question

gogi100 avatar image
0 Votes"
gogi100 asked DSPatrick commented

dfsr replication problem between two domain controllers

i have two domain controllers under windows server 2012 r2. i have a problem with dfsr replication betwwen dc's. in the event viewer i receive next message, but just on one the dc. this message does not exists on the second dc's

 The DFS Replication service encountered an error communicating with partner DC1 for replication group Domain System Volume.
    
 Partner DNS address: DC1.domain.local
    
 Optional data if available:
 Partner WINS Address: DC1
 Partner IP Address: 192.168.99.20
    
 The service will retry the connection periodically.
    
 Additional Information:
 Error: 1753 (There are no more endpoints available from the endpoint mapper.)
 Connection ID: 3CBF9844-9629-4B9F-8237-4AC03D83C7BA
 Replication Group ID: 00AF8B53-0730-472D-8033-9A24DA701B3A

i tested connectivity, all is or. the ping, the nslookup, the firewall has rule, but i don't know what i do?


windows-active-directorywindows-server-2012
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

8 Answers

gogi100 avatar image
0 Votes"
gogi100 answered

i used on both servers command DFSRDIAG DUMPADCFG
I don't know to reading those dumps. maybe this problem. i attached dumps189526-dfsrdump.txt



dfsrdump.txt (8.5 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gogi100 avatar image
0 Votes"
gogi100 answered gogi100 edited

i used next

 C:\PortQryUI>dfsrdiag ReplicationState /member:dc1 /v
 [INFO] Computer Name: dc1
 [INFO] Computer DNS: dc1.domain.local
 [INFO] Domain DNS: dri.local
 [INFO] Site Name: LOLA
 [INFO] Connected to WMI services on computer: dc1.domain.local
 [INFO] Issuing query: SELECT * FROM DfsrConnectionInfo
 [INFO] Issuing query: SELECT * FROM DfsrIdUpdateInfo
 [ERROR] Failed to execute WMI query
    
 [INFO] Execution Time: 21 seconds
 Operation Failed
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

I'd check the required ports are flowing between networks.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts#windows-server-2008-and-later-versions

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gogi100 avatar image
0 Votes"
gogi100 answered

I checked all ports are openned in the firewall. i tested from problematic server dcdiag

189901-dc-test1.txt



dc-test1.txt (56.5 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gogi100 avatar image
0 Votes"
gogi100 answered gogi100 edited

the opened ports on the both dc's in htmls


op2.png (16.1 KiB)
op1.png (16.6 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Also you can try a non-authoritative-sync
https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-fo

or simply demote, reboot, promo again the problematic one.

--please don't forget to upvote and Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gogi100 avatar image
0 Votes"
gogi100 answered DSPatrick commented

i tryed authoritative-sync, but nothing. can i try with non-authoritative?

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image DSPatrick ·

Yikes, that could have been fatal? depending on what you set for source. The simplest solution may be to demote, reboot, promo again the problematic one.

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·
gogi100 avatar image
0 Votes"
gogi100 answered DSPatrick commented

i made non-authoritative-sync but in event viewer of my dc's it's stand

event id 4614

The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner . If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.


Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: D2A35C60-7F0C-477E-9F20-33235B01ADFE
Replication Group Name: Domain System Volume
Replication Group ID: 00AF8B53-0730-472D-8033-9A24DA701B3A
Member ID: 301A6CCD-F748-49DB-BFAA-E2BC09ACB15F
Read-Only: 0

what i do?

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image DSPatrick ·

The simplest solution would be to demote, reboot, promo again the problematic one.





0 Votes 0 ·
DSPatrick avatar image DSPatrick DSPatrick ·

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·