Replication fails between 2 DCs. RPC issue

-

hello.

i have domain 2 dcs. not replicating. signs point rpc issue haven't been able track down fix.

dc1.domain.local - server 2008 r2
ip: 10.0.0.11
dns: 10.0.0.11
dns: 10.0.0.12

dc2.domain.local - server 2008 r2
ip: 10.0.0.12
dns: 10.0.0.12
dns: 10.0.0.11

can fqdn pings/nslookup between both servers.

set following in registry future dc on vpn:
[hkey_local_machine\software\microsoft\rpc\internet]
"ports"="5000-5100"
"portsinternetavailable"="y"
"useinternetports"="y"

opened ports 5000-5100 in firewall. disabled both firewalls testing. no other routers in between

results of "portqry.exe -n dc1.domain.local -e 135" itself. same result dc2 dc1.notice isn't listening on 5000-5100. "portqry.exe -n

c:\portqryv2>portqry.exe -n dc1.domain.local -e 135    querying target system called:     dc1.domain.local    attempting resolve name ip address...      name resolved 10.0.0.11    querying...    tcp port 135 (epmap service): listening    using ephemeral source port  querying endpoint mapper database...  server's response:    uuid: d95afe70-a6d5-4259-822e-2c84da1ddb0d  ncacn_ip_tcp:dc1.domain.local[49152]    uuid: 50abc2a4-574d-40b3-9d66-ee4fd5fba076  ncacn_ip_tcp:dc1.domain.local[63644]    uuid: 367abb81-9844-35f1-ad32-98f038001003  ncacn_ip_tcp:dc1.domain.local[50774]    uuid: 12345778-1234-abcd-ef00-0123456789ab  ncacn_np:dc1.domain.local[\\pipe\\lsass]    uuid: 12345778-1234-abcd-ef00-0123456789ab  ncacn_np:dc1.domain.local[\\pipe\\protected_storage]    uuid: 12345778-1234-abcd-ef00-0123456789ab  ncacn_ip_tcp:dc1.domain.local[49155]    uuid: 12345778-1234-abcd-ef00-0123456789ab  ncacn_http:dc1.domain.local[49158]    uuid: 12345778-1234-abcd-ef00-0123456789ac  ncacn_np:dc1.domain.local[\\pipe\\lsass]    uuid: 12345778-1234-abcd-ef00-0123456789ac  ncacn_np:dc1.domain.local[\\pipe\\protected_storage]    uuid: 12345778-1234-abcd-ef00-0123456789ac  ncacn_ip_tcp:dc1.domain.local[49155]    uuid: 12345778-1234-abcd-ef00-0123456789ac  ncacn_http:dc1.domain.local[49158]    uuid: 12345778-1234-abcd-ef00-0123456789ac  ncacn_ip_tcp:dc1.domain.local[49159]    uuid: 12345678-1234-abcd-ef00-01234567cffb  ncacn_np:dc1.domain.local[\\pipe\\lsass]    uuid: 12345678-1234-abcd-ef00-01234567cffb  ncacn_np:dc1.domain.local[\\pipe\\protected_storage]    uuid: 12345678-1234-abcd-ef00-01234567cffb  ncacn_ip_tcp:dc1.domain.local[49155]    uuid: 12345678-1234-abcd-ef00-01234567cffb  ncacn_http:dc1.domain.local[49158]    uuid: 12345678-1234-abcd-ef00-01234567cffb  ncacn_ip_tcp:dc1.domain.local[49159]    uuid: e3514235-4b06-11d1-ab04-00c04fc2dcd2 ms nt directory drs interface  ncacn_np:dc1.domain.local[\\pipe\\lsass]    uuid: e3514235-4b06-11d1-ab04-00c04fc2dcd2 ms nt directory drs interface  ncacn_np:dc1.domain.local[\\pipe\\protected_storage]    uuid: e3514235-4b06-11d1-ab04-00c04fc2dcd2 ms nt directory drs interface  ncacn_ip_tcp:dc1.domain.local[49155]    uuid: e3514235-4b06-11d1-ab04-00c04fc2dcd2 ms nt directory drs interface  