[SDP3][be368a14-64f9-433e-b8d3-27da35607fa3] Active Directory Replication Troubleshooter

Applies to: Microsoft Windows Server 2003 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 More

Summary


This troubleshooter is designed to collect diagnostic data useful for troubleshooting Active Directory replication issues.

More Information



Information Collected


DCDiag
DescriptionFile name
DCDiag DNS Health information output via 'dcdiag.exe /v /test:dns /f'
{ComputerName}_DCDiag-DNS.log
DCDiag Topology Test output via 'dcdiag.exe /v /test:topology /f'
{ComputerName}_DCDiag-Topology.log
DCDiag Verbose output via 'dcdiag.exe /CheckSecurity /v /e /f'
{ComputerName}_DCDiag-CheckSecurity.log
DCDiag Verbose output via 'dcdiag.exe /v /f'
{ComputerName}_DCDiag-Verbose.log

Devices and drivers
DescriptionFile name
Filter Manager minifilter drivers and instances via Fltmc.exe utility output
{ComputerName}_Fltmc.TXT

Directory Services related registry keys
DescriptionFile name
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts
HKCU\Software\Microsoft\Windows\CurrentVersion\NetCache
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Rpc
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication
HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\parameters
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\parameters
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\w32time
{ComputerName}_regentries.txt

Domain Controller Computer Account Properties
DescriptionFile name
Domain Controller computer account properties
{ComputerName}_ComputerAtts.txt

Domain Controller Promotion Logs
DescriptionFile name
Domain Controller promotion debug log from \Windows\debug
{ComputerName}_DCPromo.log
Domain Controller promotion UI debug log from \Windows\debug
{ComputerName}_DCPromoUI.log

Event Logs - General
DescriptionFile name
Application (.csv .evtx .txt)
{ComputerName}_evt_Application.*
System (.csv .evtx .txt)
{ComputerName}_evt_System.*

Functional Levels and Group Membership Information
DescriptionFile name
Group Membership and Functional Levels information via 'net.exe localgroup' commands
{ComputerName}_DSMisc.txt

General Information
DescriptionFile name
Basic System Information including machine name, service pack, computer model and processor name and speed
resultreport.xml

List of User Rights (privileges) using showpriv.exe tool
{ComputerName}_UserRights.txt
List of user SID, group memberships, and privileges via the 'Whoami /all' output
{ComputerName}_Whoami.txt
Resultant Set of Policy (RSoP) generated by gpresult.exe utility
{ComputerName}_GPResult.*
Running tasks on the system via the 'Tasklist /svc' output.
{ComputerName}_tasklist.txt

KList utility output
DescriptionFile name
Output of 'klist tgt' command
{ComputerName}_KList.txt

Netlogon Logs
DescriptionFile name
Netlogon.bak from \Windows\Debug
{ComputerName}_Netlogon.bak
Netlogon.log from \Windows\Debug
{ComputerName}_Netlogon.log

Replication Diagnostics Tool
DescriptionFile name
Replication Queue via 'repadmin.exe /queue' output
{ComputerName}_Repadmin-Queue.txt
Replication topology overview via 'repadmin.exe /showrepl' output
{ComputerName}_Repadmin-Showrepl.csv

TCPIP
DescriptionFile name
HKLM\SOFTWARE\Policies\Microsoft\Windows\TCPIP
HKLM\SYSTEM\CurrentControlSet\services\TCPIP
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6
HKLM\SYSTEM\CurrentControlSet\Services\tcpipreg
{ComputerName}_TCPIP_reg_output.TXT
TCP OFFLOAD information from netstat output
{ComputerName}_TCPIP_OFFLOAD.TXT
TCPIP Information from commands like: hostname, ipconfig, route, netstat etc.
{ComputerName}_TCPIP_info.TXT
TCPIP information from netsh output
{ComputerName}_TCPIP_netsh_info.TXT
TCPIP Services File located at: windir\system32\drivers\etc\services
{ComputerName}_TCPIP_ServicesFile.TXT


In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:

  • Event Logs Messages
  • Check for ephemeral port usage
  • Check for ephemeral port usage
  • Check for Active Directory replication failures
  • It has been too long since this domain controller replicated
  • Active Directory replication is failing for one or more partitions: Status -2146893022 The target principal name is incorrect
  • Active Directory replication is failing for one or more partitions: Status 1127 - While accessing the hard disk, a disk operation failed even after retries.
  • Active Directory replication is failing for one or more partitions: Status 1256 - The remote system is not available
  • Active Directory replication is failing for one or more partitions: Status 1396 - Logon Failure: The target account name is incorrect
  • Active Directory replication is failing for one or more partitions: Status 1722 - The RPC server is unavailable
  • Active Directory replication is failing for one or more partitions: Status 1753 - There are no more endpoints available from the endpoint mapper
  • Active Directory replication is failing for one or more partitions: Status 5 - Access is denied
  • Active Directory replication is failing for one or more partitions: Status 8452 - The naming context is in the process of being removed...
  • Active Directory replication is failing for one or more partitions: Status 8453 - Replication Access Was Denied
  • Active Directory replication is failing for one or more partitions: Status 8524 - The DSA operation is unable to proceed because of a DNS lookup failure
  • Lingering objects have been detected
  • Active Directory replication is failing for one or more partitions: Status 8451 - The replication operation encountered a database error
  • Active Directory replication is failing for one or more partitions: Status 1818 - The remote procedure call was cancelled
  • Active Directory replication is failing for one or more partitions: Status 8456 or 8457: The source or destination server is currently rejecting replication requests
  • Active Directory replication is failing for one or more partitions with status 8589
  • Active Directory replication is failing for one or more partitions with status 8333 - Directory Object not Found
  • Active Directory replication is failing for one or more partitions: Status 8446 - The replication operation failed to allocate memory
  • Active Directory replication is failing for one or more partitions: Status 8240 - There is no such object on the server
  • Active Directory replication is failing for one or more partitions: Status 1783 - The stub received bad data
  • Check for potentially risky audit failure settings (CrashOnAuditFail)
  • Check for a possible STOP error caused by audit failure
  • Check for High CPU usage by Local Security Authority Subsystem Service (LSASS)
  • Check if either SYSVOL and/or NETLOGON shares are missing on domain controller
  • Check for for domain controller missing Rid Set reference attributes in Active Directory
  • Check if DC is pointing to itself for DNS exclusively
  • Check for USN Rollback
  • Check state of Intersite Messaging service.
  • Detect if IPv6 was disabled on a domain controller
  • Detect Win32time configuration for time skew
  • Detect MaxConcurrentApi NTLM bottlenecks or delays
  • Detect Certificates with Weak RSA Keys
  • Trusted Root Certificate Authority List Size Problem

References

For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please open the following Microsoft Knowledge Base article:


2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform