AD replication issue
in [Active Directory]
|
From: seth on 11 Dec 2007 15:12 ok here is what happened... in our remote datacenter, there was an electrical issue and lost power everything came back up ok, but the 2 dc's there (2003 SP2) that are older systems and the date reset to january 2002 (since fixed) this is the cause of the event below. i'm trying to determine the best way to resolve it. at the same time, users are being prompted for credentials when getting their mail. not sure if exchange (2003 SP2) is affected by this or if it's a separate issue here is the event: Event Type: Error Event Source: NTDS Replication Event Category: Replication Event ID: 2042 Date: 12/11/2007 Time: 2:55:46 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: <computername> Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. The reason that replication is not allowed to continue is that the two machine's views of deleted objects may now be different. The source machine may still have copies of objects that have been deleted (and garbage collected) on this machine. If they were allowed to replicate, the source machine might return objects which have already been deleted. Time of last successful replication: 2002-01-28 06:53:13 Invocation ID of source: 0478f6c8-f6b8-0478-0100-000000000000 Name of source: 8cf34e45-547f-48d8-9870-bc0d59d31827._msdcs.<domain>.com Tombstone lifetime (days): 60 The replication operation has failed. User Action: Determine which of the two machines was disconnected from the forest and is now out of date. You have three options: 1. Demote or reinstall the machine(s) that were disconnected. 2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent deleted objects and then resume replication. 3. Resume replication. Inconsistent deleted objects may be introduced. You can continue replication by using the following registry key. Once the systems replicate once, it is recommended that you remove the key to reinstate the protection. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
From: seth on 11 Dec 2007 15:18 In addition, there is another issue (not sure if related) on the other dc's at this location referencing servers at the remote datacenter. Event Type: Error Event Source: Kerberos Event Category: None Event ID: 4 Date: 12/11/2007 Time: 3:06:54 PM User: N/A Computer: <computername> Description: The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/<fqdn>. The target name used was domain\computer$. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (domain), and the client realm. Please contact your system administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. "seth" <me(a)theoffice.net> wrote in message news:%23o3pgIDPIHA.1168(a)TK2MSFTNGP02.phx.gbl... > ok here is what happened... > > in our remote datacenter, there was an electrical issue and lost power > > everything came back up ok, but the 2 dc's there (2003 SP2) that are older > systems and the date reset to january 2002 (since fixed) > this is the cause of the event below. i'm trying to determine the best > way to resolve it. > at the same time, users are being prompted for credentials when getting > their mail. > not sure if exchange (2003 SP2) is affected by this or if it's a separate > issue > here is the event: > > Event Type: Error > Event Source: NTDS Replication > Event Category: Replication > Event ID: 2042 > Date: 12/11/2007 > Time: 2:55:46 PM > User: NT AUTHORITY\ANONYMOUS LOGON > Computer: <computername> > Description: > It has been too long since this machine last replicated with the named > source machine. The time between replications with this source has > exceeded the tombstone lifetime. Replication has been stopped with this > source. > The reason that replication is not allowed to continue is that the two > machine's views of deleted objects may now be different. The source > machine may still have copies of objects that have been deleted (and > garbage collected) on this machine. If they were allowed to replicate, the > source machine might return objects which have already been deleted. > Time of last successful replication: > 2002-01-28 06:53:13 > Invocation ID of source: > 0478f6c8-f6b8-0478-0100-000000000000 > Name of source: > 8cf34e45-547f-48d8-9870-bc0d59d31827._msdcs.<domain>.com > Tombstone lifetime (days): > 60 > > The replication operation has failed. > > User Action: > > Determine which of the two machines was disconnected from the forest and > is now out of date. You have three options: > > 1. Demote or reinstall the machine(s) that were disconnected. > 2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent > deleted objects and then resume replication. > 3. Resume replication. Inconsistent deleted objects may be introduced. You > can continue replication by using the following registry key. Once the > systems replicate once, it is recommended that you remove the key to > reinstate the protection. > Registry Key: > HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication > With Divergent and Corrupt Partner > > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > >
