"The replication partner: XXX shows replication errors"......!?

Marin Marinov 161

Hello everyone, on the attached picture you can see the topology of my lab. I`m having troubles promoting the server called DC-2-2 to a domain controller for child.office-2.local. I got "The replication partner: DC-2.office-2.local shows replication errors." In the txt file you can find the output of "Install-ADDSDomain". I can not figure out how to use repadmin.exe to narrow down the cause of the issue. May I ask you for help? Capture

error.txt

12 answers

Marin Marinov 161 Reputation points

2023-03-07T18:27:00.45+00:00
I found something strange.

Remove-Computer -UnjoinDomainCredential office-2\administrator -PassThru -Verbose -Rest art VERBOSE: Performing the operation "Remove-Computer" on target "DC-2-2". Remove-Computer : **Cannot remove computer 'DC-2-2' because it is not in a domain.** At line:1 char:1 + Remove-Computer -UnjoinDomainCredential office-2\administrator -PassT ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (DC-2-2:String) [Remove-Computer], InvalidOperationException + FullyQualifiedErrorId : ComputerNotInDomain,Microsoft.PowerShell.Commands.RemoveComputerCommand

HOWEVER

PS C:\Users\Administrator> systeminfo

Host Name: DC-2-2 OS Name: Microsoft Windows Server 2016 Standard Evaluation OS Version: 10.0.14393 N/A Build 14393 OS Manufacturer: Microsoft Corporation OS Configuration: Standalone Server OS Build Type: Multiprocessor Free Registered Owner: Windows User Registered Organization: Product ID: 00378-00000-00000-AA739 Original Install Date: 2/23/2023, 5:29:46 PM System Boot Time: 3/7/2023, 8:15:28 PM System Manufacturer: Microsoft Corporation System Model: Virtual Machine System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 142 Stepping 10 GenuineIntel ~1800 Mhz BIOS Version: American Megatrends Inc. 090008 , 12/7/2018 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume1 System Locale: en-us;English (United States) Input Locale: en-us;English (United States) Time Zone: (UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius Total Physical Memory: 1,024 MB Available Physical Memory: 385 MB Virtual Memory: Max Size: 2,048 MB Virtual Memory: Available: 1,331 MB Virtual Memory: In Use: 717 MB Page File Location(s): C:\pagefile.sys Domain: OFFICE-2 Logon Server: \DC-2-2 Hotfix(s): 3 Hotfix(s) Installed. [01]: KB3192137 [02]: KB3211320 [03]: KB3213986 Network Card(s): 1 NIC(s) Installed. [01]: Microsoft Hyper-V Network Adapter Connection Name: LAN-2 DHCP Enabled: No IP address(es) [01]: 10.0.0.35 Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed. PS C:\Users\Administrator>

Any idea what is going on here?
Please sign in to rate this answer.
Dave Patrick 426.1K Reputation points MVP

2023-03-07T20:14:24.3566667+00:00

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on any domain controller)
ipconfig /all > C:\%computername%.txt (run on EVERY domain controller)

Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)

then put unzipped text files up on OneDrive and share a link.

Dave Patrick 426.1K Reputation points MVP

2023-03-08T13:44:51.8466667+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

Marin Marinov 161 Reputation points

2023-03-08T16:19:46.89+00:00

Hello Dave, thank you for asking. I have delated the VM and started from scratch. Unfortunately I got the exact same problem. This week I'm as busy as a bee. I will provide all the logs tomorrow.

Dave Patrick 426.1K Reputation points MVP

2023-03-08T17:46:13.7366667+00:00

Sounds good.
Sign in to comment
Marin Marinov 161 Reputation points

2023-03-09T12:06:46.4+00:00

https://1drv.ms/u/s!ApaIwtWDk_v0hMBKw0Cz9aTO4HgA-A?e=xaCdIl
Please sign in to rate this answer.
Marin Marinov 161 Reputation points

2023-03-09T12:10:30.4633333+00:00

I was not able to turn on DC-1-1 due to the lack of ram. By the way everything runs on my home lab. I don't thing it`s important to have it live. It does not hold any FSMOs
Sign in to comment
Marin Marinov 161 Reputation points

2023-03-09T12:33:25.1666667+00:00

Name resolution for the name _ldap._tcp.dc._msdcs.office-2.local. timed out after none of the configured DNS servers responded

ID: 1014

The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

ID: 1202
Please sign in to rate this answer.
Dave Patrick 426.1K Reputation points MVP

2023-03-09T13:52:01.5933333+00:00

Looks like some sort of network problems. I'd check the required ports are allowed to flow between networks.

