question

Racheal-6539 avatar image
0 Votes"
Racheal-6539 asked Racheal-6539 action

The attempt to establish a replication link for the following writable directory partition failed.

I'm replicating instance from old server to new ones

old server node a is replicating to node b .

I'm creating a replication instance in new server node a from old server node a and i got below error in old server node a

The attempt to establish a replication link for the following writable directory partition failed.


Directory partition:
CN=Configuration,CN={}
Source directory service:
CN=NTDS Settings,CN=new$nodea,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={}
Source directory service address:
new$nodea.xxxxx-a6a-91a0-f758f5e7cd7b
Intersite transport (if any):


This directory service will be unable to replicate with the source directory service until this problem is corrected.


User Action
Verify if the source directory service is accessible or network connectivity is available.


Additional Data
Error value:
5 Access is denied.

any help will be much appreciated.

Thanks

windows-server-2016
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

5 Answers

DSPatrick avatar image
0 Votes"
DSPatrick answered Racheal-6539 edited

Both domain controllers are multi-homed which will always cause no end to grief for active directory DNS. Domain controller and all members should have the static ip address of DC listed for DNS and no others such as router or public DNS.

--please don't forget to Accept as answer if the reply is helpful--





· 6
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Racheal-6539 avatar image Racheal-6539 ·

Hi DSPatrick,

Thanks for investigating this quickly.

currently we have this setup and old server (a/b) has to be retired.

new server c & D need to be used .

Ip address is static for all the 4 servers.

could you describe in little more detail

Thanks

0 Votes 0 ·
DSPatrick avatar image DSPatrick Racheal-6539 ·

Both domain controllers are multi-homed which will always cause no end to grief for active directory DNS.

remove or disable the second network interface.

Domain controller and all members should have the static ip address of DC listed for DNS and no others such as router or public DNS.

The mentioned domain controllers have an address 172.24.34.xxx this address plus loopback (127.0.0.1) should be present on network interface DNS. The 10.208.40.xxx should be removed.












1 Vote 1 ·
Racheal-6539 avatar image Racheal-6539 DSPatrick ·

This has to be checked with infra team if this setup can be enabled.

and again , If Multi-Homed DCs causing this issue , so far there is no replication issue between old server (2008) a and b.

we are facing this issue only when replication between old sever A and new server C .

If this settings cannot be enabled , is there any other work around to replicate A to C.

once the replication is successful, will disable the replication and start using the sever C.


Thanks





0 Votes 0 ·
Show more comments
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Might work through this one.
https://docs.microsoft.com/en-US/troubleshoot/windows-server/identity/active-directory-replication-event-id-2087

--please don't forget to Accept as answer if the reply is helpful--


· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Racheal-6539 avatar image Racheal-6539 ·

HI DSPatric,

Thanks for the reply.

It isn't showing as DNS error to me.

Event ID : 1925 and task category :Knowledge Consistency Checker
ERror is access is denied

0 Votes 0 ·
DSPatrick avatar image DSPatrick Racheal-6539 ·

Yes, got that. You can start here.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/active-directory-replication-event-id-1925-dns-lookup

--please don't forget to Accept as answer if the reply is helpful--





0 Votes 0 ·
Racheal-6539 avatar image
0 Votes"
Racheal-6539 answered

To give more detail about the issue:

Am replicating old servers (2008) A and B to new servers (2016) C & D.

B is already an replication from A.

I have installed a replication instance of C from A server.

and am facing the above error in A server .

C:\Users\tstuser >repadmin /showrepl localhost:389
Default-First-Site-Name\oldserver$A
DSA Options: (none)
Site Options: (none)
DSA object GUID: e50…
DSA invocationID: 112…

==== INBOUND NEIGHBORS ======================================

CN=Configuration,CN={FCC…}
Default-First-Site-Name\ oldserver$B via RPC
DSA object GUID: cb9…
Last attempt @ 2021-03-23 17:19:44 was successful.

CN=Schema,CN=Configuration,CN={FCC…}
Default-First-Site-Name\\ oldserver$B via RPC
DSA object GUID: cb9…
Last attempt @ 2021-03-23 16:58:44 was successful.

CN=Ubilogin,DC=test,DC=aot,DC=com
Default-First-Site- Name\\ oldserver$B via RPC
DSA object GUID: cb9
Last attempt @ 2021-03-23 17:19:34 was successful.

Source: Default-First-Site-Name\newserver$C
*** 10 CONSECUTIVE FAILURES since 2021-03-23 15:04:14
Last error: 5 (0x5):
Access is denied.

Naming Context: CN=Schema,CN=Configuration,CN={FCC……}
Source: Default-First-Site-Name\newserver$C
*** WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: CN=Configuration,CN={FCC…}
Source: Default-First-Site-Name\newserver$C
*** WARNING: KCC could not add this REPLICA LINK due to error.


tis is from event logs,

The attempt to establish a replication link for the following writable directory partition failed.


Directory partition:
CN=Configuration,CN={FCC…..}
Source directory service:
CN=NTDS Settings,CN= newserver$C,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={FCC…}
Source directory service address:
newserver$C..SGR:e5d1328
Intersite transport (if any):


This directory service will be unable to replicate with the source directory service until this problem is corrected.


User Action
Verify if the source directory service is accessible or network connectivity is available.


Additional Data
Error value:
5 Access is denied.

Thanks

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered Racheal-6539 commented

Please run;

Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt

then put unzipped text files up on OneDrive and share a link.



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered Racheal-6539 commented

The files are useless. Do not edit the commands. Also provide the files for both servers.




5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.