windowswideopen.com

Microsoft Active Directory Replication Troubleshooting Part 2 - No Inbound Neighbors error

One of the common failures detected when running repadmin/showreps is No inbound neighbors.

Branch\DCX

DSA Options : (none)

objectGuid : c8ffb9f6-94b4-428f-bbf2-749f583737c2

invocationID: 9578742f-ac12-4802-b8fb-ef073d41f370

==== INBOUND NEIGHBORS ======================================

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

This error can occur due to 2 main issues:

1. No connection object exists to indicate which DC(s) this DC should replicate from. These connection objects are typically created by the KCC. However, in some environments administrators have turned off the part of the KCC that creates connection objects for inbound replication from DCs in other sites, and instead rely on manual connections.

2. One or more connection objects exist, but the DC is unable to contact the source DC to create the replication links. In this case the KCC will log events each time it runs (by default, every 15 minutes) detailing the error that occurred when it attempted to add the replication links.

The first thing to do in this case, is to run the “active directory sites and services” MMC snap-in to make sure a connection object has properly been created between the DC and it’s replication partner. First connect to the destination DC by right-clicking on Active Directory Sites and Services and choosing Connect to Domain Controller. Then select “Sites”, the name of the site, “Servers”, the name of the server, and ‘NTDS Settings“.

Ø If no connection object exists, it must be created.
This can be done in several ways :

· Manually :

Select “NTDS Settings”, then the “New Active directory connection” option on the “Action” menu. The list of the DCs of the forest is then displayed. Select the replication partner from the list.
If the desired replication partner is not present in the list, create a connection object with another one that is displayed. Once replication has occurred over it, the desired replication partner will be known by the local DC and it will be possible to create a new connection object to it and delete the initial one.

· Automatically if the Inter-Site or Intra-site Topology Generator function of the KCC is enabled which is the default.

Once the connection objects have been created, or if they already exist, run :

repadmin/kcc.

The DC will then contacts it’s replication partners and authenticate itself against them in order to create the replication links.

Then look for the following events in the “Directory Services” event log :

Event ID 1264 :

A replication link for the partition CN=Configuration,DC=enterprise,DC=com from server CN=NTDS Settings,CN=HUBDC,CN=Servers,CN=HubSite,CN=Sites,CN=Configuration,DC=company,DC=com has been added.

This event logged by the KCC once it has properly created the replication link.

As long as this event is logged, replication should occur automatically next time it is scheduled.

In order to make sure it can happen correctly, it can be triggered manually for the three naming contexts using on the local DC:

repadmin /sync CN=Schema,CN=Configuration,DC=company,DC=com %computername% <rep_partner_GUID>

repadmin /sync CN=Configuration,DC=enterprise,DC=com %computername% <rep_partner_GUID>

repadmin /sync DC=domain,DC=enterprise,DC=com %computername% <rep_partner_GUID>

If no event ID 1264 are logged, the replication link failed to be established. The “Directory Services” will then log event ID 1265 describing the reason for the failure.

Active Directory active directory domain controller kcc repadmin replication partnerActive Directory active directory domain controller kcc repadmin replication partner