# RPC Server unavailable



## jhanevd

i got a problem in replicating domain controllers (windows 2003 edition). according to the error i've encounter in the event log it says that the rpc server is not functioning and unavailable. i try to ping each domain controller in different site there is a reply.

anyone please help.....

thanks!


----------



## MoralTerror

Is File and Printer Sharing turned on?


----------



## jhanevd

yes file and printer sharing is enabled


----------



## MoralTerror

Make sure it's turned on click *start > run* type 

net start rpcss

If problem persists use the Netdiag tool that is included in the Microsoft Windows Support Tools (included on the Windows CD-ROMs) to determine if the domain controller is working correctly. You can perform a network trace using the MSRPC, DNS, NBT, LDAP, or TCP protocols.

If that doesn't help use the Netdom tool that is included in the Windows Support Tools to verify network trust relationships and reset or establish a connection to a server.

You might need to create secondary DNS zones for correct name resolution between several domains or forests. On the Primary DNS server for each domain, create a secondary zone for the domain that you are trying to generate a trust with. For example, create secondary zones that are similar to the following zones:

• Domain1 DC1.Domain1.com - Hosts DNS Primary Zone for Domain1.com 
• Domain2 DC1.Domain2.com - Hosts DNS Primary Zone for Domain2.com 


These two zones may receive the following message when a trust is generated or validated: 

RPC Server is unavailable

To resolve this problem, configure the secondary zones in the following way:

• Domain1 DC1.Domain1.com - Hosts DNS Primary Zone for Domain1.com & Secondary Zone for Domain2.com 
• Domain2 DC1.Domain2.com - Hosts DNS Primary Zone for Domain2.com & Secondary Zone for Domain1.com 

When DNS name resolution is correctly configured for both domains, communication between the domains functions as you expect.


----------



## jhanevd

i run repadmin tools in the dc that holds the 5 operation master below is its result:

COMMAND: repadmin /replsummary
Replication Summary Start Time: 2005-12-29 11:52:11

Beginning data collection for replication summary, this may take awhile:
.......
Source DC largest delta fails/total %% error
DISCO-PDC-1 09m:06s 0 / 3 0
DISCO-POST-1 02m:35s 0 / 3 0
SANFO-BDC-1 04d.21h:56m:54s 5 / 5 100 (1727) The remote proced...
SANFO-PDC-1 04d.21h:56m:55s 8 / 8 100 (1727) The remote proced...

Destination DC largest delta fails/total %% error
DISCO-PDC-1 02d.09h:45m:25s 3 / 6 50 (1727) The remote proced...
DISCO-POST-1 04d.22h:01m:29s 10 / 13 76 (1727) The remote proced...

Experienced the following operational errors trying to retrieve replication info
rmation:
1053 - sanfo-bdc-1.teamyehey.local
1053 - sanfo-pdc-1.teamyehey.local

don't know what step should i do with that information that i've got to resolve the replication in our four DC servers (2 DC per site connected through VPN) running windows 2003. please advice and let me know if there's other data that would be helpful in order to fix the problem. 

thank you very much......


----------



## MoralTerror

Looks like we have an access problem, either _authenticated users_ or _everyone_ group have been removed from the access list. To fix it: 

In an appropriate Group Policy Object at the Domain Controllers container (most likely the Default Domain Controllers Policy), ensure that the appropriate groups are listed in the "Access this Computer from the Network" permission. You can find this permission in the following folder: 
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment 
The following groups have the "Access this Computer from the Network" permission on domain controllers by default: 

*
Administrators
Authenticated Users
Everyone
*
*NOTE:* Include the Everyone group in the list of groups because certain operations involve accounts that may not have been authenticated to the domain yet. Examples of these operations include when a user changes an expired password at logon, or when a user in a trusting domain needs to anonymously enumerate users and groups to apply Access Control Lists (ACLs) in the trusting domain


----------



## jhanevd

i tried it but the logs in the directory service on event viewer is still the same.
error ids 1865, 1311, and 1566 for NTDS KCC and 1839 fror NTDS Replication issue. i've tried to search further for those event ids but those information i've got is not enough to resolve the issue. please advice.....

thanks!


----------



## MoralTerror

Make sure all sites are listed in a site link. Run *repadmin /showism* command from a domain controller

This will return a site matrix for each site. A "-1:0:0" entry indicates that the site connection is not working. This occurs if one or more of the following conditions is true: 

• The replication protocol is not used. For example, if SMTP replication is not configured, the entries in the SMTP portion of the /SHOWISM matrix all appear as "-1:0:0". 
• The site does not host any domain controllers (this is known as an "uncovered" site). 
• The site is not included in a site link. 

If site link bridging is enabled (it is by default) and the repadmin /showism command returns "-1:0:0" entries for one or more covered Active Directory sites, make sure that the affected sites are listed in a site link.

A site with a full complement of "-1:0:0" entries and one "0:0:0" entry is orphaned unless the site is uncovered (no domain controllers reside in that site). List the orphaned sites but not any uncovered sites.

If site link bridging has been disabled then you have to manually list all sites and site links, then map each site to a site link.

Heres an example where site 2 is orphaned

==== TRANSPORT CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=corp,DC=com CONNECTIVITY INFORMATION FOR 3 SITES: ====

0, 1, 2
( 0) CN=US-NC,CN=Sites,CN=Configuration,DC=corp,DC=com
0:0:0, 100:15:0, -1:0:0

( 1) CN=US-TX,CN=Sites,CN=Configuration,DC=corp,DC=com
100:15:0, 0:0:0, -1:0:0

( 2) CN=US-WA,CN=Sites,CN=Configuration,DC=corp,DC=com
-1:0:0, -1:0:0, 0:0:0


----------

