The replication generated an error 1256

Active Directory replication error 1256: The remote system is not available

This article describes the symptoms, cause, and resolution steps for cases when Active Directory replication fails with error 1256: The remote system is not available.

Applies to: В Windows Server 2012 R2
Original KB number: В 2200187

Symptoms

The DCDIAG reports that the Active Directory Replications test has failed with error 1256: The remote system is not available.

Starting test: Replications
[Replications Check, ] A recent replication attempt failed:
From to
Naming Context:
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at
The last success occurred at

REPADMIN.EXE reports that a replication attempt has failed with status 1256. REPADMIN commands that commonly cite the 1256 status include but are not limited to:

• REPADMIN /REPLSUM
• REPADMIN /SHOWREPS
• REPADMIN /SHOWREPL
• REPADMIN /FAILCACHE

Sample output from REPADMIN /SHOWREPS depicting inbound replication from LonEMEADC to LonContosoDC failing with The remote system is not available error is shown below:

Repadmin: running command /showrepl against full DC localhost
LondonLONCONTOSODC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: a29bbfda-8425-4cb9-9c66-8e07d505a5c6
DSA invocationID: d58a6322-6a28-4708-82d3-53b7dcc13c1a

==== INBOUND NEIGHBORS ======================================

DC=ForestDnsZones,DC=Contoso,DC=com
LondonLONEMEADC via RPC
DSA object GUID: cd691606-63d1-4cc8-b77a-055674ba569d
Last attempt @ 2010-06-10 17:35:46 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
consecutive failure(s).
Last success @ .

NTDS KCC, NTDS Replication, or ActiveDirectory_DomainService events with the 1256 status are logged in the directory service event log.

Event 1085 is only logged if the NTDS Diagnostics value 5 Replication Events has been set to a value of 1 or higher.

Cause

Replication status 1256 is logged for the following reason:

When the destination DC fails to bind to the source DC using RPC a win32 error code in the Repsfrom status for that partition — usually Schema or Configuration since these partitions are replicated at a higher priority. After an RPC bind failure has occurred, a cleanup routine will run to clear the destination DCs queue from that same source DC. This is done to avoid wasting time attempting to replicate with a DC that it can’t connect to. Since it hasn’t attempted a sync for the partitions that have been cleared from the queue, a status 1256 is logged. In a scenario where destination DC replicates Schema, Configuration, and several GC non-writable partitions from the source DC, the win32 error status for the Schema and Configuration partitions that caused the RPC bind failure is logged. The destination DC will then cancel the pending replication tasks for the remaining partitions and log win32 error 1256 for the status.

In summary: 1256 is logged as the replication status per partition as a result of the destination DC cancelling the sync request from the source DC due to a connectivity failure previously encountered.

Resolution

The win32 error 1256 should not be the focus of troubleshooting efforts, instead find the replication status that led to the RPC bind failure and then follow the corresponding Troubleshooting Active Directory operations that fail with error. article.

In order to determine the actual win32 error to troubleshoot, use one of the following methods:

View repadmin /showreps or /showrepl output on the destination DC

1. Identify Source DC in the output and list all win32 status messages per partition
2. The win32 status that is listed that is not a 1256 should be the focus of troubleshooting efforts

Use repadmin /showrepl * /csv output:

1. Filter column K, Last Failure Status: Deselect and (Blanks)
2. Filter column C, Destination DSA: Deselect (Select All) and select just the DC where the 1256 status is logged.
3. If 1256 is logged on more than one Source DC, Filter column F, Source DSA: Deselect (Select All) and Select just one DC to narrow the focus.
4. Column K, Last Failure Status will list the 1256’s along with the real win32 error that led to the RPC bind failure.

In the following example, win32 error 1722 is logged for the Configuration and Schema partitions and should be the focus of troubleshooting.

Initiate a manual replication sync between source and destination DCs using repadmin.

Repadmin /replicate DestinationDC SourceDC (This will require /readonly switch for GC partition or /selsecrets switch if destination is an RODC)

repadmin /replicate loncontosodc lonemeadc.emea.contoso.com dc=forestdnszones,dc=contoso,dc=com

DsReplicaSync() failed with status 1722 (0x6ba):

The RPC server is unavailable.

Take note that after manually initiating replication for the partition that the status has changed from 1256 to 1722:

More information

The following articles contain the troubleshooting procedures for errors typically logged with win32 error 1256:

Источник

Ad replication error 1256

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

For the past 3 days I am getting the below error while checking the AD replication. our present setup is

RDC and ADC was available in the same site. and DR ADC was configured in remote site. we have P2P link connectivity for OUR AD and Exchange 2010 DAG Replication. Kindly help me to solve this issue.

C:>repadmin /replsummary
Replication Summary Start Time: 2015-01-05 18:39:15

Beginning data collection for replication summary, this may take awhile:
.

