thopham
asked on
Event Id 1864, NTDS replication error
I have NTDS replication error event id 1864 on Windows 2003 domain. Current setup is one single domain with 15 sites (and growing). Each site have 2 DCs + DNS. One DC at one site start having replication error event id 1864. How do I fix this? Is this the reason why Group Policy takes very long to update changes even after running gpupdate?
Nirmal Sharma
Make sure DNS Servers are working properly...its an RPC issue..
Run Nslookup command to test DC SRV registration in DNS :-
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_tro_VerifyDomainSrvLocRRs.asp
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_tro_VerifyDomainSrvLocRRs.asp
Hi,
What do you find in the event log on the DC that has the problem. You found 1864 but is there any other message before that in the same log or in another log that inidcates that you have problem with replication. Have you tried REPLMON to try a manual replication and when you did did you check that you want replication across boundaries.
What do you find in the event log on the DC that has the problem. You found 1864 but is there any other message before that in the same log or in another log that inidcates that you have problem with replication. Have you tried REPLMON to try a manual replication and when you did did you check that you want replication across boundaries.
ASKER
This is what the event viewer log said:
Source NTDS Replication
Category Replication
Event ID 1864
User NT AUTHORITY\ANONYMOUS LOGON
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
DC=DomainDnsZones,DC=local
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
2
More than a week:
2
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
1
Tombstone lifetime (days):
60
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
Source NTDS Replication
Category Replication
Event ID 1864
User NT AUTHORITY\ANONYMOUS LOGON
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
DC=DomainDnsZones,DC=local
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
2
More than a week:
2
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
1
Tombstone lifetime (days):
60
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
Did you do any changes in the routers or firewalls between the servers? did you run the tools mentioned in the error message and if so what did they report?
ASKER
I did not make any changes on routers. Ran REPLMON, it reports replication between DCs good. Still got the Event ID 1864 every 24 hours.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you try manual replication ?
Top three causes of AD replication failure:
1) Missing or incorrect DNS settings on one or more DCs
2) Firewall is enabled on the network interface of one or more DCs
3) Incorrect date/time on one or more DCs
Troubleshooting replication:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/sag_adsite_trouble_1.asp
Thankx
SystmProg
Top three causes of AD replication failure:
1) Missing or incorrect DNS settings on one or more DCs
2) Firewall is enabled on the network interface of one or more DCs
3) Incorrect date/time on one or more DCs
Troubleshooting replication:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/sag_adsite_trouble_1.asp
Thankx
SystmProg
Thanks :-) did u solve the problem ?
Yes I would also appreciate to know what the soultion to the problem was
ASKER
No, the problem has not been solved. Replications between DCs are fine. I just don't know what generating the error. I have to get 10 more sites into the AD by the end of March. Will come back to the error after the migration. Thanks for all of your feedbacks.
WEll I know what my problem is...
I am getting the same error as you... I ran the dcdiag command and it appears that another test domain controller is still on the "replicate to me" list.
I pulled the dns records out and I am still getting the same error of:
Event Type: Error
Event Source: NTDS Replication
Event Category: (5)
Event ID: 1864
Date: 4/12/2005
Time: 3:03:55 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: BIGDOG
Description:
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
DC=ForestDnsZones,DC=NewRe
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
60
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
How can i resolve this issue? apparently pulling out the dns records was/is not enough...
Please advise...
Robert
I am getting the same error as you... I ran the dcdiag command and it appears that another test domain controller is still on the "replicate to me" list.
I pulled the dns records out and I am still getting the same error of:
Event Type: Error
Event Source: NTDS Replication
Event Category: (5)
Event ID: 1864
Date: 4/12/2005
Time: 3:03:55 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: BIGDOG
Description:
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
DC=ForestDnsZones,DC=NewRe
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
60
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
How can i resolve this issue? apparently pulling out the dns records was/is not enough...
Please advise...
Robert
Hello Guys I also experience this problem, I see that the question has been closed, but I am not clear on the resolution
Also I noticed that my PDC has the replication erros has been occureing before I install ADS .
PDC is an an upgraded one from win2000
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
CN=Configuration,DC=MSSERV
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
1
Tombstone lifetime (days):
60
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
PDC is an an upgraded one from win2000
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
CN=Configuration,DC=MSSERV
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
1
Tombstone lifetime (days):
60
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
sorry wrong place
IN November I added a (first) Windows 2008 R2 server as a DC to the domain (fully W2003) and it seems that server is the one in my network that is causing this message....
a dcdiag gives me the name of that W2008 R2 machine telling me its over its 60 days...
REPLICATION-RECEIVED LATENCY WARNING
<servername>: Current time is 2011-02-02 08:28:12.
DC=ForestDnsZones,DC=<DCNa
Last replication recieved from <servername> at 2010-11-23 10:20:54.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
etc.
however, it can ping all other servers etc without problems...during its promotion (dcpromo) back in November 2011 it did not give any problems...not quite sure why it tells me that it has been 60 days since a tombstone was succesfully made....
a dcdiag gives me the name of that W2008 R2 machine telling me its over its 60 days...
REPLICATION-RECEIVED LATENCY WARNING
<servername>: Current time is 2011-02-02 08:28:12.
DC=ForestDnsZones,DC=<DCNa
Last replication recieved from <servername> at 2010-11-23 10:20:54.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
etc.
however, it can ping all other servers etc without problems...during its promotion (dcpromo) back in November 2011 it did not give any problems...not quite sure why it tells me that it has been 60 days since a tombstone was succesfully made....
might be that i should have fixed firewall access for DC functionality....i assumed that W2008R2 would take care of that at the moment that i did a dcpromo....but perhaps i should not assume this...:-(
"might be that i should have fixed firewall access for DC functionality....i assumed that W2008R2 would take care of that at the moment that i did a dcpromo....but perhaps i should not assume this...:-( "
How do you fix the firewall for DC functionality?
How do you fix the firewall for DC functionality?
Soooooo, what is the resilution for this? All I got from this, was too pull the dns records out for the DC that's failing from the active dc? Is this right?
I have the same problem here - W2k8R2 - any solutions on that?