none
Active Directory Sites and Services Replication Problem RRS feed

  • Question

  • Good Day Sir / Ma'am

        I have a big problem with our AD. I came thru all the forums and yet  I have not solve our problem. Please refer below

         When I try to replicate now the ZAMECO2AD under the domain-server2 this happen

    And when I try to replicated 693.... under the ZAMECO2AD this happen

    Please help. It bugs me for almost two weeks. Thank you.. 

    Friday, May 24, 2019 6:22 AM

Answers

  • Ok, thanks for clarifying. There are still remnants  of DOMAIN-SERVER2 in domain. You'll need to perform some cleanup to remove. You can follow along here to do, 

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

    then when done I'd probably reboot, if problems persist please put up a new set of files.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    • Edited by Dave PatrickMVP Thursday, May 30, 2019 12:47 AM
    • Marked as answer by pitpauld Thursday, May 30, 2019 12:50 AM
    Thursday, May 30, 2019 12:26 AM
  • i just dont understand. when i check the UNC path. \\zameco2ad and \\domain-server2 . i can access them both and they have the same files..

    From cmd.exe what is the result of;

    netdom computername zameco2ad /enum

    netdom computername domain-server2 /enum

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Marked as answer by pitpauld Thursday, May 30, 2019 6:33 AM
    Thursday, May 30, 2019 2:04 AM
  • Good question, I'm not sure; does it exist or not? You have stated more than once there is only one domain controller which means the second one exists in system misconfiguration only. From what I can tell ZAMECO2AD is the real one. DOMAIN-SERVER2 may be the result of some misconfiguration. If this is the case you can follow along here to perform cleanup.

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    Friday, May 31, 2019 2:46 AM

All replies

  • Please run;
    • Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log
      (please replace DCName with your domain controller's netbios name)
    • repadmin /showrepl >C:\repl.txt
    • ipconfig /all > C:\dc1.txt
    • ipconfig /all > C:\dc2.txt

      then put unzipped text files up on OneDrive and share a link.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, May 24, 2019 1:22 PM
  • Check the replication status of all the DCs, seems the connection object not replicated to other DC

    http://www.windowstricks.in/2010/03/health-check-active-directory.html


    Regards,
    Ganesamoorthy.S
    www.windowstricks.in)


    Sunday, May 26, 2019 2:33 PM
  • thank you for the reply sir. here's the files..

    https://www.dropbox.com/s/v516i8s8fdz3m4i/zameco2ad.zip?dl=0

    we do only have one DC.

    Monday, May 27, 2019 8:48 AM
  • thank you for the reply sir. here's the files..

    https://www.dropbox.com/s/v516i8s8fdz3m4i/zameco2ad.zip?dl=0

    we do only have one DC.

    Please put unzipped text files up on OneDrive and share a link, so we don't have to create a dropbox account.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, May 27, 2019 11:52 AM
  • Sorry sir for the late reply. Heres the files

    https://1drv.ms/u/s!AlXvkCKXg_30a0PqLdx3WZj1zh0?e=Z0bBdk

    Thank you so much

    Wednesday, May 29, 2019 12:47 AM
  • Sorry sir for the late reply. Heres the files

    https://1drv.ms/u/s!AlXvkCKXg_30a0PqLdx3WZj1zh0?e=Z0bBdk

    Thank you so much

    dcdiag is not complete, also missing the ipconfig /all for other servers. please run

    • Dcdiag /v /c /d /e /s:ZAMECO2AD >c:\dcdiag.log 
    • repadmin /showrepl >C:\repl.txt
    • ipconfig /all > C:\dc1.txt
    • ipconfig /all > C:\dc2.txt
    • ipconfig /all > C:\dc3.txt

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Wednesday, May 29, 2019 1:11 AM
  • Hello sir. We only have 1 DC and it is ZAMECO2AD. Its a virtual machine running on vmware.

    Our primary problem is about the group policy. whenever I log on other PC the policy doest not apply and when I run a gpupdate command it shows an error like this:

    Wednesday, May 29, 2019 4:17 AM
  • Hi,

    Here is an official article for your reference:

    Windows Server Troubleshooting: "The RPC server is unavailable"

    https://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx

    In addition, since there is one question per post policy and I notice that you've post another thread asking about this gpupdate issue, please wait for replies there.

    Appreciate your understanding in advance.

    Best Regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, May 29, 2019 8:09 AM
    Moderator
  • Hello sir. We only have 1 DC and it is ZAMECO2AD. Its a virtual machine running on vmware.

    Our primary problem is about the group policy. whenever I log on other PC the policy doest not apply and when I run a gpupdate command it shows an error like this:

    Understood, please put up the following files

    • Dcdiag /v /c /d /e /s:ZAMECO2AD >c:\dcdiag.log 
    • repadmin /showrepl >C:\repl.txt
    • ipconfig /all > C:\dc1.txt
    • ipconfig /all > C:\dc2.txt
    • ipconfig /all > C:\dc3.txt

    Please put unzipped text files up on OneDrive and share a link,

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, May 29, 2019 1:50 PM
  • Thank you sir for the info and sorry this post I just wanna solve my problem..
    • Edited by pitpauld Wednesday, May 29, 2019 11:47 PM
    Wednesday, May 29, 2019 11:46 PM
  • Good day sir dave.

    heres the updated files..

    One drive

    In the ipconfig sir we do only have 1 DC and that is zameco2ad.. We do not have other DC. 

    Hope to help me solve the problem. Im losing hope. Thank you so much..


