N/APosted on - 05/10/2012
I am getting an error on the Active Directory Replication. The error says "Repadmin.exe returns:"
The following error occurred during the attempt to contact the
Domain Controller RPC-2008R2-B:
Access is denied.
Active Directory Replication error “Repadmin.exe returns:”
This drawback arises from once the native domain controller is unsuccessful in certifying against its replication partner once building the replication link or once AN attempt|attempting} to duplicate over an existing link.
This typically happens once the domain controller has been disconnected from the remainder of the network for an extended time, and its PC account countersign isn't synchronous with the PC account countersign that's keeping within the Active Directory of its replication partner.
Methods for Troubleshooting Access Denied Replication Errors:
1. Check naming context permissions on direct replication partners by victimization the dcdiag /test: ntsec command. If replication isn't operating fitly, continue with the following steps.
2. Certify that the Enterprise Domain Controllers cluster holds the ‘access this PC from network’ right. If you've got to incorporate this right, certify that the domain has applied cluster policy before happening. If replication isn't operating fitly, continue with the following steps.
3. Stop the KDC on the native domain controller.
4. Clean the price tag cache on the native domain controller.
5. Ensure that the domain controller is within the Domain Controllers OU, the default domain controllers' federal agency is connected to the OU, and therefore, the access this PC from network policy is effectual during this domain.
6. Return the PC account countersigns on the PDC somebody.
7. Synchronize the domain-naming context of the replication partner with the PDC somebody.
8. If the repadmin /showreps command displays no replication partner, explore Link Sites for Replication during this guide for ways to create a replication link.
9. Synchronize replication from a supply domain controller.
10. Begin the KDC on the native domain controller.
If you receive a brand-new access denied error message, you've got to create a short-lived affiliation link between the domain controller and its replication partner for the naming contexts.