Discussion:
Domain Controllers synch in one direction but not the other
(too old to reply)
tommy
2005-10-27 15:10:11 UTC
Permalink
This is the error message that I get from the one server that is not
synchronizing:

C:\Documents and Settings\Administrator>repadmin /syncall
CALLBACK MESSAGE: Error contacting server
fc3ae3ad-d4d2-4e81-a9e9-a2ddc6ba51d7._
msdcs.HCE.local (network error): 1722 (0x6ba):
The RPC server is unavailable.
CALLBACK MESSAGE: SyncAll Finished.

SyncAll reported the following errors:
Error contacting server
fc3ae3ad-d4d2-4e81-a9e9-a2ddc6ba51d7._msdcs.HCE.local (n
etwork error): 1722 (0x6ba):
The RPC server is unavailable.

I have tried several things including changing the time out settings in the
registry but it did not fix it yet. I can synch from the one domain
controller to the other but not the other way around. I have checked the DNS
and all the settings are the same for both servers (IP is in different subnet
but all else works correctly and is as it should be)
Any help would be greatly appreciated.
Thank you
Tom
Paul Williams [MVP]
2005-10-30 22:03:45 UTC
Permalink
Sounds like the island DNS problem. Configure the DC that isn't replicating
to use the DNS server in the other site and restart NETLOGON and the DNS
Client service. Then manually trigger replication. Once replication works,
you can change the DNS back to what it was.

If you are not replicating over the weekend and have a somewhat zealous
scavenging routine going, consider increasing the aging settings, or
increase the frequency of replication. If you don't know what I'm on about,
don't worry. ;-)
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
tommy
2005-10-31 14:51:01 UTC
Permalink
This did not work....
Post by tommy
This is the error message that I get from the one server that is not
C:\Documents and Settings\Administrator>repadmin /syncall
CALLBACK MESSAGE: Error contacting server
fc3ae3ad-d4d2-4e81-a9e9-a2ddc6ba51d7._
The RPC server is unavailable.
CALLBACK MESSAGE: SyncAll Finished.
Error contacting server
fc3ae3ad-d4d2-4e81-a9e9-a2ddc6ba51d7._msdcs.HCE.local (n
The RPC server is unavailable.
I have tried several things including changing the time out settings in the
registry but it did not fix it yet. I can synch from the one domain
controller to the other but not the other way around. I have checked the DNS
and all the settings are the same for both servers (IP is in different subnet
but all else works correctly and is as it should be)
Any help would be greatly appreciated.
Thank you
Tom
Paul Williams [MVP]
2005-10-31 15:20:40 UTC
Permalink
At this point you should have changed the DNS settings from pointing to self
to pointing to the other DC yes? IPCONFIG /ALL should show this. I'm
referring to the DNS client settings - those configured in the TCP/IP
settings - nothing to do with the DNS server configuration.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
tommy
2005-11-01 16:12:08 UTC
Permalink
Okay. I just did this and lost all communication with the remote server. I
lost remote desktop and PCAnywhere- i cannot even ping it by name
I switch this one back to point to itself and communication is restored.
I changed the remote server with the same results, only that server always
had both servers DNS entries.
Post by Paul Williams [MVP]
At this point you should have changed the DNS settings from pointing to self
to pointing to the other DC yes? IPCONFIG /ALL should show this. I'm
referring to the DNS client settings - those configured in the TCP/IP
settings - nothing to do with the DNS server configuration.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
tommy
2005-11-01 16:26:12 UTC
Permalink
okay
from the remote server I can replicate from the local server but i cannot up
the remote server changes to replicate to the local server
at the local server I cannot replicate in either direction.
Post by Paul Williams [MVP]
At this point you should have changed the DNS settings from pointing to self
to pointing to the other DC yes? IPCONFIG /ALL should show this. I'm
referring to the DNS client settings - those configured in the TCP/IP
settings - nothing to do with the DNS server configuration.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Paul Williams [MVP]
2005-11-01 17:54:13 UTC
Permalink
Please paste an IPCONFIG /ALL for each DC. Feel free to rename the domain
and host names.

Are there any devices in between these sites that are blocking *any* ports?
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Thomas
2005-11-01 19:00:09 UTC
Permalink
C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : montgomery
Primary Dns Suffix . . . . . . . : HCE.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : HCE.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-C0-9F-24-2A-64
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
192.168.2.2
That was the local server

this is the remote server
C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : montgomery
Primary Dns Suffix . . . . . . . : HCE.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : HCE.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-C0-9F-24-2A-64
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
192.168.2.2

as you can see, I have both ip of each server in the DNS.
I have a Cisco 1720 with VPN on this side and Linksys on the other side.
The VPN works fine and it does not seem to have any ports blocked for this
operation.
what ports does replication use?
I can try to put in an explicit statement allowing this traffic...
Post by Paul Williams [MVP]
Please paste an IPCONFIG /ALL for each DC. Feel free to rename the domain
and host names.
Are there any devices in between these sites that are blocking *any* ports?
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Paul Williams [MVP]
2005-11-01 19:37:03 UTC
Permalink
Hang on, both machines have the same IP address?!?

Assuming this is a typo and one should be 192.168.2.2, on the remote side,
get rid of 192.168.2.2 from the DNS server list. Only have the DNS server
on the other side. Now, ensure that the DHCP Client Service is running (and
configured to automatically start) and that the DNS settings are configured
to register this connection in DNS. Then restart NETLOGON. Once you've
done this, type the following at a command prompt:

nslookup -type=srv _ldap._tcp.dc._msdcs.hce.local


Does this provide yield both DCs?

Install, if you haven't already, the support tools and run:

nltest /dsgetdc:hce.local


Does this yield the local DC? If not, does it succeed (return remote DC) or
fail?

Fire up REPLMON and try replicating. You can also test connecting to the
remote machine using LDP.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Thomas
2005-11-02 13:21:03 UTC
Permalink
okay I got it.
This worked.
You were right also with the firewall issue.
Windows firewall on the remote server was blocking the replication.
is there a way I can keep the firewall on and have an exception for the
replication? what port should I open for this service?
After turning off the firewall and then following your directions here on
this last post, all worked like a charm.

Thank you very much for your help.

Tom
Post by Paul Williams [MVP]
Hang on, both machines have the same IP address?!?
Assuming this is a typo and one should be 192.168.2.2, on the remote side,
get rid of 192.168.2.2 from the DNS server list. Only have the DNS server
on the other side. Now, ensure that the DHCP Client Service is running (and
configured to automatically start) and that the DNS settings are configured
to register this connection in DNS. Then restart NETLOGON. Once you've
nslookup -type=srv _ldap._tcp.dc._msdcs.hce.local
Does this provide yield both DCs?
nltest /dsgetdc:hce.local
Does this yield the local DC? If not, does it succeed (return remote DC) or
fail?
Fire up REPLMON and try replicating. You can also test connecting to the
remote machine using LDP.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Paul Williams [MVP]
2005-11-03 07:58:07 UTC
Permalink
Replication uses a bunch of ports. Perhaps it would be better to just make
exceptions for both of the private ranges you use?

If not, replication uses the following (from memory, might be incomplete):

53
88
123
135
389
445
3268
1240-65536
ICMP


No problem re. the help. Glad you sorted it.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Loading...