Replication error 8341

Biswajeet Kumar 46 Reputation points
2020-12-22T12:07:04.173+00:00

Hi,

When I stop Netlogon and KDC service in a DC, I receive "operational errors trying to retrieve replication information" with error code 8341.

This does not happen in my other environment when I stop these 2 services.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,522 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Dave Patrick 426K Reputation points MVP
    2020-12-22T13:53:39.183+00:00

    What is the reason for stopping services? Error 8341 is a generic error A directory service error has occurred

    --please don't forget to Accept as answer if the reply is helpful--


  2. Thameur-BOURBITA 28,306 Reputation points
    2020-12-22T14:00:16.063+00:00

    Hi,

    When I stop Netlogon and KDC service in a DC, I receive "operational errors trying to retrieve replication information" with error code 8341.

    When you stop these services used for authentication by user users and member machines, the DC will be unable to contact its KDC and netlogon to authenticate and perform the replication process.

    This does not happen in my other environment when I stop these 2 services.

    This behavior depend of active directory topology, if the DC is able to contact the KDC of another Dc when it's KDC is stopped , it will be able to authenticate and perform the AD replication.

    For your information it's not recommended to keep Netlogon and KDC service stopped, they should be started automatically.

    Please don't forget to mark this reply as answer if it help you to fix your issue


  3. Dave Patrick 426K Reputation points MVP
    2020-12-22T14:48:49.68+00:00

    I am stopping them to check which client machine has dependencies

    Simplest solution is to update the DHCP server to hand out the new domain controller for DNS

    --please don't forget to Accept as answer if the reply is helpful--


  4. Thameur-BOURBITA 28,306 Reputation points
    2020-12-22T16:12:50.74+00:00

    Hi,

    Stopping theses services is not enough to check dependency before demote this legacy domain controller, because if you don't delete the DC DNS records , client will still trying to contact it. Because a client will send DNS request to get the list of DCs and closest DC. So the best way to check dependency is stop this DC and remove all it's DNS records.

    Check Ip configuration for all members servers that there is no client still send a DNS request to this DC and if there is any application or script still configured to contact this DCs

    Please don't forget to mark this reply as answer if it help you to fix your issue


  5. Dave Patrick 426K Reputation points MVP
    2020-12-22T16:46:16.443+00:00

    Cant the DCs look for another DC for authentication? Is there a way to know which DCs using this DCs KDC and how to redirect them to another DC.

    The search order depends on how you list them on the client connection properties.

    --please don't forget to Accept as answer if the reply is helpful--