Troubleshoot Active Directory Server Replication

By | November 25, 2009

In an active directory environment monitoring the replication between the domain controller and keep the domain controller up-to-date is important aspect, so Monitor replication health daily, or use Repadmin.exe to retrieve replication status daily and Attempt to resolve any reported failure in a timely manner, If the problem that is causing replication to fail cannot be resolved by any known methods, remove AD DS from the server and then reinstall AD DS.

Use the repadmin /showreps command to identify Active Directory replication problems, find the error messages that repadmin command generates,

1. Not enough server storage is available to process this command
2. Active Directory could not allocate enough memory to process replication tasks
3. Active Directory replication has been preempted.
4. Replication posted, waiting.
5. RPC Server Not Available
6. Target account name is incorrect
7. The DSA operation is unable to proceed because of a DNS lookup failure.
8. The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

1. Not enough server storage is available to process this command

Replication failed for TEST0001- TESTB0000 (connection object)

Example:

DC=test,DC=com
Default-First-Site-Name TEST0001 via RPC
DC object GUID: **-**-**-***
Last attempt @ 2006-12-02 10:03:21 failed, result 1130 (0x46a):
Not enough server storage is available to process this command.
33 consecutive failure(s).
Last success @ 2006-12-01 22:36:20.

While doing Sync on TESTB0000 server for TEST0001- TESTB0000

Getting Event log error 1699, 1079 on TEST0001

Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1699
Date: 12/2/2008
Time: 10:03:21 AM
User: TEST TEST0000$
Computer: TEST0001
Description:
The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.

Directory partition:
DC=test,DC=com
Network address:
***._msdcs.test.com
Extended request code:
0

Additional Data
Error value:
8446 The replication operation failed to allocate memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1079
Date: 12/2/2008
Time: 10:03:21 AM
User: TEST TEST0000$
Computer: TEST0001
Description:
Internal event: Active Directory could not allocate enough memory to process replication tasks. Replication might be affected until more memory is available.

User Action
Increase the amount of physical memory or virtual memory and restart this domain controller.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Solution:

Problem with the TEST0001 server

Need to clear the replication queue from TEST0001 there is no way to resolve this issue without restarting the server

Restart the server TEST0001 to resolve the problem

http://support.microsoft.com/kb/832851

Note: It’s a workaround only, for permanent solution need to increase you functional level to 2003 forest functional level & domain functional level to windows 2003 native

2. Active Directory could not allocate enough memory to process replication tasks

Replication failed for TEST0001- TESTB0000

While doing Sync on TESTB0000 server for TEST0001- TESTB0000

Getting Event log error 1079 on TESTB0000

Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1079
Date: 12/8/2008
Time: 11:15:59 AM
User: NT AUTHORITYANONYMOUS LOGON
Computer: TESTB0000
Description:
Internal event: Active Directory could not allocate enough memory to process replication tasks. Replication might be affected until more memory is available.

User Action
Increase the amount of physical memory or virtual memory and restart this domain controller.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Solution:

Need to restart TESTB0000 to resolve the issue.

Unlike the previous one, restarted the replication partner (TEST0001) but in this issue need to restart the affected server (TESTB0000)

Note: It’s a workaround only, for permanent solution need to increase you functional level to 2003 forest functional level & domain functional level to windows 2003 native

3. Active Directory replication has been preempted.

The progress of inbound replication was interrupted by a higher priority replication request, such as a request generated manually with the repadmin /sync command.

Wait for replication to complete. This informational message indicates normal operation.

4. Replication posted, waiting.

The domain controller posted a replication request and is waiting for an answer. Replication is in progress from this source.

Wait for replication to complete. This informational message indicates normal operation.

5. RPC Server Not Available

DC=Test,DC=com
Default-First-Site-Name TEST0001 via RPC
DC object GUID: **-**-**-***
Last attempt @ 2006-04-18 01:45:51 failed, result 1722 (0x6ba):
The RPC server is unavailable.
7 consecutive failure(s).
Last success @ 2006-04-13 18:55:37.

This error can occur because of connectivity issues.
Unable to connect the source server using the RPC protocol, The “RPC server unavailable” error can occur for the following reasons

1. source domain controller down
2. Network connectivity down between source and destination domain controller
3. Due to network latency
4. Intermediate network issue
5. Not enough network bandwidth to establish the connection
6. All bandwidth used by some other traffic (currently link is overtuilizing)

6. Target account name is incorrect

This problem can be related to connectivity, DNS, or authentication issues.
If it is a DNS error, the local domain controller could not resolve the GUIDbased DNS name of its replication partner.

For the below example:

Replication from TEST0000 to TEST0001(TEST0000- TEST0001)

Repadmin result from TEST0000

DC=test,DC=com
BR-SaoPaulo-SiteBH TEST0001 via RPC
DC object GUID: 009cb97b-074b-4ac0-adc8-525566c02433
Last attempt @ 2009-04-23 22:53:53 failed, result 8524 (0x214c):
Target account name is incorrect.
494 consecutive failure(s).
Last success @ 2006-04-13 15:29:15.

Use the nslookup tool from TEST0000 to resolve the TEST0001 DNS

“GUID for DC” ._msdcs.”domain name”

009cb97b-074b-4ac0-adc8-525566c02433._msdcs.test.com

Check weather the DNS resolve for the affected server (source server) from the target server

> 009cb97b-074b-4ac0-adc8-525566c02433._msdcs.test.com
Server: TEST0001.test.com
Address: 192.168.1.100

Name: TEST0001.test.com
Address: 192.168.1.100
Aliases: 009cb97b-074b-4ec0-adc8-525533c02433._msdcs.test.com

If it’s not able to resolve the GUIDbased DNS name of its replication partner “TEST0001.test.com” then check the DNS issue to resolve the replication issue

And also check the normal DNS entry for its replication partner weather the server pointing to correct IP address, in this example TEST0001.test.com pointing to 192.168.1.100

7.The DSA operation is unable to proceed because of a DNS lookup failure.

DNS entry for its replication partner should be pointing to correct IP address
Check the replication partner IP address from the affected domain controller (TEST0000)

For the below example:

Replication from TEST0000 to TEST0001(TEST0000- TEST0001)

Repadmin result from TEST0000

DC=test,DC=com
BR-SaoPaulo-SiteBH TEST0001 via RPC
DC object GUID: 009cb97b-074b-4ac0-adc8-525566c02433
Last attempt @ 2009-04-23 22:53:53 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
494 consecutive failure(s).
Last success @ 2006-04-13 15:29:15.

Use the nslookup tool from TEST0000 to resolve the TEST0001

In this example TEST0001.test.com pointing to 192.168.1.100

> TEST0001.test.com
Server: TEST0000.test.com
Address: 192.168.1.200

Name: TEST0001.test.com
Address: 192.168.1.100

If it’s pointing to the other wrong IP then you will get the DSA operation is unable to proceed because of a DNS lookup failure error message in repamin result

Correct the DNS issue to resolve replication issue.

 

One thought on “Troubleshoot Active Directory Server Replication

Leave a Reply

Your email address will not be published. Required fields are marked *