Source DSA largest delta fails/total %% error
DRADC 02m:39s 0 / 5 0
RDC 02d.02h:03m:27s 5 / 10 50 (1256) The remote system is
not available. For information about network troubleshooting, see Windows Help.
ADC 17m:39s 0 / 10 0

Destination DSA largest delta fails/total %% error
DRADC 02d.02h:03m:18s 5 / 10 50 (1256) The remote system is
not available. For information about network troubleshooting, see Windows Help.
RDC 17m:31s 0 / 10 0
ADC 04m:49s 0 / 5 0

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-NameADC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5ddb9663-7c5b-4f2e-97b9-82a29e2c5955
DSA invocationID: 8d939f8e-fe0a-4bce-b260-e546e41e86d4

DC=ifmr,DC=co,DC=in
Default-First-Site-NameRDC via RPC
DSA object GUID: 4988b352-e60b-4425-aac2-dd903d85eb2a
Last attempt @ 2015-01-05 18:34:30 was successful.

CN=Configuration,DC=ifmr,DC=co,DC=in
Default-First-Site-NameRDC via RPC
DSA object GUID: 4988b352-e60b-4425-aac2-dd903d85eb2a
Last attempt @ 2015-01-05 18:39:22 was successful.

CN=Schema,CN=Configuration,DC=ifmr,DC=co,DC=in
Default-First-Site-NameRDC via RPC
DSA object GUID: 4988b352-e60b-4425-aac2-dd903d85eb2a
Last attempt @ 2015-01-05 18:34:26 was successful.

DC=DomainDnsZones,DC=ifmr,DC=co,DC=in
Default-First-Site-NameRDC via RPC
DSA object GUID: 4988b352-e60b-4425-aac2-dd903d85eb2a
Last attempt @ 2015-01-05 18:54:39 was successful.

DC=ForestDnsZones,DC=ifmr,DC=co,DC=in
Default-First-Site-NameRDC via RPC
DSA object GUID: 4988b352-e60b-4425-aac2-dd903d85eb2a
Last attempt @ 2015-01-05 18:40:04 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.

Источник

Ad replication error 1256

Directory Server Diagnosis

Performing initial setup:

Trying to find home server.

* Verifying that the local machine ad2, is a Directory Server.
Home Server = ad2

* Connecting to directory service on server ad2.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings).
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa).
The previous call succeeded.
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ADCENTER2,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=AD3,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=AD1,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 5 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: KNETAD2

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
. AD2 passed test Connectivity

Doing primary tests

Testing server: KNETAD2

Starting test: Advertising

The DC AD2 is advertising itself as a DC and having a DS.
The DC AD2 is advertising as an LDAP server
The DC AD2 is advertising as having a writeable directory
The DC AD2 is advertising as a Key Distribution Center
The DC AD2 is advertising as a time server
The DS AD2 is advertising as a GC.
. AD2 passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
Skip the test because the server is running DFSR.

. AD2 passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
A warning event occurred. EventID: 0x80001396

Time Generated: 12/22/2011 05:33:01

The DFS Replication service is stopping communication with partner AD1 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

Error: 9036 (Paused for backup or restore)

Connection ID: FD09BD11-0FEB-4DE5-BAA4-D35CC142E8BC

Replication Group ID: 8915E725-1A88-46C1-88A0-5CBAACE17F26

A warning event occurred. EventID: 0x80001396

Time Generated: 12/22/2011 07:12:20

The DFS Replication service is stopping communication with partner AD1 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

Error: 1723 (The RPC server is too busy to complete this operation.)

Connection ID: FD09BD11-0FEB-4DE5-BAA4-D35CC142E8BC

Replication Group ID: 8915E725-1A88-46C1-88A0-5CBAACE17F26

An error event occurred. EventID: 0xC000138A

Time Generated: 12/22/2011 07:13:12

The DFS Replication service encountered an error communicating with partner AD1 for replication group Domain System Volume.

Partner DNS address: AD1.knet.fitnessonrequest.com

Optional data if available:

Partner WINS Address: AD1

Partner IP Address: 2002:4a05:d565:8000:0:5efe:10.50.50.151

The service will retry the connection periodically.

Error: 1726 (The remote procedure call failed.)

Connection ID: FD09BD11-0FEB-4DE5-BAA4-D35CC142E8BC

Replication Group ID: 8915E725-1A88-46C1-88A0-5CBAACE17F26

. AD2 failed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service’s SYSVOL is ready
. AD2 passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
A warning event occurred. EventID: 0x8000061E

Time Generated: 12/23/2011 02:34:24

All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.

An error event occurred. EventID: 0xC000051F

Time Generated: 12/23/2011 02:34:24

The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.

Perform one of the following actions:

— Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.

— Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.

