Fixing Replication Failures

Discussion:

(too old to reply)

Brian

2007-06-13 20:04:58 UTC

We are having occasional replication errors throughout our domain, but one
of the sites in particular seems to be a problem. Hoping for some advice if
this looks familiar to anyone.

If we get replication problems as indicated by repadmin /showrepl, rebooting
the remote DC gets things going again, but is not a great solution and also
it take a long time for the DC to come back up.

We have two local DCs both of which replicate with the remote DC. The
replication has failed with the remote and both of these DCs, but not always
at the same time (i.e. one works, one doesn't).

If I try to run a forced replication (repadmin /replicate...), I get the
following:
DsReplicaSync() failed waith status 1727 (0x6bf).

(I got no hits searching for that code on google BTW)

Pinging between the DCs works, as does browsing. I also tried the port query
tool on 135 and it works. The only other thing that seems to fail when this
is replication error occurs is that I can't remote desktop to the remote DC
from within out local LAN while this error is occuring. However I can remote
to another server within the remote LAN and then remote from there to the
DC.

The other point of interest in this is that if I run AD Sites and Service on
the remote DC, its site shows that it is trying to replicate with every site
in the company. If I correct that so it just replicates with the local DCs,
later I can look at it again and its changed back.

Event viewer shows nothing of great value, really only errors that there was
a problem (15308).

Thanks!

Ace Fekay [MVP]

2007-06-14 03:47:03 UTC

Permalink

Post by Brian
We are having occasional replication errors throughout our domain,
but one of the sites in particular seems to be a problem. Hoping for
some advice if this looks familiar to anyone.
If we get replication problems as indicated by repadmin /showrepl,
rebooting the remote DC gets things going again, but is not a great
solution and also it take a long time for the DC to come back up.
We have two local DCs both of which replicate with the remote DC. The
replication has failed with the remote and both of these DCs, but not
always at the same time (i.e. one works, one doesn't).
If I try to run a forced replication (repadmin /replicate...), I get
DsReplicaSync() failed waith status 1727 (0x6bf).
(I got no hits searching for that code on google BTW)
Pinging between the DCs works, as does browsing. I also tried the
port query tool on 135 and it works. The only other thing that seems
to fail when this is replication error occurs is that I can't remote
desktop to the remote DC from within out local LAN while this error
is occuring. However I can remote to another server within the remote
LAN and then remote from there to the DC.
The other point of interest in this is that if I run AD Sites and
Service on the remote DC, its site shows that it is trying to
replicate with every site in the company. If I correct that so it
just replicates with the local DCs, later I can look at it again and
its changed back.
Event viewer shows nothing of great value, really only errors that
there was a problem (15308).
Thanks!

Rebooting works? First thought makes me think the DC is multhomed. This will
definitely cause it as well as the Sites and Services issue, which a reboot
would temporarily fix it.

Replication problems relating to a reboot temporarily fixing it, can be
caused by numerous issues from DNS misconfigs, using ISP's DNS in ip
properties, ISP problems with the lines, etc.

For starters, can you post the folowing info please?

1. Unedited ipconfig /all from the three DCs in question, and one of your
clients.
2. The exact zone name spellng in DNS and whether updates are allowed on the
zone.
3. The AD DNS domain name as it shows up in ADUC.
4. If the SRV records exist under your zone.
5. Any errors in the Event logs on the DC under System, Replication Service
and Directory Services (post the Event ID# and source please)
6. Dcdiag /v /fix > c:\dcdiag.txt (post the dcdiag.txt as an attachment)
7. Netdiag /v /fix > c:\netdiag.txt (post the dcdiag.txt as an attachment)
8. More than one subnet?
9. Forwarder(s) configured?
10. Descrive your Site configuration and subnet associations to your Sites.
--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain

Brian

2007-06-14 16:06:45 UTC

Permalink

Post by Ace Fekay [MVP]
For starters, can you post the folowing info please?
1. Unedited ipconfig /all from the three DCs in question, and one of your
clients.

Windows IP Configuration

Host Name . . . . . . . . . . . . : cadc01
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
Connection
Physical Address. . . . . . . . . : 00-12-3F-EC-EA-86
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.4.0.1
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.4.0.20
DNS Servers . . . . . . . . . . . : 10.4.0.1
Primary WINS Server . . . . . . . : 10.4.0.1

Post by Ace Fekay [MVP]
2. The exact zone name spellng in DNS and whether updates are allowed on
the zone
3. The AD DNS domain name as it shows up in ADUC.

