I don't feel this could be a port issue, since the replication is happening and objects created at one DC are available at the other one as well.

    Could you please tell me which ports do you mean I should check?

    Tuesday, March 21, 2017 7:39 AM
  • Hi,
    Regarding the ports to replicate AD, please refer to the following thread:
    https://social.technet.microsoft.com/Forums/windows/en-US/6d038165-e6ec-4683-8da1-5a4fecdd288b/ports-required-to-replicate-dcs?forum=winservergen
    And you could check if there are any related events in the event viewer for help
    In addition, you could have a try Burak’s suggestion to use PortQryUI which may offer us more information, too.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 21, 2017 8:14 AM
    Moderator
  • =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 135 -p TCP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 135 (epmap service): LISTENING
    
    Using ephemeral source port
    Querying Endpoint Mapper Database...
    Server's response:
    
    UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d 
    ncacn_ip_tcp:dc-01.contoso.local[49664]
    
    UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076 
    ncacn_ip_tcp:dc-01.contoso.local[50575]
    
    UUID: 897e2e5f-93f3-4376-9c9c-fd2277495c27 Frs2 Service
    ncacn_ip_tcp:dc-01.contoso.local[56288]
    
    UUID: 367abb81-9844-35f1-ad32-98f038001003 
    ncacn_ip_tcp:dc-01.contoso.local[49724]
    
    UUID: 12345678-1234-abcd-ef00-0123456789ab 
    ncacn_ip_tcp:dc-01.contoso.local[49711]
    
    UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 
    ncacn_ip_tcp:dc-01.contoso.local[49711]
    
    UUID: ae33069b-a2a8-46ee-a235-ddfd339be281 
    ncacn_ip_tcp:dc-01.contoso.local[49711]
    
    UUID: 4a452661-8290-4b36-8fbe-7f4093a94978 
    ncacn_ip_tcp:dc-01.contoso.local[49711]
    
    UUID: 76f03f96-cdfd-44fc-a22c-64950a001209 
    ncacn_ip_tcp:dc-01.contoso.local[49711]
    
    UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ab 
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ab 
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ab 
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ab 
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ac 
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ac 
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ac 
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ac 
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: 12345778-1234-abcd-ef00-0123456789ac 
    ncacn_ip_tcp:dc-01.contoso.local[49677]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_ip_tcp:dc-01.contoso.local[49677]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
    ncacn_ip_tcp:dc-01.contoso.local[49677]
    
    UUID: 12345678-1234-abcd-ef00-01234567cffb 
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: 12345678-1234-abcd-ef00-01234567cffb 
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: 12345678-1234-abcd-ef00-01234567cffb 
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: 12345678-1234-abcd-ef00-01234567cffb 
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: 12345678-1234-abcd-ef00-01234567cffb 
    ncacn_ip_tcp:dc-01.contoso.local[49677]
    
    UUID: df1941c5-fe89-4e79-bf10-463657acf44d EFS RPC Interface
    ncacn_np:dc-01.contoso.local[\\pipe\\efsrpc]
    
    UUID: 04eeb297-cbf4-466b-8a2a-bfd6a2f10bba EFSK RPC Interface
    ncacn_np:dc-01.contoso.local[\\pipe\\efsrpc]
    
    UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
    ncacn_ip_tcp:dc-01.contoso.local[49677]
    
    UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
    ncacn_ip_tcp:dc-01.contoso.local[49677]
    
    UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
    ncacn_np:dc-01.contoso.local[\\pipe\\lsass]
    
    UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
    ncacn_ip_tcp:dc-01.contoso.local[49670]
    
    UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
    ncacn_http:dc-01.contoso.local[49676]
    
    UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
    ncacn_np:dc-01.contoso.local[\\pipe\\17c26c09a5c94a08]
    
    UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
    ncacn_ip_tcp:dc-01.contoso.local[49677]
    
    UUID: 7f1343fe-50a9-4927-a778-0c5859517bac DfsDs service
    ncacn_np:dc-01.contoso.local[\\PIPE\\wkssvc]
    