If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.

A warning event occurred. EventID: 0x80000749

Time Generated: 12/23/2011 02:34:24

The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

A warning event occurred. EventID: 0x8000061E

Time Generated: 12/23/2011 02:34:24

All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.

An error event occurred. EventID: 0xC000051F

Time Generated: 12/23/2011 02:34:24

The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.

Perform one of the following actions:

— Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.

— Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.

If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.

A warning event occurred. EventID: 0x80000749

Time Generated: 12/23/2011 02:34:24

The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

A warning event occurred. EventID: 0x8000061E

Time Generated: 12/23/2011 02:34:24

All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.

An error event occurred. EventID: 0xC000051F

Time Generated: 12/23/2011 02:34:24

The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.

Perform one of the following actions:

— Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.

— Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.

If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.

A warning event occurred. EventID: 0x80000749

Time Generated: 12/23/2011 02:34:24

The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

. AD2 failed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
Role Domain Owner = CN=NTDS Settings,CN=ADCENTER1,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
Role PDC Owner = CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
Role Rid Owner = CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com
. AD2 passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC AD2 on DC AD2.
* SPN found :LDAP/ad2.knet.fitnessonrequest.com/knet.fitnessonrequest.com
* SPN found :LDAP/ad2.knet.fitnessonrequest.com
* SPN found :LDAP/AD2
* SPN found :LDAP/ad2.knet.fitnessonrequest.com/KNET
* SPN found :LDAP/eeb6cb3a-7f4d-4ad3-a32f-9a921cc2d771._msdcs.fitnessonrequest.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/eeb6cb3a-7f4d-4ad3-a32f-9a921cc2d771/knet.fitnessonrequest.com
* SPN found :HOST/ad2.knet.fitnessonrequest.com/knet.fitnessonrequest.com
* SPN found :HOST/ad2.knet.fitnessonrequest.com
* SPN found :HOST/AD2
* SPN found :HOST/ad2.knet.fitnessonrequest.com/KNET
* SPN found :GC/ad2.knet.fitnessonrequest.com/fitnessonrequest.com
. AD2 passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC’s on DC AD2.
* Security Permissions Check for

DC=DomainDnsZones,DC=knet,DC=fitnessonrequest,DC=com
(NDNC,Version 3)
* Security Permissions Check for

DC=knet,DC=fitnessonrequest,DC=com
(Domain,Version 3)
* Security Permissions Check for

DC=ForestDnsZones,DC=fitnessonrequest,DC=com
(NDNC,Version 3)
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=fitnessonrequest,DC=com
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=fitnessonrequest,DC=com
(Configuration,Version 3)
* Security Permissions Check for

DC=fitnessonrequest,DC=com
(Domain,Version 3)
. AD2 passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \AD2netlogon
Verified share \AD2sysvol
. AD2 passed test NetLogons

Starting test: ObjectsReplicated

AD2 is in domain DC=knet,DC=fitnessonrequest,DC=com
Checking for CN=AD2,OU=Domain Controllers,DC=knet,DC=fitnessonrequest,DC=com in domain DC=knet,DC=fitnessonrequest,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=AD2,CN=Servers,CN=KNET,CN=Sites,CN=Configuration,DC=fitnessonrequest,DC=com in domain CN=Configuration,DC=fitnessonrequest,DC=com on 1 servers
Object is up-to-date on all servers.
. AD2 passed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
[Replications Check,AD2] A recent replication attempt failed:

From ADCENTER1 to AD2

Naming Context: DC=ForestDnsZones,DC=fitnessonrequest,DC=com

The replication generated an error (1256):

The remote system is not available. For information about network troubleshooting, see Windows Help.

The failure occurred at 2011-12-23 02:44:45.

The last success occurred at 2011-12-13 09:33:43.

945 failures have occurred since the last success.

[Replications Check,AD2] A recent replication attempt failed:

From ADCENTER1 to AD2

The replication generated an error (1722):

The RPC server is unavailable.

The failure occurred at 2011-12-23 02:45:06.

The last success occurred at 2011-12-13 09:33:43.

945 failures have occurred since the last success.

The source ADCENTER1 is responding now.

[Replications Check,AD2] A recent replication attempt failed:

From ADCENTER1 to AD2

Naming Context: CN=Configuration,DC=fitnessonrequest,DC=com

The replication generated an error (1722):

The RPC server is unavailable.

The failure occurred at 2011-12-23 02:44:45.

The last success occurred at 2011-12-13 09:33:43.

948 failures have occurred since the last success.

The source ADCENTER1 is responding now.

[Replications Check,AD2] A recent replication attempt failed:

From ADCENTER1 to AD2

Naming Context: DC=fitnessonrequest,DC=com

The replication generated an error (1256):

The remote system is not available. For information about network troubleshooting, see Windows Help.

