Duplicate Active Directory replication connections are created
This article provides a solution to an issue where duplicate Active Directory replication connections are created for one or more domain controllers across one or more sites.
Applies to: Windows Server 2012 R2
Original KB number: 3207569
Symptoms
In Active Directory Sites and Services, duplicate Active Directory replication connections are created for one or more domain controllers across one or more sites.
Cause
This issue is caused by either a lack of network connectivity or by another problem that disrupts replication on the Intersite Topology Generator (ISTG) in the site. If the ISTG can't reach other domain controllers, it tries to create new (duplicate) Active Directory replication connections for domain controllers in the same site.
Note
If this is a transient condition, nothing will clean up the duplicate connection objects. If the connectivity and replication problem is no longer occurring on the ISTG, you must manually delete the duplicate connection objects and then rerun repadmin /kcc against the ISTG to make sure that the duplicates are not re-created.
Data collection
To collect the relevant data for this issue, follow these steps.
Note
Repadmin /kcc <DCNAME>is the command to force KCC to run. However it won't create a new connection if the other one is still in place.Replace <DCNAME>with the name of the domain controller that serves as the ISTG for the site.
- Run
repadmin /showconn <DCNAME> >showconn.txt. - Run
repadmin /failcache <DCNAME> >failcache.txt. - Run PortQRYUI on <DCNAME>, and target a remote domain controller that you have duplicate connections with, as follows:
"Domains and Trusts test" File / Save Result - On <DCNAME>, run
repadmin /bind RemoteDC(from step 3). For example:repadmin /bind RemoteDC1 - If
repadmin /bindfails to connect, take a network trace by using netsh on both domain controllers, as follows:- Run
netsh trace start capture=yes tracefile=c:\%computername%.etl. - Run
repadmin /bind <DCNAME>. - Connect by using the FQDN instead of the host name, if possible.
- Run
netsh trace stop.
- Run
- Run
repadmin /showrepl * /csv >showrepl.csv. - Run
repadmin /viewlist * >DCs.txt. - Run
repadmin /istg >istg.txt.
Resolution
To resolve this issue, open ports in the site to allow the ISTG to connect to the domain controllers. After the connectivity issue is resolved, delete the duplicate connection objects, and then rerun KCC on the ISTG.
Data collection
If you need assistance from Microsoft support, we recommend you collect the information by following the steps mentioned in Gather information by using TSS for Active Directory replication issues.
More information
For more information about this issue, see How Active Directory replication topology works. Particularly focus on the KCC and topology generation section and the "Excluded nonresponding servers" subtopic.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for