none
Replication issue in active directory, error showing 1311, 1556, 1866

    Question

  • I have 2 DC in for network one is Adcenter1 and another is Adcenter2 and in KNET network i have 3 DC one is AD1,AD2 and AD3,

    all sitelink is configured well, and all needed ports are open, but still showing error 1311, 1566,1856,

    m not getting any clue why those error are showing, please check the snap

     

     

     

    when m trying to replicate manual that is showing like above, and how to resolve DNS lookup problem

     


    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |
    • Edited by SinghSharad Friday, January 20, 2012 1:33 PM
    Friday, January 20, 2012 1:23 PM

Answers

  • Q.That is the computer name before joining the domain and making the domain, after making the domain,at the time of making the domain we change the computer name with AD2 but that name is still showing, where i can remove that name.can we remove that name from ADSI Edit.

    ANS.As you have mentioned that WIN-K4DCJPKJOGO was renamed.

    Can you let us know you rename the server and then promoted the server ad DC or you promoted the DC and then performed rename activity.

    If the server was renamed before promoted you can delete the object from ADUC or ADSI edit.

    If the server was renamed after promotion of DC from computer properties then this is not the way to rename the hostname of DC.To rename the same you need to use netdom tool to set the same.

    In case if the server was rename from computer properties the you need to forcefully demote the DC(AD2)followed by metadata cleanup and promote the server back as DC.

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Thursday, January 26, 2012 5:30 AM

All replies

  • some more information

     

     

     

    how to resolve this access denied and RPC error, m sure all ports are open,

     

    please anyone can tell me, if any configuration is missing or what to do,?


    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |
    Friday, January 20, 2012 1:32 PM
  • Hi,

    RPC is unavailable occurs due to DNS misconfig and/or necessary ports are not fully opened between locations.

    >>Make sure the each DC / DNS server points to its private IP address as primary DNS server and other internal/remote DNS servers as secondary DNS in TCP/IP property.

    It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic.

    Also, disable local windows firewall service on the server.

    You may use prot query tool to verify the ports.
    PortQryUI - User Interface for the PortQry Command Line Port Scanner
    http://www.microsoft.com/download/en/details.aspx?id=24009

    Active Directory Firewall Ports - Let's Try To Make This Simple
    http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx

    Access Denied Error: error indicates that the local domain controller failed to authenticate against its replication partner when creating the replication link or when trying to replicate over an existing link. This typically happens when the domain controller has been disconnected from the rest of the network for a long time and its computer account password is not synchronized with the computer account password that is stored in the Active Directory of its replication partner.

    >> To resolve the issue refer below link: Troubleshooting Active Directory Replication Problems
    http://technet.microsoft.com/en-us/library/bb727057.aspx

    Read more on troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.
    http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

    Regards,


    Abhijit Waikar - MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA
    Friday, January 20, 2012 1:43 PM
  • some more information is ,

    Syncing all NC's held on ad2.

    Syncing partition: DC=DomainDnsZones,DC=knet,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: SyncAll Finished.

    SyncAll terminated with no errors.



    Syncing partition: DC=knet,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: Error issuing replication: 1722 (0x6ba):

        The RPC server is unavailable.

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: SyncAll Finished.



    SyncAll reported the following errors:

    Error issuing replication: 1722 (0x6ba):

        The RPC server is unavailable.

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com



    Syncing partition: DC=ForestDnsZones,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

        Replication access was denied.

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

        Replication access was denied.

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: SyncAll Finished.



    SyncAll reported the following errors:

    Error issuing replication: 8453 (0x2105):

        Replication access was denied.

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    Error issuing replication: 8453 (0x2105):

        Replication access was denied.

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com



    Syncing partition: CN=Schema,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: Error issuing replication: 1722 (0x6ba):

        The RPC server is unavailable.

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: SyncAll Finished.



    SyncAll reported the following errors:

    Error issuing replication: 1722 (0x6ba):

        The RPC server is unavailable.

