Announcement

Collapse
No announcement yet.

Active Directory Domain Services Error Eventlog

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Domain Services Error Eventlog

    Hi,

    i am using windows small business server 2008 as domain controller. users changed password is not replicating in client machines. i have notice eventlog error 1864 in the server. i have one unused ad SVRWIN01 which i have not used is this the reason for the issue. below is the error log. Kindly please help

    This is the replication status for the following directory partition on this directory server.

    Directory partition:
    DC=ForestDnsZones,DC=thinci-edh,DC=local

    This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.

    More than 24 hours:
    1
    More than a week:
    1
    More than one month:
    1
    More than two months:
    1
    More than a tombstone lifetime:
    1
    Tombstone lifetime (days):
    180

    Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.

    To identify the directory servers by name, use the dcdiag.exe tool.
    You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".


  • #2
    DO you have an additional DC on the domain?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      i have 2 dc.one DC is not using. the server is completely shutdown.

      Comment


      • #4
        If the server is shutdown this will affect replication.

        How long as the server been shutdown? Was it decomissioned or failed? Was it cleanup correctly from AD? Will the server be brought back online?

        Comment


        • #5
          server decomissioned. could you please help me how to cleanup from AD completely. i am using windows SBS Server 2008.

          Comment


          • #6
            Search the Petri site for Metadata cleanup.

            You MUST ensure that the server is never brought back online.

            Comment


            • #7
              Hi,
              i followed the steps told by petri sir in our site https://www.petri.com/delete_failed_dcs_from_ad. i have completed all the steps upto 22. in 23 step told that
              1. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records. but there is not delete option is appearing in my dc when i am trying to delete record. Please find the attached screenshot.
              Please help
              Attached Files

              Comment


              • #8
                For Name Server records Windows DNS controls those through the properties page. So open the properties and remove the server from there.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Hi Jeremy,

                  Thanks. i have deleted the DNS records also. but still if i creating a new user it is adding into the removed DC. exchange mailbox creating in the removed DC. how to fix this. please help

                  Comment


                  • #10
                    Can you post some screen shots? I don't know how it would be "adding into the removed DC."
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Did you have exchange installed on the 2nd DC?

                      Comment


                      • #12
                        @jeremey @ wullieb1 it is fixed now. now i am facing another issue. if user want to change the password from his machine getting below error
                        configuration information could not be read from the domain controller either because the machine is unavailable or access has been denied

                        Please help me to fix this.

                        Comment


                        • #13
                          Check the FSMOs are definitely on your SBS
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment

                          Working...
                          X