In this blog we are showing that how to resolve the error when Active Directory Sites and Services snap-in replicate the data between Windows 2016 domain controllers.
When this problem occurs, numerous errors may be reported in the event logs. These errors vary depending on any of the following conditions:
- The domain controller was not fully functional before the problem occurred.
- The domain controller did not successfully complete the Active Directory Installation Wizard process.
- The Sysvol folder on the domain controller was not shared out.
- The domain controller did not have the full file structure under the Domain_name folder and the Policies folder that is located in %SystemRoot%\Sysvol\Sysvol\Domain_name\Policies.
Some of the errors are below.
If you check the connectivity between the server using ping commands you will get proper reply. So this error is not due to connectivity failure between the AD servers but due to authentication failure.
To resolve this issue, first determine which domain controller is the current primary domain controller (PDC) Emulator operations master role, holder.
- Open administrator command prompt and type netdom query fsmo
- Now start the Active Directory Users and Computers snap-in.
- Right-click the domain and then click Operations Masters. Click the PDC tab; the current role holder is displayed in the Operations Master window.
- On this tab, you can check the operations master role owner; also can change the role owner from this window.
- On domain controllers that are experiencing this issue, open run and type services.msc to open the service window.
- Find the service Kerberos Key Distribution Center service and select the Startup type as Disabled.
- Click OK to close the window then restart the computer.
After restart, use the Netdom command to reset the secure channels communication between the domain controllers and the PDC Emulator role holder.
- Run the following command from the domain controllers other than the PDC Emulator role holder:
- netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password
- Replace server_name with the name of the server that is the PDC Emulator operations master role holder.
- Restart the domain controllers, regardless of the success failure output.
- Open event log, go to Application and Services Log then go to Directory Service.
- Search for informational log with event ID 1394. This confirms all errors have been clear and replication has started.
- To manually check the replications go to Active Directory Sites and Services.
- Expand Sites then expand the server and click on NTDS settings. Select any server on pane which you want to replicate.