I can't post some of this information for security reasons, but its the same
in all cases.

Post by Ace Fekay [MVP]
4. If the SRV records exist under your zone.

Yes, there is an SRV record for each DC.

Post by Ace Fekay [MVP]
5. Any errors in the Event logs on the DC under System, Replication Service

Its full of event id 4013

Post by Ace Fekay [MVP]
7. Netdiag /v /fix > c:\netdiag.txt (post the dcdiag.txt as an attachment)

I don't think this group support attachments, but here you go. I think I see
the problem here:

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry olddomain.wan. re-registeration on
DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.CA._sites.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.CA._sites.gc._msdcs.olddomain.wan. re-registeration on DNS server
'10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.1509a7d4-2d82-4d42-9d29-715ff9f07a54.domains._msdcs.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
524122f5-afce-4423-8efe-9a4449d9a0d7._msdcs.olddomain.wan. re-registeration
on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.dc._msdcs.olddomain.wan. re-registeration on DNS server
'10.4.0.1'failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.CA._sites.dc._msdcs.olddomain.wan. re-registeration on DNS
server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.CA._sites.dc._msdcs.olddomain.wan. re-registeration on DNS server
'10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.CA._sites.olddomain.wan. re-registeration on DNS server
'10.4.0.1'failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.CA._sites.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.olddomain.wan.
re-registeration on DNS server '10.4.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries
for this DC on DNS server '10.4.0.1'.
[FATAL] No DNS servers have the DNS records for this DC registered.

Olddomain.wan was the previous name of our domain. However, I've been told
that references to this old domain have been removed from the metadata. So I
don't know where this is coming from.

Post by Ace Fekay [MVP]
8. More than one subnet?

Post by Ace Fekay [MVP]
9. Forwarder(s) configured?

Doublechecked and configured properly for all locations.

Post by Ace Fekay [MVP]
10. Descrive your Site configuration and subnet associations to your Sites.

One DC in each site except the main office that has two. All sites are
connected to each other via VPN, but DCs only relicated with the main
office.

Brian

2007-06-14 20:14:05 UTC

Permalink

Further to this, I was doing some other reading about trying to get rid of
this domain that no longer exists and found another test:

nltest /dsgetdc:pr.wan

DC: \\dc01.mydomain.com
Address: \\10.1.0.99
Dom Guid: 1509a7d4-2d82-4d42-9d29-715ff9f07a54
Dom Name: olddomain.com
Forest Name: olddomain.com
Dc Site Name: CN
Our Site Name: CN
Flags: PDC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST
CLOSE_SITE

So this indicates some sort of problem. How do I get rid of the references
to olddomain.com?

Ace Fekay [MVP]

2007-06-16 04:05:16 UTC

Permalink

Post by Brian
Further to this, I was doing some other reading about trying to get
nltest /dsgetdc:pr.wan
DC: \\dc01.mydomain.com
Address: \\10.1.0.99
Dom Guid: 1509a7d4-2d82-4d42-9d29-715ff9f07a54
Dom Name: olddomain.com
Forest Name: olddomain.com
Dc Site Name: CN
Our Site Name: CN
Flags: PDC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST
CLOSE_SITE
So this indicates some sort of problem. How do I get rid of the
references to olddomain.com?

You said you;ve already performed a Metadata cleanup? Can you run thru it
again to make sure you see no references for it? Here's the step through for
you for better guidance:

http://support.microsoft.com/kb/216498

Also go into ASDSI Edit and look thru the config container for any reference
to it, as well as if a DomainDnsZones app partition exists for it. Delete
any referrence to it if it does.

Also look in Sites and Services to see if it is references by an old DC that
is still in the servers list of any of the domains you currently have.

Ace

Brian

2007-06-18 13:07:21 UTC

Permalink

Post by Ace Fekay [MVP]
You said you;ve already performed a Metadata cleanup? Can you run thru it
again to make sure you see no references for it?

Yes, I can connect to the old domain as there are no references for it.

Post by Ace Fekay [MVP]
Also go into ASDSI Edit and look thru the config container for any
reference to it, as well as if a DomainDnsZones app partition exists for
it.