    UUID: 1ff70682-0a51-30e8-076d-740be8cee98b 
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f 
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 33d84484-3626-47ee-8c6f-e7e98b113be1 
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 86d35949-83c9-4044-b424-db363231fd0c 
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 86d35949-83c9-4044-b424-db363231fd0c 
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 3a9ef155-691d-4449-8d05-09ad57031823 
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 3a9ef155-691d-4449-8d05-09ad57031823 
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 29770a8f-829b-4158-90a2-78cd488501f7 
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 29770a8f-829b-4158-90a2-78cd488501f7 
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 29770a8f-829b-4158-90a2-78cd488501f7 
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 30b044a5-a225-43f0-b3a4-e060df91f9c1 
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 30b044a5-a225-43f0-b3a4-e060df91f9c1 
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 30b044a5-a225-43f0-b3a4-e060df91f9c1 
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af IP Transition Configuration endpoint
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af IP Transition Configuration endpoint
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af IP Transition Configuration endpoint
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34 Proxy Manager provider server endpoint
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34 Proxy Manager provider server endpoint
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34 Proxy Manager provider server endpoint
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b Proxy Manager client server endpoint
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b Proxy Manager client server endpoint
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b Proxy Manager client server endpoint
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 Adh APIs
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 Adh APIs
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 Adh APIs
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511 IKE/Authip API
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511 IKE/Authip API
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511 IKE/Authip API
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: b18fbab6-56f8-4702-84e0-41053293a869 UserMgrCli
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: b18fbab6-56f8-4702-84e0-41053293a869 UserMgrCli
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: b18fbab6-56f8-4702-84e0-41053293a869 UserMgrCli
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda UserMgrCli
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda UserMgrCli
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda UserMgrCli
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a XactSrv service
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a XactSrv service
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a XactSrv service
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 1a0d010f-1c33-432c-b0f5-8cf4e8053099 IdSegSrv service
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 1a0d010f-1c33-432c-b0f5-8cf4e8053099 IdSegSrv service
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 1a0d010f-1c33-432c-b0f5-8cf4e8053099 IdSegSrv service
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a AppInfo
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a AppInfo
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a AppInfo
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a AppInfo
    ncacn_np:dc-01.contoso.local[\\PIPE\\srvsvc]
    
    UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98 AppInfo
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98 AppInfo
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98 AppInfo
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98 AppInfo
    ncacn_np:dc-01.contoso.local[\\PIPE\\srvsvc]
    
    UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 AppInfo
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 AppInfo
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 AppInfo
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 AppInfo
    ncacn_np:dc-01.contoso.local[\\PIPE\\srvsvc]
    
    UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480 AppInfo
    ncacn_np:dc-01.contoso.local[\\PIPE\\atsvc]
    
    UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480 AppInfo
    ncacn_ip_tcp:dc-01.contoso.local[49675]
    
    UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480 AppInfo
    ncacn_np:dc-01.contoso.local[\\pipe\\SessEnvPublicRpc]
    
    UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480 AppInfo
    ncacn_np:dc-01.contoso.local[\\PIPE\\srvsvc]
    
    UUID: 3473dd4d-2e88-4006-9cba-22570909dd10 WinHttp Auto-Proxy Service
    ncacn_np:dc-01.contoso.local[\\PIPE\\W32TIME_ALT]
    
    UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c Event log TCPIP
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c Event log TCPIP
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 DHCPv6 Client LRPC Endpoint
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 DHCPv6 Client LRPC Endpoint
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 DHCP Client LRPC Endpoint
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 DHCP Client LRPC Endpoint
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: abfb6ca3-0c5e-4734-9285-0aee72fe8d1c 
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: abfb6ca3-0c5e-4734-9285-0aee72fe8d1c 
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: b37f900a-eae4-4304-a2ab-12bb668c0188 
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: b37f900a-eae4-4304-a2ab-12bb668c0188 
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: b3781086-6a54-489b-91c8-51d067172ab7 
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: b3781086-6a54-489b-91c8-51d067172ab7 
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: e7f76134-9ef5-4949-a2d6-3368cc0988f3 
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: e7f76134-9ef5-4949-a2d6-3368cc0988f3 
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: 7aeb6705-3ae6-471a-882d-f39c109edc12 
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: 7aeb6705-3ae6-471a-882d-f39c109edc12 
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: 06bba54a-be05-49f9-b0a0-30f790261023 Security Center
    ncacn_np:dc-01.contoso.local[\\pipe\\eventlog]
    
    UUID: 06bba54a-be05-49f9-b0a0-30f790261023 Security Center
    ncacn_ip_tcp:dc-01.contoso.local[49665]
    
    UUID: 2c7fd9ce-e706-4b40-b412-953107ef9bb0 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: c521facf-09a9-42c5-b155-72388595cbf0 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: aa371ed8-84fd-47c6-ad26-1f601a365a73 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 1832bcf6-cab8-41d4-85d2-c9410764f75a 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 55e6b932-1979-45d6-90c5-7f6270724112 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 76c217bc-c8b4-4201-a745-373ad9032b1a 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 88abcbc3-34ea-76ae-8215-767520655a23 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 2513bcbe-6cd4-4348-855e-7efb3c336dd3 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 20c40295-8dba-48e6-aebf-3e78ef3bb144 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: b8cadbaf-e84b-46b9-84f2-6f71c03f9e55 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 697dcda9-3ba9-4eb2-9247-e11f1901b0d2 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 9b008953-f195-4bf9-bde0-4471971e58ed 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: fc48cd89-98d6-4628-9839-86f7a3e4161a 
    ncacn_np:dc-01.contoso.local[\\pipe\\LSM_API_service]
    
