I have two Windows Server 2008R2 DCs in production environment that are not replicating properly.  Users cannot access some network resources including Exchage 2010 server.  Digging into the problem I found that the DCs are not replicating the SYSVOL correctly (EventID:6804 "The DFS Replication service has detected that no connections are configured for replication group Domain System Volume. No data is being replicated for this replication group.").  Looking in DFS Management at the Sysvol on main DC shows only itself in replication group, looking on the secondary dc, shows both DCs correctly.  Looking in ADSIEdit, I see that the msDFSR-Member AD object is not present on main DC.  Can I simply recreate the object to solve this issue, or what should I do?

DCDIAG FROM MAIN DC to SECONDARY DC

C:\Users\Administrator>dcdiag /s:SEC-DC

Directory Server Diagnosis

Performing initial setup:   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests
   Testing server: Default-First-Site-Name\SEC-DC
      Starting test: Connectivity
         The GUID based DNS Name resolved to several Ips
         (fdb9:22ce:b0f5:510d:ccbf:5a4:13d0:c83d, 192.168.10.10), but not all
         were pingable. Replication and other operations may fail if a
         non-pingable IP is chosen. The first pingable IP is 192.168.10.10......................... SEC-DC passed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\SEC-DC
      Starting test: Advertising ......................... SEC-DC passed test Advertising
      Starting test: FrsEvent. ......................... SEC-DC passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
      Group Policy problems. ......................... SEC-DC passed test DFSREvent
      Starting test: SysVolCheck......................... SEC-DC passed test SysVolCheck
      Starting test: KccEvent ......................... SEC-DC passed test KccEvent
      Starting test: KnowsOfRoleHolders ......................... SEC-DC passed test KnowsOfRoleHolders
      Starting test: MachineAccount ......................... SEC-DC passed test MachineAccount
      Starting test: NCSecDesc ......................... SEC-DC passed test NCSecDesc
      Starting test: NetLogons......................... SEC-DC passed test NetLogons
      Starting test: ObjectsReplicated......................... SEC-DC passed test ObjectsReplicated
      Starting test: Replications......................... SEC-DC passed test Replications
      Starting test: RidManager ......................... SEC-DC passed test RidManager
      Starting test: Services ......................... SEC-DC passed test Services
      Starting test: SystemLog ......................... SEC-DC passed test SystemLog
      Starting test: VerifyReferences......................... SEC-DC passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation........................ DomainDnsZones passed test  CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation

   Running partition tests on : DOMAIN
      Starting test: CheckSDRefDom......................... DOMAIN passed test CheckSDRefDom
      Starting test: CrossRefValidation ......................... DOMAIN passed test CrossRefValidation

   Running enterprise tests on : DOMAIN.LOCAL
      Starting test: LocatorCheck ......................... DOMAIN.LOCAL passed test LocatorCheck
      Starting test: Intersite ......................... DOMAIN.LOCAL passed test Intersite

 

DCDIAG FROM SECONDARY TO PRIMARY

C:\Windows\system32>dcdiag /s:PRI-DC

Directory Server Diagnosis

Performing initial setup:
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests

   Testing server: Default-First-Site-Name\PRI-DC
      Starting test: Connectivity ......................... PRI-DC passed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\PRI-DC
      Starting test: Advertising ......................... PRI-DC passed test Advertising
      Starting test: FrsEvent ......................... PRI-DC passed test FrsEvent
      Starting test: DFSREvent
         The event log DFS Replication on server PRI-DC.DOMAIN.LOCAL could
         not be queried, error 0x6ba "The RPC server is unavailable." ......................... PRI-DC failed test DFSREvent
      Starting test: SysVolCheck ......................... PRI-DC passed test SysVolCheck
      Starting test: KccEvent
         The event log Directory Service on server PRI-DC.DOMAIN.LOCAL
         could not be queried, error 0x6ba "The RPC server is unavailable." ......................... PRI-DC failed test KccEvent
      Starting test: KnowsOfRoleHolders ......................... PRI-DC passed test KnowsOfRoleHolders
      Starting test: MachineAccount ......................... PRI-DC passed test MachineAccount
      Starting test: NCSecDesc......................... PRI-DC passed test NCSecDesc
      Starting test: NetLogons ......................... PRI-DC passed test NetLogons
      Starting test: ObjectsReplicated......................... PRI-DC passed test ObjectsReplicated
      Starting test: Replications ......................... PRI-DC passed test Replications
      Starting test: RidManager......................... PRI-DC passed test RidManager
      Starting test: Services ......................... PRI-DC passed test Services
      Starting test: SystemLog 
         The event log System on server PRI-DC.DOMAIN.LOCAL could not be
         queried, error 0x6ba "The RPC server is unavailable."  ......................... PRI-DC failed test SystemLog
      Starting test: VerifyReferences  ......................... PRI-DC passed test VerifyReferences

