Windows Server

John Hornbuckle · Guest

This is a single domain structure, Windows Server 2003 SP1.

Server A is at Site A, which is my remote site with a T1 connection to
the State of Florida's Internet backbone.

Server B is at Site B, which is my main site with four T1's connected to
the State of Florida's Internet backbone.

Sites A and B are connected via VPN. Traffic between the two sites
doesn't really go out to the Internet; it stays on the State's backbone,
meaning that connectivity is pretty decent. Not great, but decent. Sites
A and B have been connected via VPN for ages, but the configuration
changed a few weeks ago when we bumped up the speed of Site A's
connection and started routing traffic from the site to a new location. The
firewall trusts all traffic between sites A and B, so that shouldn't be a
factor.

Yet, Server A is having a heck of a time replicating. I'm pretty new to
Active Directory, so I'm not sure what to do troubleshoot.

I've run dcdiag on Server A, and the server passes every test (but with
latency warnings on the replication test).

I've run netdiag, and it seems to hang at the point where it's testing
LDAP connectivity. Which sounds like a possible LDAP problem, but when I
run "portqry -n [server] -p udp -e 389" from Server A against Server B
and every other DC in my domain, I get successful results 99% of the
time. The other 1%, I get "LDAP query to port 389 failed - Server did
not respond to LDAP query." If I run the query again against that same
server, though, I'll have success. I guess latency is causing this?

I'm looking for some tips on how to proceed from here in terms of
troubleshooting. Hopefully some of you old pros out there can give me
some pointers.

Nick · Guest

Hi John,

It sounds like your having a nightmare with this one!

A good tool to use for troubleshooting replication issues is DNSLine which
is a free download from the microsoft website.

A document to go with it is: http://support.microsoft.com/?kbid=321046

I strongly recommend taking a look at the tool and it will hopefully point
you in the correct direction as to what may be causing this.

Good Luck!
Cheers,

Nick

"John Hornbuckle" <JohnHornbuckle@discussions.microsoft.com> wrote in
message news:44AE149C-485A-4C6A-848E-528CE3475098@microsoft.com...

Mark · Guest

Hi John,

Another tool to try is "replmon".
What happens when you force a replication from Sites and Services ? (Browse
to NTDS Settings and force replication over the relevant connector). Are
there any other DCs in the same site as your problem server and are they
having the same issues? And anything interesting in your eventlogs?

Thanks
Mark

"Nick" wrote:

John Hornbuckle · Guest

Thanks for the tip. I just ran it, and it found no problems as far as I could
tell. I don't think this is a DNS issue.

John

"Nick" wrote:

John Hornbuckle · Guest

The remote site (Site A) only has one server (Server A), so there's nothing
else to compare it to. The site (Site B) with the server it's replicating to
here on my district network also only have one server (Server B). But several
other servers in other sites in my district are all replicating with Server B
with no problems.

When I try to force a replication using ADSS, I get the message saying that
I'm trying to replicate between servers in different sites. I then check the
event logs after a couple of minutes, and find multiple errors. Things like:

* All domain controllers in the following site that can replicate the
directory partition over this transport are currently unavailable

* There is insufficient site connectivity information in Active Directory
Sites and Services for the KCC to create a spanning tree replication
topology. Or, one or more domain controllers with this directory partition
are unable to replicate the directory partition information. This is probably
due to inaccessible domain controllers.

* The Knowledge Consistency Checker (KCC) was unable to form a complete
spanning tree network topology. As a result, the following list of sites
cannot be reached from the local site.

All info telling me that there's a problem, but not really helping me figure
out the cause.

I've run repadmin /showreps, and below are the results. Does this tell
anyone anything? I'm not sure what to make of it, other than to know that
there's a problem--but I already knew that!

C:\>repadmin /showreps
Site A\Server A
DC Options: IS_GC
Site Options: (none)
DC object GUID: 6636ec9a-0673-404a-8519-78a6442e0f49
DC invocationID: d7453f33-603c-4c6c-9dc5-33cbaa851343

==== INBOUND NEIGHBORS ======================================

DC=taylor,DC=k12,DC=fl,DC=us
Site B\Server B via RPC
DC object GUID: 5035b980-7cd4-4e6d-8ba0-5cee29465a2c
Last attempt @ 2005-11-11 08:51:49 failed, result 1818 (0x71a):
The remote procedure call was cancelled.
5 consecutive failure(s).
Last success @ 2005-11-11 00:45:23.

CN=Configuration,DC=taylor,DC=k12,DC=fl,DC=us
Site B\Server B via RPC
DC object GUID: 5035b980-7cd4-4e6d-8ba0-5cee29465a2c
Last attempt @ 2005-11-11 09:49:09 was successful.

CN=Schema,CN=Configuration,DC=taylor,DC=k12,DC=fl,DC=us
Site B\Server B via RPC
DC object GUID: 5035b980-7cd4-4e6d-8ba0-5cee29465a2c
Last attempt @ 2005-11-11 09:49:08 was successful.

DC=DomainDnsZones,DC=taylor,DC=k12,DC=fl,DC=us
Site B\Server B via RPC
DC object GUID: 5035b980-7cd4-4e6d-8ba0-5cee29465a2c
Last attempt @ 2005-11-11 09:42:55 failed, result 1818 (0x71a):
The remote procedure call was cancelled.
3 consecutive failure(s).
Last success @ 2005-11-11 01:45:24.

DC=ForestDnsZones,DC=taylor,DC=k12,DC=fl,DC=us
Site B\Server B via RPC
DC object GUID: 5035b980-7cd4-4e6d-8ba0-5cee29465a2c
Last attempt @ 2005-11-11 08:51:54 was successful.

Source: Site B\Server B
******* 5 CONSECUTIVE FAILURES since 2005-11-11 01:45:24
Last error: 1818 (0x71a):
The remote procedure call was cancelled.

C:\>

"Mark" wrote:

	Windows Server Forum Index -> Active Directory	All times are GMT
Page 1 of 1