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts#windows-server-2008-and-later-versions

https://www.microsoft.com/en-us/download/details.aspx?id=17148

Also each domain controller should have it's own static ip address listed for DNS plus loopback (127.0.0.1)

-

--please don't forget to upvote and Accept as answer if the reply is helpful--
Sign in to comment
Marin Marinov 161 Reputation points

2023-03-10T12:29:26.0633333+00:00

PS C:\Users\Administrator> GEt-NetTCPConnection -State Listen

LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess

:: 64031 :: 0 Listen 2240

:: 49702 :: 0 Listen 2248

:: 49683 :: 0 Listen 544

:: 49678 :: 0 Listen 2180

:: 49671 :: 0 Listen 552

:: 49670 :: 0 Listen 552

:: 49668 :: 0 Listen 552

:: 49667 :: 0 Listen 1208

:: 49666 :: 0 Listen 1208

:: 49665 :: 0 Listen 992

:: 49664 :: 0 Listen 444

:: 47001 :: 0 Listen 4

:: 9389 :: 0 Listen 2220

:: 5985 :: 0 Listen 4

:: 3389 :: 0 Listen 948

:: 593 :: 0 Listen 752

:: 464 :: 0 Listen 552

:: 445 :: 0 Listen 4

:: 135 :: 0 Listen 752

:: 88 :: 0 Listen 552

::1 53 :: 0 Listen 2248

0.0.0.0 64031 0.0.0.0 0 Listen 2240

0.0.0.0 49702 0.0.0.0 0 Listen 2248

0.0.0.0 49683 0.0.0.0 0 Listen 544

0.0.0.0 49678 0.0.0.0 0 Listen 2180

0.0.0.0 49671 0.0.0.0 0 Listen 552

0.0.0.0 49670 0.0.0.0 0 Listen 552

0.0.0.0 49668 0.0.0.0 0 Listen 552

0.0.0.0 49667 0.0.0.0 0 Listen 1208

0.0.0.0 49666 0.0.0.0 0 Listen 1208

0.0.0.0 49665 0.0.0.0 0 Listen 992

0.0.0.0 49664 0.0.0.0 0 Listen 444

0.0.0.0 9389 0.0.0.0 0 Listen 2220

0.0.0.0 3389 0.0.0.0 0 Listen 948

0.0.0.0 3269 0.0.0.0 0 Listen 552

0.0.0.0 3268 0.0.0.0 0 Listen 552

0.0.0.0 636 0.0.0.0 0 Listen 552

0.0.0.0 593 0.0.0.0 0 Listen 752

0.0.0.0 389 0.0.0.0 0 Listen 552

10.0.0.34 139 0.0.0.0 0 Listen 4

0.0.0.0 135 0.0.0.0 0 Listen 752

127.0.0.1 53 0.0.0.0 0 Listen 2248

10.0.0.34 53 0.0.0.0 0 Listen 2248
Please sign in to rate this answer.
Marin Marinov 161 Reputation points

2023-03-10T12:32:28.2033333+00:00

The above output shows all the open TCP ports. I was not able to conform if the below once are open. Any idea how to do it?

1024-65535/TCP 1024-65535/TCP RPC for LSA, SAM, NetLogon (*)

1024-65535/TCP 1024-65535/TCP FRS RPC (*)

Dave Patrick 426.1K Reputation points MVP

2023-03-10T13:28:51.83+00:00

Sorry, but that doesn't confirm the connectivity across networks.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Dave Patrick 426.1K Reputation points MVP

2023-03-12T12:50:36.18+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
Sign in to comment
Marin Marinov 161 Reputation points

2023-03-14T13:13:25.8666667+00:00

Hi, let me confirm if we are all on the same page. I have to make sure that the ports mentioned in the article that you provided are open on all Windows Firewalls in my lab, right? If so, is there a rule corresponding to each port that I have to enable or I have to create new rules?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment