Discovery of replication partners

Applies To: Windows Server 2008

Domain controllers must be able to communicate with their replication partners to initiate replication. So that domain controllers can communicate properly, the following conditions must be true:

  • Domain controller service (SRV) resource records must be registered with the Domain Name System (DNS) server.
  • Domain controllers must be able to query and locate the service (SRV) resource records of other domain controllers from the DNS server.
  • Domain controllers must be able to establish remote procedure call (RPC) communications with one another.
  • Replication partners must be online, accessible, and advertising.

 

 

Events

Event ID Source Message

1844

Microsoft-Windows-ActiveDirectory_DomainService

The local domain controller could not connect with the following domain controller hosting the following directory partition to resolve distinguished names. Domain controller: "name of domain controller which the local DC tried to contact. This may or may not be populated" Directory partition: "Name of the directory partition containing the DN that the local domain controller was trying to resolve" Additional Data Error value: "Win32 error code" "win32 error string" Internal ID: "internal ID; useful only when contacting Microsoft Support"

1925

Microsoft-Windows-ActiveDirectory_DomainService

The attempt to establish a replication link for the following writable directory partition failed. Directory partition: "DN of the partition" Source domain controller: "DN of the source domain controller for replication" Source domain controller address: f8786828-ecf5-4b7d-ad12-8ab60178f7cd._msdcs.contoso.com Intersite transport (if any): "DN of the intersite transport used for replication" This domain controller will be unable to replicate with the source domain controller until this problem is corrected. User Action Verify if the source domain controller is accessible or network connectivity is available. Additional Data Error value: "Win32 error code" "Win32 error message" (in most cases: 1908 Could not find the domain controller for this domain.)

2087

Microsoft-Windows-ActiveDirectory_DomainService

Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. Source domain controller: dc2 Failing DNS host name: b0069e56-b19c-438a-8a1f-64866374dd6e._msdcs.contoso.com NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1: Registry Path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client User Action: 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 2) Confirm that the source domain controller is running Active Directory and is accessible on the network by typing "net view \\source_DC_name" or "ping source_DC_name". 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of Dcdiag.exe available on https://www.microsoft.com/dns dcdiag /test:dns 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of Dcdiag.exe command on the console of the destination domain controller, as follows: dcdiag /test:dns 5) For further analysis of DNS error failures see KB article 824449: https://support.microsoft.com/?kbid=824449 Additional Data Error value: 11004 The requested name is valid, but no data of the requested type was found.

2088

Microsoft-Windows-ActiveDirectory_DomainService

Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller. Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources. You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS. Alternate server name: dc1 Failing DNS host name: 4a8717eb-8e58-456c-995a-c92e4add7e8e._msdcs.contoso.com NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1: Registry Path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client User Action: 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 2) Confirm that the source domain controller is running Active Directory and is accessible on the network by typing "net view \\source_DC_name" or "ping source_DC_name". 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on https://www.microsoft.com/dns dcdiag /test:dns 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of Dcdiag.exe command on the console of the destination domain controller, as follows: dcdiag /test:dns 5) For further analysis of DNS error failures see KB 824449: https://support.microsoft.com/?kbid=824449 Additional Data Error value: 11004 The requested name is valid, but no data of the requested type was found.

Partition Replication

Active Directory