Active Directory replication disabled because the source or destination DC is rejecting replication requests
The source server is currently rejecting replication requests. / The destination server is currently rejecting replication requests.
Active Directory automatically disabled inbound or outbound replication on a domain controller due to one of three triggering conditions: a USN rollback was detected, the DSA Not Writable registry flag was set, or the NETLOGON service was paused due to a critical problem such as insufficient disk space. The DC is quarantined to prevent propagation of potentially corrupt or rolled-back directory data. Replication will not resume until the underlying trigger is investigated and resolved.
The source server is currently rejecting replication requests. / The destination server is currently rejecting replication requests.
Why it happens
A USN (Update Sequence Number) rollback occurred on the DC, most commonly because a virtual machine snapshot was reverted or a non-VSS-aware backup was restored. The OS detected the rollback via NTDS General Event 2103 and quarantined the DC to prevent a USN bubble from corrupting the directory.
The DSA Not Writable registry value (HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\DSA Not Writable) was set to a non-zero value by the system or manually, disabling outgoing Active Directory replication.
The NETLOGON service was paused because the physical or virtual drive hosting the Active Directory database or log files ran out of free disk space, triggering NTDS General Event 1393.
How to fix it
Determine the triggering cause before attempting recovery. Check the Directory Services event log for: NTDS General Event 2103 (USN rollback), NTDS General Event 1393 (disk space), or a non-zero value in the DSA Not Writable registry key.
Check the DSA Not Writable value: `reg query HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "DSA Not Writable"`. A value of 4 confirms a USN rollback. A value of 8 or 10 indicates insufficient disk space.
For USN rollback (value = 4): a USN rollback is a serious condition. The safest recovery path is to force-demote the affected DC using `dcpromo /forceremoval`, clean up its metadata with `ntdsutil` metadata cleanup, then repromote it. Do not simply re-enable replication without understanding why the rollback occurred — if the VM snapshot was applied, ensure VM-level snapshots are never used for DC backups going forward. Use Windows Server Backup with VSS instead.
For insufficient disk space (value = 8 or 10): free disk space on the drive hosting the AD database and log files (typically C:\Windows\NTDS). Check space with `dir C:\windows\ntds`. Once sufficient space is available, restart the NETLOGON service and re-check replication.
Once the root cause is resolved and it is safe to resume replication: delete the DSA Not Writable registry value (`reg delete HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "DSA Not Writable"`), ensure NETLOGON is running, and re-enable replication with `repadmin /options <DC> -DISABLE_INBOUND_REPL` and `repadmin /options <DC> -DISABLE_OUTBOUND_REPL`.
After re-enabling replication, run `repadmin /replsummary` and `dcdiag /test:replications` to confirm replication has resumed successfully across all partitions.