ncacn_http:dc1.domain.local[49158]    uuid: e3514235-4b06-11d1-ab04-00c04fc2dcd2 ms nt directory drs interface  ncacn_ip_tcp:dc1.domain.local[49159]    uuid: 3473dd4d-2e88-4006-9cba-22570909dd10 winhttp auto-proxy service  ncacn_np:dc1.domain.local[\\pipe\\w32time_alt]    uuid: 1ff70682-0a51-30e8-076d-740be8cee98b  ncacn_np:dc1.domain.local[\\pipe\\atsvc]    uuid: 378e52b0-c0a9-11cf-822d-00aa0051e40f  ncacn_np:dc1.domain.local[\\pipe\\atsvc]    uuid: 86d35949-83c9-4044-b424-db363231fd0c  ncacn_np:dc1.domain.local[\\pipe\\atsvc]    uuid: 86d35949-83c9-4044-b424-db363231fd0c  ncacn_ip_tcp:dc1.domain.local[49154]    uuid: 98716d03-89ac-44c7-bb8c-285824e51c4a xactsrv service  ncacn_np:dc1.domain.local[\\pipe\\atsvc]    uuid: 98716d03-89ac-44c7-bb8c-285824e51c4a xactsrv service  ncacn_ip_tcp:dc1.domain.local[49154]    uuid: 552d076a-cb29-4e44-8b6a-d15e59e2c0af ip transition configuration endpoint  ncacn_np:dc1.domain.local[\\pipe\\atsvc]    uuid: 552d076a-cb29-4e44-8b6a-d15e59e2c0af ip transition configuration endpoint  ncacn_ip_tcp:dc1.domain.local[49154]    uuid: 552d076a-cb29-4e44-8b6a-d15e59e2c0af ip transition configuration endpoint  ncacn_np:dc1.domain.local[\\pipe\\srvsvc]    uuid: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 impl friendly name  ncacn_np:dc1.domain.local[\\pipe\\atsvc]    uuid: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 impl friendly name  ncacn_ip_tcp:dc1.domain.local[49154]    uuid: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 impl friendly name  ncacn_np:dc1.domain.local[\\pipe\\srvsvc]    uuid: 30b044a5-a225-43f0-b3a4-e060df91f9c1  ncacn_np:dc1.domain.local[\\pipe\\atsvc]    uuid: 30b044a5-a225-43f0-b3a4-e060df91f9c1  ncacn_ip_tcp:dc1.domain.local[49154]    uuid: 30b044a5-a225-43f0-b3a4-e060df91f9c1  ncacn_np:dc1.domain.local[\\pipe\\srvsvc]    uuid: f6beaff7-1e19-4fbb-9f8f-b89e2018337c event log tcpip  ncacn_np:dc1.domain.local[\\pipe\\eventlog]    uuid: f6beaff7-1e19-4fbb-9f8f-b89e2018337c event log tcpip  ncacn_ip_tcp:dc1.domain.local[49153]    uuid: 30adc50c-5cbc-46ce-9a0e-91914789e23c nrp server endpoint  ncacn_np:dc1.domain.local[\\pipe\\eventlog]    uuid: 30adc50c-5cbc-46ce-9a0e-91914789e23c nrp server endpoint  ncacn_ip_tcp:dc1.domain.local[49153]    uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 dhcp client lrpc endpoint  ncacn_np:dc1.domain.local[\\pipe\\eventlog]    uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 dhcp client lrpc endpoint  ncacn_ip_tcp:dc1.domain.local[49153]    uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 dhcpv6 client lrpc endpoint  ncacn_np:dc1.domain.local[\\pipe\\eventlog]    uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 dhcpv6 client lrpc endpoint  ncacn_ip_tcp:dc1.domain.local[49153]    uuid: 76f226c3-ec14-4325-8a99-6a46348418af  ncacn_np:dc1.domain.local[\\pipe\\initshutdown]    uuid: d95afe70-a6d5-4259-822e-2c84da1ddb0d  ncacn_np:dc1.domain.local[\\pipe\\initshutdown]total endpoints found: 48        ==== end of rpc endpoint mapper query response ====

