In environments where Active Directory needs to traverse network boundaries, the network ports for remote procedure calls (RPCs) for Active Directory replication can be configured as a static port instead of the default configuration of a random high port.
However, this might pose problems in your Windows-based domain environment.
The situation
In a Windows-based domain environment where Domain Controllers are configured with static TCP ports on which the NTDS service listens and responds to incoming remote procedure calls (RPCs), Active Directory replication may fail with an RPC issue. This issue may include all symptoms in :
- 2089874 Troubleshooting AD Replication error 1753: There are no more endpoints available from the endpoint mapper.
2102154 Troubleshooting AD Replication error 1722: The RPC server is unavailable
The issue
When the static port for the NTDS service is successfully registered with the endpoint mapper, a dynamic port is also registered. However, the static port is not always returned by the endpoint mapper as first priority. If a dynamic port is returned and is also blocked by the firewall, it may cause the issue that is described above.
The solution
To resolve this issue for Windows Server 2012 R2-based Domain Controllers, update them with the May 2014 update rollup: 2955164 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: May 2014
Concluding
Update Windows Server 2012 R23-based Domain Controllers with the May 2014 update rollup when you want to configure static ports for remote procedure calls (RPCs) for Active Directory replication.
Related KnowledgeBase Articles
2912805 AD replication fails with an RPC issue after you set a static port for NTDS in a Windows-based domain environment
2089874 Troubleshooting AD Replication error 1753: There are no more endpoints available from the endpoint mapper.
2102154 Troubleshooting AD Replication error 1722: The RPC server is unavailable
Login