question

techcoor-9538 avatar image
0 Votes"
techcoor-9538 asked techcoor-9538 answered

The DFS Replication service is stopping communication with partner DC3 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

         Additional Information:              Error: 1723 (The RPC server is too busy to complete this operation.)              Connection ID: 3102F341-A9F9-469F-ACED-D8D4D6B4AF9B              Replication Group ID: 678AF27B-4AC7-459A-84CD-C1C04A6BEB1F          An error event occurred.  EventID: 0xC0001390             Time Generated: 05/12/2021   19:34:07             Event String:             The DFS Replication service failed to communicate with partner DC3 for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server.  

The DFS Replication service is stopping communication with partner DC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 9036 (Paused for backup or restore) Connection ID: 92888B85-F6BD-4B62-BEB1-4EA4EA0046DD Replication Group ID: 678AF27B-4AC7-459A-84CD-C1C04A6BEB1F

windows-active-directorywindows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered DSPatrick edited

This one has nothing to do with active directory. This may just be a warning you can safely ignore.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/dfsr-diagnostics-shows-sharing-violations-events

--please don't forget to Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Not a lot to go on but I'd check that the required ports are flowing between networks.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009

--please don't forget to Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

Did the errors happen at the specific time?
Was there a backup processing when the error happened?
If the error was caused by the backup, you can ignore the error or schedule the replication to stop when the backup processing.
Following link for your reference:
https://social.technet.microsoft.com/Forums/en-US/af89b4e2-ad28-4978-8355-3973cc476dfe/dfs-replication-issue-in-secondary-ad?forum=winserverDS

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered techcoor-9538 published

DSPatrick
Not a lot to go on but I'd check that the required ports are flowing between networks.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009
Not sure what to do with your first link.
Client Port(s) Server Port Service
49152 -65535/UDP 123/UDP W32Time
49152 -65535/TCP 135/TCP RPC Endpoint Mapper
49152 -65535/TCP 464/TCP/UDP Kerberos password change
49152 -65535/TCP 49152-65535/TCP RPC for LSA, SAM, NetLogon ()
49152 -65535/TCP/UDP 389/TCP/UDP LDAP
49152 -65535/TCP 636/TCP LDAP SSL
49152 -65535/TCP 3268/TCP LDAP GC
49152 -65535/TCP 3269/TCP LDAP GC SSL
53, 49152 -65535/TCP/UDP 53/TCP/UDP DNS
49152 -65535/TCP 49152 -65535/TCP FRS RPC (
)
49152 -65535/TCP/UDP 88/TCP/UDP Kerberos
49152 -65535/TCP/UDP 445/TCP SMB (**)
49152 -65535/TCP 49152-65535/TCP DFSR RPC (*)
I am guessing these ports have to be enabled. I open Windows Defender Firewall.
I look at inbound rules
123/UDP enabled
135/TCP enabled
464/TCP/UDP enabled
49152-65535/TCP can not find
389/TCP/UDP enabled
636/TCP enabled
3268/TCP enabled
3269/TCP enabled
53/TCP/UDP enabled
49152 -65535/TCP can not find
88/TCP/UDP enabled
445/TCP enabled
49152-65535/TCP can not find
Tried portqry -n DC3 -p both -e 49152-65535 but stopped that as it was taking too long for the results.
123 listening
135 not listening
464 listening
389 listening
636 TCP listening UDP not listening
3268 not listening
3269 TCP listening UDP not listening
53 listening
88 TCP listening UDP not listening
445 TCP listening UDP not listening


Did the errors happen at the specific time? When I run the program.
Was there a backup processing when the error happened? Not that I know of. I disabled Retrospect and Windows Server backup and that makes no difference.
If the error was caused by the backup, you can ignore the error or schedule the replication to stop when the backup processing.
Following link for your reference:
https://social.technet.microsoft.com/Forums/en-US/af89b4e2-ad28-4978-8355-3973cc476dfe/dfs-replication-issue-in-secondary-ad?forum=winserverDS

Maybe DFS is stuck

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered techcoor-9538 commented

Not sure what to do with your first link.

You can use portqryui tool to check the ports in first link are flowing between networks. Another option is to try a non-authoritative synchronization
https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-fo

or try moving roles off, demote, reboot, promo the problematic one again.


--please don't forget to Accept as answer if the reply is helpful--










· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Ran DFS Management,, Create Diagnostic Report, Health, Next, Next, No, do not count backlogged files in this report, Next, Create
98727-image.png


0 Votes 0 ·
image.png (31.0 KiB)
DSPatrick avatar image
0 Votes"
DSPatrick answered

Might not be an issue.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/dfsr-diagnostics-shows-sharing-violations-events

--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered

I broke the DFS replication completely. I was trying to find the problem by breaking the replication into smaller chunks so I deleted the original and created four replication group plus DFS creates Domain System Volume replication group. I am not seeing the original problem. Instead I am seeing in dcdiag log:

SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. A warning event occurred. EventID: 0x8000106A Time Generated: 05/23/2021 22:37:28 Event String: The DFS Replication service has detected that the staging space in use for the replicated folder at local path H:\Name is above the high watermark. The service will attempt to delete the oldest staging files. Performance may be affected.

The DFS Replication service has detected that the staging space in use for the replicated folder at local path H:\Nameis above the high watermark. The service will attempt to delete the oldest staging files. Performance may be affected.

DFS diagnostics gives:
DFS Replication failed to clean up old staging files for replicated folder name
Staging folder for replication folder Private has exceeded its configurated size
Premature purging for staging file is impacting performance on replicated folder name
Pre-existing content is not replicated and is cosuming disk space.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Kind of vague but you might try anon-authoritative synchronization
https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-fo

--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered DSPatrick commented

Do you have a reference on how to use ADSIEDIT.MSC?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Please close this thread by marking answers and open a new thread for this new topic.

--please don't forget to Accept as answer if the reply is helpful--


0 Votes 0 ·