Professional Documents
Culture Documents
Symptoms
This article describes symptoms, cause and resolution steps for AD operations
that fail with Win32 error 1753: "There are no more endpoints available from the
endpoint mapper."
1. DCDIAG reports that the Connectivity test, Active Directory Replications test
or KnowsOfRoleHolders test has failed with error 1753: “There are no more
endpoints available from the endpoint mapper."
2. REPADMIN.EXE reports that replication attempt has failed with status 1753.
REPADMIN commands that commonly cite the 1753 status include but are
not limited to:
· REPADMIN /REPLSUM · REPADMIN /SHOWREPS
· REPADMIN /SHOWREPL · REPADMIN /SYNCALL
DC=contoso,DC=com
Default-First-Site-Name\CONTOSO-DC2 via RPC
DSA object GUID: 74fbe06c-932c-46b5-831b-af9e31f496b2
Last attempt @ <date> <time> failed, result 1753 (0x6d9):
There are no more endpoints available from the endpoint mapper.
<#> consecutive failure(s).
Last success @ <date> <time>.
The following error occurred during the attempt to contact the domain
controller: There are no more endpoints available from the endpoint
mapper.
---------------------------
OK
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 2/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
4. The "replicate now" command in Active Directory Sites and Services returns
"there are no more endpoints available from the endpoint mapper."
Dialog message text: The following error occurred during the attempt to
synchronize naming context <%directory partition name%> from Domain
Controller <Source DC> to Domain Controller <Destination DC>:
There are no more endpoints available from the endpoint mapper
Buttons in Dialog: OK
Active Directory events that commonly cite the 1753 status include but are
not limited to:
Event Source Event Event String
ID
NTDS KCC 1925 The attempt to establish a replication link for the
following writable directory partition failed.
Cause
The diagram below shows the RPC workflow starting with the registration of the
server application with the RPC Endpoint Mapper (EPM) in step 1 to the passing
of data from the RPC client to the client application in step 7.
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 3/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
1. Server app registers its endpoints with the RPC Endpoint Mapper (EPM)
2. Client makes an RPC call (on behalf of a user, OS or application initiated
operation)
3. Client side RPC contacts the target computers EPM and ask for the endpoint
to complete the client call
4. Server Machine's EPM responds with an endpoint
5. Client side RPC contacts the server app
6. Server app executes the call, returns the result to the client RPC
7. Client side RPC passes the result back to the client app
Failure 1753 is generated by a failure between steps 3 and 4. Specifically, error
1753 means that the RPC client (destination DC) was able to contact the RPC
Server (source DC) over port 135 but the EPM on the RPC Server (source DC) was
unable to locate the RPC application of interest and returned server side error
1753. The presence of the 1753 error indicates that the RPC client (destination
DC) received the server side error response from the RPC Server (AD replication
source DC) over the network.
1. The server app never started (i.e. Step 1 in the "more information" diagram
located above was never attempted).
2. The server app started but there was some failure during initialization that
prevented it from registering with the RPC Endpoint Mapper (i.e. Step 1 in
the "more information" diagram above was attempted but failed).
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 4/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
3. The server app started but subsequently died. (i.e. Step 1 in the "more
information" diagram above was completed successfully, but was undone
later because the server died).
4. The server app manually unregistered its endpoints (similar to 3 but
intentional. Not likely but included for completeness.)
5. The RPC client (destination DC) contacted a different RPC server than the
intended one due to a Name to IP mapping error in DNS, WINS or host /
lmhosts file.
a lack of network connectivity between the RPC client (destination DC) and
RPC Server (source DC) over port 135
a lack of network connectivity between the RPC server (source DC) using
port 135 and the RPC client (destination DC) over the ephemeral port.
a password mismatch or the inability by the source DC to decrypt a
Kerberos encrypted packet
Resolution
1. Verify that the service registering its service with the endpoint mapper
has started
For Windows 2000 and Windows Server 2003 DCs: ensure that the source
DC is booted into normal mode.
