Results 1 to 4 of 4

Thread: No replication between DCs - Netlogon 5774 error observed

  1. #1
    Join Date
    Mar 2007

    No replication between DCs - Netlogon 5774 error observed

    Hi there,

    I have encountered a strange situation between 2 DCs. One could be considered the good DC, and appears to be working well. It is also the DHCP and DNS server. There is a second DC which has been promoted today, and also has WSUS installed.
    The problem is that the second DC just cannot register its service records on the first DC, specified in the NIC properties on both DCs. There is no external IP DNS record specified in either NIC.
    The above problem has been registered on the bad DC, for each one of its service records, with the "DNS Operation Refused" message appearing at the bottom of the message. Restarting netlogon on the server reproduces the errors. It is possible to send pings to each server in both directions, and both DCs have their firewalls disabled. There is no firewall between the DCs.

    In sites and services on the good DC, it is not possible to replicate to the other PC, it just produces the "The naming context is in the process of being removed or is not replicated from the specified server."
    In the DNS diagnostic logging, there are repeated entries saying "0580 refused."
    The forward lookup zone for the domain and all other ones are AD integrated, and allow secure updates only.
    Both DCs are Windows Server 2003, one with SP1 and the other with SP2 (cant remember which is which.)

    The bad DC also registers KCC 1308 and Userenv 1053 errors.
    It is possible to access the Netlogon share on the good DC from the bad DC.

    Id be greatly obliged if anyone can help me with this, because meantime there is no replication and no redundancy in the AD.

  2. #2
    Meinolf Weber Guest
    Hello johnny_mango,

    Please post an unedited ipconfig /all from both machines.

    Best regards

  3. #3
    Join Date
    Mar 2007
    Hopefully I can give you more information about the current status, etc.

    The "good" server, A, has the IP address Subnet mask, Default gateway (ISA 2004.) It has WINS installed and points to itself for DNS and WINS, and is selected to register itself in DNS.
    The "bad" server, WSUS, has IP address, subnet mask, default gateway, DNS, WINS Also registering itself in DNS.

    I today ran the netdiag /fix on the bad server, which seemed to sort half the problem. Now in Replmon, under the node for the good server, replication is working. However, inder the "bad" server, I see "Replication failure. The reason is: Access is denied."

    I strongly feel the problem is with the good server, as 2 otherwise working servers have both had issues when promoted to being DCs.
    As an observation, for some reason the client has unlinked the Default Domain Policy from the domain, and it has been heavily modified.
    When I use AD Sites and Services using the site links under the WSUS node, I receive an "Access is denied" when synchronizing the naming partition from the good DC, A, to the bad one, WSUS.
    I also observerved the "Naming context is in the process of being moved or is not replicated from the specified server" in the second site link under the WSUS DC.

    On starting up, the bad DC displays errors DnsApi 11163, a failure to update host A resource records (RRs.)
    Also, the good DC displays Security Logon/Logoff errors, eventid 529, from WSUS and various other computers.

    After running netdiag /fix on the WSUS DC, I received a few errors, including the following:

    Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database.

    Unable to connect to the NETLOGON share! (\\xxxxx-WSUS\netlogon)
    [xxxxx-WSUS] An net use or LsaPolicy operation failed with error 1203,
    No network provider accepted the given network path..

    From xxxxxxA to xxxxx-WSUS
    Naming Context: CN=Schema,CN=Configuration,DC=domainname,DC=com
    The replication generated an error (5):
    Access is denied.

    Thanks a lot for any pointers you may be able to give. My current thoughts are to use the two commands to restore the DC and domain GPOs to their defaults and add in again any specified and justifiable personalizations, if they seem reasonable.

    I decided to remove the other DC, and have now replaced the default domain and DC policies.

    However, the clients keep reporting Usernv 1053 errors, every time I run gpupdate /force. There are hardly any errors in the DC Event Viewer. In the clients I run rsop.msc and there are errors under computer configuration, access denied. I can contact the sysvol share and open the policies with the corresponding GUIS from the client.

    I will have to add another DC in the future and I am worried it will not be installed correctly, as those are now 2 DCs that have been unable to replicate with the primary DC.
    On the DC I cannot run group policy results modelling from the GPMC console as it marks I do not have the required permission......the plot thickens.

  4. #4
    Join Date
    Feb 2010

    Re: No replication between DCs - Netlogon 5774 error observed

    I've seen similar issues from DC's that were cloned...apparantly talk of the demise of the SID are premature.

Similar Threads

  1. NTDS Replication: How to remove a replication partner?
    By haritable in forum Small Business Server
    Replies: 3
    Last Post: 10-05-2012, 09:50 PM
  2. different temperature readings observed in intel core i7 chip.
    By JalB By in forum Motherboard Processor & RAM
    Replies: 4
    Last Post: 12-08-2011, 08:06 AM
  3. DS replication error
    By Andrea in forum Active Directory
    Replies: 8
    Last Post: 24-11-2008, 01:47 AM
  4. 5719 Netlogon Error
    By Jack P in forum Active Directory
    Replies: 3
    Last Post: 23-01-2008, 10:49 PM
  5. One way replication error between sites
    By Agilent in forum Active Directory
    Replies: 4
    Last Post: 22-09-2005, 10:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts