The error code literally translates to "Replication access was denied". Common triggers include:

If the DC has been offline longer than the or if the metadata is severely corrupted, the most reliable path may be to perform a metadata cleanup using ntdsutil , demote the server (forcibly if necessary), and re-promote it.

If the error occurs during manual replication (e.g., "Replicate Now" in AD Sites and Services), it's likely a permission gap.

The destination DC's computer account is missing critical flags like SERVER_TRUST_ACCOUNT or TRUSTED_FOR_DELEGATION .

Sometimes IPv6 using a loopback address as the primary DNS can interfere. Try temporarily disabling the IPv6 stack to see if connectivity restores. 5. Reset the Machine Account Password

You might simply be running DCDIAG without administrative privileges.

The account or the DC computer account doesn't have "Replicating Directory Changes" rights on the naming context.

Before diving into complex AD edits, ensure you are running your diagnostic tools correctly.