    UUID: 76f226c3-ec14-4325-8a99-6a46348418af 
    ncacn_np:dc-01.contoso.local[\\PIPE\\InitShutdown]
    
    UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d 
    ncacn_np:dc-01.contoso.local[\\PIPE\\InitShutdown]
    
    Total endpoints found: 151
    
    
    
    ==== End of RPC Endpoint Mapper query response ====
    portqry.exe -n dc-01.contoso.local -e 135 -p TCP exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 389 -p BOTH ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 389 (ldap service): LISTENING
    
    Using ephemeral source port
    Sending LDAP query to TCP port 389...
    
    LDAP query response:
    
    
    currentdate: 03/21/2017 10:34:49 (unadjusted GMT)
    subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=contoso,DC=local
    dsServiceName: CN=NTDS Settings,CN=dc-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=local
    namingContexts: DC=contoso,DC=local
    defaultNamingContext: DC=contoso,DC=local
    schemaNamingContext: CN=Schema,CN=Configuration,DC=contoso,DC=local
    configurationNamingContext: CN=Configuration,DC=contoso,DC=local
    rootDomainNamingContext: DC=contoso,DC=local
    supportedControl: 1.2.840.113556.1.4.319
    supportedLDAPVersion: 3
    supportedLDAPPolicies: MaxPoolThreads
    highestCommittedUSN: 13729
    supportedSASLMechanisms: GSSAPI
    dnsHostName: dc-01.contoso.local
    ldapServiceName: contoso.local:dc-01$@CONTOSO.LOCAL
    serverName: CN=dc-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=local
    supportedCapabilities: 1.2.840.113556.1.4.800
    isSynchronized: TRUE
    isGlobalCatalogReady: TRUE
    domainFunctionality: 6
    forestFunctionality: 6
    domainControllerFunctionality: 7
    
    
    ======== End of LDAP query response ========
    
    UDP port 389 (unknown service): LISTENING or FILTERED
    
    Using ephemeral source port
    Sending LDAP query to UDP port 389...
    
    LDAP query response:
    
    
    currentdate: 03/21/2017 10:34:52 (unadjusted GMT)
    subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=contoso,DC=local
    dsServiceName: CN=NTDS Settings,CN=dc-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=local
    namingContexts: DC=contoso,DC=local
    defaultNamingContext: DC=contoso,DC=local
    schemaNamingContext: CN=Schema,CN=Configuration,DC=contoso,DC=local
    configurationNamingContext: CN=Configuration,DC=contoso,DC=local
    rootDomainNamingContext: DC=contoso,DC=local
    supportedControl: 1.2.840.113556.1.4.319
    supportedLDAPVersion: 3
    supportedLDAPPolicies: MaxPoolThreads
    highestCommittedUSN: 13729
    supportedSASLMechanisms: GSSAPI
    dnsHostName: dc-01.contoso.local
    ldapServiceName: contoso.local:dc-01$@CONTOSO.LOCAL
    serverName: CN=dc-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=local
    supportedCapabilities: 1.2.840.113556.1.4.800
    isSynchronized: TRUE
    isGlobalCatalogReady: TRUE
    domainFunctionality: 6
    forestFunctionality: 6
    domainControllerFunctionality: 7
    
    
    ======== End of LDAP query response ========
    
    UDP port 389 is LISTENING
    
    portqry.exe -n dc-01.contoso.local -e 389 -p BOTH exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 636 -p TCP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 636 (ldaps service): LISTENING
    portqry.exe -n dc-01.contoso.local -e 636 -p TCP exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 3268 -p TCP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 3268 (msft-gc service): LISTENING
    
    Using ephemeral source port
    Sending LDAP query to TCP port 3268...
    
    LDAP query response:
    
    
    currentdate: 03/21/2017 10:34:52 (unadjusted GMT)
    subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=contoso,DC=local
    dsServiceName: CN=NTDS Settings,CN=dc-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=local
    namingContexts: DC=contoso,DC=local
    defaultNamingContext: DC=contoso,DC=local
    schemaNamingContext: CN=Schema,CN=Configuration,DC=contoso,DC=local
    configurationNamingContext: CN=Configuration,DC=contoso,DC=local
    rootDomainNamingContext: DC=contoso,DC=local
    supportedControl: 1.2.840.113556.1.4.319
    supportedLDAPVersion: 3
    supportedLDAPPolicies: MaxPoolThreads
    highestCommittedUSN: 13729
    supportedSASLMechanisms: GSSAPI
    dnsHostName: dc-01.contoso.local
    ldapServiceName: contoso.local:dc-01$@CONTOSO.LOCAL
    serverName: CN=dc-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=local
    supportedCapabilities: 1.2.840.113556.1.4.800
    isSynchronized: TRUE
    isGlobalCatalogReady: TRUE
    domainFunctionality: 6
    forestFunctionality: 6
    domainControllerFunctionality: 7
    