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com



    Syncing partition: CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

        Replication access was denied.

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):

        Replication access was denied.

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: SyncAll Finished.



    SyncAll reported the following errors:

    Error issuing replication: 8453 (0x2105):

        Replication access was denied.

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    Error issuing replication: 8453 (0x2105):

        Replication access was denied.

        From: CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com



    Syncing partition: DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication is in progress:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: The following replication completed successfully:

        From: CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

        To  : CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com

    CALLBACK MESSAGE: SyncAll Finished.

    SyncAll terminated with no errors.





    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |
    Friday, January 20, 2012 1:45 PM
  • There are in fact a couple of clues.

    First and foremost, the first screenshot is asking you to check your DNS entries for AD2 as this might be causing ADCENTER1 to not be able to see it.

    There's a number of different DNS records you can check upon, but in this instance, perhaps the best one to check up front is the DNS Alias in the NTDS Settings section:

    • Open Sites and Services (dssite.msc)
    • Navigate down to your "ADCENTER1" host as shown in your first screenshot
    • Right-click on the "NTDS Settings" (shown with the light blue icon) and choose Properties
    • In the General tab, highlight and copy the value from the "DNS Alias" field
    • Open a command prompt
    • Type the following:

      nslookup -type=CNAME <dnsAlias>

      where <dnsAlias> is the CNAME you copied from the previous point

    If nslookup fails to resolve this DNS record, then that's your problem for the first screenshot.

    The second screenshot looks to be a different problem. In this instance it looks as though you're running under an account that does not have rights to manually force replication. To check if you have the rights, do the following:

    • Start ADSI Edit (adsiedit.msc)
    • Connect to the default namespace
    • Expand the "Default naming context" node
    • Right-click on the domain root (DC=fitnessonrequest,DC=com) node and choose Properties
    • Take a look at the account and groups listed in the Security tab
    • See if your account is a member of any of the groups that have the "Replicating Directory Changes" right

    If you are not listed directly or via a group, then you will not be able to perform manual replication.

    Cheers,
    Lain

    Friday, January 20, 2012 1:45 PM
  • Hi Lain,

    See what i get after nslookup,

    C:\Users\Administrator.KNET>nslookup -type=E4D865BC-0168-4A54-8EE2-90545560F916.
    _msdcs.fitnessonrequest.com
    unknown query type: E4D865BC-0168-4A54-8EE2-90545560F916._msdcs.fitnessonrequest
    .com
    Default Server:  ad2.knet.fitnessonrequest.com
    Address:  10.50.50.152

    and for group, i added


    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |
    Friday, January 20, 2012 2:09 PM
  • Hi Sharad,

    You got the format of the nslookup statement slightly wrong where it says "-type". Take a look at the example above again and have another go at it - you're missing the "=CNAME" part.

    Edited to add an example using your own DNS alias:

    nslookup -type=CNAME E4D865BC-0168-4A54-8EE2-90545560F916._msdcs.fitnessonrequest.com

    This should all be one line, by the way. Ignore any word wrapping here on the forum.

    Cheers,
    Lain



    Friday, January 20, 2012 2:27 PM
  • You are getting the error "The RPC server is unavailable" relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

    Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
    Disable Windows Firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic

    Active Directory and Active Directory Domain Services Port Requirements

    http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

    Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.
    http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

    It could be also due to DNS misconfig.

    Ensure the following on DC:
    1. Each DC / DNS server points to its private IP address as primary DNS server and other remote/local DNS servers as secondary in TCP/IP properties.
    2. Each DC has just one IP address and single network adapter is enabled.
    3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting of DC.
    4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.
    Do not put private DNS IP addresses in forwarder list.
    5.Assigning static IP address to DC if IP address is assigned by DHCP server to DC.It is strongly not recommended.

