3

I have a RO domain controller that replicates with a writable DC which is at another site. The other week the writable DC was out for about 2 days because of maintenance at that site. After this outage, the RODC is no longer replicating with the writable DC.

The error I get is 1722, the RPC server is unavailable. I confirmed that the RPC service is running on both DCs. I suspect that the problem is caused by DNS - the DNS event logs contain the following:

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000006BA: SvcErr: DSID-03210BEB, problem 5012 (DIR_ERROR), data 0". The event data contains the error.

I also get the following errors:

The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.

There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.

The Knowledge Consistency Checker located a replication connection for the local read-only directory service, but the source server is not responsive or not replicating. A new suitable source server was not found from the current replication partners. This operation will be retried.

So maybe when the writable DC was restarted some sort of setting or configuration has been lost - causing the RODC to be unable to replicate with it. The DCs can ping each other fine though.

Any help would be much appreciated! Thanks!

Community
  • 1
Kelvin
  • 31
  • 1
  • 2

1 Answers1

-1

I've had this exact problem.

What kind of network do you have? You need one that is fully meshed for replication to work properly. If you open up active directory sites and services, you can see DC's are trying to replicate from each other. They will complain if they can only see one main DC, they need to be able to see and replicate from each other.

Josh Kelahan
  • 1
  • 1
  • How can I ensure that it's fully meshed? – Kelvin Dec 03 '14 at 20:33
  • The RODC is supposed to replicate with 2 writable DCs but one of them stopped replicating in May. It continued to replicate with the 2nd one until a couple of weeks ago (although replication failed for 1 day in June when there was another outage) – Kelvin Dec 03 '14 at 20:35
  • Use sites and services to remove both of the replication partners: Find the RODC on the left, and expand it Servers\ServerName\NTDS Settings. On the NTDS settings, you will see where it is trying to replicate from. Delete these. You said you had 2 servers, but one stopped in May. Did it tombstone? After you have deleted the connections, force replication on your server. Use: repadmin /replicate It should rebuild its connections and replicate. – Josh Kelahan Dec 03 '14 at 20:43
  • Thanks very much for your help. Unfortunately deleting the connections didn't work. I don't think the 2nd DC tombstoned - it's still active and replicating with the other writable CD – Kelvin Dec 03 '14 at 21:33
  • "You need one that is fully meshed for replication to work properly." That's completely false. AD replication works fine in non-fully-meshed topologies (thankfully). – Massimo Aug 16 '19 at 21:07