Hi Dave,
I did some research and found the document which contains how to
troublshoot the replication errors. Just check with event viewer for the
error number on PDC and look in to the document for the solution. Hope it
would help you to solve your issue.
Note: I have listed all the replication errors for your information:
Troubleshooting replicationWhat problem are you having?
Monitoring replication.
=====================
Cause: You should monitor replication regularly to help you identify and
fix problems before they grow.
Solution: Regular monitoring is the key to good replication maintenance.
Repadmin.exe and dcdiag.exe (both part of the Windows Support Tools
Windows Support Tools
Tools that administrators, developers, or support personnel can use to
diagnose and troubleshoot operating system configuration problems. Although
Windows Support Tools are included on the operating system CD, they are not
guaranteed or supported by Microsoft, and they must be installed separately
from the operating system.) and the directory service event log (accessible
through the Event Viewer Event Viewer
A component you can use to view and manage event logs, gather information
about hardware and software problems, and monitor security events. Event
Viewer maintains logs about program, security, and system events.) are the
primary tools for monitoring replication.
Repadmin is a command-line tool that report failures on a replication link
between two replication partners. The following repadmin example displays
the replication partners and any replication link failures for Server1 on
the microsoft.com domain:
repadmin /showreps server1.microsoft.com
For a complete list of repadmin options, use the ? option:
repadmin /?
Dcdiag is a command-line tool that can check the DNS registration of a
domain controller, check to see that the security descriptors (SIDs) on the
naming context heads have appropriate permissions for replication, analyze
the state of domain controllers in a forest or enterprise, and more. The
following dcdiag example checks for any replication errors between domain
controllers:
dcdiag /test:replications
For a complete list of dcdiag options, use the ? option:
dcdiag /?
The directory service log reports replication errors that occur after a
replication link has been established. For information about viewing the
directory service log, see To view an event log.
Large enterprises may also want to use the Microsoft Operations Manager for
automated monitoring of large numbers of domain controllers. For more
information, see Microsoft Operations Manager.
For more information about monitoring, see "Monitoring Active Directory" at
the Microsoft Windows Resource Kits Web site.
See also: Event viewer; Support tools on the Windows CD; Technical support
options
Replication between sites is slow.
==================================
Cause: The time required to replicate directory data between domain
controllers is known as the replication latency
replication latency
In Active Directory replication, the delay between the time an update is
applied to a given replica of a directory partition and the time it is
applied to some other replica of the same directory partition. A server
receives changes no sooner than either it is notified of a change from its
neighbor in the same site or its periodic replication timer expires.
Sometimes referred to as propagation delay.. Replication latency can vary
greatly, depending on the number of domain controllers, the number of
sites, the available bandwidth between sites, replication frequency, and
more.
Solution:
Monitoring replication regularly is a good way to determine the normal
replication latency on your network. With this knowledge, you can more
easily determine if a problem is occurring. For more information, see the
"Monitoring Replication" troubleshooting topic above.
Review the directory service log for any recent replication errors. Also,
run repadmin /showreps and review any resulting errors.
A good site topology design is important for replication efficiency. For
information about site topology design guidelines, see When to establish
single or separate sites and "Designing the Site Topology" at the Microsoft
Windows Resource Kits Web site.
A number of algorithm enhancements have been made to replication in the
Windows Server 2003 operating systems to improve replication efficiency and
scalability. Some of these enhancements take effect in a forest set to
Windows 2000 functional level, while others require the Windows Server 2003
functional level. You will gain the greatest improvement from these
enhancements by upgrading your forest to Windows Server 2003 functional
level. Adlb.exe, a Windows Resource Kits tool for the Windows Server 2003
family, can help improve replication efficiency in forests set to the
Windows Server 2003 functional level even further. For more information
about Adlb, see the Microsoft Windows Resource Kits Web site. For more
information about forest functionality, see Domain and forest
functionality.
See also: Replication overview; Replication between sites; Managing
replication; Bandwidth; Checklist: Optimizing intersite replication
Received Event ID 1311 in the directory service log.
==============================================
Cause: The replication configuration information in Active Directory Sites
and Services does not accurately reflect the physical topology of the
network.