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights

    Saturday, January 21, 2012 8:18 AM
  • Hello,

    please describe the firewall settings in the domain and also post an unedited ipconfig /all from the problem DC and the other site DC/DNS server so we can verify some settings.

    Also please upload:

    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and don't run on Windows server 2008 R2]
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)


    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Saturday, January 21, 2012 10:09 AM
  • Hi Meinolf,

    Please check the url and find the all details,

    https://skydrive.live.com/redir.aspx?cid=733cc82c96ca9b55&resid=733CC82C96CA9B55!113&parid=root

     


    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |
    Sunday, January 22, 2012 2:19 PM
  • You are still getting RPC server is unavailable from repadmin output o AD2.

    As mentioned in the pervious port it could be due to dns misconfig or necessary port not open for AD replication or physical connectivity issue.

    Once the required port are open reboot the DC and check.

    Kindly check the prevoius comments which I have posted before to ensure that all parameters are in place.

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Monday, January 23, 2012 2:26 AM
  • Hello,

    accoridng to dcdiag from ADCENTER1:

    erform one of the following actions:

                - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.

                - Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.

    Some machines are missing information in the domain or are removed, please check for:

    tarting test: VerifyEnterpriseReferences

             The following problems were found while verifying various important DN

             references.  Note, that  these problems can be reported because of

             latency in replication.  So follow up to resolve the following

             problems, only if the same problem is reported on all DCs for a given

             domain or if  the problem persists after replication has had

             reasonable time to replicate changes.
                [1] Problem: Missing Expected Value

                 Base Object:

                CN=WIN-K4DCJPKJOGO,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=knet,DC=fitnessonrequest,DC=com

                 Base Object Description: "SYSVOL FRS Member Object"

                 Value Object Attribute Name: serverReference

                 Value Object Description: "DC Account Object"

                 Recommended Action: Check if this server is deleted, and if so

                clean up this DCs SYSVOL FRS Member Object.  Also see Knowledge

                Base Article:  Q312862

                
                [2] Problem: Missing Expected Value

                 Base Object:

                CN=WIN-K4DCJPKJOGO,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=knet,DC=fitnessonrequest,DC=com

                 Base Object Description: "SYSVOL FRS Member Object"

                 Value Object Attribute Name: msDFSR-ComputerReference

                 Value Object Description: "DSA Object"

                 Recommended Action: Check if this server is deleted, and if so

                clean up this DCs SYSVOL FRS Member Object.  Also see Knowledge

                Base Article  Q312862

    AD3 has lots of errors also, please assure that all DCs have no firewall blocking required traffic according to: http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx

    Additional upload also an unedited ipconfig /all from all DCs.

     

     


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, January 23, 2012 7:38 AM
  • IPconfig for adcenter1

     


    C:\Users\administrator.FITNESSONREQUES>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : ADCENTER1
       Primary Dns Suffix  . . . . . . . : fitnessonrequest.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : fitnessonrequest.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #48
       Physical Address. . . . . . . . . : 00-15-C5-F0-40-62
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::f87f:229a:915b:a97c%10(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.10.150(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.10.5
       DHCPv6 IAID . . . . . . . . . . . : 167777733
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-40-11-ED-00-15-C5-F0-40-62
       DNS Servers . . . . . . . . . . . : 192.168.10.150
                                           192.168.10.151
                                           10.50.50.152
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{35BE8C7C-1A5B-4B24-BF84-82F430AC9FDD}:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:4a05:d558:8000:0:5efe:192.168.10.150(Preferred)
       Link-local IPv6 Address . . . . . : fe80::5efe:192.168.10.150%11(Preferred)
       Default Gateway . . . . . . . . . : fe80::5efe:192.168.10.140%11
       DNS Servers . . . . . . . . . . . : 192.168.10.150
                                           192.168.10.151
                                           10.50.50.152
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

     

     