The failure occurred at 2011-12-23 02:44:45.

The last success occurred at 2011-12-13 09:33:43.

945 failures have occurred since the last success.

. AD2 failed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 3100 to 1073741823
* ad2.knet.fitnessonrequest.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1600 to 2099
* rIDPreviousAllocationPool is 1600 to 2099
* rIDNextRID: 1631
. AD2 passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
. AD2 passed test Services

Starting test: SystemLog

* The System Event log test
Found no errors in «System» Event log in the last 60 minutes.
. AD2 passed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=AD2,OU=Domain Controllers,DC=knet,DC=fitnessonrequest,DC=com and

are correct.
The system object reference (serverReferenceBL)

CN=AD2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=knet,DC=fitnessonrequest,DC=com

and backlink on

are correct.
The system object reference (msDFSR-ComputerReferenceBL)

CN=AD2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=knet,DC=fitnessonrequest,DC=com

and backlink on

CN=AD2,OU=Domain Controllers,DC=knet,DC=fitnessonrequest,DC=com are

correct.
. AD2 passed test VerifyReferences

Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS

Test omitted by user request: DNS

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

. DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

. DomainDnsZones passed test

Running partition tests on : knet

Starting test: CheckSDRefDom

. knet passed test CheckSDRefDom

Starting test: CrossRefValidation

. knet passed test CrossRefValidation

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

. ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

. ForestDnsZones passed test

Running partition tests on : Schema

Starting test: CheckSDRefDom

. Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

. Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

. Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

. Configuration passed test CrossRefValidation

Running enterprise tests on : fitnessonrequest.com

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \ad2.knet.fitnessonrequest.com

Locator Flags: 0xe00031fd
PDC Name: \ad2.knet.fitnessonrequest.com
Locator Flags: 0xe00031fd
Time Server Name: \ad2.knet.fitnessonrequest.com
Locator Flags: 0xe00031fd
Preferred Time Server Name: \ad2.knet.fitnessonrequest.com
Locator Flags: 0xe00031fd
KDC Name: \ad2.knet.fitnessonrequest.com
Locator Flags: 0xe00031fd
. fitnessonrequest.com passed test

Starting test: Intersite

Skipping site FOR, this site is outside the scope provided by the

command line arguments provided.
Skipping site KNET, this site is outside the scope provided by the

command line arguments provided.
. fitnessonrequest.com passed test Intersite

and for NETDIAG that is showing netdiag is not recognize

Источник

Hi,

We have one DC and ADC which is running on the same premises.  Few days back the ADC got power failure and after that long it thrown an error of some services are not started.  We checked the event viewer to find out the service failed but not
found the same.  In Services all the services are in started mode.  Restarted server serval time.  Still the replication not happening with DC.  If any one can help me out to find out the real issue will very helpful.

Pasting Below dciag and showrepl results ,

repadmin running command /showrepl against server localhost

Default-First-Site-NameBACKUPDC

DC Options: (none)

Site Options: (none)

DC object GUID: bcbf105f-e755-4c24-b846-01d447834480

DC invocationID: da4dec2a-3c22-4b5f-8f36-586ee3969ea2

==== INBOUND NEIGHBORS ======================================

DC=bannaridc,DC=com

    Default-First-Site-NameDC via RPC

        DC object GUID: 2a328743-72f5-48c7-b932-cbe8f957a580

        Last attempt @ 2014-06-30 12:28:05 failed, result 5 (0x5):

            Access is denied.

        1479 consecutive failure(s).

        Last success @ 2014-05-12 09:42:25.

CN=Configuration,DC=bannaridc,DC=com

    Default-First-Site-NameDC via RPC

        DC object GUID: 2a328743-72f5-48c7-b932-cbe8f957a580

        Last attempt @ 2014-06-30 12:28:06 failed, result 5 (0x5):

            Access is denied.

        1182 consecutive failure(s).

        Last success @ 2014-05-12 09:23:26.

CN=Schema,CN=Configuration,DC=bannaridc,DC=com

    Default-First-Site-NameDC via RPC

        DC object GUID: 2a328743-72f5-48c7-b932-cbe8f957a580

        Last attempt @ 2014-06-30 12:28:06 failed, result 5 (0x5):

            Access is denied.

        1182 consecutive failure(s).

        Last success @ 2014-05-12 09:23:26.

DC=DomainDnsZones,DC=bannaridc,DC=com

    Default-First-Site-NameDC via RPC

        DC object GUID: 2a328743-72f5-48c7-b932-cbe8f957a580

        Last attempt @ 2014-06-30 12:28:05 failed, result 1256 (0x4e8):

            The remote system is not available. For information about network troubleshooting, see Windows Help.

        1182 consecutive failure(s).

        Last success @ 2014-05-12 09:33:40.

