IBM Support

Optimizing Network Interface Card (NIC) settings and checking replication on a Windows Domain Controller (DC)

Troubleshooting


Problem

A corrupted or misconfigured Network Interface Card (NIC) can cause issues with replication. Optimizing Network Interface Card (NIC) settings and checking replication on a Windows Domain Controller (DC) are critical tasks for ensuring efficient network performance and Active Directory (AD) health.

Symptom

When the NIC is not configured correctly, clients may display various symptoms, such as:

  • Inconsistent Domain Controllers: Objects representing the replication topology, schedule, and permissions may not be consistent between domain controllers, leading to operational failures or inconsistent results.
  • Inconsistent Group Policy: Group Policy may not apply correctly due to inconsistent results, preventing the application of Group Policy and access control permissions.
  • User Accounts Not Syncing: Changes made on one domain controller may not be reflected on another domain controller in a different site, indicating a problem with intersite replication.
  • Replication Topology Issues: The replication topology, which determines how and when replication occurs, may be incorrect or outdated.
  • Error and Warning Events: The Directory Service event log may show red (Error) and yellow (Warning) events that suggest specific constraints causing replication failure.

Cause

Common causes of replication issues include:

  • DNS Problems: Incorrect or missing DNS records can prevent domain controllers from locating each other and cause replication failures.
  • Network Connectivity Issues: Network interruptions or misconfigurations can prevent the replication process from completing successfully.
  • Configuration Errors: Incorrect replication topology or scheduling can lead to replication failures.
  • Security Problems: Unauthorized access or security policies can prevent replication from occurring.
Time Mismatches: Inconsistent time settings between domain controllers can cause replication errors.

Environment

All versions of Windows Server.

Diagnosing The Problem

Before making changes, it is essential to check Replication for errors on the affected Domain Controller. Open a Command Prompt as Administrator.

  1. Use repadmin to Check Replication Status:
    • Run the following commands:
      • repadmin /replsummary: Displays a summary of replication status, including errors and the largest delta (time since last successful replication).
      • repadmin /showrepl: Shows detailed replication status for the current DC, including inbound and outbound partners.
      • repadmin /queue: Checks for pending replication tasks (a large queue may indicate issues).
      • repadmin /replsummary /errorsonly: Lists only replication errors for quick troubleshooting.
  2. Verify Site and Services Configuration:
    • Open Active Directory Sites and Services (dssite.msc).
    • Ensure DCs are in the correct sites and subnets are properly defined.
    • Check replication schedules and connection objects under NTDS Settings for each DC.
  3. Check Event Logs:
    • Open Event Viewer (eventvwr.msc).
    • Navigate to Windows Logs > System and Directory Service logs.
    • Look for errors related to replication (e.g., Event IDs 13508, 1925, or 1988).
  4. Use dcdiag for Comprehensive Health Checks:
    • Run dcdiag /v to perform a verbose diagnostic check of the DC.
    • Look for errors in tests like Replication, Advertising, FSMOCheck, and DNS.
    • To focus on replication, run dcdiag /test:replications.
  5. Force Replication (if needed):
    • To manually initiate replication, use:
      • repadmin /syncall /AdeP (synchronizes all partitions with all partners).
      • Check the output for errors.
    • Alternatively, in Active Directory Sites and Services, right-click a connection object under NTDS Settings and select Replicate Now.

Resolving The Problem

Optimizing NIC Settings on a Domain Controller

Optimizing NIC settings ensures efficient network communication, reduces latency, and minimizes potential bottlenecks. Here’s how to optimize NIC settings:

  1. Access NIC Configuration:
    • Log in to the Domain Controller with administrative credentials.
    • Open the Network Connections window: Press Win + R, type ncpa.cpl, and press Enter.
    • Right-click the active NIC and select Properties.
  2. Disable Unnecessary Protocols and Services:
    • In the NIC properties, uncheck unused protocols (e.g., File and Printer Sharing, QoS Packet Scheduler) to reduce overhead, but keep IPv4 and IPv6 (if used) enabled.
    • Ensure Client for Microsoft Networks and Internet Protocol Version 4 (TCP/IPv4) are enabled, as these are critical for AD.
  3. Configure Static IP and DNS:
    • Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
    • Set a static IP address, subnet mask, and default gateway.
    • If this is the only Domain Controller, set the Preferred DNS Server to the DC’s own IP address (or another DC in the same site). This will require a reboot for the changes to take effect.
    • For sites that have multiple DC, set the Preferred DNS Server to another DC or a reliable DNS server at the same site, and the Alternate DNS Server to another DC or a reliable DNS server off site, followed by the DC’s own IP address. This will require a reboot for the changes to take effect.
    • Avoid using public DNS servers (e.g., 8.8.8.8) as primary or alternate DNS, as this can break AD replication.
  4. Optimize NIC Advanced Settings:
    • In the NIC properties, click Configure next to the NIC name.
    • Navigate to the Advanced tab and adjust the following settings (exact names may vary by NIC vendor):
      • Speed and Duplex: Set to Auto-Negotiation unless there are known issues with the switch; otherwise, match the switch’s speed (e.g., 1 Gbps Full Duplex).
      • Receive Side Scaling (RSS): Enable RSS to distribute network load across multiple CPU cores.
      • Interrupt Moderation: Enable to reduce CPU interrupts, but test for performance impact.
      • Jumbo Frames: If supported by your network, enable and set to 9000 bytes for improved throughput (ensure switches and other devices support this).
      • Energy-Efficient Ethernet: Disable to avoid performance degradation.
      • Flow Control: Enable to manage network congestion, but test to ensure it doesn’t cause delays.
  5. Disable NIC Power Management:
    • In the NIC’s Configure window, go to the Power Management tab.
    • Uncheck Allow the computer to turn off this device to save power to prevent the NIC from being disabled during operation.
  6. Enable DNS Dynamic Updates:
    • Ensure the DC registers its DNS records properly:
      • Open a Command Prompt as Administrator.
      • Run ipconfig /registerdns to force DNS registration.
      • Verify DNS records in the DNS management console (dnsmgmt.msc).
  7. Test Connectivity:
    • Use ping to test connectivity to other DCs, clients, and critical servers.
    • Run tracert to check for network latency or routing issues.
    • Use netsh interface ipv4 show interfaces to verify NIC status.
  8. Monitor Performance:
    • Use Performance Monitor (perfmon.msc) to track network utilization and errors.
    • Add counters like Network Interface\Bytes Total/sec and Network Interface\Packets Received Errors to identify bottlenecks.
  9. Check Replication on the Domain Controller following steps above.

Additional Notes

  • Security Considerations: Ensure only authorized personnel can modify NIC or AD settings. Regularly update and patch the DC to mitigate vulnerabilities.
  • Backup: Before making changes, back up the AD system state using Windows Server Backup or a third-party tool.
  • Monitoring Tools: Consider using tools like Microsoft System Center Operations Manager (SCOM) or third-party solutions for ongoing replication and network monitoring.
  • Documentation: Document all changes to NIC settings and replication configurations for troubleshooting and auditing.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSTIPK","label":"Microsoft Windows"},"ARM Category":[{"code":"a8mKe000000004NIAQ","label":"Windows"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":""}]

Document Information

Modified date:
01 August 2025

UID

ibm17241263

Page Feedback