This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 37%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
I'm replicating instance from old server to new ones
old server node a is replicating to node b .
I'm creating a replication instance in new server node a from old server node a and i got below error in old server node a
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Configuration,CN={}
Source directory service:
CN=NTDS Settings,CN=new$nodea,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={}
Source directory service address:
new$nodea.xxxxx-a6a-91a0-f758f5e7cd7b
Intersite transport (if any):
This directory service will be unable to replicate with the source directory service until this problem is corrected.
User Action
Verify if the source directory service is accessible or network connectivity is available.
Additional Data
Error value:
5 Access is denied.
any help will be much appreciated.
Thanks
Both domain controllers are multi-homed which will always cause no end to grief for active directory DNS. Domain controller and all members should have the static ip address of DC listed for DNS and no others such as router or public DNS.
--please don't forget to Accept as answer if the reply is helpful--
Hi DSPatrick,
Thanks for investigating this quickly.
currently we have this setup and old server (a/b) has to be retired.
new server c & D need to be used .
Ip address is static for all the 4 servers.
could you describe in little more detail
Thanks
Both domain controllers are multi-homed which will always cause no end to grief for active directory DNS.
remove or disable the second network interface.
Domain controller and all members should have the static ip address of DC listed for DNS and no others such as router or public DNS.
The mentioned domain controllers have an address 172.24.34.xxx this address plus loopback (127.0.0.1) should be present on network interface DNS. The 10.208.40.xxx should be removed.
This has to be checked with infra team if this setup can be enabled.
and again , If Multi-Homed DCs causing this issue , so far there is no replication issue between old server (2008) a and b.
we are facing this issue only when replication between old sever A and new server C .
If this settings cannot be enabled , is there any other work around to replicate A to C.
once the replication is successful, will disable the replication and start using the sever C.
Thanks
The server's can be on different networks, the problem is the multi-homing and the incorrect DNS addresses. As to the different networks just confirm the route and that any firewall would allow the correct ports to flow between them.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009
I have used PortQryUI in oldserver A and new server C both are not listening to all ports in range 49152 -65535 .
I hope changing this in firewall will resolve the issue.
Thanks
Sounds good.
Might work through this one.
https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/active-directory-replication-event-id-2087
--please don't forget to Accept as answer if the reply is helpful--
HI DSPatric,
Thanks for the reply.
It isn't showing as DNS error to me.
Event ID : 1925 and task category :Knowledge Consistency Checker
ERror is access is denied
Yes, got that. You can start here.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/active-directory-replication-event-id-1925-dns-lookup
--please don't forget to Accept as answer if the reply is helpful--
To give more detail about the issue:
Am replicating old servers (2008) A and B to new servers (2016) C & D.
B is already an replication from A.
I have installed a replication instance of C from A server.
and am facing the above error in A server .
C:\Users\tstuser >repadmin /showrepl localhost:389
Default-First-Site-Name\oldserver$A
DSA Options: (none)
Site Options: (none)
DSA object GUID: e50…
DSA invocationID: 112…
==== INBOUND NEIGHBORS ======================================
CN=Configuration,CN={FCC…}
Default-First-Site-Name\ oldserver$B via RPC
DSA object GUID: cb9…
Last attempt @ 2021-03-23 17:19:44 was successful.
CN=Schema,CN=Configuration,CN={FCC…}
Default-First-Site-Name\ oldserver$B via RPC
DSA object GUID: cb9…
Last attempt @ 2021-03-23 16:58:44 was successful.
CN=Ubilogin,DC=test,DC=aot,DC=com
Default-First-Site- Name\ oldserver$B via RPC
DSA object GUID: cb9
Last attempt @ 2021-03-23 17:19:34 was successful.
Source: Default-First-Site-Name\newserver$C
******* 10 CONSECUTIVE FAILURES since 2021-03-23 15:04:14
Last error: 5 (0x5):
Access is denied.
Naming Context: CN=Schema,CN=Configuration,CN={FCC……}
Source: Default-First-Site-Name\newserver$C
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: CN=Configuration,CN={FCC…}
Source: Default-First-Site-Name\newserver$C
******* WARNING: KCC could not add this REPLICA LINK due to error.
tis is from event logs,
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Configuration,CN={FCC…..}
Source directory service:
CN=NTDS Settings,CN= newserver$C,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={FCC…}
Source directory service address:
newserver$C..SGR:e5d1328
Intersite transport (if any):
This directory service will be unable to replicate with the source directory service until this problem is corrected.
User Action
Verify if the source directory service is accessible or network connectivity is available.
Additional Data
Error value:
5 Access is denied.
Thanks
Please run;
Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
then put unzipped text files up on OneDrive and share a link.
The files are useless. Do not edit the commands. Also provide the files for both servers.