    IP config for AD2

    C:\Users\Administrator.KNET>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : ad2
       Primary Dns Suffix  . . . . . . . : knet.fitnessonrequest.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : knet.fitnessonrequest.com
                                           fitnessonrequest.com

    Ethernet adapter Local Area Connection 4:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Local Area Connection - Virtual Network
       Physical Address. . . . . . . . . : 00-19-B9-E0-D8-36
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::e4fc:e3e0:4a6f:5eef%16(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.50.50.152(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.50.50.5
       DHCPv6 IAID . . . . . . . . . . . : 218110393
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-4C-EF-DF-00-19-B9-E0-D8-36

       DNS Servers . . . . . . . . . . . : 10.50.50.152
                                           10.50.50.153
                                           192.168.10.150
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{CDCB3607-33C7-4CBD-9BB3-45AB0828D120}:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:4a05:d565:8000:0:5efe:10.50.50.152(P
    referred)
       Link-local IPv6 Address . . . . . : fe80::5efe:10.50.50.152%15(Preferred)
       Default Gateway . . . . . . . . . : fe80::5efe:10.50.50.141%15
       DNS Servers . . . . . . . . . . . : 10.50.50.152
                                           10.50.50.153
                                           192.168.10.150
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes


    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |
    Monday, January 23, 2012 8:09 AM
  • "" 1] Problem: Missing Expected Value

                 Base Object:

                CN=WIN-K4DCJPKJOGO,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=knet,DC=fitnessonrequest,DC=com

                 Base Object Description: "SYSVOL FRS Member Object"

                 Value Object Attribute Name: serverReference

                 Value Object Description: "DC Account Object"

                 Recommended Action: Check if this server is deleted, and if so

                clean up this DCs SYSVOL FRS Member Object.  Also see Knowledge

                Base Article:  Q312862"""

     

     

    What should i do for this, should i follow that article and clean up and do the repair?


    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |
    Monday, January 23, 2012 8:31 AM
  • Hello,

    please see: http://technet.microsoft.com/en-us/library/cc794759(WS.10).aspx if the mentioned machines are DC otherwise kick the computers out of the domain and rejoin them or delete them from AD UC if not longer existing.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, January 23, 2012 8:33 AM
  • That is the computer name before joining the domain and making the domain, after making the domain,

    at the time of making the domain we change the computer name with AD2 but that name is still showing, where i can remove that name.

     

    can we remove that name from ADSI Edit.


    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |
    Monday, January 23, 2012 8:48 AM
  • That is the computer name before joining the domain and making the domain, after making the domain,

    at the time of making the domain we change the computer name with AD2 but that name is still showing, where i can remove that name.

     

    can we remove that name from ADSI Edit.


    Sharad Singh | My blogs: SharadTech | Twitter: @MrLucknowWale |


    Hello,

    sorry but i don't get this complete. You have installed the machine and then renamed it to AD2? After this step you have promoted it to domain controller? Or did you rename the machine AFTER promoting to DC?

    If the latter how exactly did you rename it?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, January 23, 2012 11:33 AM
  • Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

     

    Regards,


    Arthur Li

    TechNet Community Support

    Thursday, January 26, 2012 1:22 AM
    Moderator
  • Q.That is the computer name before joining the domain and making the domain, after making the domain,at the time of making the domain we change the computer name with AD2 but that name is still showing, where i can remove that name.can we remove that name from ADSI Edit.

    ANS.As you have mentioned that WIN-K4DCJPKJOGO was renamed.

    Can you let us know you rename the server and then promoted the server ad DC or you promoted the DC and then performed rename activity.

    If the server was renamed before promoted you can delete the object from ADUC or ADSI edit.

    If the server was renamed after promotion of DC from computer properties then this is not the way to rename the hostname of DC.To rename the same you need to use netdom tool to set the same.

    In case if the server was rename from computer properties the you need to forcefully demote the DC(AD2)followed by metadata cleanup and promote the server back as DC.

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Thursday, January 26, 2012 5:30 AM