dc1.domain.local -o 49154" or of other ports results in:
tcp port 49154 (unknown service): listening

ntfrsutl dc2 or dc1 using fqdn fails. dc1 or dc2 fails same error:

c:\portqryv2>ntfrsutl version dc2.domain.local  ntfrsapi version information    ntfrsapi major   : 0    ntfrsapi minor   : 0    ntfrsapi compiled on: jul 13 2009 14:43:15  error - cannot bind w/authentication computer, dc2.domain.local; 000006d9 (1753)  error - cannot bind w/o authentication computer, dc2.domain.local; 000006d9 (1753)  error - cannot rpc computer, dc2.domain.local; 000006d9 (1753)

one odd thing repadmin /bind works on dc1 fails on dc2

dc2:
c:\portqryv2>repadmin /bind

repadmin: running command /bind against full dc localhost
dsbindwithcred localhost failed status 1753 (0x6d9):
    there no more endpoints available endpoint mapper.

dc1:
c:\users\administrator.domain>repadmin /bind

repadmin: running command /bind against full dc localhost
bind localhost succeeded.
ntdsapi v1 bindstate, printing extended members.
    bindaddr: localhost
extensions supported (cb=48):
    base                             : yes
    asyncrepl                        : yes
    removeapi                        : yes
    movereq_v2                       : yes
    getchg_compress                  : yes
    dcinfo_v1                        : yes
    restore_usn_optimization         : yes
    kcc_execute                      : yes
    addentry_v2                      : yes
    linked_value_replication         : yes
    dcinfo_v2                        : yes
    instance_type_not_req_on_mod     : yes
    crypto_bind                      : yes
    get_repl_info                    : yes
    strong_encryption                : yes
    dcinfo_vffffffff                 : yes
    transitive_membership            : yes
    add_sid_history                  : yes
    post_beta3                       : yes
    get_memberships2                 : yes
    getchgreq_v6 (windows xp preview): yes
    nondomain_ncs                    : yes
    getchgreq_v8 (windows xp beta 1) : yes
    getchgreply_v5 (windows xp beta 2): yes
    getchgreply_v6 (windows xp beta 2): yes
    addentryreply_v3 (windows xp beta 3): yes
    getchgreply_v7 (windows xp beta 3) : yes
    verify_object (windows xp beta 3): yes
    xpress_compression               : yes
    drs_ext_adam                     : no
    getchgreq_v10                    : yes
    recycle bin feature              : no
site guid: 7f313f68-e0f8-4b16-a956-1d440e566c10
repl epoch: 0
forest guid: e74e06c4-4030-43bc-bf43-c21bf15c4832
security information on binding follows:
    spn requested:  ldap/localhost
    authn service:  9
    authn level:  6
    authz service:  0

 

dcdiag on dc2

c:\portqryv2>dcdiag    directory server diagnosis    performing initial setup:    trying find home server...    home server = dc2    [dc2] directory binding error 1753:    there no more endpoints available endpoint mapper.    may limit of tests can performed.    * identified ad forest.    done gathering initial info.    doing initial required tests      testing server: site1\dc2     starting test: connectivity       [dc2] dsbindwithspnex() failed error 1753,       there no more endpoints available endpoint mapper..       got error while checking ldap , rpc connectivity. please check firewall settings.       ......................... dc2 failed test connectivity    doing primary tests      testing server: site1\dc2     skipping tests, because server dc2 not responding directory service requests.        running partition tests on : forestdnszones     starting test: checksdrefdom       ......................... forestdnszones passed test checksdrefdom     starting test: crossrefvalidation       ......................... forestdnszones passed test crossrefvalidation      running partition tests on : domaindnszones     starting test: checksdrefdom       ......................... domaindnszones passed test checksdrefdom     starting test: crossrefvalidation       ......................... domaindnszones passed test crossrefvalidation      running partition tests on : schema     starting test: checksdrefdom       ......................... schema passed test checksdrefdom     starting test: crossrefvalidation       ......................... schema passed test crossrefvalidation      running partition tests on : configuration     starting test: checksdrefdom       ......................... configuration passed test checksdrefdom     starting test: crossrefvalidation       ......................... configuration passed test crossrefvalidation      running partition tests on : domain     starting test: checksdrefdom       ......................... domain passed test checksdrefdom     starting test: crossrefvalidation       ......................... domain passed test crossrefvalidation      running enterprise tests on : domain.local     starting test: locatorcheck       ......................... domain.local passed test locatorcheck     starting test: intersite       ......................... domain.local passed test intersite