    • Edited by pitpauld Thursday, May 30, 2019 12:05 AM
    Thursday, May 30, 2019 12:04 AM
  • Ok, thanks for clarifying. There are still remnants  of DOMAIN-SERVER2 in domain. You'll need to perform some cleanup to remove. You can follow along here to do, 

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

    then when done I'd probably reboot, if problems persist please put up a new set of files.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    • Edited by Dave PatrickMVP Thursday, May 30, 2019 12:47 AM
    • Marked as answer by pitpauld Thursday, May 30, 2019 12:50 AM
    Thursday, May 30, 2019 12:26 AM
  • As you can see below sir Dave the DOMAIN-SERVER2 is online. Is it right or wrong? Does the ZAMECO2AD should be online? 

    Thursday, May 30, 2019 12:53 AM
  • Well confusing because you just said a few minutes ago that there was only one domain controller. If DOMAIN-SERVER2 is still there then put up the other file

    ipconfig /all > C:\dc2.txt

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, May 30, 2019 12:58 AM
  • check below sir. they have the same IP which means they are in the 1 virtual machine

    Thursday, May 30, 2019 1:02 AM
  • Well that can't possibly work. Each domain controller will need to have it's own statically assign ip address.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, May 30, 2019 1:04 AM
  • what will I do next sir?
    Thursday, May 30, 2019 1:06 AM
  • Well a wild guess is you're using a type 2 hypervisor and selected a NAT network type. I'd change it to Bridged and then statically assign the ip addresses.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, May 30, 2019 1:13 AM
  • we are using a type 1 hypervisor. 
    Thursday, May 30, 2019 1:22 AM
  • Regardless, the two domain controllers need to have different ip addresses and have network connectivity.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    Thursday, May 30, 2019 1:25 AM
  • ok sir dave thank you for your support. 
    Thursday, May 30, 2019 1:32 AM
  • You're welcome.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, May 30, 2019 1:33 AM
  • sir dave.. final one. please check below
    Thursday, May 30, 2019 1:39 AM
  • The difference is top one is an IPv4 response, bottom one is an IPv6 response.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, May 30, 2019 1:42 AM
  • but then our IPv6 on the server is disable. im very sure that we dont have other server rather than this zameco2ad. :(
    Thursday, May 30, 2019 1:44 AM
  • im very sure that we dont have other server rather than this zameco2ad. :(

    What happened to DOMAIN-SERVER2 ???

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, May 30, 2019 1:46 AM
  • i just dont understand. when i check the UNC path. \\zameco2ad and \\domain-server2 . i can access them both and they have the same files..
    Thursday, May 30, 2019 1:51 AM
  • i just dont understand. when i check the UNC path. \\zameco2ad and \\domain-server2 . i can access them both and they have the same files..

    From cmd.exe what is the result of;

    netdom computername zameco2ad /enum

    netdom computername domain-server2 /enum

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Marked as answer by pitpauld Thursday, May 30, 2019 6:33 AM
    Thursday, May 30, 2019 2:04 AM
  • hello sir dave. thanks for the patience. please check below..

    Thursday, May 30, 2019 6:32 AM
  • Might try removing the invalid NTDS configuration or possibly start over with your testing.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, May 30, 2019 1:49 PM
  • is this what you mean sir dave?

    Thursday, May 30, 2019 11:58 PM
  • Yes, did you manually add that?

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, May 31, 2019 12:06 AM
  • no sir. is it a risk to delete the NTDS settings under the domain-server? our operation will be interrupted if error occurs after the deletion
    Friday, May 31, 2019 1:18 AM
  • Sounds like it already is. But no problem, I'd start a case here with product support.

    https://support.microsoft.com/en-us/hub/4343728/support-for-business

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, May 31, 2019 1:22 AM
  • No sir. Our AD is functioning well, the only problem is the Group policy not taking effect on the users especially when they log in first time on a PC.
    Friday, May 31, 2019 2:14 AM
  • You still cannot have two domain controllers that resolve to the same ip address. This is a fatal error. If you don't want to go with product support then I'd suggest getting someone local that's knowledgeable to come in and help you with these configuration errors.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Friday, May 31, 2019 2:17 AM
  • can i disable the problematic DC without deleting it. just to be sure it will not affect our daily operation.
    Friday, May 31, 2019 2:43 AM
  • Good question, I'm not sure; does it exist or not? You have stated more than once there is only one domain controller which means the second one exists in system misconfiguration only. From what I can tell ZAMECO2AD is the real one. DOMAIN-SERVER2 may be the result of some misconfiguration. If this is the case you can follow along here to perform cleanup.

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    Friday, May 31, 2019 2:46 AM
  • thank you sir. ZAMECO2AD is the right domain. hope this fix will work for us..
    Friday, May 31, 2019 3:34 AM
  • Sounds good, you're welcome.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, May 31, 2019 3:35 AM
  • hello sir. i found something. i review all properties of this zameco2ad dc. please check below. i found it on users and computers. i cannot delete domain-server2 because the NTDS settings of zameco2ad is in domain-server2.

    im just being cautious. hope you understand. please help..
    • Edited by pitpauld Friday, May 31, 2019 5:30 AM
    Friday, May 31, 2019 5:29 AM
  • hello sir. i also discover this two error under dns event log

    Friday, May 31, 2019 8:08 AM
  • Clean up server metadata using Active Directory Sites and Services https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

    1. Open Active Directory Sites and Services.
    2. If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Sites and Services, and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.
    3. Expand the site of the domain controller that was forcibly removed, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.
    4. In the Active Directory Sites and Services dialog box, click Yes to confirm the NTDS Settings deletion.
    5. In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain
      Services Installation Wizard (DCPROMO), and then click Delete.
    6. If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
    7. If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.
    8. Right-click the domain controller that was forcibly removed, and then click Delete.
    9. In the Active Directory Domain Services dialog box, click Yes to confirm the domain controller deletion.

     

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, May 31, 2019 1:22 PM