Domain Replication Issues – Troubleshooting


KB ID 0000301


You have one or more domain controllers in your Windows domain that is not replicating to one or more replication partners.


Step 1 DNS First!

Before you start make sure all the domain controllers are pointing the PDC emulator ONLY for their DNS settings.

1. On the PDC emulator > Start > run > dnsmgmt.msc {enter}.

2. Expand _msdcs.yourdomainname Right Click it > Properties > Set Dynamic updates to “Secure and non secure” > apply > OK.

3. Expand yourdomain-name > Right Click it > Properties > Set Dynamic updates to “Secure and non secure” > apply > OK.

4. Right Click the Server-name above > All Tasks > Restart.

5. Expand _msdcs.yourdomainname again.

6. There should be a big long GUID number there for each domain controller {an Alias (CNAME) entry}.

7. Delete them all (DONT delete the name server entries, or the SOA record!).

8. On each domain controller restart the netlogon service.

9. Back on the PDC emulator close and re-open the DNS management console.

10. Ensure those GUID entries have recreated (Note: You may need to apply the cup of coffee rule).

Step 2 Remove and recreate the Server replication Links

Install the support tools on all the domain controllers.

Start on the PDC emulator and repeat the process on all successive domain controllers.

1. Start > Administrative tools > Active directory Sites and Services.

2. Expand each server down to the NTDS settings.

3. Delete all the <automatically generated > entries and any manual ones so the right hand window is empty, (leave this window open). THIS IS SAFE DON’T PANIC.

4. Start > run > adsiedit.msc

5. Expand > Configuration > Expand “cn=configuration,dc=domainname” > Expand “cn=sites”.

6. Expand your site name i.e. “cn=default-fist-site-name” > Expand “cn=yourservername”.

7. Expand “cn=ntds settings”.

9. In the right hand window delete all the entries.

10. Start > run > cmd {enter}.

11. Issue the following command.Repadmin /kcc

12. Switch back to Active directory Sites and Services > Right click NTDS settings on the server you are working on.

13. Select “All Tasks” > “Check replication Topology”.

14. Right Click “Sites” at the top of the tree and select refresh.

15. Drill back down to the Servers NTDS Settings and then try to right click the connector on the right and “Replicate now”.

Possible errors

Possible Error 1 Target Principle Name is incorrect.

Target Principle Name is Incorrect

Cause: Either when attempting a manual domain replication or trying to access a resource on another machine.

1. If you are on a domain controller stop and disable the Key Distribution Center Service and stop it.

Stop Kerberos Key Distribution Center Service

2. Start > Run > cmd {enter}.

3. Issue the following command;netdom resetpwd /s:server /ud:domainadministrator /pd:password123 {enter}.

Netdom reset domain controller machine password

Where</br server=name of the PDC emulator domain = your domain name password123=the domain administrators password.

4. Reboot the Server.

5. If it’s a domain controller restart the Key Distribution Center service and set its start-up to automatic.

6. Retry replication.

Sucessful Replication

Possible Error 2 The RPC server is unavailable.

The time on both the domain controllers may be out of sync

1. Start > run > cmd {enter} > Issue the following command;net time pdc-servername /set /y

2. If it gives you a permission error the carry out the procedure under “Target principle name is incorrect” above to reset the machine password.


Possible Error 3 The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

Replication Tombstone

Cause: Replication has been offline for a long time.

1. Start > Run > regedit {enter}.

2. Navigate To:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters.

3. If the registry entry exists, modify it; otherwise create a new DWORD value by right-clicking Parameters.

4. Type Allow Replication With Divergent and Corrupt Partner and press Enter.

5. Double-click the entry and for the Value data type 1, then click OK.

Allow Replication with Divergent

6. Locate the “Strict Replication Consistency Key” change its value from 1 to 0 (zero).

Disable Srict Replication Consitency

6. Close the registry editor. You do not need to reboot after this change.

7. Retry Replication

Manual AD Replication

Possible Error 4 The destination server is currently rejecting replication requests.

Rejecting Replication Requests

Cause: Sometimes (usually after many failures) A DC will stop accepting replication.

1. Start > Run > cmd {enter}.

2. Issue the following commands;

repadmin /options your-server-name +DISABLE_OUTBOUND_REPL
repadmin /options your-server-name -DISABLE_OUTBOUND_REPL
repadmin /options your-server-name +DISABLE_INBOUND_REPL
repadmin /options your-server-name -DISABLE_INBOUND_REPL

Possible Error 5 This object may not exist because it may have been deleted and already garbage collected.

1. Start Run Regedit

2. Navigate to;HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTDSParameters

3. If “Strict Replication Consistency does NOT exist > Click Add Value on the Edit menu > Add REG_DWORD > Strict Replication Consistency

4. Value data: If the value is 1, change it to 0.

Replication Event ID Errors

Event 1388 or 1988 (A lingering object is detected).

1. Start > run > cmd {enter}

2. Issue the following command;repadmin /removelingeringobjects

Event ID 1113 and 1115 the destination server is currently rejecting replication requests.

1. See Possible Error 4 Above

When the problem has been rectified

Finish up by performing a Metadata cleanup on Active Directory;en-us;216498

Related Articles, References, Credits, or External Links

Original Article written 24/07/10

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.