DC=ForestDnsZones,DC=bannaridc,DC=com

    Default-First-Site-NameDC via RPC

        DC object GUID: 2a328743-72f5-48c7-b932-cbe8f957a580

        Last attempt @ 2014-06-30 12:28:05 failed, result 1256 (0x4e8):

            The remote system is not available. For information about network troubleshooting, see Windows Help.

        1182 consecutive failure(s).

        Last success @ 2014-05-12 09:23:27.

Source: Default-First-Site-NameDC

******* 1479 CONSECUTIVE FAILURES since 2014-05-12 09:42:25

Last error: 1256 (0x4e8):

            The remote system is not available. For information about network troubleshooting, see Windows Help.

Replication Summary Start Time: 2014-06-30 12:49:41

Beginning data collection for replication summary, this may take awhile:

  …..

Source DC           largest delta  fails/total  %%  error

 BACKUPDC          49d.03h:30m:38s    5 /   5  100  (2148074274) The target principal name is incorrect.

 DC                49d.03h:26m:15s    5 /   5  100  (5) Access is denied.

Destination DC    largest delta    fails/total  %%  error

 BACKUPDC          49d.03h:26m:16s    5 /   5  100  (5) Access is denied.

 DC                49d.03h:30m:39s    5 /   5  100  (2148074274) The target principal name is incorrect.

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   
   Testing server: Default-First-Site-NameBACKUPDC
      Starting test: Connectivity
         ……………………. BACKUPDC passed test Connectivity

Doing primary tests

   
   Testing server: Default-First-Site-NameBACKUPDC
      Starting test: Replications
         [Replications Check,BACKUPDC] A recent replication attempt failed:
            From DC to BACKUPDC
            Naming Context: DC=ForestDnsZones,DC=bannaridc,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2014-06-30 11:28:05.
            The last success occurred at 2014-05-12 09:23:27.
            1181 failures have occurred since the last success.
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source DC
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         [Replications Check,BACKUPDC] A recent replication attempt failed:
            From DC to BACKUPDC
            Naming Context: DC=DomainDnsZones,DC=bannaridc,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2014-06-30 11:28:05.
            The last success occurred at 2014-05-12 09:33:40.
            1181 failures have occurred since the last success.
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source DC
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         [Replications Check,BACKUPDC] A recent replication attempt failed:
            From DC to BACKUPDC
            Naming Context: CN=Schema,CN=Configuration,DC=bannaridc,DC=com
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2014-06-30 11:28:05.
            The last success occurred at 2014-05-12 09:23:26.
            1181 failures have occurred since the last success.
         [Replications Check,BACKUPDC] A recent replication attempt failed:
            From DC to BACKUPDC
            Naming Context: CN=Configuration,DC=bannaridc,DC=com
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2014-06-30 11:28:05.
            The last success occurred at 2014-05-12 09:23:26.
            1181 failures have occurred since the last success.
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source DC
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         [Replications Check,BACKUPDC] A recent replication attempt failed:
            From DC to BACKUPDC
            Naming Context: DC=bannaridc,DC=com
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2014-06-30 11:28:05.
            The last success occurred at 2014-05-12 09:42:25.
            1477 failures have occurred since the last success.
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source DC
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         REPLICATION-RECEIVED LATENCY WARNING
         BACKUPDC:  Current time is 2014-06-30 12:20:45.
            DC=ForestDnsZones,DC=bannaridc,DC=com
               Last replication recieved from DC at 2014-05-12 09:23:27.
            DC=DomainDnsZones,DC=bannaridc,DC=com
               Last replication recieved from DC at 2014-05-12 09:33:40.
            CN=Schema,CN=Configuration,DC=bannaridc,DC=com
               Last replication recieved from DC at 2014-05-12 09:23:26.
            CN=Configuration,DC=bannaridc,DC=com
               Last replication recieved from DC at 2014-05-12 09:23:26.
            DC=bannaridc,DC=com
               Last replication recieved from DC at 2014-05-12 09:42:25.
         ……………………. BACKUPDC passed test Replications
      Starting test: NCSecDesc
         ……………………. BACKUPDC passed test NCSecDesc
      Starting test: NetLogons
         ……………………. BACKUPDC passed test NetLogons
      Starting test: Advertising
         ……………………. BACKUPDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ……………………. BACKUPDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ……………………. BACKUPDC passed test RidManager
      Starting test: MachineAccount
         ……………………. BACKUPDC passed test MachineAccount
      Starting test: Services
         ……………………. BACKUPDC passed test Services
      Starting test: ObjectsReplicated
         ……………………. BACKUPDC passed test ObjectsReplicated
      Starting test: frssysvol
         ……………………. BACKUPDC passed test frssysvol
      Starting test: frsevent
         ……………………. BACKUPDC passed test frsevent
      Starting test: kccevent
         ……………………. BACKUPDC passed test kccevent
      Starting test: systemlog
         ……………………. BACKUPDC passed test systemlog
      Starting test: VerifyReferences
         ……………………. BACKUPDC passed test VerifyReferences

