Monday, March 9, 2009

Active Directory replication troubleshooting &Replication Headache





One of the primary tasks for most of the network administrators is to troubleshoot the replication issues among domain controllers. If you don't have several sites there is not much to worry about it. Conversely, it is a great deal if you do have it so, what would you do to troubleshoot the replication issues in active directory. Below are some nice tips will help you to troubleshoot replication related issues in active directory?

Quickly to see if all DCs are replication use

  • repadmin

    Repadmin /ReplSummary

Run below tools in verbose mode and investigate the output TXT file for further clues what might be causing the replication issues.

  • dcdiag,
  • netdiag
  • repadmin
  • DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
  • netdiag.exe /v > c:\netdiag.log (On each dc)
  • repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
  • dnslint /ad /s "ip address of your dc"

*Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's in the forest. If you have significant numbers of DC's this test could generate significant detail and take a long time. You also want to take into account slow links to dc's will also add to the testing time.

TIPS

  • Make sure TCP/IP Stack is configured correctly on all the domain controllers.
  • Issue ***IPConfig /All*** command from each DC and make use TCP/IP stack is configured correctly.
  • There are multiple ways to configure TCP/IP setting on each domain controller based on needs and scenario. One of the most common basic configuration is to point DC/DNS server to it's own IP as primary DNS server and to its neighbor DC/DNS as second (Alternate) DNS server and fallow the same configuration for rest of the domain controllers

  • Don't use multiple ***NIC's*** on the domain controllers, disable any other NIC card and make sure ***Register this connection to DNS*** is un-checked on the DC's.
  • It is good idea to re-name the NIC's as ***Production***, or *** Do not Enable *** for the disable interface
  • Use fallowing netdiag and dcdiag switches on the problems DC's

    • netdiag /v /fix
    • dcdiag /v /fix
  • On problems DC's use blow from command line and investigate if there is any errors occurs.

  • Ipconfig /FlushDNS
  • ipconfig /registerdns
  • net stop netlogon
  • net start Netlogon


Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Blog: http://www.smtp25.blogspot.com

1 comment:

Vasim Memon said...

Awesome article, this helps me alot...

Thanks dude

Vasim Memon
India-
http://systadmin.blogspot.com