- You receive the following error message when the RPC service can connect to port 135, but subsequent RPC calls fail:The remote procedure call failed and did not run
- The Active Directory directory service replication logs an event that similar to the following event in the Directory Service log:
- When you run the Domain Controller Diagnostic Tool (Dcdiag.exe) or the repadmin /showreps command, the output may include the following error message:The replication generated an error (1727): The remote procedure call failed and did not execute.
Cause 1The RPC failure that is reported in error 1727 may occur because RPC needs a port that is blocked. Faulty packets, port filtering, and firewall rules may block a port when the firewall or the network router is configured incorrectly.
Error 1727 indicates that the local domain controller cannot reach the replication RPC process of a replication partner domain controller. At the same time, the domain controller can reach its end-point mapper. If the domain controller cannot reach its end-point mapper, you receive the following error message:
Cause 2The RPC failure may occur because Windows Server 2003 Service Pack 1 adds a new RPC element. This new RPC element is known as "multiple transfer syntax negotiation." With multiple transfer syntax negotiation, the clients and the servers can discover and can negotiate their capabilities during the bind time instead of during the first request in the verification trailer.
However, some firewalls, some routers, and some virtual private networks (VPNs) may not recognize this change to the RPC protocol. If the frames are not recognized, the routers, the firewalls, and the VPN connections drop the new RPC Bind request frames. Therefore, any operation that requires an RPC Bind request may now fail if the RPC caller is a Windows Server 2003 Service Pack 1-based server.
The following products may experience this issue:
- Microsoft Internet Security and Acceleration (ISA) Server 2004
- ISA Server 2000
- Products from Check Point Software Technologies
- Products from WatchGuard Technologies
Method 1: Troubleshoot cause 1
Review the event log for related error messagesIf any events are logged for the RPC failure, review the event logs of the replication partner for related error messages. If the domain controllers in the domain are separated by a firewall, the firewall may be blocking the dynamic ports that are used for Active Directory replication. By default, these dynamic ports start with 1024.
Verify the RPC connectivity by capturing network trafficTo verify the RPC connectivity, follow these steps to capture network traffic:
- Capture a network trace on both replication partner domain controllers at the same time.
- Try to synchronize replication from one of the domain controllers.
- Verify that the replication initiator sends the RPC Bind request on the replication RPC process.
- Verify that the RPC Bind request arrives at the replication partner subnet.
- Verify that the replication partner sends the RPC Bind Ack answer to the replication partner subnet.
Method 2: Troubleshoot cause 2
ISA ServerIf the computer is running ISA Server 2004 Standard Edition or ISA Server 2000, the ISA Server RPC filter may block the RPC-based operations.
For more information about how to work around this problem, click the following article number to view the article in the Microsoft Knowledge Base:
Firewall product or VPN productIf the RPC-based operations fail across a VPN or across a firewall immediately after you install Windows Server 2003 Service Pack 1, contact the firewall vendor or the VPN vendor to see whether an updated RPC filter is available.
For information about your hardware manufacturer, visit the following Web site:For more information about how to work around this problem, click the following article number to view the article in the Microsoft Knowledge Base:
Microsoft makes no warranties and excludes all representations, warranties, and conditions whether express, implied, or statutory. These include but are not limited to representations, warranties, or conditions of title, non-infringement, satisfactory condition, merchantability, and fitness for a particular purpose, with regard to any service, solution, product, or any other materials or information. In no event will Microsoft be liable for any third-party solution that this article mentions.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Article ID: 911799 - Last Review: Jul 9, 2009 - Revision: 1