Before this can happen, on startup, the driver must create an RPC connection with each Domain Controller to make sure that passwords can sync. The driver uses the following steps to obtain the connection.
How Domain Controllers Are Located in Windows
Step 2- The driver follows the normal Microsoft steps of getting the Domain Controller information to get a list of Domain Controllers and then contacts them using Microsofts' Remote Procedure Calls.
If network or Microsoft RPC problems exist with any of the Domain Controllers, an Event ID 9 will show up in the Application event log and passwords will not sync from the problem Domain Controllers until the issue is resolved. However, Domain Controllers that connect successfully will continue to sync passwords.
In addition, when the driver contacts the filters via an RPC, an RPC is made back to the driver. Because of this, the RPC to the filter can succeed but the RPC back to the driver could return an error. Since the second RPC was made within the first RPC the error from the second RPC is returned through the first one. Therefor, RPC should be checked from both directions.
You can find what servers to work on and what the issue may be by doing the following steps.
Step 1- Get a level 5 trace on the Remote Loader (if not using Remote Loader, get a level 5 trace from the engine) of the driver starting up. In that trace you will see each Domain Controller contacted and whether or not there was a problem.
SetFilterInfo() returned 0x00000000
SetFilterInfo() returned 0x000006D9 or some other RPC error code
Step 2- Fix the problem by checking the Microsoft support site for more information.
How to troubleshoot RPC Endpoint Mapper errors