Nothing in the container that I can find. I wen through DNS and its good as
well. Is there a search tool? That would make it easier.

Post by Ace Fekay [MVP]
Also look in Sites and Services to see if it is references by an old DC
that is still in the servers list of any of the domains you currently
have.

No, all the sites are clean.

Thanks

Brian

Harj

2007-06-18 15:21:07 UTC

Permalink

Post by Brian

Post by Ace Fekay [MVP]
You said you;ve already performed a Metadata cleanup? Can you run thru it
again to make sure you see no references for it?

Yes, I can connect to the old domain as there are no references for it.

Post by Ace Fekay [MVP]
Also go into ASDSI Edit and look thru the config container for any
reference to it, as well as if a DomainDnsZones app partition exists for
it.

Nothing in the container that I can find. I wen through DNS and its good as
well. Is there a search tool? That would make it easier.

Post by Ace Fekay [MVP]
Also look in Sites and Services to see if it is references by an old DC
that is still in the servers list of any of the domains you currently
have.

No, all the sites are clean.
Thanks
Brian

Hi,

This might be overkill but why not do an ldifde dump and search for
the old domain.
Better to get the full dump to work with than picking here and there
ldifde -f "filename.txt"

Good luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com

Brian

2007-06-18 17:10:32 UTC

Permalink

Post by Harj
This might be overkill but why not do an ldifde dump and search for
the old domain.
Better to get the full dump to work with than picking here and there
ldifde -f "filename.txt"

Bingo. The resulting file has a whole bunch of references to the old domain.
Now how to get rid of them?

They all look similar to this:

servicePrincipalName: HOST/ildc01.mydomain.com/PR
servicePrincipalName:
ldap/6fb32838-45c0-4a1d-8b81-4b27fee43c59._msdcs.mydomain.com
servicePrincipalName: ldap/ildc01.mydomain.com/PR
servicePrincipalName: ldap/ILDC01
servicePrincipalName: ldap/ildc01.mydomain.com
servicePrincipalName: ldap/ildc01.mydomain.com/olddomain.com

Harj

2007-06-18 19:41:05 UTC

Permalink

Post by Brian

Post by Harj
This might be overkill but why not do an ldifde dump and search for
the old domain.
Better to get the full dump to work with than picking here and there
ldifde -f "filename.txt"

Bingo. The resulting file has a whole bunch of references to the old domain.
Now how to get rid of them?
servicePrincipalName: HOST/ildc01.mydomain.com/PR
ldap/6fb32838-45c0-4a1d-8b81-4b27fee43c59._msdcs.mydomain.com
servicePrincipalName: ldap/ildc01.mydomain.com/PR
servicePrincipalName: ldap/ILDC01
servicePrincipalName: ldap/ildc01.mydomain.com
servicePrincipalName: ldap/ildc01.mydomain.com/olddomain.com

Hi,

I am a bit confused where you stay that first you renamed it, and then
say that it was removed via metadata cleanup.
You cannot remove the root domain if this was the root, you can change
the name but not remove it. Now, this domain rename can only be done
on a W2K3 domain.
I also am confused where you say the site is replicating to ALL sites.
Reconfigure your sites to form a hub and spoke topology.
Make sure that the site links ONLY have the sites needed.

For example:
Site A
Site B
Site C
Site D

Link A&B have site A and B
Link A&C have site A and C
Link A&D have site A and D

As you can see, site a is the hub and let the KCC do it's thing
automatically once you have fixed this.

I would walk through a metadata cleanup again to verify.
Remove any records in DNS that point to this old domain.
Did anyone by chance delete the DNS zones via Adsiedit by any chance?

Good luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com

Brian

2007-06-18 19:55:14 UTC

Permalink

"Harj" <***@gmail.com> wrote

Hi again Harj.

Part of the problem is that I inherited this after the domain was renamed.

Post by Harj
I am a bit confused where you stay that first you renamed it, and then
say that it was removed via metadata cleanup.

That's what I was told. Years ago, the domain was renamed. Now in trying to
fix the problem, refernces to the old domain were removed (or possible not
removed becuase nothing was there) using metadata cleanup.

Post by Harj
I also am confused where you say the site is replicating to ALL sites.
Reconfigure your sites to form a hub and spoke topology.

