?
Solved

AD Replication /RemoveLingering Objects not working

Posted on 2006-05-09
9
Medium Priority
?
3,397 Views
Last Modified: 2012-05-05
We have 4 domain controllers. 2 are at our main site, and these will not replicate the DC=domainname dc=com container.

C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Chicopee\CHIADS01
      Starting test: Connectivity
         ......................... CHIADS01 passed test Connectivity

Doing primary tests

   Testing server: Chicopee\CHIADS01
      Starting test: Replications
         [Replications Check,CHIADS01] A recent replication attempt failed:
            From CHIADS02 to CHIADS01
            Naming Context: DC=Riverbendmedical,DC=com
            The replication generated an error (8606):
            Insufficient attributes were given to create an object.  This objec
 may not exist because it may have been deleted and already garbage collected.
            The failure occurred at 2006-05-09 12:30:51.
            The last success occurred at 2006-05-04 07:53:14.
            9723 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         CHIADS01:  Current time is 2006-05-09 12:32:09.
            DC=Riverbendmedical,DC=com
               Last replication recieved from CHIADS02 at 2006-05-04 07:53:14.
               Last replication recieved from AGAADS01 at 2006-05-04 07:39:26.
               Last replication recieved from SPRADS01 at 2006-05-04 07:25:34.
         ......................... CHIADS01 passed test Replications
      Starting test: NCSecDesc
         ......................... CHIADS01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... CHIADS01 passed test NetLogons
      Starting test: Advertising
         ......................... CHIADS01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... CHIADS01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... CHIADS01 passed test RidManager
      Starting test: MachineAccount
         ......................... CHIADS01 passed test MachineAccount
      Starting test: Services
         ......................... CHIADS01 passed test Services
      Starting test: ObjectsReplicated
         ......................... CHIADS01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... CHIADS01 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... CHIADS01 failed test frsevent
      Starting test: kccevent
         ......................... CHIADS01 passed test kccevent
      Starting test: systemlog
         ......................... CHIADS01 passed test systemlog
      Starting test: VerifyReferences
         ......................... CHIADS01 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidatio

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidatio

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : Riverbendmedical
      Starting test: CrossRefValidation
         ......................... Riverbendmedical passed test CrossRefValidat
on
      Starting test: CheckSDRefDom
         ......................... Riverbendmedical passed test CheckSDRefDom

   Running enterprise tests on : Riverbendmedical.com
      Starting test: Intersite
         ......................... Riverbendmedical.com passed test Intersite
      Starting test: FsmoCheck
         ......................... Riverbendmedical.com passed test FsmoCheck


I have run repadmin /removelingeringobjects to no avail. I look in the event log and it shows that it runs, but does not delete any objects. I have run it against all my servers, all containers and every variation of server - server that can be done with 4 AD servers...

It is one machine account that is in question. The machine was recently syspreped and I cannot do anything on the desktop side. Here is the event log from the AD server in regards to this;

Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1988
Date:            5/9/2006
Time:            9:52:53 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      CHIADS01
Description:
The local domain controller has attempted to replicate the following object from the following source domain controller. This object is not present on the local domain controller because it may have been deleted and already garbage collected.
 
Source domain controller:
df0e2a7c-a1e7-4a60-b0ae-7ebbd4868315._msdcs.Riverbend.com
Object:
CN=CH_MHIRSCHKORN,OU=Computers,OU=Chicopee,DC=Riverbend,DC=com
Object GUID:
adb8f630-22b2-4a3c-bb62-e9f5eb8b53ca  
 
Replication will not continue with the source domain controller until the situation has been resolved.
 
User Action
Verify that the object was deleted on this domain controller or in the forest. If object restoration is desired, authoritatively restore the object on the source domain controller. If restoration isn't desired, install the support tools included on the installation CD and use "repadmin /removelingeringobjects" on the source domain controller to remove the object from the forest and continue replication. To allow automatic restoration of this object and future similar objects, the following registry key can be set.
 
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict Replication Consistency

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I found the account on the 02 AD server and deleted it. Now I have an event log that states;

Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1988
Date:            5/9/2006
Time:            9:56:10 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      CHIADS01
Description:
The local domain controller has attempted to replicate the following object from the following source domain controller. This object is not present on the local domain controller because it may have been deleted and already garbage collected.
 
Source domain controller:
df0e2a7c-a1e7-4a60-b0ae-7ebbd4868315._msdcs.Riverbendmedical.com
Object:
CN=CH_MHIRSCHKORN\0ADEL:adb8f630-22b2-4a3c-bb62-e9f5eb8b53ca,CN=Deleted Objects,DC=Riverbendmedical,DC=com
Object GUID:
adb8f630-22b2-4a3c-bb62-e9f5eb8b53ca  
 
Replication will not continue with the source domain controller until the situation has been resolved.
 
 
User Action
Verify that the object was deleted on this domain controller or in the forest. If object restoration is desired, authoritatively restore the object on the source domain controller. If restoration isn't desired, install the support tools included on the installation CD and use "repadmin /removelingeringobjects" on the source domain controller to remove the object from the forest and continue replication. To allow automatic restoration of this object and future similar objects, the following registry key can be set.
 
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict Replication Consistency

Please Help! I think if im able to get rid of this machine account, all will be good. The last thing I want to do is to demote this server.

Thanks


0
Comment
Question by:dunderwd
  • 3
  • 2
  • 2
7 Comments
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16640931
http://technet2.microsoft.com/WindowsServer/en/Library/77dbd146-f265-4d64-bdac-605ecbf1035f1033.mspx?mfr=true
this might help you.

why not run the repadmin /removelingeringobjects ServerName ServerGUID DirectoryPartition /advisory_mode to identify the object and then without the advisory_mode switch.

0
 

Author Comment

by:dunderwd
ID: 16640951
I have done that, and removelingering objects with advisory mode shows nothing. I have done every concievable variable with this and it cannot find the problem that is shown above in the event log and when i force replication.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16640987
You should be able to use ADSIEdit.msc to remove this object.

This speaks of removing an improperly demoted DC, but it can be used for any object that is in need of "The Italian Job".

http://support.microsoft.com/kb/216498/en-us

Also, go into AD Sites and Services (if it was a DC) and remove any instance of it there.

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dunderwd
ID: 16641078
I have already tried ADSIEdit.msc on the 2 servers in question and am unable to find the object. In the event log it states that the location of the object is now;

CN=CH_MHIRSCHKORN\0ADEL:adb8f630-22b2-4a3c-bb62-e9f5eb8b53ca,CN=Deleted Objects,DC=Riverbendmedical,DC=com
Object GUID:
adb8f630-22b2-4a3c-bb62-e9f5eb8b53ca  


Yet, I cannot find the CN=Deleted Objects container.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 1000 total points
ID: 16641381
Here's how to see what's in there:

http://support.microsoft.com/kb/258310/

Kind of convoluted, but it does work.


What happened was that an OU was deleted without first moving or deleting the object inside it.  That effectively orphaned the object.

0
 

Author Comment

by:dunderwd
ID: 16641674
I was able to run the search with ldp.exe. However, it did not find the object i was looking for. Even if it had, i really cant do anything but view. I still have the issue of replication between my 2 servers.
0
 
LVL 13

Assisted Solution

by:Kini pradeep
Kini pradeep earned 1000 total points
ID: 16642673
what you can do is disable strict replication consistency which is going to reanimate the object in Ad. once thats done then you could delete the objects and then enable replication and enable strict replication consistency.

you could take a system state backup to be on the safer side.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question