Common causes of Event ID 1311 include:
One or more domain controllers are offline.
Bridgehead servers are online but experiencing errors replicating a
required naming context between Active Directory sites.
Preferred bridgehead servers defined by administrators are online but do
not host the required naming contexts.
One or more sites are not contained in site links.
Site links contain all sites but the site links are not all site links are
interconnected.
Preferred bridgeheads defined by the administrator are offline.
Solution: To resolve an error in the configuration of replication:
Make sure all sites belong to at least one site link. For more information,
see To add a site to a site link.
Make sure that the combination of site links you have created allows a path
between all domain controllers containing a replica of a given directory
partition directory partition
A contiguous subtree of Active Directory that is replicated as a unit to
other domain controllers in the forest that contain a replica of the same
subtree. In Active Directory, a single domain controller always holds at
least three directory partitions: schema (class and attribute definitions
for the directory), configuration (replication topology and related
metadata), and domain (subtree that contains the per-domain objects for one
domain). Domain controllers running Windows Server 2003 can also store one
or more application directory partitions.. For example, if a directory
partition is held by domain controllers in both Site A and Site C, make
sure that Site A and Site C belong to a common site link, or that an
intermediary site exists that has at least one site link in common with
Site A and at least one site link in common with Site B.
Make sure that you have cleared the Bridge all site links check box in
Active Directory Sites and Services if your network is not fully routed.
Or, if your network is fully routed and you have cleared the Bridge all
site links check box, you may need to select it again to allow full
replication of a directory partition. For more information, see To enable
or disable site link bridges.
If you have manually assigned preferred bridgehead servers bridgehead
servers
In Active Directory replication, a single server in a site that is
designated to perform site-to-site replication for a specific domain and
transport.
In a messaging system, a server that receives and forwards e-mail traffic
at each end of a connection agreement, similar to the task a gateway
performs.
, make sure these servers are not offline. (It is generally recommended
that you allow Active Directory to select bridgehead servers
automatically.)
Use Ping.exe and Network Monitor to verify connectivity through WAN links
and across routers. For more information about Network Monitor, see Network
Monitor overview.
You can also search the Microsoft Knowledge Base for new and updated
information about Event ID 1311.
See also: To create a site link; To add a site to a site link; To enable
or disable site link bridges; Support tools on the Windows CD
Received Event ID 1265 with error "DNS Lookup Failure," or "RPC server is
unavailable" in the directory service log. Or, received "DNS Lookup
Failure" or "Target
============================================================================
================================================================account
name is incorrect" from the repadmin command.
===================================================
Cause: These messages are often the result of DNS problems. Active
Directory replication depends on the following:
Each domain controller in the forest must register its CNAME record for the
name DsaGuid._msdcs.ForestName. DsaGuid is the GUID of the NTDS Settings
object of the domain controller (visible in Active Directory Sites and
Services as the DNS alias property of the server object's NTDS settings).
This record usually belongs to the _msdcs.ForestName zone or, if that zone
does not exist, the ForestName zone.
Each advertising domain controller in the forest must register its A record
in the appropriate zone for each domain in the forest.
The A record must map to the current IP address of the respective domain
controller.
The records must have replicated to the DNS servers used by direct
replication partners.
Each DNS zone must have the proper delegations to the child zones.
The IP configuration of the domain controllers must contain correct
preferred and alternate DNS servers.
DNS errors that are reported by the directory service log or by repadmin
/showreps mean that the destination domain controller could not resolve the
GUID-based DNS name of its source replication partner.
Solution:
Verify CNAME and A records. At a command prompt, type the following:
dcdiag /test:connectivity
If the CNAME and A records are missing, restart netlogon. At a command
prompt, type the following:
net start netlogon
Again, verify CNAME and A records, by repeating step 1.
If the records are still missing, verify IP configuration. Verify that the
preferred and alternate DNS servers specified in the IP configuration of
the source and destination domain controllers are correct.
If the client is configured correctly, verify that the zone is dynamic. At
a command prompt, type the following:
dcdiag /test:registerindns /dnsdomain
To verify that name resolution is the cause of the problem, ping the
GUID-based name of the domain controller where replication failed. If it
works, the next replication cycle should not return this error.
