urgent help: AD replication

Hi all,

We have multiple sites and multiple dmoan controllers.  Today, site4 users called and they can not see users created on their DCs.  When I check site4 (has two Windows 2008 R2 domain controllers), I tried to replicate by clicking "replicate now" on one dc, I got the "the The naming context is in the process of being removed or is not replicated from the specified server" and I manually add one DC connector in sites and services and I got the same meassage as the above.

I checked this error log and

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          7/8/2013 4:10:51 PM
Event ID:      1925
Task Category: Knowledge Consistency Checker
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      dc6.mycompany.local
Description:
The attempt to establish a replication link for the following writable directory partition failed.
 
Directory partition:
CN=Configuration,DC=mycompany,DC=local
Source directory service:
CN=NTDS Settings,CN=dc5,CN=Servers,CN=site4,CN=Sites,CN=Configuration,DC=mycompany,DC=local
Source directory service address:
6840b754-64fc-4542-8118-3faf643b4e93._msdcs.mycompany.local
Intersite transport (if any):
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=mycompany,DC=local
 
This directory service will be unable to replicate with the source directory service until this problem is corrected.
 
User Action
Verify if the source directory service is accessible or network connectivity is available.
 
Additional Data
Error value:
8453 Replication access was denied.

-----------------------------------------------

I ran repadmin /syncall and got the same error replication access denied.

------------------------------

I ended up to delete system created connection objects and run repadmin /kcc and the automatically object is not created anymore.

So, how should I check this replication error?  this user is enterprise admin, domain admin and schema admin.  Also, how do I create these automatically created connection objects at dc6 at site4?

I am stuck here now.

Thank you very much!

July 8th, 2013 11:49pm

There can be multiple reasons like connectivity issues, latency, antivirus blocking the communication or recent changes in the firewall ports configuration or DNS issues. The other reason for the access denied is broken secure channel issue & try to reset it, might resolve your issue.

http://awinish.wordpress.com/2010/12/24/when-secure-channel-is-broken/

To troubleshoot & verify replication error, you can use free ADrepstatus tool.

Active Directory Replication Status Tool Released

For KCC error, you can refer below article.

http://blogs.technet.com/b/askds/archive/2008/10/31/troubleshooting-kcc-event-log-errors.aspx

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 4:52am

You may refer to the following articles to troubleshoot your issues:
Troubleshooting AD Replication error 8452: "The naming context is in the process of being removed or is not replicated from the specified server."
http://support.microsoft.com/kb/2023704
Troubleshooting AD Replication error 8453: "Replication access was denied."
http://support.microsoft.com/kb/2022387

Regards,

July 10th, 2013 3:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics