In this article we’ll take a look at the basic ways to fix Error 1722: The RPC server is unavailable when performing replication between Active Directory domain controllers. You can face an error 1722 The RPC server is unavailable both in the domain controller logs and when you try to start or check the replication status using the repadmin utility.
For example, you decided to check the current status of Active Directory domain controllers with the command:
repadmin / replsummary
As you can see, some domain controllers return an error (1722) The RPC server is unavailable. Based on this data, you see that some domain controllers can’t replicate AD data (or just inactive) for a few days.
Let’s consider the typical reasons for such an error:
- Domain controller is in offline state (or broken);
- Changes have been made to the network or new firewall rules have been added;
- Incorrect DNS configuration on domain controllers or invalid DNS records;
- Poor network performance or large delays .
Verify that the specified domain controllers are powered on and that the following Windows services are running on them:
- COM+ Event System;
- Remote Procedure Call (RPC);
- Active Directory Domain Services;
- DNS Client;
- DFS Replication;
- Intersite Messaging;
- Kerberos Key Distribution Center;
- Security Accounts Manager;
- Windows Time;
Note. Now let’s say a few words about how replication works in an Active Directory domain. Replication (Synchronization) Active Directory is a fully automatic the process. Each domain controller periodically picks up changes to its database that occurred on other domain controllers (replication partners). This means that the changes made to dc01 on dc02 require that dc02 be the replication partner with dc01 and then request these changes from dc01.
First of all, to verify that everything is fine with replication, you need to make sure that the UNC path \\lon-dc01 is available for reading the SYSVOL and NETLOGON folder.
If they are not available, then you need to check the permissions on the folders and check the availability of RPC TCP/UDP 135 ports, maybe they are closed on the firewall.
To check that TCP port 135 on the domain controller that returns error 1722 is in listening state you can use telnet or the PowerShell Test-NetConnection cmdlet:
telnet lon-dc01 135
Test-NetConnection lon-dc01 –port 135
A frequent source of such problems is the incorrect DNS configuration on the DC. Verify that the correct DC server order is specified in the DC network connection settings that did not want to replicate. The primary address should be the address of another DC, and the secondary one is himself IP address.
For replication, Active Directory uses the dynamic range of TCP ports. Windows Server 2008 R2 (and higher) use the fooling range for TCP Dynamic RPC – from 49152 to 65535.
In some cases, an AD administrator can fix Active Directory replication traffic on a specific port. To do this, you must specify the port number in the domain controller registry. For example, to fix replication traffic on TCP port 5000 (0x1388), you need to change the registry key on the domain controller:
[HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters] "TCP/IP Port"=dword:00001388
In the event that firewalls are installed on your network, and the replication port AD is fixed, then on the newly promoted DC replication wont’ work, because it will try to replicate with the partner through the port from the dynamic range, which is blocked on the firewall.
After you’ve fixed all the problems, you can run the repadmin /replsummary command again, and check if the replication was successful. We also recommend to start AD replication manually and check for errors. Make sure that the dcdiag /a /q command does not returns errors.