For Windows Server 2008 or Windows Server 2008 R2: from the console of
the source DC, start Services Manager (services.msc) and verify that the
Active Directory service is running. Active Directory appears as "Active
Directory Domain Services"
2. Verify that RPC client (destination DC) connected to the intended RPC
Server (source DC)
Stale NTDS Settings objects and bad name to IP mappings in DNS, WINS,
Host and LMHOST files may cause the RPC client (destination DC) to
connect to the wrong RPC Server (Source DC). Furthermore, the bad name
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 5/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
Verify that the object GUID for the source DC that exists in the destination
DCs copy of Active Directory matches the source DC object GUID stored in
the source DCs copy of Active Directory. If there is a discrepancy, use
repadmin /showobjmeta on the ntds settings object to see which one
corresponds to last promotion of the source DC (hint: compare date stamps
for the NTDS Settings object create date from /showobjmeta against the
last promotion date in the source DCs dcpromo.log file. You may have to
use the last modify / create date of the DCPROMO.LOG file itself). If the
object GUIDs are not identical, the destination DC likely has a stale NTDS
Settings object for the source DC whose CNAME record refers to a host
record with a bad name to IP mapping.
On the destination DC, run IPCONFIG /ALL to determine which DNS Servers
the destination DC is using for name resolution
c:\>ipconfig /all
On the destination DC, run NSLOOKUP against the source DCs fully
qualified DC CNAME record.
OR
b) Log onto the console of the source DC, run "IPCONFIG" from the CMD
prompt and verify that the source DC owns the IP address returned by the
NSLOOKUP command above
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 6/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
If the tests above or a network trace doesn’t show a name query returning
an invalid IP address, consider stale entries in HOST files, LMHOSTS files and
WINS Servers. Note that DNS Servers can also be configured to perform
WINS fallback name resolution.
3. Verify that the server application (Active Directory et al) has registered
with the endpoint mapper on the RPC server (source DC)
RPC Server Application Port TCP UDP Comments
DNS Server 53 √ √
Kerberos 88 √ √
Microsoft-DS 445 √ √
Active Directory and other applications also register services that receive
dynamically assigned ports in the RPC ephemeral port range. Such RPC
server applications are dynamically assigned TCP ports between 1024 and
5000 on Windows 2000 and Windows Server 2003 computers and ports
between 49152 and 65535 range on Windows Server 2008 and Windows
Server 2008 R2 computers. The RPC port used by replication can be hard-
coded in the registry using the steps documented in MSKB224196. Active
Directory continues to register with the EPM when configured to use a hard
coded port.
Verify that the RPC Server application of interest has registered itself with
the RPC endpoint mapper on the RPC Server (the source DC in the case of
AD replication).
There are a number of ways to accomplish this task but one is to install and
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 7/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
run PORTQRY from an admin privileged CMD prompt on the console of the
source DC using the syntax:
c:\>portquery -n <source DC> -e 135 >file.txt
In the portqry output, note the port numbers dynamically registered by the
"MS NT Directory DRS Interface" (UUID = 351...) for thencacn_ip_tcp
protocol. The snippet below shows sample portquery output from a
Windows Server 2008 R2 DC and the UUID / protocol pair specifically used
by Active Directory highlighted inbold:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS
Interface
ncacn_np:CONTOSO-DC01[\\pipe\\lsass]
4. Other causes
a. Verify that the source DC is booted in normal mode and that the OS and
DC role on the source DC have fully started
b. Verify that the Active Directory Domain Service is running. If the service is
currently stopped or was not configured with default startup values, reset
the default startup values, reboot the modified DC then retry the operation
c. Verify that the startup value and service status for RPC service and RPC
Locator is correct for OS version of the RPC Client (destination DC) and RPC
Server (source DC). If the service is currently stopped or was not configured
with default startup values, reset the default startup values, reboot the
modified DC then retry the operation
Startup Value Service Status
Windows 2000
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 8/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
d. Verify that the size the of the dynamic port range has not been
constrained. The Windows Server 2008 and Windows Server 2008 R2 NETSH
syntax to enumerate the RPC port range is shown below:
>netsh int ipv4 show dynamicport tcp
>netsh int ipv4 show dynamicport udp
>netsh int ipv6 show dynamicport tcp
>netsh int ipv6 show dynamicport udp
e. Verify that hard coded port definitions defined per MSKB 224196 fall
within the dynamic port range for source DCs OS version
Review MSKB 224196 and ensure that the hard coded port falls within the
ephemeral port range for the source DC's operating system version.
