Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 997
  • Last Modified:

NTDS KCC schema mismatch

I demoted a DC and am now getting the following message in event viewer.
The attempt to establish a replication link with parameters
 Partition: CN=Configuration,DC=cardiff,DC=DOMAIN,DC=com
 Source DSA DN: CN=NTDS Settings,CN=BR-PTPEH-DC3,CN=Servers,CN=Embassy-house,CN=Sites,CN=Configuration,DC=cardiff,DC=DOMAIN,DC=com
 Source DSA Address: 4e2e72d0-54b5-4fbd-bbfd-315f2b669b7c._msdcs.cardiff.DOMAIN.com
 Inter-site Transport (if any): CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=cardiff,DC=DOMAIN,DC=com
 failed with the following status:
 The replication operation failed because of a schema mismatch between the servers involved.

 The record data is the status code.  This operation will be retried.

I had 2 DCs in one site and another DC at a remote site. At the end of the DCPROMO process I did get an FRS error. It looks as though the remote site does not know about this change. I do have connectivity between the sites.
  • 2
3 Solutions
Looks like you have a replication glitch some where. Could be a temporary situation.

You may want to force schema replication.

Is this a single domain environment?
How many DCs are alive in each domain?
Was the demoted DC one of the two in the local site, or the one in the remote site?
Do you have the support tools installed in any of the remaining DCs?

Any other suspicios events in the logs?
Look Here for some help in trouble shooting this...

First off did you try to run dcpromo again?

File Replication Service Diagnostics Tool (FRSDiag.exe)

FRSDiag provides a graphical interface to help troubleshoot and diagnose problems with the File Replication Service (FRS). FRS is used to replicate files and folders in the SYSVOL file share on domain controllers and files in Distributed File System (DFS) targets. FRSDiag helps to gather snap-shot information about the service, perform automated tests against that data, and compile an overview of possible problems that may exist in the environment.


Nirmal SharmaSolution ArchitectCommented:
You can do one of two things or both the things: -

1. Remove the refrences of DC from Active Directory for Domain controller which failed during demotion:-

2. Remove the NTDS Objects from Active Directory Sites and Services because NTDS object for the DC is still there and KCC is trying to replicate with this DC which you have taken out.

Let me know.

Nirmal SharmaSolution ArchitectCommented:

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now