Event ID 1567 — Replication Changes

  • Article

Applies To: Windows Server 2008 R2

The replication process in Active Directory Domain Services (AD DS) ensures that domain controllers are able to maintain a consistent and updated Active Directory database. Because the Active Directory database holds essential information about user, group, and computer accounts, as well as other resources and services and the network configuration, keeping this information consistent on all the domain controllers is important. Failure of the Active Directory replication process can result in the following problems:

  • Failure of applications that rely on consistent Active Directory information to function properly
  • Logon rejections
  • Password change failures
  • Network service failures
  • Incorrect or outdated information retrieval

For more information, see How Active Directory Replication Topology Works (https://go.microsoft.com/fwlink/?LinkID=93526).

Event Details

Product: Windows Operating System
ID: 1567
Source: Microsoft-Windows-ActiveDirectory_DomainService
Version: 6.0
Symbolic Name: DIRLOG_KCC_EXPLICIT_BRIDGEHEAD_LIST_INCOMPLETE
Message: Preferred bridgehead servers have been selected to support intersite replication with the following site using the following transport. However, none of these preferred bridgehead servers can replicate the following directory partition.

Site:
%1
Transport:
%2
Directory partition:
%3

User Action

- Configure a directory server that can support replication of this directory partition as a preferred bridgehead server for this transport.
- Verify that the corresponding Server objects have a network address for this transport. For example, directory servers that replicate using the SMTP transport must have a mailAddress attribute. This attribute is normally configured automatically after the SMTP service is installed.

Until this is rectified, the Knowledge Consistency Checker (KCC) will consider all directory servers in this site as possible bridgehead servers for this directory partition.

Resolve

Ensure that bridgehead servers are functional

The Knowledge Consistency Checker (KCC) will attempt to select another server to function as a bridgehead server. However, Event ID 1567 indicates that one or more of the domain controllers that are functioning as bridgehead servers in the forest may be experiencing replication problems. Another possibility is that none of the bridgehead servers are hosting the partition that is referred to in the event message text. To resolve the situation, perform the following tasks:

  1. Determine which domain controllers are designated bridgehead servers.
  2. Check the replication status of each bridgehead server.
  3. Consider designating a preferred bridgehead server.

The specific steps to complete each of these tasks are described in the following sections.

To perform the following procedures, you must have membership in Enterprise Admins, or you must have been delegated the appropriate authority.

Determine which domain controllers are designated bridgehead servers

To determine which domain controllers are designated as bridgehead servers, complete the following steps using the domain controller that is reporting the event.

To determine which domain controllers are designated bridgehead servers:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command repadmin /bridgeheads. This command displays the selected bridgehead servers for each site.

Check the replication status of each bridgehead server

Connect to each of the bridgehead servers that you found in the previous procedure, and perform the following steps.

To check the replication status of each bridgehead server:

  1. Open a command prompt as administrator.
  2. Run the command repadmin /showrepl. This command displays the status reports on all replication links for the domain controller. Active Directory replication is functioning properly on that domain controller if all status messages report that the last attempt was successful. If there are any indications of failure or error after the last attempted status report, try to determine and resolve the cause of the failure. If you cannot, try restarting the domain controller that is experiencing the failure, and check the replication status on the server again. If repadmin reports that replication was delayed for a normal reason, wait and try the repadmin command again in a few minutes.
  3. Ensure that the time on each domain controller is synchronized properly. To do this, run the command w32tm /resync on each domain controller.
  4. If you receive any error messages after running this command, search the System log in Event Viewer for events from the Source Time-Service. To do this:
    1. In the console tree of Event Viewer, expand Windows Logs.
    2. Right-click the System log, and then click Filter current log.
    3. In the Filter Current Log dialog box, select Time-Service in the Event sources selection box.
    4. Click OK. Only the Time-Service-related events appear. Use these events to help resolve the time synchronization issue.
  5. On the domain controller that originally reported the issue, open a command prompt as administrator.
  6. Run the command repadmin /kcc. This command starts the KCC.

Consider designating a preferred bridgehead server

If this issue continues to appear, it is likely that the KCC is selecting bridgehead servers that are not hosting the partition that is failing to replicate. You can designate a preferred bridgehead server that is hosting the partition that is failing to replicate. If you are not sure which servers are hosting the partition that is failing to replicate, use the repadmin /showrepl command to determine which partitions are hosted on a particular domain controller.

To designate a preferred bridgehead server:

  1. Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start. In Start Search, type dssite.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the console tree, expand Sites.
  3. Locate the object representing the site that includes the domain controller that you want to designate as a preferred bridgehead server. Expand that site object and the Servers object beneath it.
  4. Right-click the object that represents the server that you want to designate as a preferred bridgehead server, and then click Properties.
  5. On the General tab, under the Transports available for inter-site data transfer box, select the intersite transports for which you want to set this domain controller as a preferred bridgehead server. By default, IP is the transport that is used for intersite replication. You can select both transports (IP and SMTP).
  6. To designate this domain controller as the preferred bridgehead server for the selected transports, click Add.
  7. To confirm your selection, click OK. If you see a warning message that indicates specific partitions are not stored by any preferred bridgehead server in the site, note the partitions that are identified. After making the appropriate notes, click OK, and then repeat the steps in this section to designate additional preferred bridgehead servers as indicated in the warning message.

Verify

Perform the following tasks using the domain controller from which you want to verify that Active Directory replication is functioning properly.

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To verify that Active Directory replication is functioning properly:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command repadmin /showrepl. This command displays the status reports on all replication links for the domain controller. Active Directory replication is functioning properly on this domain controller if all status messages report that the last replication attempt was successful.

If there are any indications of failure or error in the status report following the last replication attempt, Active Directory replication on the domain controller is not functioning properly. If the repadmin command reports that replication was delayed for a normal reason, wait and try repadmin again in a few minutes.

Replication Changes

Active Directory