Help with a replication problem

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello,
I have a problem with replication between 2 domain controllers in a forest. IP configuration for those domain controllers is as follows

DC1 (Forest Root Domain)
IP: 192.168.1.2
SM: 255.255.255.0
Preferred DNS server: 192.168.1.2


DC2 (Domain controller for another domain tree in the same forest)
IP: 192.168.1.3
SM: 255.255.255.0
Preferred DNS server: 192.168.1.3
Secondary DNS server: 192.168.1.2

When I try to force replication using replmon command line tool I get the following messages:



I know 99.9% it's a DNS problem. But why this happens. Both have an AD integrated zone that's replicated to all DNS servers in the entire forest.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Have you tried running dcdiag? I have also used sonar or ultrasound from MS in the past as well.

 

Ok, I have used domain controller diagnostic tool and as I guessed it's a DNS problem (**** DNS ). I still have no idea how to fix it.


No problems on DC1 but DC2 cannot locate DC1.

 

No, DC2 cannot ping DC1 by FQDN.

 

Does DC2 have a secondary or stub zone or forwarder in DNS pointing to the DC1 domain

 

First of all, from DC2
c:\> ping 192.168.1.2 (IP address of DC1)
This works fine and that means that connectivity between DCs are fine
c:\> ping DC1.testlab.com
This does not work
So obviously it's a DNS problem. I don't know why would I configure a secondary or stub zone on DC2. It's DNS configuration is as follows:
Preferred DNS server: 192.168.1.3
Secondary DNS server: 192.168.1.2

So if the first DNS server (itself) is failed to resolve the name, it'll try to contact the other DNS server which is authoritative for that zone. Anyway, I tried to make a secondary zone on DC2. On DC1, allow zone transfers to the IP address of DC2. But it did not work. I tried to reload the secondary zone, force zone transfer, restart DC2 but all this did not work.

 

Ok so from DC2 can you open a command prompt and do the following:

nslookup {ENTER}
server 192.168.1.2 {ENTER}
DC1.testlab.com {ENTER}

What happens when you do that, does it resolve the name correctly or do you get an error?

 

Ok, that's what I have got

> server 192.168.1.2
DNS request timed out.
timeout was 2 seconds
Default server: [192.168.1.2]
Address: 192.168.1.2

> dc1.testlab.com
server: [192.168.1.2]
Address: 192.168.1.2

DNS request timed out.
timeout was 2 seconds

Name: dc1.testlab.com
Address: 192.168.1.2

Obviously, it did not work too.

One important thing I noticed about nslookup. When I try to run nslookup on DC1.
nslookup [Enter]
DNS request timed out.
timeout was 2 seconds

***cannot find server name for address 192.168.1.2: Timed out
Default Server: Unknown
Address: 192.168.1.2

I tried to re-register SRV records for that DC by restarting the Netlogon services but it did not work

on DC2 it works fine
nslookup [Enter]
Default server: localhost
Address: 127.0.0.1

 

I did and ping with FQDN worked (of course it'll work after adding it by hand ). I restarted DC2 but replication doesn't work too. The difference is that now in replication monitor I can connect to DC1 (which was impossible before). Here is what I get when I try to force replication

 

DC1 is the forest root domain, DC2 is the tree root for a domain called newtree.com
Fully Qualified Domain Name for DC2 is dc2.newtree.com
Fully Qualified Domain Name for DC1 is dc1.testlab.com

 

Yes, but no need to configure a trust manually. It's a trust between to tree domains in the same forest. A transative automatic trust. Anyway, I checked it. But again there is a problem contacting testlab.com domain. Because there is a DNS problem. Replication and trusts depend on DNS.

Adding a record for DC1 to the hosts file won't help a lot because DC1 registers its DNS records which are used in replicatioin...etc