none
With Active Directory Replication (Site and Services) the from server changes automaticaly.

    Question

  • Hi there,

    We have about 50 servers, most of them 2012R2. 3 DC's and 47 RODC's.

    Isit possible to set a server to replicate from the hard way ?

    What I see in sites and services is that the AD changes to other servers. But some of them are old (2008R2) and about to be terminated ;). It looks like that the servers that changed the from servers automatically are the ones that have policy issues.

    I do understand that there must be a reason for that, but who can at least give me a clue where to look.

    The connections look OK and all of the servers are up and running. The changes are automatically done wthin 30 minutes or so after a manual change.

    And everytime with the same servers.

    I hope someone can help me.

    it look as if this is always set to the same server. I'd like to get it at all servers from one specific DC.

    Can this be forced ?

    Ben.


    Ben van der Meer

    Monday, December 19, 2016 3:51 PM

All replies

  • Hello,

    It's not clear to me what the issue is, but depending on your 'sites' and 'sitelinks' topology design, the 'kcc' service will make connections automaticly through out your forest. If you want to control that replication,.you should change the design. Not sure if it's this what you mean, but if you want all dc's to talk to only one; disable bridging and make a hub and spoke design (umbrella)

    And, what policy issues is it you have?

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Monday, December 19, 2016 4:12 PM
  • Hi there Jesper,

    I know about KCC, but didn't know that I could change the design and that this could be a solution.

    I need to disable bridging and make a hub and spoke design (umbrella).

    The issues we have are that policies of some servers (the ones that change connection in sites and services) aren't all replicated and up-to-date.

    I need to find out how to change our design into an umbrella  and get into that.

    There are just a few servers (RODC) that have this problem. About 7.

    Thanks for your info.  I need to get into the fact how I can change our design.

    Maybe a good thing, during the holidays ...

    Yours,

    Ben.

      


    Ben van der Meer

    Monday, December 19, 2016 8:16 PM
  • Ben,

    Now, I don't how your network is put together, but changing the replication behavior can have an impact if not done right.

    Mostly it comes down to the network on where your active directory runs. By default all sites are linked (bridged), and connections are made by the KCC service.  If all the sites are 'well connected' by a reliable link, the replication should be all good. The KCC service is clever and can handle 1000+ domain controllers. So, if you're having replication issues, you might troubleshoot that before changing anything.

    If a domain controller face issues with a replication partner due to server- or link problems, KCC will try re-establish a connection with a new partner, and eventually delete the old connection.

    I suggest you use 'dcdiag' and/or 'repamin' to look for any issues.

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Monday, December 19, 2016 8:51 PM
  • Hi there Jesper,

    Our network consists of over 40 sites. All sites are connected with reliable connections.

    I used repadmin and concluded  that there were no replication issues. After manually comparing the policy files on our most important DC and others, we saw that the servers that keep changing in sites and services are the ones where replication of the policies doesn't work correct. Because theamount of files, for instance, are not the same.  I tried to change that by changing the server at the connection. But KCC changes this. It keeps getting changed to the same server.  So when I change the setting to PDC-01 on server A, it automatically changes it to SDC-01. Maybe strange, but everytime it automatically changes to the same other server.

    KA-01 -- PDC-01  changes to SDC-01

    KN-01 -- PDC-01 changes to PDC

    KZ-01 -- PDC-01 changes to SDC-02

    DA-01 -- PDC-01 changes to PDC

    Whatever I do, everytime time these connections choose the same new targetserver over and over again.  And that probably has to do with the cost of connection, I suppose.

    The sites are alle connected through Ocedo gateway appliances. These connections seem to work fine.

    I think I should get into the quality of the connections, because KCC sems to work a sit should be.

    Yours,

    Ben.

      


    Ben van der Meer

    Monday, December 19, 2016 9:34 PM
  • Oki,

    When you say policies,.do you then mean the 'policy' folder in 'sysvol' ? If there is replication issue for DFS, look in the 'DFS Replication' eventlog.