    
    ======== End of LDAP query response ========
    portqry.exe -n dc-01.contoso.local -e 3268 -p TCP exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 3269 -p TCP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 3269 (msft-gc-ssl service): LISTENING
    portqry.exe -n dc-01.contoso.local -e 3269 -p TCP exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 53 -p BOTH ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 53 (domain service): LISTENING
    
    UDP port 53 (domain service): LISTENING
    portqry.exe -n dc-01.contoso.local -e 53 -p BOTH exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 88 -p BOTH ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 88 (kerberos service): LISTENING
    
    UDP port 88 (kerberos service): LISTENING or FILTERED
    portqry.exe -n dc-01.contoso.local -e 88 -p BOTH exits with return code 0x00000002.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 445 -p TCP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 445 (microsoft-ds service): LISTENING
    portqry.exe -n dc-01.contoso.local -e 445 -p TCP exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 137 -p UDP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    
    Name resolved to 172.16.229.10
    
    querying...
    
    UDP port 137 (netbios-ns service): LISTENING or FILTERED
    
    Using ephemeral source port
    Attempting NETBIOS adapter status query to UDP port 137...
    
    Server's response: MAC address 5031a5600a64
    UDP port: LISTENING
    portqry.exe -n dc-01.contoso.local -e 137 -p UDP exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 138 -p UDP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    
    Name resolved to 172.16.229.10
    
    querying...
    
    UDP port 138 (netbios-dgm service): LISTENING or FILTERED
    portqry.exe -n dc-01.contoso.local -e 138 -p UDP exits with return code 0x00000002.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 139 -p TCP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 139 (netbios-ssn service): LISTENING
    portqry.exe -n dc-01.contoso.local -e 139 -p TCP exits with return code 0x00000000.
    =============================================
    
     Starting portqry.exe -n dc-01.contoso.local -e 42 -p TCP ...
    
    
    Querying target system called:
    
     dc-01.contoso.local
    
    Attempting to resolve name to IP address...
    
    Name resolved to 172.16.229.10
    
    querying...
    
    TCP port 42 (nameserver service): FILTERED
    portqry.exe -n dc-01.contoso.local -e 42 -p TCP exits with return code 0x00000002.
    

    Wendy,

    I checked the following logs:
    - Application
    - System
    - DFS Replication
    - Directory Service
    - DNS Server

    But haven't found anything related to the issue.

    Tuesday, March 21, 2017 10:50 AM
  • I've tested the command repadmin /replsum with PsExec (using the same credentials again the same DC) and it delivered a result as expected:

    Replication Summary Start Time: 2017-03-21 14:05:54
    
    Beginning data collection for replication summary, this may take awhile:
      .....
    
    Source DSA          largest delta    fails/total %%   error
     DC-03           07m:07s    0 /   5    0  
     DC-01           15m:18s    0 /   5    0  
    
    Destination DSA     largest delta    fails/total %%   error
     DC-03           15m:19s    0 /   5    0  
     DC-01           07m:08s    0 /   5    0  

    So I'm pretty much sure something is not working only when connected via PowerShell.

    Tuesday, March 21, 2017 1:11 PM
  • So I'm pretty much sure something is not working only when connected via PowerShell.>>> Seems maybe.Also make sure you should check with AD replication status tool.

    https://www.microsoft.com/en-us/download/details.aspx?id=30005


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, March 21, 2017 9:15 PM
  • Okay, after 4 days of battle I finally pinned down the issue. It seems it is caused by the PowerShell itself, not the Active Directory.

    I can't find a proper documentation on this, but it looks like when you issue remote commands (either via New-PSSession, or Invoke-Command) you only get authenticated at the very beginning when you establish the connection. However, your credentials aren't passed further and all commands you issue to other computers (here: asking for answers from other DCs) run from, I guess, the machine account of DC you are directly connected to.

    From there it looks like repadmin /replsum can't identify you as the user, and returns an error as the machine account can't prompt other DCs. To get it working, you have to specify the credentials it will work under: repadmin /replsum /u:Username /p:password.

    Wednesday, March 22, 2017 1:15 PM
  • That's significant detection,thanks for sharing us...

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, March 22, 2017 8:11 PM
  • Hi,
    Great share, thank you for the share and update, we would appreciate you to mark it as answers, and it will be greatly helpful to others who have the same question.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, March 27, 2017 8:31 AM
    Moderator