No announcement yet.

DNS Integrated Zone replication errors

  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Integrated Zone replication errors


    i have problem at DNS replication between DCs,
    enviroment have 20 branch, 2 DCs at each,
    All DC are additonal , DNS zone are integrated,
    the issue is DNS at most of branches are not replicate with each others
    i had discover that after see eventviwer errors related to AD replication

    The File Replication Service has detected that the staging directory is full. See the Staging directory is full

    errors talk about "lingering objects"

    "journal_wrap errors on Sysvol and DFS replica sets",

    NTDS KCC Error
    "Event Type: Warning
    Event Source: NTDS KCC
    Event Category: Knowledge Consistency Checker
    Event ID: 1925
    The attempt to establish a replication link for the following writable directory partition failed.

    Directory partition:
    Source domain controller:
    CN=NTDS Settings,CN=,CN=,CN=,CN=Sites,CN=Configuration,DC= domain,DC=com
    Source domain controller address:
    Intersite transport (if any):
    CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC= com

    This domain controller will be unable to replicate with the source domain controller until this problem is corrected.

    User Action
    Verify if the source domain controller is accessible or network connectivity is available.

    Additional Data
    Error value:
    1396 Logon Failure: The target account name is incorrect.

    another error which i don't understand what it mean
    Event Type: Warning
    Event Source: DNS
    Event Category: None
    Event ID: 4515
    User: N/A
    The zone was previously loaded from the directory partition MicrosoftDNS but another copy of the zone has been found in directory partition The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.

    If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.

    If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.

    To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support.

    so how can i resolve this issue

  • #2
    Re: DNS Integrated Zone replication errors

    It looks to me like two seperate problems.
    The less complicated, I would say, is the File Replication Problem. Do you get this event often? If you place a little text file on the NETLOGON share, does it replicate to other domain controllers?
    The staging directory is configured on the following registry location (on each DC):
    HKLM\System\CurrentControlSet\Services\NTFRS\Param eters\Replica Sets\<SOME GUID>\Replica Set Stage.
    Do not change these settings, but look at the specified directory. It should be empty. If not, you probably have some NTFRS problems.
    There is plenty of information here about SYSVOL repair operations:

    The other problem, with the DNS is very intresting. It looks like something went wrong with the actual data in Active Directory.

    Try to do the following:
    Open ADSIEdit.msc (included in Support Tools)
    Connect to the Configuration Container
    go to 'Partitions' and look at the right pane.
    On the second column (Directory Partition Name), you should be able to find something that starts with DC=DomainDNSZones,DC=... and DC=ForestDNS ZOnes,DC=...

    Now, try to connect to the distinguished name specified:
    For example, if you have DC=DomainDNSZones,DC=YOURDOMAIN,DC=com:
    1. right click the ADSI Edit icon on the left pane, choose 'Connect to...'
    2. Choose the 'Select or type a distinguished Name...' radio button and enter the distinguished name.
    3. on the lower part, select the 'Select or type a domain or server', type the name of your Domain Controller (you will probably have to do this for each domain controller)
    4. Click OK

    Now, you'll be able to see your zone information. Check if anything looks wiered, such as long entries with GUID, entries starting with _, etc.
    Post back about what you find and we'll see how to continue.


    • #3
      Re: DNS Integrated Zone replication errors

      Dear Smart-X
      First i would like to thank you for your reply
      and as you said issue have two parts SYSVOL and DNS

      About SYSVOL
      The stage folder contain a lot of files about 27MB,
      So I think that your article fix this Issue, don't try it until now.

      and about ADSIEDIT for DNSdomain, found the following:
      +CN=lost and Found
      DC=name of one DC
      DC=..Inprogress +
      note that i had delete the 10.168.192.X reverse Zone, because we already have another reverse zone 168.192.x.x which will include all subnets,
      But it doesn't contain all DCs in the environment
      +CN+NTDS Quotas

      I did this on the PDC only, checking all DCs need a superman
      Again man thank you vey much,,,


      • #4
        Re: DNS Integrated Zone replication errors

        I wouldn't advice you to delete records if you're not sure what you're doing. It is also pretty hard to help you without actually looking at your environment.
        Maybe there is an easier way to do it.

        If you're adding an entry in the problematic zone on a specific DC, does it replicate to any other DC?

        Try to check wich DC's do not get the replicated data.

        If you see that only one or two DCs do not replicate, It would be easier and less dangerous to demote those DC, replicate everything and the promote them back...

        What do you think?


        • #5
          Re: DNS Integrated Zone replication errors

          i don't know, i found alot of nodes and records


          • #6
            Re: DNS Integrated Zone replication errors

            Try to do as follows:
            Open dnsmgmt.msc, connect to DC01 and add a test entry ''.
            Now, connect to DC02, and add a test entry ''
            Do this for all DNS servers.

            Wait for DNS to replicate and then see which entries has been replicated to which DC's.

            This way you'll be able to find if the replication errors occur on one DC or for the entire zone data in the application partition.


            • #7
              Re: DNS Integrated Zone replication errors

              Have you also had a look at Replmon.

              Caesar's cipher - 3


              SFX JNRS FC U6 MNGR


              • #8
                Re: DNS Integrated Zone replication errors

                the problem came from cisco WAAS
                All branch DC are tombstone
                bypass all MS traffic compression
                demote, promote all branches DCs and now its work fine
                also this article are useful Remove Lingering Objects:

                thanks to all