    And just to be clear, 'changing in sites' is when a given domain controller change replication partner?

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Monday, December 19, 2016 11:20 PM
  • Hi there,

    Yes, the policy folder in sysvol.

    Yes, when a given domain controller change replication partner.

    :)


    Ben van der Meer

    Tuesday, December 20, 2016 12:43 AM
  • Hi,
    If you have sysvol replication problem, as Jesper said, please have a try to find the event logs related to DFS Replication and group policy.
    Here are some articles regarding to troubleshoot this kind of issue:
    SYSVOL and Group Policy out of Sync on Server 2012 R2 DCs using DFSR
    http://www.falconitservices.com/support/KB/Lists/Posts/Post.aspx?ID=142
    Fixing Broken SYSVOL Replication
    http://windowsitpro.com/windows-server-2012/fixing-broken-sysvol-replication
    Please Note: Since the web sites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards,
    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, December 20, 2016 6:36 AM
    Moderator
  • If a connection fails to a replication partner, it will be shown in the 'directory service' log, so that might be worth looking into that -> Directory Service-ActiveDirectory_DomainService-Knowledge Consistency Checker/

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Tuesday, December 20, 2016 6:22 PM
  • Hi there,

    This is what I see and now I go and take a look in the directory service log.

    The File Replication Service is having trouble enabling replication from ZP-PDC to ZP-PDC-01 for c:\windows\sysvol\domain using the DNS name ZP-PDC.zaanprimair.local. FRS will keep retrying.

     Following are some of the reasons you would see this warning.

     

     [1] FRS can not correctly resolve the DNS name ZP-PDC.zaanprimair.local from this computer.

     [2] FRS is not running on ZP-PDC.zaanprimair.local.

     [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

     

     This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    The File Replication Service is having trouble enabling replication from ZP-SDC-01 to ZP-PDC-01 for c:\windows\sysvol\domain using the DNS name ZP-SDC-01.zaanprimair.local. FRS will keep retrying.

     Following are some of the reasons you would see this warning.

     

     [1] FRS can not correctly resolve the DNS name ZP-SDC-01.zaanprimair.local from this computer.

     [2] FRS is not running on ZP-SDC-01.zaanprimair.local.

     [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

     

     This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    We have 1850 computers and about 50 servers and support it all with 4 FTE.

    3 of them are ill at the moment, that's why I do not reply immediately, but after business hours.

    Thanks all for your support, I really appreciate it.

    I hope to find the issue with your help. 

    Ben.


    Ben van der Meer

    Tuesday, December 20, 2016 9:09 PM
  • Hi,
    This log generally indicate replication failure between the DC. There could be many reason why this can happen: DNS misconfigure, network latency, broken secure channel between the DC, FRS in Journal Wrap error state, performance issue on the DC, server reached tombstone life cycle period, time difference between the sever, firewall blocking, etc. You could have a try firstly from these aspects.

    Regarding this log, here is a similar thread discussing it, you could also refer to:
    The File Replication Service is having trouble enabling replication
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/5a4b3647-0641-4a1a-9389-154d92b44730/the-file-replication-service-is-having-trouble-enabling-replication?forum=winserverDS
    Best regards,
    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, December 21, 2016 1:50 AM
    Moderator
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 26, 2016 7:47 AM
    Moderator
  • I gave the issue some rest.My mother passed away for 2 weeks now, and it's Christmastime overhere.

    I saw that the real issue is between 2 DC's.  The ZP-PDC (old one, that has to go) and the ZP-PDC-01.

    I get into that and thanks to your advice I noticed this.  I'll get back to you all. 


    Ben van der Meer

    Monday, December 26, 2016 9:52 AM
  • Hi,
    Thank you for the update, and I am so sorry for your lost, if you have any questions, please feel free to let us know.
    Best regards,  
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, December 27, 2016 1:13 AM
    Moderator