In this article we’ll take a look at the basic ways to fix Error 1722: The RPC server is unavailable when performing replication between Active Directory domain controllers. You can face the error both in the domain controller logs and when trying to start or check the replication status using the repadmin utility.
For example, you decided to check the current status of Active Directory domain controllers with the command:
repadmin / replsummary
As you can see, some domain controllers return an error (1722) The RPC server is unavailable. Based on this data, you can see some domain controllers can’t replicate AD data (or just inactive) for a few days.
Let’s consider the typical reasons for such an error:
- The domain controller is in the offline state (or broken);
- Changes have been made to the network or new firewall rules have been added;
- Incorrect DNS configuration on domain controllers or invalid DNS records;
- Poor network performance or large delays.
Verify that the specified domain controllers are powered on and the following Windows services are running on them:
- COM+ Event System;
- Remote Procedure Call (RPC);
- Active Directory Domain Services;
- DNS Client;
- DFS Replication;
- Intersite Messaging;
- Kerberos Key Distribution Center;
- Security Accounts Manager;
- Windows Time;
Note. Now let’s say a few words about how replication works in an Active Directory domain. Replication (Synchronization) Active Directory is a fully automated process. Each domain controller periodically picks up changes that occurred on other domain controllers (replication partners) to its database. It means that to make changes to dc01 from dc02, it is required that dc02 should be the replication partner with dc01, and then request these changes from dc01.
First of all, to verify that everything is fine with replication, you need to make sure that the UNC path \\lon-dc01 is available for reading SYSVOL and NETLOGON folders.
If they are not available, you need to check the permissions on the folders and check the availability of RPC TCP/UDP 135 ports, maybe they are blocked by the firewall.
To check if TCP port 135 on the domain controller returning error 1722 is in listening state, you can use telnet or the PowerShell Test-NetConnection cmdlet:
telnet lon-dc01 135
Test-NetConnection lon-dc01 –port 135
A frequent source of such problems is the incorrect DNS configuration on the DC. Check the correct DC server order is specified in the DC network connection settings. The primary address should be the address of another DC, and the secondary one is it’s own IP address.
For replication, Active Directory uses the dynamic range of TCP ports. Windows Server 2008 R2 (and higher) use the fooling range for TCP Dynamic RPC – from 49152 to 65535.
In some cases, an AD administrator can fix Active Directory replication traffic on a specific port. To do this, you must specify the port number in the domain controller registry. For example, to fix replication traffic on TCP port 5000 (0x1388), you need to change the registry key on the domain controller:
[HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters] "TCP/IP Port"=dword:00001388
In the event that firewalls are installed on your network, and the replication port AD is fixed, then on the newly promoted DC replication won’t work, because it will try to replicate with the partner through the port from the dynamic range, which is blocked by the firewall.
After you’ve fixed all the problems, you can run repadmin /replsummary command again, and check if the replication was successful. We also recommend to start AD replication manually and check for errors. Make sure that the dcdiag /a /q command does not return errors.
- Using Process Monitor (ProcMon) to Track File and Registry Changes - October 23, 2020
- Fix: Unable to Find a Default Server with Active Directory Web Services Running - October 23, 2020
- How to Fix Windows 10 Flashing Screen? - October 20, 2020