From: Jorge Silva on 11 Dec 2007 15:29 Hi That error simple means that the DC passed your forest tombstone-lifetime. Fastest way to solve this is to manually remove the AD from the DC, then perform metadacleanup, then add the server as additional DC again, and make sure that in future you monitor the replication in your DCs. If that isn't acceptable check: http://207.46.196.114/windowsserver/en/library/34c15446-b47f-4d51-8e4a-c14527060f901033.mspx?mfr=true http://support.microsoft.com/kb/216993 -- I hope that the information above helps you. Have a Nice day. Jorge Silva MCSE, MVP Directory Services "seth" <me(a)theoffice.net> wrote in message news:%23o3pgIDPIHA.1168(a)TK2MSFTNGP02.phx.gbl... > ok here is what happened... > > in our remote datacenter, there was an electrical issue and lost power > > everything came back up ok, but the 2 dc's there (2003 SP2) that are older > systems and the date reset to january 2002 (since fixed) > this is the cause of the event below. i'm trying to determine the best > way to resolve it. > at the same time, users are being prompted for credentials when getting > their mail. > not sure if exchange (2003 SP2) is affected by this or if it's a separate > issue > here is the event: > > Event Type: Error > Event Source: NTDS Replication > Event Category: Replication > Event ID: 2042 > Date: 12/11/2007 > Time: 2:55:46 PM > User: NT AUTHORITY\ANONYMOUS LOGON > Computer: <computername> > Description: > It has been too long since this machine last replicated with the named > source machine. The time between replications with this source has > exceeded the tombstone lifetime. Replication has been stopped with this > source. > The reason that replication is not allowed to continue is that the two > machine's views of deleted objects may now be different. The source > machine may still have copies of objects that have been deleted (and > garbage collected) on this machine. If they were allowed to replicate, the > source machine might return objects which have already been deleted. > Time of last successful replication: > 2002-01-28 06:53:13 > Invocation ID of source: > 0478f6c8-f6b8-0478-0100-000000000000 > Name of source: > 8cf34e45-547f-48d8-9870-bc0d59d31827._msdcs.<domain>.com > Tombstone lifetime (days): > 60 > > The replication operation has failed. > > User Action: > > Determine which of the two machines was disconnected from the forest and > is now out of date. You have three options: > > 1. Demote or reinstall the machine(s) that were disconnected. > 2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent > deleted objects and then resume replication. > 3. Resume replication. Inconsistent deleted objects may be introduced. You > can continue replication by using the following registry key. Once the > systems replicate once, it is recommended that you remove the key to > reinstate the protection. > Registry Key: > HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication > With Divergent and Corrupt Partner > > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > >
From: seth on 11 Dec 2007 15:47 i think i will blow away AD on these machines and start over....especially what has happened in the last hour: Event Type: Warning Event Source: NTDS Replication Event Category: Replication Event ID: 2093 Date: 12/11/2007 Time: 2:26:04 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: <computername> Description: The remote server which is the owner of a FSMO role is not responding. This server has not replicated with the FSMO role owner recently. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: DC=<domain>,DC=com FSMO Server DN: CN=NTDS Settings,CN=<computer>,CN=Servers,CN=Boston,CN=Sites,CN=Configuration,DC=<domain>,DC=com Latency threshold (hours): 24 Elapsed time since last successful replication (hours): 24 User Action: This server has not replicated successfully with the FSMO role holder server. 1. The FSMO role holder server may be down or not responding. Please address the problem with this server. 2. Determine whether the role is set properly on the FSMO role holder server. If the role needs to be adjusted, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. 3. If the FSMO role holder server used to be a domain controller, but was not demoted successfully, then the objects representing that server are still in the forest. This can occur if a domain controller has its operating system reinstalled or if a forced removal is performed. These lingering state objects should be removed using the NTDSUTIL.EXE metadata cleanup function. 4. The FSMO role holder may not be a direct replication partner. If it is an indirect or transitive partner, then there are one or more intermediate replication partners through which replication data must flow. The total end to end replication latency should be smaller than the replication latency threshold, or else this warning may be reported prematurely. 5. Replication is blocked somewhere along the path of servers between the FSMO role holder server and this server. Consult your forest topology plan to determine the likely route for replication between these servers. Check the status of replication using repadmin /showrepl at each of these servers. The following operations may be impacted: Schema: You will no longer be able to modify the schema for this forest. Domain Naming: You will no longer be able to add or remove domains from this forest. PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts. RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups. Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: NTDS Replication Event Category: Replication Event ID: 1863 Date: 12/11/2007 Time: 2:26:04 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: <computername> Description: This is the replication status for the following directory partition on the local domain controller. Directory partition: DC=<domain>,DC=com The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. Latency Interval (Hours): 24 Number of domain controllers in all sites: 1 Number of domain controllers in this site: 1 The latency interval can be modified with the following registry key. