Microsoft KB Archive/257187

= RPC error messages are returned for Active Directory replication when time is out of synchronization =

Article ID: 257187

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q257187



SYMPTOMS
When you view the status of Active Directory replication between two domain controllers, the following error messages may be displayed for the result of the last replication attempt.

Error message 1

The RPC server is unavailable.

Error message 2

The RPC server is too busy to complete this operation.

Error message 3

Access is denied.

These error messages may be reported in the Event log through Active Directory Replication Monitor (Replmon.exe) from the Windows 2000 Support Tools or in Repadmin.exe from the Windows 2000 Support Tools.



CAUSE
This problem occurs because the time service does not record an event in the Event log when the Windows Time service is configured to synchronize time against a specific host and that host is not available.

By default, Windows 2000-based computers synchronize time. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

216734 How to configure an authoritative time server in Windows 2000

However, this behavior can be overridden by specifying a time server as described in the article.

If the time server is not available and the time difference between domain controllers drifts beyond the skew allowed by Kerberos, authentication between the two domain controllers may not succeed and the RPC error messages can result.



Service pack information
To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack



MORE INFORMATION
One method of synchronizing time amongst domain controllers is to use the net time command to synchronize the time with the computer that holds the Primary Domain Controller (PDC) Operations Master role.

Note If you do not know the name of your PDC, please contact your network administrator.

To synchronize the time with the PDC, use the following command. 

net time \\ /set /y

This command instructs the local computer to synchronize its time with the server named. The /set option specifies that the time not only be queried, but synchronized with the specified server. The /y switch skips the confirmation for changing the time on the local computer.

Another method is to use the W32tm.exe tool that is included with Windows 2000 to determine if a time server is explicitly configured for the local computer and if synchronizations against that host are not working. At a command prompt on the server displaying the error messages, type the following command:

w32tm.exe -v

In the following sample output, a time server named MYTIMESERVER has been configured, but it is unreachable by the local computer:   W32Time:       BEGIN:GetSocketForSynch W32Time:         NTP: ntpptrs[0] - MYTIMESERVER W32Time:         rgbNTPServer MYTIMESERVER W32Time:         NTP: gethostbyname failed W32Time:         Port Pinging to - 123 W32Time:         NTP: connect failed W32Time:      END:Line 1147 This article also fixes an incorrect calculation in the round trip which under certain conditions causes W32TIME and W32TM to potentially set the system time about 65 seconds ahead of real time.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows 2000 Service Pack 2.

Keywords: kbhotfixserver kbqfe kbbug kbenv kberrmsg kbrpc KB257187

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.