This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 87%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Hello, I am taking over managing the AD for our team. The previous individual that was responsible for this has moved and is no longer reachable. We use several regions in AWS, and have basic services on each region such as AD Domain Controller, mail services, projects, etc. Last week I spun up a new Windows Server 2019 machine on each region, and set each up as a Domain Controller. The plan was to take town the old 2016 DC servers once the new 2019 machines are up and running. They all worked fine, except for one single region. Upon inspection, it would appear the old 2016 DC in this same region was never working right to begin with when it was setup by a previous member a few years ago. This region isn't used for much which is why this was never spotted until now.
Within the broken region, both Domain Controllers, on 2016 and 2019 can communicate with each other just fine. If I create a new server within that region, and join it to the domain, it says it joined to the domain, but it will only appear on those two Domain Controllers. I can not replicate this in any other region.
When running repadmin /replsummary on the new 2019 DC, it shows all success except for two servers, which are the main two domain controllers located physically in the office. The error message is "experienced the following operational errors trying to retrieve replication information". These both have error code 58. The DNS on the DCs in the broken region are the IPs of those two machines, the same setup as every other region.
The firewall has been updated, and temporarily opens all communication between all internal resources. I can confirm traffic is going through this rule, so there should be nothing on the network firewall preventing access. Is there something on the Windows Firewall itself that needs to be updated, or added, even though no other region did?
I have alot of information I can share, but I am not sure what would be most beneficial. I am fairly new to AD, and this has been a learning experience for me. Please let me know what other information would be useful to share. I have been in contact with Microsoft Support, but it has been more then one week and have only been told that they are looking into it and will get back to me soon. After a week of the same messages I am loosing hope that they will help resolve this. I would greatly appreciate anyone's help in trying to resolve this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Vicky