We help IT Professionals succeed at work.

Win 2003 server has 2 sets of NTDS settings in AD sites/services, event ID: 1864

Jay Newcome
Jay Newcome asked
on
Medium Priority
315 Views
Last Modified: 2012-05-05
Background: I was rolling out new DC machines (and demoting/removing the old ones) to my network by loading several, then trudging around and installing them in my various buildings.  I let one slip behind other "priority projects" so it got tombstoned and stopped AD replication... I ended up bringing the bad DC back into my office, then using the trick with Netdom to reset the password to bring the machine back into the fold.  I have reset the secure channel and then it looked like replication started up again...(used REPLMON to check)...

Issue:  If I look at AD sites & services on this DC and now others in my network, this DC shows two sets of NTDS settings under the DC, one that has funny characters in it, the other looking like it should.  The NTDS settings that I think are correct have links to three good DCs, and for some silly reason, this DC is trying to make an automatic connection to ITSELF!!  I am getting NTDS errors with event ID: 1864.  How do I get rid of the latency errors and make sure that AD IS replicating and how do I kill the strange looking NTDS object on this DC?

Thanx for the help!

Here is the dump from DCDIAG:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: West_Main_Elementry\WMAIN-DC
      Starting test: Connectivity
         ......................... WMAIN-DC passed test Connectivity

Doing primary tests
   
   Testing server: West_Main_Elementry\WMAIN-DC
      Starting test: Replications
         REPLICATION-RECEIVED LATENCY WARNING
         WMAIN-DC:  Current time is 2006-03-22 11:19:31.
            CN=Schema,CN=Configuration,DC=ravenet,DC=rcs
               Last replication recieved from WMAIN-DC at 2006-01-03 07:39:12.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
            CN=Configuration,DC=ravenet,DC=rcs
               Last replication recieved from WMAIN-DC at 2006-01-03 07:39:33.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
            DC=ravenet,DC=rcs
               Last replication recieved from WMAIN-DC at 2006-01-03 07:39:54.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
         ......................... WMAIN-DC passed test Replications
      Starting test: NCSecDesc
         ......................... WMAIN-DC passed test NCSecDesc
      Starting test: NetLogons
         ......................... WMAIN-DC passed test NetLogons
      Starting test: Advertising
         ......................... WMAIN-DC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... WMAIN-DC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... WMAIN-DC passed test RidManager
      Starting test: MachineAccount
         ......................... WMAIN-DC passed test MachineAccount
      Starting test: Services
         ......................... WMAIN-DC passed test Services
      Starting test: ObjectsReplicated
         ......................... WMAIN-DC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... WMAIN-DC passed test frssysvol
      Starting test: frsevent
         ......................... WMAIN-DC passed test frsevent
      Starting test: kccevent
         ......................... WMAIN-DC passed test kccevent
      Starting test: systemlog
         ......................... WMAIN-DC passed test systemlog
      Starting test: VerifyReferences
         ......................... WMAIN-DC passed test VerifyReferences
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : ravenet
      Starting test: CrossRefValidation
         ......................... ravenet passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ravenet passed test CheckSDRefDom
   
   Running enterprise tests on : ravenet.rcs
      Starting test: Intersite
         ......................... ravenet.rcs passed test Intersite
      Starting test: FsmoCheck
         ......................... ravenet.rcs passed test FsmoCheck

Comment
Watch Question

Commented:
The easiest thing to do would be dcpromo that server, clean up AD by removing any references to the DC.  Then after you are sure its all gone, DCpromo thatserver back into the domain and reconfigure sites and services.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Jay NewcomeDirector of Technology

Author

Commented:
Grrr - I was thinking the same thing, but wanted to avoid taking a production machine off-line...  Good thing I drive quickly and work fast... I will not be able to do this until next week - I will post after that...

Commented:
Thanks! Glad to be of help =)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.