Yes, that's what we have, except there are two DCs in the hub site. We used
to have all sites replicating with each other, but it caused many
replication failures. So we changed it. Except for as I mentioned in the OP,
one site DC keeps changing itself back to replicating with all sites.

Post by Harj
I would walk through a metadata cleanup again to verify.

Will try, but the domain does not exist to connect with.

Post by Harj
Remove any records in DNS that point to this old domain.

I'll look again, but haven't found any so far.

Post by Harj
Did anyone by chance delete the DNS zones via Adsiedit by any chance?

Possibly. I'd have to check.

Brian

Ace Fekay [MVP]

2007-06-18 22:38:39 UTC

Permalink

Post by Brian
Hi again Harj.
Part of the problem is that I inherited this after the domain was renamed.

Post by Harj
I am a bit confused where you stay that first you renamed it, and
then say that it was removed via metadata cleanup.

That's what I was told. Years ago, the domain was renamed. Now in
trying to fix the problem, refernces to the old domain were removed
(or possible not removed becuase nothing was there) using metadata
cleanup.

Post by Harj
I also am confused where you say the site is replicating to ALL
sites. Reconfigure your sites to form a hub and spoke topology.

Yes, that's what we have, except there are two DCs in the hub site.
We used to have all sites replicating with each other, but it caused
many replication failures. So we changed it. Except for as I
mentioned in the OP, one site DC keeps changing itself back to
replicating with all sites.

Post by Harj
I would walk through a metadata cleanup again to verify.

Will try, but the domain does not exist to connect with.

Post by Harj
Remove any records in DNS that point to this old domain.

I'll look again, but haven't found any so far.

Post by Harj
Did anyone by chance delete the DNS zones via Adsiedit by any
chance? Possibly. I'd have to check.

Brian

Sounds like you have a bit of a mess here. So the forest root domain was
renamed.

I don;t understand how the one DC "DC keeps changing itself back to
replicating with all site." What exactly are you seeing and where are you
seeing this? In Sites and Services? NTDS -> Connection partnerships? Can you
elaborate?

The domain doesn;t need to exist to connect with, but rather if you see it
referenced in a Metadata cleanup run you'll want to remove it.

Is Exchange installed in this forest? If so, what version? If Ex2000, you
can't rename it. If Ex2003, it complicates things with a rename due to it's
forest wide implications. Read up a little on it here:

Supplemental steps for using the Exchange Server Domain Rename Fixup tool
together with the Windows Server 2003 domain rename tools:
http://support.microsoft.com/default.aspx/kb/842116/en-us

Renaming forests Windows Server 2003 tackles old AD problem:
http://searchwinit.techtarget.com/originalContent/0,289142,sid1_gci913757,00.html

The Lazy Admin Domain Rename Part 3 - Exchange 2003:
http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/06/09/Domain-Rename-Part-3-_2D00_-Exchange-2003.aspx

Also look in Domains and Trusts to see if it is referenced in there, as well
as in the DomainDnsZones and ForestDnsZones application partitions in ADSI
Edit.

Ace

Brian

2007-06-19 13:11:16 UTC

Permalink

Post by Ace Fekay [MVP]
Sounds like you have a bit of a mess here. So the forest root domain was
renamed.

Yes on both counts.

Post by Ace Fekay [MVP]
I don;t understand how the one DC "DC keeps changing itself back to
replicating with all site." What exactly are you seeing and where are you
seeing this?

In Sites and Services. On the central DCs, all the DCs in all sites are set
to replicate with the central site (hub and spoke). However, if I remote to
the DC at our CA office and look at ADSS for the CA site, if I look at its
NTDS settings, it has all the DCs in the company listed.

Post by Ace Fekay [MVP]
The domain doesn;t need to exist to connect with, but rather if you see it
referenced in a Metadata cleanup run you'll want to remove it.

Looking at the documentation, I thought you had to connect to a specific
domain. Is there a specific command I should use.

Post by Ace Fekay [MVP]
Is Exchange installed in this forest?

Yes, Ex2003 was added after the fact. Its running fine.

Post by Ace Fekay [MVP]
Also look in Domains and Trusts to see if it is referenced in there,
as in the DomainDnsZones and ForestDnsZones application partitions in ADSI
Edit.

I can't find those in ADSIEdit, but in the AD Trusts console, there are no
references.

Thanks!