   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ……………………. ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ……………………. ForestDnsZones passed test CheckSDRefDom

   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ……………………. DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ……………………. DomainDnsZones passed test CheckSDRefDom

   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ……………………. Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ……………………. Schema passed test CheckSDRefDom

   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ……………………. Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ……………………. Configuration passed test CheckSDRefDom

   
   Running partition tests on : bannaridc
      Starting test: CrossRefValidation
         ……………………. bannaridc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ……………………. bannaridc passed test CheckSDRefDom

   
   Running enterprise tests on : bannaridc.com
      Starting test: Intersite
         ……………………. bannaridc.com passed test Intersite
      Starting test: FsmoCheck
         ……………………. bannaridc.com passed test FsmoCheck

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   
   Testing server: Default-First-Site-NameDC
      Starting test: Connectivity
         ……………………. DC passed test Connectivity

Doing primary tests

   
   Testing server: Default-First-Site-NameDC

DNS Tests are running and not hung. Please wait a few minutes…

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : bannaridc

   
   Running enterprise tests on : bannaridc.com
      Starting test: DNS
         ……………………. bannaridc.com passed test DNS

Добрый день! Уважаемые читатели и гости одного из крупнейших IT блогов по системному администрированию. В прошлый раз мы с вами устанавливали Windows 11 в домен Active Directory. Сегодня я хочу поговорить так же об активном каталоге и показать, как устраняется ошибка репликации, при которой в глобальном каталоге видятся удаленные объекты, которых не должно быть, при попытке посмотреть свойства данного объекта «Не удается отобразить объект Active Directory». Давайте смотреть в чем дело.

📛Описание ошибки The remote system is not available

Произошла аварийная ситуация и некоторая часть контроллеров домена вывалилась с синими экраном 0xc00002e2. В таких случаях такие контроллеры просто удаляют, даже если они и не доступны по сети. Там утилита ntdsutil делает все по красоте и должна вычистить все метаданные. Подождав немного я решил проверить репликацию между контроллерами домена, напоминаю сделать это можно через команду:

Но утилита показала, что удаленные контроллеры домена были в схеме репликации и не доступны, по статусу они имели ошибки:

Ошибку «(2148074274) The target principal name is incorrect» мы успешно устраняли ранее, но там нужен, чтобы контроллер домена был доступен, тут он был в ауте и его нельзя было вернуть, второй контроллер так же был в ауте.

Если вы запустите ADUC, и попытаетесь поискать имена сбойных контроллеров домена, то вы с большой вероятностью их обнаружите. У них будет описание  «Контроллер домена доступный для записи (Writable Domane Controller)»

Если открыть свойства самого объекта, то вы увидите:

Удалить он отсюда не дает данный объект «Windows cannot delete object because Directory object not found»

⚙️Как устранять ошибку репликации

Первое, что вы должны сделать, это выполнить команду на работающем контроллере домена:

С высокой долей вероятности вы увидите, где еще остались хвосты со старыми удаленными контроллерами домена.

Вся загвоздка в том, что вам нужно в разделе «Configuration» удалить старую информацию.

Берем утилиту ADSIEdit и подключаемся к разделу конфигурации, после чего идем по тем путям, что указаны в ошибках.

Находим нужные записи в. моем случае это в сайтах AD.

И удаляем их всех.

После того, как вы все почистили, еще можно проверить оставшиеся записи в DNS, в основных зонах _msdcs. После всех манипуляций в ADUC выполните поиск удаленных компьютеров, у меня ничего не нашлось.

Запустим реплику:

Ошибок не стало и все реплики успешно прошли.

На этом все, мы с вами успешно удалили остатки мертвых контроллеров домена .устранили ошибки репликации «(1256) The remote system is not available. For information about network troubleshooting, see Windows Help». С вами был Иван Сёмин, автор и создатель IT портала Pyatilistnik.org.

• 5 Answers

Active Directory replication error 1256: The remote system is not available

This article describes the symptoms, cause, and resolution steps for cases when Active Directory replication fails with error 1256: The remote system is not available.

Applies to: В Windows Server 2012 R2
Original KB number: В 2200187

Symptoms

The DCDIAG reports that the Active Directory Replications test has failed with error 1256: The remote system is not available.