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom  ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation......................... ForestDnsZones passed test  CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation ......................... DomainDnsZones passed test  CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation  ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation......................... Configuration passed test CrossRefValidation

   Running partition tests on : DOMAIN
      Starting test: CheckSDRefDom ......................... DOMAIN passed test CheckSDRefDom
      Starting test: CrossRefValidation ......................... DOMAIN passed test CrossRefValidation
   Running enterprise tests on : DOMAIN.LOCAL
      Starting test: LocatorCheck ......................... DOMAIN.LOCAL passed test LocatorCheck
      Starting test: Intersite ......................... DOMAIN.LOCAL passed test Intersite

You are getting the error "The RPC server is unavailable" relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.

Disable Windows Firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic

http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-

Active Directory and Active Directory Domain Services Port Requirements

http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.

http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx


Also ensure the following dns setting on DC:
1. Each DC / DNS server points to its private IP address as primary DNS server and other remote/local DNS servers as secondary in TCP/IP properties.
2. Each DC has just one IP address and single network adapter is enabled.
3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting of DC.
4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.
Do not put private DNS IP addresses in forwarder list.
5.Assigning static IP address to DC if IP address is assigned by DHCP server to DC.It is strongly not recommended.


Hope this helps

Regards,
Sandesh Dubey.
-------------------------------
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.

Is your DC's are multihomed looks to be there are issues with DNS due to which name resolution is not working. Also, RPC error can be due to many reason.

Did you migrated sysvol to DFSR? Check the below link if its applicable to yours scenario.

The DFS Replication service has detected that connections are configured for replication group Domain System Volume.

http://blogs.technet.com/b/askds/archive/2009/06/15/dfsrmig-and-the-connection-gremlin.aspx

http://support.microsoft.com/kb/978326

Windows DCDiag Generating - Error 0x6ba "The RPC server is unavailable."

http://blogs.dirteam.com/blogs/paulbergson/archive/2010/11/01/windows-dcdiag-generating-error-0x6ba-quot-the-rpc-server-is-unavailable-quot.aspx

You can also refer Paul's article troubleshooting AD replication issues.

http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx

 

Regards  

The firewalls on both machines are currently off, one is a VM with one NIC, the other has only one NIC.  I read the articles that you mentioned already, and ran through the procedure that you had listed.  No bueno. Both were R2 servers installed in a new domain at the same time.  They ran trouble-free for about 3 months, then all of a sudden, users started getting login prompts when they tried to access some servers, or when they opened up Outlook.

Neither are multi-homed, both are single NIC with single IP adress.  DNS appears to be replicating correctly.  If you add an entry on one server, it appears on the other a minute or two later.  These servers are both 08R2 setup in a new domain at the R2 level.  There have been no migrations.

Any other thoughts?

 

Thanks.

Fred,

You can refer to this article for a workaround: Create a new connection object. The issue in the article is for the RODC. But we can try this creating the object to solve this issue.

Let us know whether it worked out/not.

 

Hope it helps..

 

 

The system wouldn't let me re-create the object, but I solved the problem.  There was an obscure IPv6 DNS entry for one of the DCs that pointed to an address that wasn't even on the box.  I have no idea where it came from, but I deleted it, flushed and registered DNS, restared DNS on both DCs, and bang, everything started working again.

It's always the little things...

does it come from isatap or something?