dcdiag on dc1

directory server diagnosis    performing initial setup:    trying find home server...    home server = dc1    * identified ad forest.    done gathering initial info.    doing initial required tests      testing server: site1\dc1     starting test: connectivity       ......................... dc1 passed test connectivity    doing primary tests      testing server: site1\dc1     starting test: advertising       ......................... dc1 passed test advertising     starting test: frsevent       there warning or error events within last 24 hours after       sysvol has been shared. failing sysvol replication problems may cause       group policy problems.       ......................... dc1 passed test frsevent     starting test: dfsrevent       ......................... dc1 passed test dfsrevent     starting test: sysvolcheck       ......................... dc1 passed test sysvolcheck     starting test: kccevent       ......................... dc1 passed test kccevent     starting test: knowsofroleholders       ......................... dc1 passed test knowsofroleholders     starting test: machineaccount       ......................... dc1 passed test machineaccount     starting test: ncsecdesc       error nt authority\enterprise domain controllers doesn't have        replicating directory changes in filtered set       access rights naming context:       dc=forestdnszones,dc=domain,dc=local       error nt authority\enterprise domain controllers doesn't have        replicating directory changes in filtered set       access rights naming context:       dc=domaindnszones,dc=domain,dc=local       ......................... dc1 failed test ncsecdesc     starting test: netlogons       ......................... dc1 passed test netlogons     starting test: objectsreplicated       ......................... dc1 passed test objectsreplicated     starting test: replications       [replications check,dc1] recent replication attempt failed:        dc2 dc1        naming context: dc=forestdnszones,dc=domain,dc=local        replication generated error (1256):        remote system not available. information network tr  oubleshooting, see windows help.          failure occurred @ 2011-03-09 14:55:22.        last success occurred @ 2011-03-09 13:25:22.        14 failures have occurred since last success.       [dc2] dsbindwithspnex() failed error 1753,       there no more endpoints available endpoint mapper..       [replications check,dc1] recent replication attempt failed:        dc2 dc1        naming context: dc=domaindnszones,dc=domain,dc=local        replication generated error (1753):        there no more endpoints available endpoint mapper.        failure occurred @ 2011-03-09 14:58:44.        last success occurred @ 2011-03-09 13:25:22.        18 failures have occurred since last success.        directory on dc2 in process.        of starting or shutting down, , not available.        verify machine not hung during boot.       [replications check,dc1] recent replication attempt failed:        dc2 dc1        naming context: cn=schema,cn=configuration,dc=domain,dc=local        replication generated error (1753):        there no more endpoints available endpoint mapper.        failure occurred @ 2011-03-09 14:55:22.        last success occurred @ 2011-03-09 13:25:22.        6 failures have occurred since last success.        directory on dc2 in process.        of starting or shutting down, , not available.        verify machine not hung during boot.       [replications check,dc1] recent replication attempt failed:        dc2 dc1        naming context: cn=configuration,dc=domain,dc=local        replication generated error (1753):        there no more endpoints available endpoint mapper.        failure occurred @ 2011-03-09 14:58:40.        last success occurred @ 2011-03-09 13:25:22.        13 failures have occurred since last success.        directory on dc2 in process.        of starting or shutting down, , not available.        verify machine not hung during boot.       [replications check,dc1] recent replication attempt failed:        dc2 dc1        naming context: dc=domain,dc=local        replication generated error (1753):        there no more endpoints available endpoint mapper.        failure occurred @ 2011-03-09 15:05:06.        last success occurred @ 2011-03-09 13:25:22.        20 failures have occurred since last success.        directory on dc2 in process.        of starting or shutting down, , not available.        verify machine not hung during boot.       ......................... dc1 failed test replications     starting test: ridmanager       ......................... dc1 passed test ridmanager     starting test: services       ......................... dc1 passed test services     starting test: systemlog       ......................... dc1 passed test systemlog     starting test: verifyreferences       ......................... dc1 passed test verifyreferences        running partition tests on : forestdnszones     starting test: checksdrefdom       ......................... forestdnszones passed test checksdrefdom     starting test: crossrefvalidation       ......................... forestdnszones passed test       crossrefvalidation      running partition tests on : domaindnszones     starting test: checksdrefdom       ......................... domaindnszones passed test checksdrefdom     starting test: crossrefvalidation       ......................... domaindnszones passed test       crossrefvalidation      running partition tests on : schema     starting test: checksdrefdom       ......................... schema passed test checksdrefdom     starting test: crossrefvalidation       ......................... schema passed test crossrefvalidation      running partition tests on : configuration     starting test: checksdrefdom       ......................... configuration passed test checksdrefdom     starting test: crossrefvalidation       ......................... configuration passed test crossrefvalidation      running partition tests on : domain     starting test: checksdrefdom       ......................... domain passed test checksdrefdom     starting test: crossrefvalidation       ......................... domain passed test crossrefvalidation      running enterprise tests on : domain.local     starting test: locatorcheck       ......................... domain.local passed test locatorcheck     starting test: intersite       ......................... domain.local passed test intersite

