Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

AD replication error 8614

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD replication error 8614


    I have a two server system that is reporting AD Replication Error 8614: The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime." The two servers are:
    - DERMSERVER2 (holds FSMO role, has JRNL WRAP error)
    - RMDEMR (is a DC & GC, runs SQL/IIS application that is critical to organization) *yes, I know a SQL server should not run AD, but that is a problem for later times*

    A technician on technet with some AD savvy has identified that the DERMSERVER2 has a JRNL WRAP error from the logs I posted there. I have corrected the file corruption problem by running CHKDSK /F /R until no more errors were reported. He is recommending that I transfer the fsmo roles to the RMDEMR server and then perform the "Enable Journal Wrap Automatic Restore" registry fix to repair the JRNL WRAP error before trying to fix the tombstone error. I have the following questions about that:

    If I understand correctly, the JRNL WRAP fix procedure will delete the server from the replica set and then add it back at the next poll.
    My first question is this, "If these two servers are basically partitioned from each other due to the tombstone error, where will the DERMSERVER2 server sync the information from? Will the process of deleting the server from the replica set and adding it back during the JRNL WRAP procedure fix the tombstone error and allow the partition to be synced from the RMDEMR server?
    My second question has to do with you saying to transfer the FSMO roles. Since the DERMSERVER2 that holds the FSMO roles has a JRNL WRAP error and a tombstone error, I'm pretty sure I won't be able to transfer the roles. Rather I would have to seize them. Since the DERMSERVER2 server won't recognize that these roles have been seized and will continue thinking of it's self as the FSMO role holder, during the repair process anyway, wouldn't it be better to leave the FSMO roles on DERMSERVER2, do the repair, and then seize the roles if necessary once the repair is made?

    Lastly, I did a shadow copy as outlined in . Is there anything else I should do to safeguard the servers in event of a disaster?

    The technet guy has been helpful and seems to know what he is doing, but I need answers to these questions soon as I hope to perform this function tomorrow while the office is closed in case I need some recovery time. I'd also like a second set of eyes on this as I'd like to fix it on the first try. For reference, the technet forum post I started, detailed logs, etc., are at:

    Any help will be greatly appreciated,


  • #2
    Did you see this??


    • #3
      Originally posted by wullieb1 View Post

      No, I didn't see that one. I did end up following this document This repaired the JRNL_WRAP_ERROR and subsequently fixed the tombstone error as the server was removed from the replica set and re-added. I did not move the FSMO roles as is seemed stupid to try to transfer something when the AD was already broken. So far it seems to have worked out famously. My time server service got unregistered somehow, but I fixed that. Also, there are a couple of DNS issues listed in the DCDIAG that I'm going to fix, but the servers seem to be syncing again and the users can login without getting a trust relationship error.

      The information you provided may be helpful to someone and the link I have in this reply fixed my problem, so hopefully this post will do someone some good.

      Best Wishes,