When repadmin /showrepl shows errors, they are usually accompanied by an HResult error code (e.g., 0x2105). Below is a list of common replication error codes, their causes, and solutions.
🛠 Common AD Replication Error Codes & Fixes
1️⃣ Error: 1722 (0x6ba) - The RPC Server is Unavailable
📌 Cause:
- The destination domain controller (DC) is unreachable due to network/firewall issues.
- RPC endpoint mapper service is not running.
- DNS resolution issues.
✅ Fix:
- Ensure RPC is open: powershellCopyEdit
Test-NetConnection <DC-IP> -Port 135 - Verify DNS settings: powershellCopyEdit
nslookup <DC-Name> - Restart services: powershellCopyEdit
net stop ntds && net start ntds
2️⃣ Error: 8453 (0x2105) - Replication Access Was Denied
📌 Cause:
- The DCs do not have proper permissions to replicate.
- The “Enterprise Admins” or “Domain Admins” group permissions are missing.
✅ Fix:
- Ensure the source DC has the correct permissions:
- powershell
dsacls "CN=Configuration,DC=domain,DC=com"- Manually trigger replication using elevated credentials:
- powershell
repadmin /replicate <DestinationDC> <SourceDC> /force
3️⃣ Error: 1818 (0x71A) - The Remote Procedure Call was Cancelled
📌 Cause:
- A timeout occurred due to network latency or overloaded DCs.
✅ Fix:
- Increase RPC timeout:
- powershell
reg add HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v RpcTimeout /t REG_DWORD /d 120 /f- Check network congestion using: powershellCopyEdit
pathping <DC-IP>
4️⃣ Error: 8606 (0x219E) - Insufficient Attributes for Replication
📌 Cause:
- A DC is partially replicated and missing objects.
- Common after authoritative restores or schema mismatches.
✅ Fix:
- Check lingering objects:
- powershell
repadmin /removelingeringobjects <SourceDC> <DestDC_GUID> <NamingContext>- Re-register DNS and Global Catalog: powershellCopyEdit
net stop netlogon ipconfig /registerdns net start netlogon
5️⃣ Error: 8524 (0x214C) - The DSA Operation is Unable to Proceed Because of a DNS Lookup Failure
📌 Cause:
- The destination DC cannot resolve the source DC in DNS.
- Improper DNS delegation in multi-domain forests.
✅ Fix:
- Check current DCs in DNS:
- powershell
- n
slookup -type=SRV _ldap._tcp.dc._msdcs.domain.com - Ensure each DC points to a valid internal DNS.
6️⃣ Error: 1908 (0x774) - Could Not Find the Domain Controller
📌 Cause:
- The DC is offline, or a decommissioned DC is still referenced.
- DNS has stale records.
✅ Fix:
- Remove old DC references:
- powershell
nltest /dclist:domain.com- Check for orphaned records:
- powershell
dcdiag /test:dns- If a DC is permanently offline, use metadata cleanup: powershellCopyEdit
ntdsutil metadata cleanup
7️⃣ Error: 8545 (0x2151) - The Replication Topology is Invalid
📌 Cause:
- A DC lost its connection to the replication topology.
- Occurs after improper site link configurations.
✅ Fix:
- Force KCC to regenerate topology: powershellCopyEdit
repadmin /kcc <DC-Name> - Verify site links and bridgeheads:
- powershell
Get-ADReplicationSiteLink
8️⃣ Error: 1396 (0x574) - Logon Failure: Unknown User Name or Bad Password
📌 Cause:
- The replication account has expired credentials.
- The DCs are in a different authentication realm (e.g., Trust issue).
✅ Fix:
- Reset the
KRBTGTpassword: - powershell
netdom resetpwd /server:<PDC-Emulator> /userd:<Domain>\Administrator /passwordd:*- Ensure time sync is correct: powershellCopyEdit
w32tm /query /status
9️⃣ Error: 8457 (0x2109) - The Destination Server is Currently Rejecting Replication Requests
📌 Cause:
- The destination DC is in an invalid state (e.g., database corruption).
✅ Fix:
- Check if replication is disabled:
- powershell
repadmin /options <DC-Name>IfDISABLE_OUTBOUND_REPLorDISABLE_INBOUND_REPLis enabled, re-enable it: powershellCopyEditrepadmin /options <DC-Name> -DISABLE_OUTBOUND_REPL -DISABLE_INBOUND_REPL
🔄 Final Checks
After fixing errors, verify that replication is working correctly:
1️⃣ Run a full diagnostic
powershelldcdiag /c /v /e
2️⃣ Check replication health
powershellrepadmin /showrepl
3️⃣ Force synchronization
powershellrepadmin /syncall /AdeP