 

sorry output.

i make changes gpo , don't replicate, sysvol won't replicate exists on dcs.

any appreciated

if trying restrict rpc traffic specific ports @  http://support.microsoft.com/kb/224196

if take out rpc port restrictions , have no firewalls on replication still fail?  ds team has blog on too

 http://blogs.technet.com/b/askds/archive/2009/01/22/using-portqry-for-troubleshooting.aspx

thanks

 

mike

http://adisfun.blogspot.com
http://twitter.com/mekline


Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Cannot access Anywhere Access using domain name?

-
after installing anywhere access in windows server 2012 essentials r2, cannot use anywhere access using setup domain name in wizard such remote.mydomain.com? if enter public ip address, example, 72.2.34.5 works. before set anywhere access, created a record pointing public address...pinged , worked...so not sure doing wrong?  is wizard supposed create record etc , make remote.mydomain.com work? if enter public ip address while on lan, takes me router webpage.  shouldn't work on lan if accessed via public ip? thank you, tim. the wizard can configure remote.microsoft_names.com  remote.remotewebaccess.com but cannot configure domains purchased outside wizard.  depends on how domain configured if wildcard.yourdomain.com should work  if try ping remote.your_domain.com afar , not give proper  public ip, need add record mariette said. much have record domain.com www.domain.com , if have website somewhere else www.domain.com , need re...
Read more

server manager error: ADAM.events.xml could not be enumerated.

-
firewall off isnt it. rerun ldap wizard:?  why?  will screw exchange server running on machine?  ldap wizard asks questions don't understand. please dont send generic links to: http://social.technet.microsoft.com/wiki/contents/articles/13444.windows-server-2012-server-manager-troubleshooting-guide-part-ii-troubleshoot-manageability-status-errors-in-server-manager.aspx thanks, john hi john, >> ok. server manager app. these questions refer this. nothing else 2.  do need create app dir or not?  this server manager, shouldnt done? (why did break in first place?) how check if app dir exists server manager or not. 3.  if "lightweight" implementation of anything, sure hate see "heavyweight" version. the waring events can't enumerated. , cause not completing configuration of ad lds. ad lds not related server manager. used provide flexible support directory-enabled applications. if not implementing such application...
Read more

send messages to users

-
i have domain server windows 2000 sp4. my clients using win xp , win 98. when send messages computer management-shared folders-rightclick-all task-send message connected users, message received clients using winxp but not in  win 98 .how send them without winpopup  , net meeting. this forum windows server 2008.   check messenger service running on win98-clients. (haven't seen win 98 in while might not available...) Windows Server  >  Directory Services
Read more