Replmon is the first tool you should use when troubleshooting Active Directory replication issues. As it is a graphical tool, replication issues are easy to see and somewhat easier to diagnose than using its command line counterparts. The purpose of this document is to guide you in how to use it, list some common replication errors and show some examples of when replication issues can stop other network installation actions.
Symptoms of Replication Faults
Failure to extend the schema – The Active Directory schema has to be extended for many reasons. Two of the most common are:
When installing an Exchange 200x server (by running setup.exe /forestprep and /domainprep)
When adding a 2003 Domain Controller to a Windows 2000 Active Directory network (by running adprep /forestprep and /domainprep).
If there is a replication issue with any of the domain controllers on the Schema partition, the Schema will not allow any extension.
Failure to DCPromo a new Domain Controller – When installing a new Domain Controller, the wizard waits until Active Directory is fully synchronised before continuing. Replication issues would cause this to hang at this point. (Although it can be forced to wait until later, this would only put off the problem).
Installation of Active Directory aware software – Software that creates a new user account per network or writes to the Active Directory could fail or produce ambiguous errors when replication issues exist on the network.
Any recent warnings or errors in the File Replication Service log in Event Viewer
Any recent NTDS Replication Errors in the Directory Service log in Event Viewer
How to Use Replmon
To use Replmon logon to a Domain Controller, select Start|Run, type Replmon, and click OK. You will be presented with the following screen:
Right click on the Monitored Servers icon and select Add Monitored Server...
Select the Search the directory for the server to add radio button.
Ensure the correct domain populates in drop down list, and click Next.
Select an appropriate server from the list of Domain Controllers…
If you know you are experiencing issues with a particular domain controller, choose that server.
If you are checking general replication, or are not sure where the fault lies, choose the Forest Root.
On larger networks, you will need to choose more than one server depending on the replication topology.
(For information on viewing the replication topology, see Appendix A) …and click Finish.
If your Active Directory contains only Windows 2000 domain controllers, you will see three Directory partitions.
If your Active Directory Forest Root is Windows 2003 you will see five Directory partitions.
By expanding the + on each directory partition you will be able to see each of the server’s replication partners. Selecting one on the left shows the last replication attempt in the right hand pane.
If there are any replication issues the partitions on the domain controller the server cannot replicate with will show a red x.
Highlighting one of the problem replication partner servers will then show more verbose error messages in the logs pane explaining why it could not replicate.
Troubleshooting Replication Issues
Step 1: Check validity of replication partners
Perhaps an obvious step, but there can be replication issues when there are servers present in the replication topology that are no longer connected to the network. Look for replication agreements with non-existent servers, servers that have been forcibly removed from the domain or are simply turned off.
Step 2: Force replication
The last scheduled replication attempt could have failed for unaccountable reasons, but the failure cause may no longer be an issue. Get an accurate current understanding of the situation by right clicking on the replication partner server in each of the partitions and selecting “Synchronise with this Replication Partner”.
Then refresh the Tree view by pressing F5. Re-check the replication status in the right hand logs pane. Step 3: General IP checks
Doesn’t matter if you’ve done them, do them all again now! From a command prompt:
Can you ping the IP address of the destination server? e.g. Ping 192.168.3.201 If not: The issue will either be hardware (cable, switch, NIC, check all physical connections) or incorrect configuration of a server’s (either destination or host server) IP details. Check the NIC’s IP address and Subnet Mask.
Can you ping the netbios name of the destination server? e.g. Ping Replicadc1 If not: The issue will be a name resolution issue. Check there is an A host entry in the domain’s Forward Lookup zone. Check the NIC IP properties and ensure the Forest Root IP is entered as the Preferred DNS Server.
Can you ping the FQDN of the destination server? e.g. Ping Replicadc1.RMTDS.Internal If not: The issue will be a DNS issue. Check as above, also check the NIC’s IP Advanced Properties and ensure the correct DNS Suffix is being used. Open the DNS admin console and ensure there is a populated Forward Lookup zone for the domain.
Can you reverse lookup the IP of the destination server? e.g. Ping –a 192.168.3.201 If not: You have a reverse lookup zone issue. Open the DNS admin console and check for the existence of a Reverse Lookup zone per Class C IP range. e.g.
Check there is a valid PTR record for each of the Domain Controllers in the relevant Reverse lookup zone.
Appendix A – Other Replmon functions
By right clicking the server you have selected to view Replication agreements from, you will see a range of options. A few of them are detailed below.
Update Status – This will recheck the replication status of the server. The time of the updated status is logged and displayed in the right hand pane.
Check Replication Topology – This will cause the Knowledge Consistency Checker (KCC) to recalculate the replication topology for the server.
Synchronize Each Directory Partition with All Servers – This will start immediate replication for all of the server’s directory partitions with each replication partner.
Generate Status Report - Creates and saves a verbose status report in the form of a log file.
Show Domain Controllers in Domain – will show a list of all known Domain Controllers.
Show Replication Topologies - will show a graphical view of the replication topology. Click View on the menu and select Connection Objects only. Then right click each server, and select Show Intra/Inter-site connections.
Show Group Policy Object Status – shows a list of all the Domain’s Group Policies and their respective AD and Sysvol version numbers.