Weird Problem of the Day: Windows 2008 R2 and Windows 2003 DC’s Not Replicating
OK, one of our techs was onsite upgrading a basic single server DC/File Server/App Server. He joined the server to the domain, promoted it and ensured that the files in the sysvol share were replicating. Everything looked fine. He transferred the FSMO roles, again without error. When he ran the dcpromo on the old server to demote it, he got an errors saying that
"The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers"
Weird. So I had him do all the normal steps, moving FSMO back and forth, waiting 15 minutes, restarting netlogon and FRS services. Nothing helped. FRS was running, stuff was replicating, but apparently something was still missing.
Running "repadmin /showreps" yielded a few errors:
"Last attempt @ 2009-11-12 18:45:37 failed, result 1256 (0x4e8): The remote system is not available. For information about network troubleshooting, see Windows Help."
Bottom line, R2 and 2003 servers sometimes have security problems replicating between them. There is a hotfix, probably the worst-titled one in history, to fix it.
Crap huh? No way you would find that if you were searching for a problem with AD replication. There is a tiny note in there that one of the problems you might experience is replication-related. So we requested and ran the hotfix, rebooted and magically dcpromo worked as the maker intended it to. I hope that this makes it into a service pack or critical update at some point soon, because we have a lot of Windows 2003 servers that are eventually going to need to be replaced.