The error code literally translates to "Replication access was denied". Common triggers include:

Sometimes IPv6 using a loopback address as the primary DNS can interfere. Try temporarily disabling the IPv6 stack to see if connectivity restores. 5. Reset the Machine Account Password

The destination DC's computer account is missing critical flags like SERVER_TRUST_ACCOUNT or TRUSTED_FOR_DELEGATION .

If the DC has been offline longer than the or if the metadata is severely corrupted, the most reliable path may be to perform a metadata cleanup using ntdsutil , demote the server (forcibly if necessary), and re-promote it.

Before diving into complex AD edits, ensure you are running your diagnostic tools correctly.

If you are seeing the error while running tools like DCDIAG , you've hit a classic Active Directory permissions or configuration roadblock. This error typically means a Domain Controller (DC) is trying to pull replication data but is being told "No" by its partner. Why is This Happening?

A common culprit for "access denied" is a misconfigured computer account. Run DCDIAG /TEST:MachineAccount on the affected DC.