If the ping fails, further DNS troubleshooting is required. For more
information, see "DNS Troubleshooting" at the Microsoft Windows Resource
Kits Web site.
See also: Nslookup; Ping; DNS troubleshooting; Support tools on the
Windows CD
Received Event ID 1265 "Access denied," in directory service log. Or,
received "Access denied" from the repadmin command.
============================================================================
==================================
Cause: This error can occur if the local domain controller failed to
authenticate against its replication partner when creating the replication
link or when trying to replicate over an existing link. This typically
happens when the domain controller has been disconnected from the rest of
the network for a long time and its computer account password is not
synchronized with its computer account password stored in the directory of
its replication partner.
Solution:
Stop the Key Distribution Center (KDC) Key Distribution Center (KDC)
A network service that supplies session tickets and temporary session keys
used in the Kerberos V5 authentication protocol.service using net stop KDC.
Purge the ticket cache on the local domain controller.
Reset the domain controller's account password on the primary domain
controller (PDC) emulator master primary domain controller (PDC) emulator
master
A domain controller that holds the PDC emulator operations master role in
Active Directory. The PDC emulator services network clients that do not
have Active Directory client software installed, and it replicates
directory changes to any Windows NT backup domain controllers (BDCs) in the
domain.
The PDC emulator handles password authentication requests involving
passwords that have recently changed and not yet been replicated throughout
the domain. At any time, the PDC emulator master role can be assigned to
only one domain controller in each domain.
using netdom /resetpwd. (Netdom.exe is available in Windows Support Tools).
Synchronize the domain directory partition of the replication partner with
the PDC emulator master
Manually force replication between the replication partner and the PDC
emulator master.
Start the Knowledge Consistency Checker (KCC) Knowledge Consistency Checker
(KCC)
A built-in process that runs on all domain controllers and generates the
replication topology for the Active Directory forest. At specified
intervals, the KCC reviews and makes modifications to the replication
topology to ensure propagation of data either directly or transitively.on
the local domain controller:
net start KDC
See also: User and computer accounts; Net start; Support tools on the
Windows CD
Received "Access denied" from Active Directory Sites and Services when
manual replication was attempted.
============================================================================
===============
Cause: Using Active Directory Sites and Services to force replication
initiates replication on all common directory partitions between the
replication partners. However, a user can only force manual replication for
containers on which they have been assigned the Replication Synchronization
permission. The replication of other directory partitions will fail,
causing the "Access Denied" error.
Solution: The repadmin or replmon command-line tools from Windows Support
Tools can be used to manually force the replication of a specific directory
partition.
Replication synchronization is a special permission. For more information
about special permissions, see To set, view, change, or remove special
permissions and Active Directory object permissions.
See also: Support tools on the Windows CD; To force replication over a
connection; Active Directory support tools
Unable to connect to a domain controller running Windows 2000 from the
Active Directory Sites and Services snap-in.
============================================================================
========================
Cause: You are trying to connect to a domain controller running Windows
2000 that does not have Service Pack 3 or later installed.
Solution: Upgrade domain controllers running Windows 2000 to Service Pack
3 or later.
See also: Connecting to domain controllers running Windows 2000; Managing
Active Directory from MMC
Search for new and updated information about replication. Or, your question
does not match any of those listed above.
============================================================================
======================
Cause: New and updated information is regularly published on the Microsoft
Web site.
Solution: Visit the following links for the latest information:
Microsoft Active Directory Web site
Find the latest information on operations, deployment, and troubleshooting.
Searching the Knowledge Base
Search the Microsoft Knowledge Base of technical support information and
self-help tools for Microsoft products.
Product Support Services
Search FAQs by product, browse the product support newsgroups, and contact
Microsoft Support.
Windows Server 2003 Resource Kit
View the Windows Server 2003 Resource Kit online.
Microsoft TechNet
Search for troubleshooting information, service packs, patches, and
downloads for your system.
Windows Server Community
The official online community for enthusiasts of the Windows server
operating systems.
See also: Technical support options; Support tools on the Windows CD;
Windows Deployment and Resource Kits
For more information go to
http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise
/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/en
terprise/proddocs/en-us/sag_ADsite_trouble_1.asp
Thanks,
(e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