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>". For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. "Jorge Silva" <jorgesilva_pt(a)hotmail.com> wrote in message news:exJU%23RDPIHA.5264(a)TK2MSFTNGP02.phx.gbl... > Hi > That error simple means that the DC passed your forest tombstone-lifetime. > Fastest way to solve this is to manually remove the AD from the DC, then > perform metadacleanup, then add the server as additional DC again, and > make sure that in future you monitor the replication in your DCs. > > If that isn't acceptable check: > http://207.46.196.114/windowsserver/en/library/34c15446-b47f-4d51-8e4a-c14527060f901033.mspx?mfr=true > http://support.microsoft.com/kb/216993 > -- > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MCSE, MVP Directory Services > > > "seth" <me(a)theoffice.net> wrote in message > news:%23o3pgIDPIHA.1168(a)TK2MSFTNGP02.phx.gbl... >> ok here is what happened... >> >> in our remote datacenter, there was an electrical issue and lost power >> >> everything came back up ok, but the 2 dc's there (2003 SP2) that are >> older systems and the date reset to january 2002 (since fixed) >> this is the cause of the event below. i'm trying to determine the best >> way to resolve it. >> at the same time, users are being prompted for credentials when getting >> their mail. >> not sure if exchange (2003 SP2) is affected by this or if it's a separate >> issue >> here is the event: >> >> Event Type: Error >> Event Source: NTDS Replication >> Event Category: Replication >> Event ID: 2042 >> Date: 12/11/2007 >> Time: 2:55:46 PM >> User: NT AUTHORITY\ANONYMOUS LOGON >> Computer: <computername> >> Description: >> It has been too long since this machine last replicated with the named >> source machine. The time between replications with this source has >> exceeded the tombstone lifetime. Replication has been stopped with this >> source. >> The reason that replication is not allowed to continue is that the two >> machine's views of deleted objects may now be different. The source >> machine may still have copies of objects that have been deleted (and >> garbage collected) on this machine. If they were allowed to replicate, >> the source machine might return objects which have already been deleted. >> Time of last successful replication: >> 2002-01-28 06:53:13 >> Invocation ID of source: >> 0478f6c8-f6b8-0478-0100-000000000000 >> Name of source: >> 8cf34e45-547f-48d8-9870-bc0d59d31827._msdcs.<domain>.com >> Tombstone lifetime (days): >> 60 >> >> The replication operation has failed. >> >> User Action: >> >> Determine which of the two machines was disconnected from the forest and >> is now out of date. You have three options: >> >> 1. Demote or reinstall the machine(s) that were disconnected. >> 2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent >> deleted objects and then resume replication. >> 3. Resume replication. Inconsistent deleted objects may be introduced. >> You can continue replication by using the following registry key. Once >> the systems replicate once, it is recommended that you remove the key to >> reinstate the protection. >> Registry Key: >> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication >> With Divergent and Corrupt Partner >> >> >> For more information, see Help and Support Center at >> http://go.microsoft.com/fwlink/events.asp. >> >> > >
From: Jorge Silva on 12 Dec 2007 09:44 good luck. -- I hope that the information above helps you. Have a Nice day. Jorge Silva MCSE, MVP Directory Services "seth" <me(a)theoffice.net> wrote in message news:ObbaKcDPIHA.484(a)TK2MSFTNGP06.phx.gbl... >i think i will blow away AD on these machines and start over....especially >what has happened in the last hour: > > Event Type: Warning > Event Source: NTDS Replication > Event Category: Replication > Event ID: 2093 > Date: 12/11/2007 > Time: 2:26:04 PM > User: NT AUTHORITY\ANONYMOUS LOGON > Computer: <computername> > Description: > > The remote server which is the owner of a FSMO role is not responding. > This server has not replicated with the FSMO role owner recently. > > Operations which require contacting a FSMO operation master will fail > until this condition is corrected. > > FSMO Role: DC=<domain>,DC=com > FSMO Server DN: CN=NTDS > Settings,CN=<computer>,CN=Servers,CN=Boston,CN=Sites,CN=Configuration,DC=<domain>,DC=com > Latency threshold (hours): 24 > Elapsed time since last successful replication (hours): 24 > > User Action: > > This server has not replicated successfully with the FSMO role holder > server. > 1. The FSMO role holder server may be down or not responding. Please > address the problem with this server. > 2. Determine whether the role is set properly on the FSMO role holder > server. If the role needs to be adjusted, utilize NTDSUTIL.EXE to transfer > or seize the role. This may be done using the steps provided in KB > articles 255504 and 324801 on http://support.microsoft.com. > 3. If the FSMO role holder server used to be a domain controller, but was > not demoted successfully, then the objects representing that server are > still in the forest. This can occur if a domain controller has its > operating system reinstalled or if a forced removal is performed. These > lingering state objects should be removed using the NTDSUTIL.EXE metadata > cleanup function. > 4. The FSMO role holder may not be a direct replication partner. If it is > an indirect or transitive partner, then there are one or more intermediate > replication partners through which replication data must flow. The total > end to end replication latency should be smaller than the replication > latency threshold, or else this warning may be reported prematurely. > 5. Replication is blocked somewhere along the path of servers