No announcement yet.

Replication errors after Acronis Universal Restore

  • Filter
  • Time
  • Show
Clear All
new posts

  • Replication errors after Acronis Universal Restore


    I am after advice, I hope someone is able to point me in the correct direction.

    We have four sites in different cities, Head Office and three branch sites. Head Office and one branch site have been set up with a VPN joining them, Head Office has a SBS 2003 box (PDC) and the connected branch has a 2003 R2 server (DC). The remaining branches aren't connected yet but will be once these problems are resolved.

    Replication has been working well for a year or so until we had to install new server hardware at Head Office and the connected branch. We elected to use Acronis Universal Restore which allowed the old servers to be restored to the new hardware. This option was used because the old servers had third party software installed that is no longer supported but is critical to the running of the company. Installation disks, licenses and support is no longer available!

    After completing the restore the servers have performed individually well with the OS and applications functioning well. Our problem is with the replication between the sites. We are receiving in the branch site Kerberos 4 errors in the system log, and a variety of Userenv 1006, 1030 and 1053 to name a few. I'm sure it can be fixed but due to the Kerberos error and feeling that the OS does see the DC as a duplicate name/computer in the same realm, I'm not sure if it is possible to repair the error or if it is better to remove the domain controller from the network including removing the server from the PDC and then adding the DC back into the network?

    Should the best action be to remove and add the server back into the network, I am not sure how to correctly document the current settings for AD, DNS and WINS replication to ensure the network is returned to its original state as I didn't set up the replication in the first place. Also the branch is a 3 hour plane flight from where I am located at Head Office, I do have limited help from an employee in the branch but need to obviously plan this well.

    Thanks for reading, I hope someone can give me some advice.

    Last edited by Zinzan; 11th April 2008, 15:11. Reason: Better title needed

  • #2
    Re: Replication errors

    Well I've never had to deal with a multi-site environment so I might not be able to help too much but here's a link on troubleshooting replication

    Also, if you do end up demoting/promoting the branch office DC then you may want to use this method since having a fast connection for the initial replication isn't possible

    PS - There is no PDC or BDCs in Active Directory. AD is a multi-master environment. There is, however, a PDC emulator FSMO role.

    PPS - if you are using an application that is no longer supported and you don't have the media to reinstall it and it's a business critical application then it sounds like a disaster waiting to happen. You should find a replacement product ASAP.

    PPPS - moved to the AD forum

    Network Consultant/Engineer
    Baltimore - Washington area and beyond


    • #3
      Re: Replication errors after Acronis Universal Restore

      It does seem like restoring AD on a different machine sometimes causes Kerberos problems.

      One of my friends had exactly the same issue last week.

      After trying to reset the computer account with netdom, delete the Kerberos cache with klist, he elected to do a demote, make sure all the metadata for this DC was gone, and re-promoted it.

      I didn't have a chance to troubleshoot it a lot more than that .

      If the demote/promote is not an option, I recommend using the kerberos troubleshooting guide by microsoft as a start..
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah


      • #4
        Re: Replication errors after Acronis Universal Restore

        Thank you for your advice Gepeto and JeremyW, I think I will demote the DC ensuring all metadata is gone. I feel the fix option could take too much time until all of the errors are resolved.

        Is there anything special I need to do on the SBS 2003 server? or is the procedure the same to the PDC being a 2003 server.

        Thanks again,



        • #5
          Re: Replication errors after Acronis Universal Restore

          I have never worked in environments with SBS, especially not ones with SBS as a DC with other 2003 standard DCs.

          However, it probably behaves in the same way. In that case, just demote your problematic server, if it demotes cleanly, just wait until the change is replicated everywhere, and repromote it.

          If you have a hard time repromoting it because it still "exists" in AD, you will need to go clean the metadata with ntdsutil.
          VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah


          • #6
            Re: Replication errors after Acronis Universal Restore

            I'm sorry it has been a while since I have posted. This was mainly due to a work around that allowed us to plan the fix when we were less busy. The attempted fix was completed yesterday and with only some success. This is what I did;

            1. Attempted to gracefully demote the 2003 server. It failed so I performed a forced removal.

            2. Cleaned up metadata as per instructions on this site. I stopped after ntdsutil as I intended to promote the 2003 server with the same name etc. I did have one error after initiated "remove selected server" which reported that there was a missing FRS entry, but it continued without any further problems.

            3. Promoted the 2003 server which didn't report any errors throughout the process. Checked AD by changing a description on a user account on the SBS2003 PDC which replicated to the 2003 server. I thought all was well and my issues were fixed until I checked the event logs and found Event ID: 1925 NTDS KCC. I checked to see whether sysvol had been replicated and unfortunately it hadn't.

            I ran dcdiag /v /e /c (output attached) and discovered a RPC error and that there is a missing FRS entry, also a few other errors further down the log. I am puzzled why there is a missing FRS entry as the promotion ran without errors.

            Unfortunately many conditions cause RPC errors, many refer to DNS issues. I am unsure what is the root cause of my issue or do I have numerous issues!

            I have checked DNS and feel this is okay, I can ping the servers from either site by name and IP.

            Thanks for reading and hopefully someone out there will be able to shed some light on this.


            PS. PDC - SBS2003 DC - 2003DC

            DC has these roles;

            DC, FS, PS, DNS, DHCP
            Attached Files


            • #7
              Re: Replication errors after Acronis Universal Restore

              In the event log and/or DC diags on ANY of the DCs, do you have errors complaining about USN rollbacks?

              It just occured to me that your restore procedure was probably not clean / to AD's liking.

              You can't just restore an "image" (or vm snapshot or bit to bit restore or whatever..) as the DC does not know it was restored.

              The USNs get all mixed up and replication does not work. Another symptom would be paused netlogon services.

              If that is indeed the problem, you are in a world of pain.

              There are supported ways to fix this:
              1. Take system state backups BEFORE the problem, and restore it over the DCs BEFORE you bring them back online once restored.
              2. The painful way if you did not follow #1 above:
              Move fsmo roles to the DC that is up to date if possible, if not, seize, demote cleanly if possible, or forcibly and clean metadata, and re-promote all problematic DCs

              And unsupported ways to fix this:

              1. After you restore, BEFORE THE FIRST REAL BOOT, boot in DS Restore mode, and add the same dword as below. Doing it before the first boot is "relatively clean"

              In HKEY_LM\System\CurrentControlSet\Services\NTDS\Par ameters , add a REG_DWORD "Database Restored from Backup" with a value of 1.

              Reboot the DC. It will probably whine about being restored in an unsupported way. Restart netlogon if required. Force replication. Do this on all problematic DCs.

              I did that once and it works, but it was a staging environment that someone had restored with snapshots.
              VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah


              • #8
                Re: Replication errors after Acronis Universal Restore

                Software makers need to put big fat warning labels about imaging a DC.