Error: The destination server is currently rejecting replication requests
The other day I noticed that my Windows Server 2012 Datacenter was not accepting replication requests. In fact, it was rejecting both inbound and outbound replication. The way I discovered the problem was that I was unable to connect to a couple of Windows Server 8 Enterprise computers that I just added to the network in Remote Desktop Connection Manager v2.2. I was getting the DNS error. I first tried to flush the DNS cache (IPconfig /flushdns) at the command prompt and then tried a few other things. When I looked at one Domain Controller (DC) it had the DNS records of the new computers but the other one didn’t. The DNS servers on both these DCs were Active Directory-integrated. I tried to manually force the replication and discovered that Windows Server 2012 wasn’t accepting replication. This is where I started to troubleshoot the replication problem.
Troubleshooting
I ran DCDIAG on the problem DC using the following switches.
/v: Verbose – Print extended information
/c: Comprehensive, runs all tests, including non-default tests but excluding DcPromo and RegisterInDNS.
/s: Use <Directory Server> as Home Server. Ignored for DcPromo and RegisterInDns tests which can only be run locally.
I piped all the results into a text file because it is easy to read the results in a text file that I can also print out. Here’s the syntax I used.
dcdiag /v /c /s:[Directory Server] > c:\temp\dcdiag_2012_12_24.txt
where Directory Server is the name of the server that is having problems. For example:
dcdiag /v /c /s:MyDC1 > c:\temp\dcdiag_2012_12_24.txt
Evaluating the Results
To evaluate the results, first I skimmed through the results looking for any obvious errors. Then I did a search for the word “failed” to narrow down my search and focus on specific failures. I discovered several things. First of all MyDC1 had failed the Advertising test.
Testing server: Default-First-Site-Name\MyDC1
Starting test: Advertising
Warning: DsGetDcName returned information for \\MyDC2.contoso.com,
when we were trying to reach MyDC1.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
……………………. MyDC1 failed test Advertising
In addition, the DC also failed the Replications test. This was not a surprise because I knew that the DC is rejecting requests for replication. I just didn’t know why.
Starting test: Replications
* Replications Check
[Replications Check,Replications Check] Inbound replication is disabled.To correct, run “repadmin /options WS12DC1 -DISABLE_INBOUND_REPL”
[Replications Check,MyDC1] Outbound replication is disabled.
To correct, run “repadmin /options MyDC1 -DISABLE_OUTBOUND_REPL”
……………………. MyDC1 failed test Replications
As the results report clearly showed me both inbound replication and outbound replication were disabled. The report also suggested that I needed to run the RepAdmin command to enable them.
The third thing I noticed was that the time service on the DC has stopped and the NetLogon service was paused.
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
w32time Service is stopped on [MyDC1]* Checking Service: NETLOGON
NETLOGON Service is paused on [MyDC1]……………………. MyDC1 failed test Services
The NetLogon service is a crucial service. Not only it verifies NTLM logon requests, it also registers, authenticates, and locates domain controllers. Windows Time service is also important because it maintains date and time synchronization on all clients and servers in the network.
Solution: Enable Inbound & Outbound Replication
I followed the instructions in the DCDIAG report and ran the following command at the command prompt.
C:\Windows\system32>repadmin /options MyDC1 -DISABLE_INBOUND_REPL
Current DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
New DSA Options: IS_GC DISABLE_OUTBOUND_REPL
Notice the current DSA Options after I ran the command. Both inbound and outbound replications were disabled. After I ran this command now only the outbound replication is disabled, which means the inbound replication is now enabled. I then ran the second command to enable the outbound replication.
C:\Windows\system32>repadmin /options MyDC1 -DISABLE_OUTBOUND_REPL
Current DSA Options: IS_GC DISABLE_OUTBOUND_REPL
New DSA Options: IS_GC
Now both the inbound replication and the outbound replication are enabled.
Solution: Start Netlogon and Windows Time Service
I enabled the Netlogon and Windows Time service in services console (services.msc). At this point I went to Active Directory Sites & Services console and manually replicated from MyDC2 to MyDC1 and it successfully replicated all the objects. I ran the DCDIAG report once again to verify that there were no errors and everything looked fine.
Additional Resources
- I found this article that has some useful information: Troubleshooting AD Replication error 8456 or 8457: “The source | destination server is currently rejecting replication requests.
- There are some other utilities like DNSLint that can be useful in troubleshooting DNS name resolution issues. You can download DNSLint here.
Copyright ©2012 Zubair Alexander. All rights reserved.
Very helpful link for replication solution. Thanks.
This worked great. Thanks!