between the > FSMO role holder server and this server. Consult your forest topology > plan to determine the likely route for replication between these servers. > Check the status of replication using repadmin /showrepl at each of these > servers. > > The following operations may be impacted: > Schema: You will no longer be able to modify the schema for this forest. > Domain Naming: You will no longer be able to add or remove domains from > this forest. > PDC: You will no longer be able to perform primary domain controller > operations, such as Group Policy updates and password resets for > non-Active Directory accounts. > RID: You will not be able to allocation new security identifiers for new > user accounts, computer accounts or security groups. > Infrastructure: Cross-domain name references, such as universal group > memberships, will not be updated properly if their target object is moved > or renamed. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > Event Type: Error > Event Source: NTDS Replication > Event Category: Replication > Event ID: 1863 > Date: 12/11/2007 > Time: 2:26:04 PM > User: NT AUTHORITY\ANONYMOUS LOGON > Computer: <computername> > Description: > This is the replication status for the following directory partition on > the local domain controller. > > Directory partition: > DC=<domain>,DC=com > > The local domain controller has not received replication information from > a number of domain controllers within the configured latency interval. > > Latency Interval (Hours): > 24 > Number of domain controllers in all sites: > 1 > Number of domain controllers in this site: > 1 > > The latency interval can be modified with the following registry key. > > Registry Key: > HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency > error interval (hours) > > To identify the domain controllers by name, install the support tools > included on the installation CD and run dcdiag.exe. > You can also use the support tool repadmin.exe to display the replication > latencies of the domain controllers in the forest. The command is > "repadmin /showvector /latency <partition-dn>". > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > "Jorge Silva" <jorgesilva_pt(a)hotmail.com> wrote in message > news:exJU%23RDPIHA.5264(a)TK2MSFTNGP02.phx.gbl... >> Hi >> That error simple means that the DC passed your forest >> tombstone-lifetime. >> Fastest way to solve this is to manually remove the AD from the DC, then >> perform metadacleanup, then add the server as additional DC again, and >> make sure that in future you monitor the replication in your DCs. >> >> If that isn't acceptable check: >> http://207.46.196.114/windowsserver/en/library/34c15446-b47f-4d51-8e4a-c14527060f901033.mspx?mfr=true >> http://support.microsoft.com/kb/216993 >> -- >> I hope that the information above helps you. >> Have a Nice day. >> >> Jorge Silva >> MCSE, MVP Directory Services >> >> >> "seth" <me(a)theoffice.net> wrote in message >> news:%23o3pgIDPIHA.1168(a)TK2MSFTNGP02.phx.gbl... >>> ok here is what happened... >>> >>> in our remote datacenter, there was an electrical issue and lost power >>> >>> everything came back up ok, but the 2 dc's there (2003 SP2) that are >>> older systems and the date reset to january 2002 (since fixed) >>> this is the cause of the event below. i'm trying to determine the best >>> way to resolve it. >>> at the same time, users are being prompted for credentials when getting >>> their mail. >>> not sure if exchange (2003 SP2) is affected by this or if it's a >>> separate issue >>> here is the event: >>> >>> Event Type: Error >>> Event Source: NTDS Replication >>> Event Category: Replication >>> Event ID: 2042 >>> Date: 12/11/2007 >>> Time: 2:55:46 PM >>> User: NT AUTHORITY\ANONYMOUS LOGON >>> Computer: <computername> >>> Description: >>> It has been too long since this machine last replicated with the named >>> source machine. The time between replications with this source has >>> exceeded the tombstone lifetime. Replication has been stopped with this >>> source. >>> The reason that replication is not allowed to continue is that the two >>> machine's views of deleted objects may now be different. The source >>> machine may still have copies of objects that have been deleted (and >>> garbage collected) on this machine. If they were allowed to replicate, >>> the source machine might return objects which have already been deleted. >>> Time of last successful replication: >>> 2002-01-28 06:53:13 >>> Invocation ID of source: >>> 0478f6c8-f6b8-0478-0100-000000000000 >>> Name of source: >>> 8cf34e45-547f-48d8-9870-bc0d59d31827._msdcs.<domain>.com >>> Tombstone lifetime (days): >>> 60 >>> >>> The replication operation has failed. >>> >>> User Action: >>> >>> Determine which of the two machines was disconnected from the forest and >>> is now out of date. You have three options: >>> >>> 1. Demote or reinstall the machine(s) that were disconnected. >>> 2. Use the "repadmin /removelingeringobjects" tool to remove >>> inconsistent deleted objects and then resume replication. >>> 3. Resume replication. Inconsistent deleted objects may be introduced. >>> You can continue replication by using the following registry key. Once >>> the systems replicate once, it is recommended that you remove the key to >>> reinstate the protection. >>> Registry Key: >>> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication >>> With Divergent and Corrupt Partner >>> >>> >>> For more information, see Help and Support Center at >>> http://go.microsoft.com/fwlink/events.asp. >>> >>> >> >> > >
|
Pages: 1 Prev: Domain Controller backup Next: Account Lockout event log only recorded ... sometimes |