More Information
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 9/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
In frame 11, the source DC, in this case a member computer that does not yet
host the DC role and therefore has not registered the E351... UUID for the
Replication service with its local EPM responds with symbolic error
EP_S_NOT_REGISTERED which maps to decimal error 1753, hex error 0x6d9 and
friendly error "there are no more endpoints available from the endpoint
mapper".
Later, the member computer with IP address x.x.1.2 gets promoted as a replica
"MayberryDC" in the contoso.com domain. Again, the "replicate now" command
is used to trigger replication but this time fails with the on-screen error "the
target principal name is incorrect". The computer whose NIC owns the IP address
x.x.1.2 IS a domain controller, is currently booted into normal mode and has
registered the E351... replication service UUID with its local EPM but its does not
own the name / security identity of DC2 and cannot decrypt the Kerberos
request from DC1 so the request now fails with error "The target principal name
is incorrect." which maps to decimal error -2146893022 / hex error 0x80090322.
Summary: Example 1 failed because an invalid host to IP mapping (in the HOST
file in this case) caused the destination DC to resolve to a "source" DC that did
not have the AD service running (or even installed for that matter) so the
replication SPN was not yet registered and the source DC returned error 1753. In
the second case, an invalid host to IP mapping (again in the HOST file) caused
the destination DC to connect to a DC that had registered the E351... replication
SPN but that source had a different hostname and security identity than the
intended source DC so the attempts failed with error -2146893022: The target
principal name is incorrect.
Related Content
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 10/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
MSKB 839880: Troubleshooting RPC Endpoint Mapper errors using the Windows
Server 2003 Support Tools from the product CD
MSKB 832017 Service overview and network port requirements for the Windows
Server system
MSKB 224196 Restricting Active Directory replication traffic and client RPC traffic
to a specific port
MSKB 154596 How to configure RPC dynamic port allocation to work with
firewall
MSDN: How RPC works
MSDN: How to server prepares for a connection
MSDN: How the client establishes a connection
MSDN: Registering the interface
MSDN: Making the Server available on the network
MSDN: Registering endpoints
MSDN: Listening for client calls
MSDN: How the client establishes a connection
MSKB 224196 Restricting Active Directory replication traffic and client RPC traffic
to a specific port
Technet: SPN for a target DC in AD DS
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 11/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 12/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
Troubleshooting AD
Replication error 8606:
"Insufficient attributes were
given to create an object"
Active Directory Replication
Error 8614 The Active
Directory cannot replicate
with this server because the
time since the last
replication with this server
has exceeded the
tombstone lifetime
Active Directory Replication
Error An "Access denied" or
other security error has
caused replication problems
Active Directory Replication
Error -2146893022: "The
target principal name is
incorrect"
Active Directory Replication
Event ID
Troubleshoot Directory Services
issues in Windows 7 and in
Windows Server 2008 R2
AD replication fails with an RPC
issue after you set a static port for
NTDS in a Windows-based
domain environment
After you re-add a member server
to a DFS replication group in
Windows Server 2003 R2, initial
replication does not occur on the
member server, and changes in
the replicated folder are
replicated unexpectedly to other
replication partners
How to troubleshoot common
Active Directory replication errors
English (India)
Contact us Terms of use Privacy and cookies Trademarks Safety & eco © Microsoft 2019
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 13/14
1/16/2019 Active Directory Replication Error 1753: There are no more endpoints available from the endpoint mapper.
https://support.microsoft.com/en-in/help/2089874/active-directory-replication-error-1753-there-are-no-more-endpoints-av 14/14