question

drkr0ot777-9921 avatar image
0 Votes"
drkr0ot777-9921 asked DaisyZhou-MSFT commented

Adding/Replacing New Domain Server - 1722 RPC Errors

In our current infrastructure we have 2 domain controllers. The first one is a 2008 box and needs to be replaced. I've created a new Server 2019 VM and installed domain services. For transparency I used this guide (https://www.rebeladmin.com/2020/08/active-directory-migration-from-windows-server-2008-to-2019/).

I've completed everything listed in the guide I linked above until where decommissioning the old domain controller (DC1). When I start this process I continually get a "1722 The RPC server is unavailable." error. I've googled, and searched forums trying various things others have mentioned but have yet to find a resolution. I've provided some details below hoping someone could shed some light on what I'm missing.

DC1: Windows Server 2008 (phasing out)
DC2: Windows Server 2012 R2
DC3: Windows Server 2019

[FSMO ROLES]
FSMO roles have been transferred to the new server.

 Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | Where-Object {$_.OperationMasterRoles} | out-string -Width 160

76326-fsmo-roles-succeeded.jpg

[SERVICES]
I've checked to ensure each of the following services are running on all the servers:

  • COM+ Event System

  • Remote Procedure Call (RPC)

  • Active Directory Domain Services

  • DNS Client

  • DFS Replication

  • Intersite Messaging

  • Kerberos Key Distribution Center

  • Security Accounts Manager

  • Server

  • Workstation

  • Windows Time

  • NETLOGON

[DNS]
I've updated DNS IP for each server and flushed DNS on each. They are set like this:
DC1= DNS1: 192.168.1.86 DNS2: 192.168.1.84
DC2= DNS1: 192.168.1.86 DNS2: 127.0.0.1
DC3= DNS1: 192.168.1.84 DNS2: 127.0.0.1

[FIREWALL]
Firewall is turned off on each server

[LOGS]
I've attached the DCDIAG results from all 3 servers.
76403-dcdiag-results-dc1.txt
76310-dcdiag-results-dc2.txt
76404-dcdiag-results-dc3.txt


windows-active-directorywindows-server-2019
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @drkr0ot777-9921,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

0 Votes 0 ·

Hello @drkr0ot777-9921,
Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know.
Again thanks for your time and have a nice day!

Best Regards,
Daisy Zhou

0 Votes 0 ·
drkr0ot777-9921 avatar image
0 Votes"
drkr0ot777-9921 answered

Realizing after the fact that I ran dcdiag without admin permissions I'm uploading a new set of files where I ran dcdiag /v /c as administrator. Feel free to review attached logs.

76366-dcdiag-v-c-results-dc1.txt

76376-dcdiag-v-c-results-dc2.txt

76434-dcdiag-v-c-results-dc3.txt



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @drkr0ot777-9921,

Thank you for posting here.

Before troubleshooting the issue, kindly remind that since private information and security information may be involved, the forum does not analyze logs. Please delete or remove any private information and security information in the logs and cover or blur any information you provided in the post.

Based on the description, you have added a 2019 DC in your domain.

The minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level. The domain also has to use DFS-R as the engine to replicate SYSVOL.

Forest and Domain Functional Levels
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels


Here are some suggest for your issue:

1.Please check the forest/domain functional level of your domain.

2.Please check the SYSVOL replication type (FRS or DFSR).

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState registry subkey. If this registry subkey exists and its value is set to 3 (ELIMINATED), DFSR is being used. If the subkey does not exist, or if it has a different value, FRS is being used.

3.From dcdiag result of dc1, it seems DC1 has issue.
Before you add 2019 DC, did you check the health of DC1 and DC2?
Before you add 2019 DC, did you check the AD replication of DC1 and DC2?

4.If you can check the AD replication now by running commands below on PDC.

repadmin /showrepl >c:\repsum1.txt

repadmin /replsum >c:\repsum2.txt


repadmin /showrepl * /csv >c:\repsum.csv

If there is no any error message in the result, it means AD replication works fine.

5.Meanwhile, please try to check the issue "The RPC server is unavailable" based on the links below.

Windows Server Troubleshooting: "The RPC server is unavailable"
https://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx#DNS_Name_Resolution

Active Directory Replication Error 1722: The RPC server is unavailable
https://support.microsoft.com/en-us/help/2102154/active-directory-replication-error-1722-the-rpc-server-is-unavailable


Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.



Best Regards,
Daisy Zhou

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.