Announcement

Collapse
No announcement yet.

Active Directory Domain Services error

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Domain Services error

    Hello Team,

    Has anyone see error before? I have windows 2008 DC running with Windows 2003 DC environment..
    When I went to active directory domain service I see the replication error. how should I fix this issue?

    Log Name: Directory Service
    Source: Microsoft-Windows-ActiveDirectory_DomainService
    Date: 1/22/2011 7:41:17 PM
    Event ID: 1864
    Task Category: Replication
    Level: Error
    Keywords: Classic
    User: ANONYMOUS LOGON
    Computer: my-dc-2.ami.kids
    Description:
    This is the replication status for the following directory partition on this directory server.

    Directory partition:
    DC=ForestDnsZones,DC=my,DC=local

    This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.

    More than 24 hours:
    5
    More than a week:
    4
    More than one month:
    4
    More than two months:
    2
    More than a tombstone lifetime:
    0
    Tombstone lifetime (days):
    180

    Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.

  • #2
    Re: Active Directory Domain Services error

    Tell us more about your environment please?
    Do you have any crashed DCs that need cleaning up?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Active Directory Domain Services error

      You have non replicating DC (s) in the domain, so I would check you have connectivity to all DCs as a first check. Then run a dcdiag to see what DC(s) are causing the issue.

      Richard

      Comment


      • #4
        Re: Active Directory Domain Services error

        I think you are correct...
        When I ran DCdiag, I see error mesages that some remote DCs weren't replicating. I think I just need to make sure those those DCs are up.. and the replication should start, am I correct?

        Ossian, I have about 70s DCs replicate accross the VPN.. and you are correct.. I need to clean up some crash domain....

        Thanks,
        HN

        Originally posted by richf View Post
        You have non replicating DC (s) in the domain, so I would check you have connectivity to all DCs as a first check. Then run a dcdiag to see what DC(s) are causing the issue.

        Richard

        Comment


        • #5
          Re: Active Directory Domain Services error

          There is an article on the parent site about "metadata cleanup" -- check what DCs no longer exist and get rid of them, plus follow richfs advice above

          http://www.petri.com/delete_failed_dcs_from_ad.htm
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Active Directory Domain Services error

            You need to diagnose each of the DCs that are not replicating, may be as simple as network connectivity but may not so check the directory services event log on them post any errors.

            If you have DCs that are failed and will not start then you will need to follow ossians post on removing them,

            Richf

            Comment


            • #7
              Re: Active Directory Domain Services error

              And when you've figured out which DCs are still active but NOT replicating, you may want to check this out:

              http://technet.microsoft.com/en-us/l...8WS.10%29.aspx

              It's basically enables the "Allow Replication With Divergent and Corrupt Partner" key, which may help getting them to replicate again - I found that after a long period of time they wouldn't replicte until enabling this. It can then be disabled again when you confirm that replication is up to date (use repadmin)

              Comment

              Working...
              X