Forum Discussion

Bob Smith's avatar
Bob Smith
Copper Contributor
Aug 06, 2018

Server 2012R2 AD access and replication problems

I have a Server 2012R2 which has several symptoms related to AD access and replication.  Here are some examples and some related event log descriptions:

GPMC cannot connect to the AD.

DFRS replication fails - Error: 1726 (The remote procedure call failed.)

SMB outbound connections sometimes fail - The Kerberos client received a KRB_AP_ERR_MODIFIED error from the target server.

Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology.

DNS - The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly.

 

The server is a 2012R2 Hyper-V guest, it was hosted on a Fujitsu server 2012R2.  It has been moved (VHD only) to a Dell server 2016 host, with a new vNIC and Hyper-V switch.  The problems described show no change both before and after the move.  The SYSVOL share seems to be normal.  The Windows firewall has been disabled.  SFC /SCANNOW and DISM healthchecks and restores have been completed.

 

Some help would be appreciated!

 

 

Active Directory
Networking
Windows Server
  • Dave Patrick's avatar
    Dave Patrick
    Aug 07, 2018

    The dcdiag you ran from LGNAD1 is totally unaware of the new DC (LGNAD4) you added in other network plus it cannot connect to LGNAD2. I don't know how long ago this might have happened. Seems there is some blocking going on. One method would be to use PortQryUI tool to check domains and trusts ports.

    https://www.microsoft.com/en-us/download/details.aspx?id=24009

    tool does not install anything, just extract and run it. I'd try between two on the 192.168.100.xxx network so you know what to expect, then run from LGNAD1 --> LGNAD2 and LGNAD2-->LGNAD1

     

     

     

Resources