Starting test: Replications
[Replications Check, ] A recent replication attempt failed:
From to
Naming Context:
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at
The last success occurred at

REPADMIN.EXE reports that a replication attempt has failed with status 1256. REPADMIN commands that commonly cite the 1256 status include but are not limited to:

• REPADMIN /REPLSUM
• REPADMIN /SHOWREPS
• REPADMIN /SHOWREPL
• REPADMIN /FAILCACHE

Sample output from REPADMIN /SHOWREPS depicting inbound replication from LonEMEADC to LonContosoDC failing with The remote system is not available error is shown below:

Repadmin: running command /showrepl against full DC localhost
LondonLONCONTOSODC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: a29bbfda-8425-4cb9-9c66-8e07d505a5c6
DSA invocationID: d58a6322-6a28-4708-82d3-53b7dcc13c1a

==== INBOUND NEIGHBORS ======================================

DC=ForestDnsZones,DC=Contoso,DC=com
LondonLONEMEADC via RPC
DSA object GUID: cd691606-63d1-4cc8-b77a-055674ba569d
Last attempt @ 2010-06-10 17:35:46 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
consecutive failure(s).
Last success @ .

NTDS KCC, NTDS Replication, or ActiveDirectory_DomainService events with the 1256 status are logged in the directory service event log.

Event 1085 is only logged if the NTDS Diagnostics value 5 Replication Events has been set to a value of 1 or higher.

Cause

Replication status 1256 is logged for the following reason:

When the destination DC fails to bind to the source DC using RPC a win32 error code in the Repsfrom status for that partition — usually Schema or Configuration since these partitions are replicated at a higher priority. After an RPC bind failure has occurred, a cleanup routine will run to clear the destination DCs queue from that same source DC. This is done to avoid wasting time attempting to replicate with a DC that it can’t connect to. Since it hasn’t attempted a sync for the partitions that have been cleared from the queue, a status 1256 is logged. In a scenario where destination DC replicates Schema, Configuration, and several GC non-writable partitions from the source DC, the win32 error status for the Schema and Configuration partitions that caused the RPC bind failure is logged. The destination DC will then cancel the pending replication tasks for the remaining partitions and log win32 error 1256 for the status.

In summary: 1256 is logged as the replication status per partition as a result of the destination DC cancelling the sync request from the source DC due to a connectivity failure previously encountered.

Resolution

The win32 error 1256 should not be the focus of troubleshooting efforts, instead find the replication status that led to the RPC bind failure and then follow the corresponding Troubleshooting Active Directory operations that fail with error. article.

In order to determine the actual win32 error to troubleshoot, use one of the following methods:

View repadmin /showreps or /showrepl output on the destination DC

1. Identify Source DC in the output and list all win32 status messages per partition
2. The win32 status that is listed that is not a 1256 should be the focus of troubleshooting efforts

Use repadmin /showrepl * /csv output:

1. Filter column K, Last Failure Status: Deselect and (Blanks)
2. Filter column C, Destination DSA: Deselect (Select All) and select just the DC where the 1256 status is logged.
3. If 1256 is logged on more than one Source DC, Filter column F, Source DSA: Deselect (Select All) and Select just one DC to narrow the focus.
4. Column K, Last Failure Status will list the 1256’s along with the real win32 error that led to the RPC bind failure.

In the following example, win32 error 1722 is logged for the Configuration and Schema partitions and should be the focus of troubleshooting.

Initiate a manual replication sync between source and destination DCs using repadmin.

Repadmin /replicate DestinationDC SourceDC (This will require /readonly switch for GC partition or /selsecrets switch if destination is an RODC)

repadmin /replicate loncontosodc lonemeadc.emea.contoso.com dc=forestdnszones,dc=contoso,dc=com

DsReplicaSync() failed with status 1722 (0x6ba):

The RPC server is unavailable.

Take note that after manually initiating replication for the partition that the status has changed from 1256 to 1722:

More information

The following articles contain the troubleshooting procedures for errors typically logged with win32 error 1256:

Источник

Ошибка репликации Active Directory 1256: удаленная система недоступна

В этой статье описываются симптомы, причины и шаги по устранению проблем, когда репликация Active Directory завершается ошибкой 1256: удаленная система недоступна.

Применяется к: Windows Server 2012 R2
Исходный номер базы знаний: 2200187

Симптомы

DCDIAG сообщает, что сбой теста репликации Active Directory с ошибкой 1256: удаленная система недоступна.

Запуск теста: репликации
[Проверка репликацией, домена] Не удалось выполнить последнюю попытку репликации:
Из исходного в конечный
Контекст именования:
При репликации произошла ошибка (1256):
Удаленная система недоступна. Сведения об устранении неполадок в сети см. в справке Windows.
Сбой произошел во время <>
Последний успех произошел на момент <>

REPADMIN.EXE сообщает о сбое попытки репликации с состоянием 1256. Команды REPADMIN, которые обычно ссылаются на состояние 1256, включают, но не ограничиваются:

• REPADMIN /REPLSUM
• REPADMIN /SHOWREPS
• REPADMIN /SHOWREPL
• REPADMIN /FAILCACHE

Ниже приведен пример REPADMIN /SHOWREPS выходных данных, отображаемых при входящей репликации из LonEMEADC в LonContosoDC с ошибкой «Удаленная система недоступна»:

