Repadmin /syncall not pushing changes to DC at another site.
Question
Answers
-
Without knowing specifics about your infrastructure, since none was provided, I can provide general information on it:
If you have an hub and spoke topology with specific physical connectivity only between the hub and other locations, did you disable BASL (Bridge All Site Links), and create specific links for each site from the hub?
If you didn't disable BASL, the KCC will try to generate partnerships between DCs in sites that they can't directly communicate with.
If you've disabled BASL and manually created separate IP links, the KCC will properly partner up DCs from each site to the hub site. But keep in mind, you will not always see all DCs between each site and hub partnered. The KCC automatically determines what's best and works with the ISTG (Intersite Topology Generator) to construct an optimum replication topology.
Also, if there are any antivirus software on the DCs that haven't been properly configured to exclude AD processes (there are folders, services and registry entries that need to be excluded), then that will cause *major* replication problems. This comes up very often in the forums and is a main thorn in the side for AD replication. It's suggested to check the AV vendor site for specific instructions for their products on how to do that.
Another thorn in the side are firewall rules between locations. If the whole range (TCP 1-65535 & UDP 1-65535) are not opened, expect problems.
And if any of the DCs are multihomed (more than one IP, NIC, RRAS on a DC, and/or iSCSI interface), then that can cause numerous problems, too.
-
To provide specific assistance, please comment/respond on what I've posted above. Also included:
- Unedited ipconfig /all from DCs from two of your sites
- Event log errors on those DCs. Application, System, and under Application and Services Logs on a DC for the AD Web services, DFS Replication, Directory Services, DNS Server & File Replication Server logs. Post the Event ID# and Source name in the event, and the server name it came from.
- Run dcdiag /v > c:\dcdiag.txt
- Post the results to a sharing site with a link to them, please.
- Is TMG or Proxy at any of the sites?
-
You can use the following to check your replication topology and status (these two tools, along with event log entries, PortQry GUI (to see if there are any ports being blocked between sites), and dcdiags, help me all the time figuring out replication issues). These tools have helped me greatly with troubleshooting large customer installations, besides of course analyzing if DNS was designed properly to support the forest.
1. ReplDIAG: (run it as repldiag > c:\repldiag.txt, then open it as a CSV in Excel choosing comma separated, to be able to clearly read the output)
Explained here:
Troubleshooting replication with ReplDiag.exe [part 1 of 4], Rob Bolbotowski [MSFT], 13 Oct 2010 12:04 PM
http://blogs.technet.com/b/robertbo/archive/2010/10/13/troubleshooting-replication-with-repldiag-exe-part-1-of-4.aspx
ReplDiag Downloadable from:
http://activedirectoryutils.codeplex.com/releases/view/136642. Download The Active Directory Replication Status Tool:
http://www.microsoft.com/en-us/download/details.aspx?id=30005
This tool requires .Net Framework 4. If it's not installed, download and install it:
Microsoft .NET Framework 4 (Web Installer)
http://www.microsoft.com/en-us/download/details.aspx?id=17851
3. Run PortQry GUI choosing the "Domains & Trusts" option between each other (DCs). Run the test from a DC to a DC from both sides to each other, or you can also run it from a client to a DC. Post only errors with "NOTLISTENING," 0x00000001, and 0x00000002.
PortQryUI - GUI - Version 2.0 8/2/2004
http://www.microsoft.com/download/en/details.aspx?id=24009Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/This post is provided AS-IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Meinolf Weber Tuesday, August 13, 2013 7:08 AM
- Marked as answer by Amy Wang_ Monday, August 19, 2013 1:35 AM
All replies
-
Without knowing specifics about your infrastructure, since none was provided, I can provide general information on it:
If you have an hub and spoke topology with specific physical connectivity only between the hub and other locations, did you disable BASL (Bridge All Site Links), and create specific links for each site from the hub?
If you didn't disable BASL, the KCC will try to generate partnerships between DCs in sites that they can't directly communicate with.
If you've disabled BASL and manually created separate IP links, the KCC will properly partner up DCs from each site to the hub site. But keep in mind, you will not always see all DCs between each site and hub partnered. The KCC automatically determines what's best and works with the ISTG (Intersite Topology Generator) to construct an optimum replication topology.
Also, if there are any antivirus software on the DCs that haven't been properly configured to exclude AD processes (there are folders, services and registry entries that need to be excluded), then that will cause *major* replication problems. This comes up very often in the forums and is a main thorn in the side for AD replication. It's suggested to check the AV vendor site for specific instructions for their products on how to do that.
Another thorn in the side are firewall rules between locations. If the whole range (TCP 1-65535 & UDP 1-65535) are not opened, expect problems.
And if any of the DCs are multihomed (more than one IP, NIC, RRAS on a DC, and/or iSCSI interface), then that can cause numerous problems, too.
-
To provide specific assistance, please comment/respond on what I've posted above. Also included:
- Unedited ipconfig /all from DCs from two of your sites
- Event log errors on those DCs. Application, System, and under Application and Services Logs on a DC for the AD Web services, DFS Replication, Directory Services, DNS Server & File Replication Server logs. Post the Event ID# and Source name in the event, and the server name it came from.
- Run dcdiag /v > c:\dcdiag.txt
- Post the results to a sharing site with a link to them, please.
- Is TMG or Proxy at any of the sites?
-
You can use the following to check your replication topology and status (these two tools, along with event log entries, PortQry GUI (to see if there are any ports being blocked between sites), and dcdiags, help me all the time figuring out replication issues). These tools have helped me greatly with troubleshooting large customer installations, besides of course analyzing if DNS was designed properly to support the forest.
1. ReplDIAG: (run it as repldiag > c:\repldiag.txt, then open it as a CSV in Excel choosing comma separated, to be able to clearly read the output)
Explained here:
Troubleshooting replication with ReplDiag.exe [part 1 of 4], Rob Bolbotowski [MSFT], 13 Oct 2010 12:04 PM
http://blogs.technet.com/b/robertbo/archive/2010/10/13/troubleshooting-replication-with-repldiag-exe-part-1-of-4.aspx
ReplDiag Downloadable from:
http://activedirectoryutils.codeplex.com/releases/view/136642. Download The Active Directory Replication Status Tool:
http://www.microsoft.com/en-us/download/details.aspx?id=30005
This tool requires .Net Framework 4. If it's not installed, download and install it:
Microsoft .NET Framework 4 (Web Installer)
http://www.microsoft.com/en-us/download/details.aspx?id=17851
3. Run PortQry GUI choosing the "Domains & Trusts" option between each other (DCs). Run the test from a DC to a DC from both sides to each other, or you can also run it from a client to a DC. Post only errors with "NOTLISTENING," 0x00000001, and 0x00000002.
PortQryUI - GUI - Version 2.0 8/2/2004
http://www.microsoft.com/download/en/details.aspx?id=24009Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/This post is provided AS-IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Meinolf Weber Tuesday, August 13, 2013 7:08 AM
- Marked as answer by Amy Wang_ Monday, August 19, 2013 1:35 AM
