Forum Discussion

Brandon Fogliano's avatar
Brandon Fogliano
Copper Contributor
Sep 10, 2025

DCs not replicating across VPN

I am at a loss here.  I have looked at every CMD option I can find, verified DNS and cannot get my DCs replicating across the VPN.  I don't understand how I was able to join the domain but now the co...
Active Directory
networking
Windows Server
gastone's avatar
gastone
Brass Contributor
Sep 16, 2025

1. DFSR Replication Errors (SYSVOL) - CRITICAL

Failed Test: DFSREvent

  • Replication partner communication errors:
    • CTG-DC2-OP - Errors 1723 (RPC server too busy) and 1753 (no more endpoints available)
    • CTG-CDC01-LV - Error 1722 (RPC server unavailable)

Impact: SYSVOL replication problems can cause:

  • Group Policy inconsistencies
  • Authentication issues
  • Logon script inconsistencies

2. DNS Errors - CRITICAL

Failed Test: DNS in the enterprise tests segment

Identified Issues:

  • Missing Delegation:
    • The _msdcs.CTGUSA.local zone is missing the glue A record for ctg-lv-dc01.ctgusa.local
    • Error: "Missing glue A record"
  • Dynamic Update Failure:
    • Error 9505: "Unsecured DNS packet" - unable to delete the test record
    • Indicates problems with secure DNS updates

3. KCC Replication Errors

Warning in the KccEvent test:

  • Error 8524: "DNS lookup failure" for replication from CTG-CDC01-LV
  • The KCC cannot resolve the partner domain controller's address

4. System Errors - MEDIUM PRIORITY

Failed Test: SystemLog

  • DCOM errors: unable to communicate with:
    • CTG-DC04.CTGUSA.local (probably offline or unreachable)
    • Public IP addresses 8.8.8.8 and 8.8.4.4 (inappropriate configuration)

Resources