Repadmin: выполнение команды /showrepl для полного контроллера домена localhost
ЛондонLONCONTOSODC
Параметры DSA: IS_GC
Параметры сайта: (нет)
GUID объекта DSA: a29bbfda-8425-4cb9-9c66-8e07d505a5c6
DSA invocationID: d58a6322-6a28-4708-82d3-53b7dcc13c1a

==== INBOUND NEIGHBORS ===========================================

DC=ForestDnsZones,DC=Contoso,DC=com
ЛондонКОДЕАДC через RPC
GUID объекта DSA: cd691606-63d1-4cc8-b77a-055674ba569d
Сбой последней попытки @ 2010-06-10 17:35:46, результат 1256 (0x4e8):
Удаленная система недоступна. Сведения об устранении неполадок в сети см. в справке Windows.
последовательные сбои.
Last success @ .

События NTDS KCC, репликация NTDS или ActiveDirectory_DomainService с состоянием 1256 регистрируются в журнале событий службы каталогов.

Событие 1085 регистрируется только в том случае, если для параметра диагностики NTDS 5 Replication Events (События репликации) задано значение 1 или более.

Причина

Состояние репликации 1256 регистрируется по следующей причине:

Если целевому контроллеру домена не удается выполнить привязку к исходному контроллеру домена с помощью RPC, код ошибки win32 в состоянии Repsfrom для этой секции — обычно схема или конфигурация, так как эти секции реплицируются с более высоким приоритетом. После сбоя привязки RPC выполняется подпрограмма очистки для очистки очереди конечных контроллеров домена из того же исходного контроллера домена. Это делается, чтобы избежать использования времени при попытке репликации с контроллером домена, к которой он не может подключиться. Так как он не пытался выполнить синхронизацию для секций, которые были удалены из очереди, регистрируется состояние 1256. В сценарии, где конечный контроллер домена реплицирует схему, конфигурацию и несколько неопределяемых разделов сборки мусора из исходного контроллера домена, регистрируется состояние ошибки win32 для разделов схемы и конфигурации, вызвавшей сбой привязки RPC. Затем конечный контроллер домена отменит ожидающие задачи репликации для оставшихся разделов и журнал ошибки win32 1256 для состояния.

Сводка: 1256 регистрируется как состояние репликации для каждой секции в результате отмены целевого контроллера домена запроса на синхронизацию из исходного контроллера домена из-за ранее обнаруженного сбоя подключения.

Решение

Ошибка Win32 1256 не должна быть в фокусе усилий по устранению неполадок. Вместо этого найдите состояние репликации, которая привела к сбою привязки RPC, а затем выполните соответствующие операции по устранению неполадок Active Directory , которые завершались ошибкой.

Чтобы определить фактическую ошибку win32 для устранения неполадок, используйте один из следующих методов:

Просмотр repadmin /showreps или вывод /showrepl в целевом контроллере домена

1. Определение исходного контроллера домена в выходных данных и вывод списка всех сообщений о состоянии Win32 на секцию
2. Состояние win32 в списке, не равное 1256, должно быть в фокусе действий по устранению неполадок.

Используйте repadmin /showrepl * /csv выходные данные:

1. Столбец фильтра K, состояние последнего сбоя: отмена выбора и (пустые значения)
2. Отфильтруйте столбец C, назначение DSA: отмените выбор (выберите все ) и выберите только контроллер домена, в котором регистрируется состояние 1256.
3. Если в журнале 1256 имеется более одного исходного контроллера домена, столбец фильтра F, исходный DSA: отмена выбора (выбор всех ) и выберите только один контроллер домена, чтобы сузить фокус.
4. Столбец K, состояние последнего сбоя будет содержать 1256 и реальную ошибку win32, которая привела к сбою привязки RPC.

В следующем примере ошибка Win32 1722 регистрируется для разделов конфигурации и схемы и должна находиться в фокусе устранения неполадок.

Инициируйте синхронизацию репликации вручную между исходным и целевым контроллерами домена с помощью repadmin.

Repadmin /replicate DestinationDC SourceDC (Для этого потребуется параметр /readonly для раздела GC или параметр /selsecrets , если назначением является RODC)

repadmin /replicate loncontosodc lonemeadc.emea.contoso.com dc=forestdnszones,dc=contoso,dc=com

Ошибка DsReplicaSync() с состоянием 1722 (0x6ba):

Обратите внимание, что после инициации репликации вручную для раздела состояние изменилось с 1256 на 1722:

Дополнительные сведения

В следующих статьях содержатся процедуры устранения ошибок, которые обычно регистрируются с ошибкой Win32 1256:

Источник