question

GagandeepSinghHoda-4718 avatar image
0 Votes"
GagandeepSinghHoda-4718 asked LimitlessTechnology-2700 answered

AD replication not working from DR iste to HO

Dear Team

I am working on this issue for a while. I can see that Replication is not working from DR site to HO, its working from HO-DR site

I Cerate any AD Objects in HO its replciated properly in DR , but DR its not coming to HO site

Iran the repadmin /replusm from HO and following are the errors

(1818) The remote procedure
call was cancelled.

(8452) The naming context is
in the process of being removed or is not replicated from the specified server.

Can you guide with soem more steps to fix this

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered GagandeepSinghHoda-4718 commented

I'd check the server ports here are flowing in both directions between sites.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts#more-information
https://www.microsoft.com/en-us/download/details.aspx?id=24009

--please don't forget to upvote and Accept as answer if the reply is helpful--





· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the update , this has been verified and today we have disabled filetring on firewall as well

Do you think we should wait for some time or we need to check any other aspects

0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi Gagandeep H

The issue occurs when the destination DC performing inbound replication doesn't receive replication changes within the number of seconds specified in the "RPC Replication Timeout" registry key. You might experience this issue most frequently in one of the following situations:

  1. You promote a new domain controller into the forest by using the Active Directory Installation Wizard (Dcpromo.exe).

  2. Existing domain controllers replicate from source domain controllers that are connected over slow network links.

Some specific root causes for Active Directory logging 1818 \ 0x71a \ RPC_S_CALL_CANCELLED include:

An old Network Interface Card driver installed on Domain Controllers could cause the failure of a few network features like Scalable Networking Pack (SNP)
1. Low bandwidth or network packet drops between source and destination domain controllers.
2. The networking device between source and destination device dropping packets.

To overcome Error 1818 you must
1. increase replication time-out by adding the key RPC Replication Timeout (mins)
2. Update the network adapter drivers
3. Enable PMTU Black Hole Detection on the Windows-based hosts that will be communicating over a WAN connection and finally configure the network binding order.

In order to do the above steps do click the below link.

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/replication-error-1818

8452 Error most commonly occurs when the following replication topologies are different:

The replication topology in a DC that's starting replication.
The replication topology that's defined in the destination DC's copy of Active Directory.

To solve the Active Directory replication error (8452)

This condition is transient and doesn't normally warrant troubleshooting.

  1. Assume that replication topology changes of the type listed in the Cause section are taking place in your Active Directory forest. In this situation, wait for the error condition to correct itself with time.

  2. Avoid the use of the repadmin /syncall command and equivalents until domain controllers starting replication and the destination DCs being replicated to agree on source DCs and directory partitions being replicated.

  3. Make originating changes in the right places.

  4. Push and Pull changes connection object and partition changes around as required.

  5. Go Direct.

If the replicate now commands from \DC3 to \DC2 when the DSSITE.MSC snap-in is run from the console of \DC1 but focused on \DC4, cut out the middlemen.

If the error is caused by root cause no. 3, then after the user gives the correct input, the error won't happen. For example, in case no. 1 of scenario no. 3, if the user input a correct <src DC> such that on <dest DC> there's a replica link from <src DC> for <the NC>, the repadmin /replicate command will be executed successfully.

  1. Resolve replication failures blocking end-to-end replication.

  2. REPADMIN /REPLICATE.

  3. NTDS Replication event 1586.

For NTDS Replication event 1586, transfer the DPC role to an Active Directory domain controller that is currently a direct replication partner of the previous domain PDC.

For Further Information do visit the below link

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/replication-error-8452

Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )

Regards,

Jainth

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.