Troubleshooting Replication Between Domain Controllers


NTDS Event ID 1311 This error occurs when the replication configuration information in Active Directory Sites and Services does not accurately reflect the physical topology of the network.

Click the Yes button and then supply administrator credentials for the remote domain. If site link bridging is enabled in a nonrouted environment, either make the network fully routed, or disable site link bridging and then create the necessary sites links and site link This operation will be retried. Did I miss anything? https://msdn.microsoft.com/en-us/library/bb727057.aspx

Resolve the authentication problem before continuing to troubleshoot the replication failure. To verify this, check the DNS Flags field in a network trace response from a forwarder. Search the results for the GUID you identified from the previous step.

In there should be SRV (CNAME) records for all of your DC's. Set the Kerberos Key Distribution Center (KDC) service to manual on the problem domain controller and reboot the computer. CN=Contoso,CN=Partitions,CN=Configuration,DC=Contoso,DC=com. Repadmin If this object is not present, cross-domain authentication will fail.

Add "-" to the last line of the file. Active Directory Replication Troubleshooting

I guess it's really immaterial because it's been a little over 3 months since it synced anyway. Hope this helps. Top of page Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? The DSL line there was flaky, which knocked the VPN down.

The record data is the status code. Verify network connectivity and resolve any issues.

If event ID 1311 continues to be logged on ISTG role holders, continue with the next step. Verify open ports on any network hardware separating domain controllers in an Active Directory environment. If an error is reported between two domain controllers of different domains which have a parent/child or tree root relationship, this error may be indicative of a missing trustedDomain object. This operation will be retried.

Table 2.7 shows common events that might indicate a problem with Active Directory replication, together with root cause and solution information. NTDS KCC Event ID 1265. In order to review all of the RID master objects generating errors, obtain ldifde dumps from the RID owner and the domain controller by running the following commands: ldifde -s servername

The following symptoms are covered: Name Resolution Errors RPC Server is too busy errors Global Catalog Errors Authentication Errors Replication Topology and Connectivity Errors Replication Engine Errors Lingering Objects Relative Identifier

Administrator-defined preferred bridgeheads are online, but they do not host the required naming contexts.

Reset the computer account password and force a refresh of Kerberos tickets of downstream partners. If several entries are returned, this is the source of the error.

I was concerned that I might have to set all that up again. If they don't match, the replication link cannot be established, and it logs an event in the Directory Services event log. Type files, and then press the key. this contact form Feedback enthält ungültige Zeichen, nicht angenommene Sonderzeichen: <> (, ) \ Feedback senden Derzeit ist kein Zugriff auf das Feedbacksystem möglich.

NOTE: As a precaution, be sure that there is a recent backup of the system state on this server, or on another domain controller with up-to-date data before running this command. Domain controllers attempting to replicate will initiate a query to Active Directory for their configured replication partner and GUID.

NOTE: Example of domain GUID record: Name: e99e82d5-deed-11d2-b15c-00c04f5cb503._msdcs.contoso.com Type: CNAME Data: dc01.contoso.com Records for global catalog servers are registered in the forest root domain, regardless of whether the domain controller is. When an Active Directory replication between two domain controllers fails, the following error message may display in the Event Log: The RPC server is too busy to complete this operation. Verify a global catalog server is configured in the client's site To verify that a global catalog server is configured in the client's site, open the Active Directory Sites and Services

This operation will > be retried. > >Data: > >0000: 05 00 00 00 .... > >----------------- > >Event Type: Warning > >Event Source: Map the GUID of the problem GPO to its friendly name. A new DC's DNS record had not been replicated to another site.