Brian

Ace Fekay [MVP]

2007-06-19 23:33:01 UTC

Permalink

Post by Brian
In Sites and Services. On the central DCs, all the DCs in all sites
are set to replicate with the central site (hub and spoke). However,
if I remote to the DC at our CA office and look at ADSS for the CA
site, if I look at its NTDS settings, it has all the DCs in the
company listed.

Were the connection objects automatically created by the KCC or were they
manually created?

Post by Brian

Post by Ace Fekay [MVP]
The domain doesn;t need to exist to connect with, but rather if you
see it referenced in a Metadata cleanup run you'll want to remove it.

Looking at the documentation, I thought you had to connect to a
specific domain. Is there a specific command I should use.

When you are in the utility, there is a list domains (IIRC) command. When
you run it, does it show up in the list?

Post by Brian

Post by Ace Fekay [MVP]
Is Exchange installed in this forest?

Yes, Ex2003 was added after the fact. Its running fine.

After the fact? Hmm. Interesting. In Recipient Policies, do you see the old
domain name as a suffix?

Post by Brian

Post by Ace Fekay [MVP]
Also look in Domains and Trusts to see if it is referenced in there,
as in the DomainDnsZones and ForestDnsZones application partitions
in ADSI Edit.

I can't find those in ADSIEdit, but in the AD Trusts console, there
are no references.

You can't find what? The application partitions or the old name referenced?

If the app partitions, you must manually add them. Manually provide the ldap
path of:
dc=domaindnszones,dc=yourdomain,dc=com
If you have multiple domains in teh forest, add one for each. You must be EA
to see all of them.

Same with the Forest zones:

dc=forestdnszones,dc=yourdomain,dc=com

Post by Brian
Thanks!
Brian

:-)

Also do me a favor, delete any reference in the SRV records referencing the
old domain. Once you do that, run this:
Delete the netlogon.dns and netlogon.bak files in system32\config folder.
ipconfig /registerdns
net stop netlogon
net start netlogon

Then see if the old references come back. If they do, it is a clear sign
they are somewhere in AD.

Ace

Brian

2007-07-04 15:56:29 UTC

Permalink

Partial solution. Posted for anyone else who might be searching for this
problem:

We got rid of the references to the old domain by renaming netlogon.dns and
netlogon.dnb and then running ipconfig /flushdns, and restarting the
netlogon and dns services.

Working with MS, we found that the replication packets were being dropped
because they were too large. Pinging the remote DC with a packet size of
1472 (default for replication?) failed, but smaller (1350) worked. So we
edited the registry and changed the MPU time for the network card to 1350.
Also applied some hotfixes, but these are only required on the machines
without 2003 SP2.

So far this has fixed the replication problems. Adding other DNS servers to
the DC's DNS server list also reduced the errors at startup, but the DC is
still slow to boot up.

Brian

Ace Fekay [MVP]

2007-07-04 19:31:28 UTC

Permalink

Post by Brian
Partial solution. Posted for anyone else who might be searching for
We got rid of the references to the old domain by renaming
netlogon.dns and netlogon.dnb and then running ipconfig /flushdns,
and restarting the netlogon and dns services.
Working with MS, we found that the replication packets were being
dropped because they were too large. Pinging the remote DC with a
packet size of 1472 (default for replication?) failed, but smaller
(1350) worked. So we edited the registry and changed the MPU time for
the network card to 1350. Also applied some hotfixes, but these are
only required on the machines without 2003 SP2.
So far this has fixed the replication problems. Adding other DNS
servers to the DC's DNS server list also reduced the errors at
startup, but the DC is still slow to boot up.
Brian

Glad you got it working.

Curious, do you mean MTU and not MPU?

Also curious, because I've seen numerous times in the past where MTU
settings below 1500 cause replication issues. I didn't think to ask what
type of line or VPN you have between locations. This is usually due to using
ADSL using PPPoE or a VPN solution that uses a smaller MTU setting and the
default TCP/IP MTU size of 1500 is too large and it cannot transmit the
data. I usually like to suggest and recommend changing ISPs if this may be
the case.

Ace

Continue reading on narkive:

Search results for 'Fixing Replication Failures' (Questions and Answers)

replies

why do people die of old age?

started 2016-06-08 13:58:37 UTC

biology

replies

what do you know about the scientific method?

started 2006-04-30 19:33:56 UTC

homework help

replies

Why is it that Believers and disbelievers come to ideological blows on the matter of creationism?