U-Tools: Unique Tools for Windows System Administrators
U-Move Help
Menu

Checking the Replication of AD

This step will check and verify that replication is working between correctly the old and the new domain controllers.

Check Replication

Click on the button Check Replication to run the replication tests. U-Move will run several tests to verify inter-DC replication is working correctly. It will also check that the FSMO role assignments are correct and consistent.

If all the tests succeed then you have successfully installed and configured the new replacement domain controller with the correct network configuration and with the correct DNS settings.

Congratulations! Click the Next button to proceed to the next step.

Troubleshooting Replication Errors

If the replication test failed, U-Move will generate and display a printed report that explains the reason that the replication test failed. You will then need to investigate the reason and correct it.

Replication errors are most commonly due to network configuration errors or DNS configuration errors.

You can run Dcdiag to diagnose these errors.

Verifying FSMO Roles

U-Move will also verify that the Flexible Single Operations Master (FSMO) role assignments are consistent and do not conflict between the old and new domain controllers.

If U-Move reports that the FSMO roles are inconsistent, it is almost always due to failed replication (see below). In rare cases the problem might be due to USN Rollback.

Common Problem: No Loopback Connectivity

A common problem is no loopback connectivity on the new replacement computer. This can happen if the new computer was installed with incorrect network or or DNS settings.

A domain controller always acts as is its own client. The NETLOGON service on the DC performs a network connection to the LDAP service (on the same DC) to query AD in order to validate logon passwords from client computers. This is called a loopback connection.

The local DC queries DNS to look up its own name on the network in order to connect back to itself. If DNS is misconfigured then the domain controller cannot “see” itself on the network, and users will not be able to log on.

The problem is usually due to a DNS configuration error that prevents loopback connectivity.

Another common cause is a configuration error with the DC's network interface controller (NIC) settings. For example the NIC might have been assigned the wrong static Internet address or the wrong netmask. To troubleshoot see Troubleshooting a Remote Connection.

Run Dcdiag on the new replacement computer to verify its network and DNS connectivity.

Common Problem: No Network Connectivity Between Domain Controllers

Another common problem is that one of the domain controllers cannot locate or 'see' the other DC on the network. This is most commonly due to DNS configuration error.

Run Dcdiag on the both computers to to verify their network and DNS connectivity with each other.

Common Problem: Dead domain controller

If the DC is permanently dead, you should remove its metadata from Active Directory. See Clean up Active Directory Domain Controller server metadata (Microsoft Docs).

More Information

For more information on how to troubleshoot Active Directory replication errors see the following topics:

How to override the U-Move warning message

For information on when you can safely ignore and override the warning message from U-Move so that you can continue with your DC upgrade project, see Warning: Replication Test Failed.