gnitvik
asked on
Win2k3_Srv Active Directory not replicated
Situation:
Previously i have two DC (named DC1 and DC2) on Win2k3_SRV in the same subnet for one domain, and the third DC (named DC3) on Win2K_Srv in the same forest, but in the other subnet and for other domain.
Now DC2 crashed.
I have no backup for it.
I holding all FSMO roles to DC1 (first DC in the forest), remove DC2 account from Active directory, and all be fine (DC1 and DC3 replicating and no errors in the EventLogs.
Now I want to install second DC (DC2) in the first domain.
Dcpromo completed successfuly.
But when I restarted new DC (after dcpromo), it restarted, but not replicated.
Time syncronized.
NTDS Settings for both servers auto-generated.
DNS aliases for this connections are present in DNS (nslookup resolved on both machines)
On the new DC generating Errors:
Event ID: 1097, Userenv:
Windows cannot find the machine account, The local security authority cannot be contacted.
Event ID: 1030, Userenv:
Windows cannot query for the list of Group Policy Objects
On the old DC (DC1) Event logged folowing:
Event ID: 1039, NTDS General:
Internal event: Active Directory could not process the following object.
Object:
CN=B980621A542F4454927A7BE
User Action
Increase physical memory or virtual memory. If this error continues to occur, restart this domain controller.
REMARK: This record I was deleted one day before. Previously it was in the container of one non-critical Service, which i turned off (This Service turned off on Win2k3 by default)
DC1 always have 512M RAM and 2GB Virtual Memory on HDD.
When i demounting DC2 from AD Controllers to Domain member servers, errors disappear.
I tried create second controller with name diferent from DC2, same result.
1 Question is: How can i install (or troubleshuting) second DC? (generaly question)
2 Question is: If i changing TombStoneLifetime to 1 day, clearing garbage on the DC1, and then restoring TombStoneLifetime to default setting, deleted record must be phisicaly deleted from my DIT-file, isn't? But how this operation will affect other DC in the forest?
Previously i have two DC (named DC1 and DC2) on Win2k3_SRV in the same subnet for one domain, and the third DC (named DC3) on Win2K_Srv in the same forest, but in the other subnet and for other domain.
Now DC2 crashed.
I have no backup for it.
I holding all FSMO roles to DC1 (first DC in the forest), remove DC2 account from Active directory, and all be fine (DC1 and DC3 replicating and no errors in the EventLogs.
Now I want to install second DC (DC2) in the first domain.
Dcpromo completed successfuly.
But when I restarted new DC (after dcpromo), it restarted, but not replicated.
Time syncronized.
NTDS Settings for both servers auto-generated.
DNS aliases for this connections are present in DNS (nslookup resolved on both machines)
On the new DC generating Errors:
Event ID: 1097, Userenv:
Windows cannot find the machine account, The local security authority cannot be contacted.
Event ID: 1030, Userenv:
Windows cannot query for the list of Group Policy Objects
On the old DC (DC1) Event logged folowing:
Event ID: 1039, NTDS General:
Internal event: Active Directory could not process the following object.
Object:
CN=B980621A542F4454927A7BE
User Action
Increase physical memory or virtual memory. If this error continues to occur, restart this domain controller.
REMARK: This record I was deleted one day before. Previously it was in the container of one non-critical Service, which i turned off (This Service turned off on Win2k3 by default)
DC1 always have 512M RAM and 2GB Virtual Memory on HDD.
When i demounting DC2 from AD Controllers to Domain member servers, errors disappear.
I tried create second controller with name diferent from DC2, same result.
1 Question is: How can i install (or troubleshuting) second DC? (generaly question)
2 Question is: If i changing TombStoneLifetime to 1 day, clearing garbage on the DC1, and then restoring TombStoneLifetime to default setting, deleted record must be phisicaly deleted from my DIT-file, isn't? But how this operation will affect other DC in the forest?
ASKER
Yes. Metadata clenup processed with no errors.
Yes. I delete old records from DNS before installing a new server.
When I force replication in AD Site&Services from DC1 to DC2:
Replication operation failed because of schema mismatch between the servers involved.
When I force replication from DC2 to DC1:
Active Directory has replicated connections.
dcdiag report is:
Doing initial required tests
Testing server: FirstSite\DC2
Starting test: Connectivity
The directory service on DC2 has not finished initializing.
In order for the directory service to consider itself synchronized,
it must attempt an initial synchronization with at least one replica
of this server's writeable domain. It must also obtain Rid
information from the Rid FSMO holder.
The directory service has not signalled the event which lets other
services know that it is ready to accept requests. Services such as
the Key Distribution Center, Intersite Messaging Service, and NetLogon
will not consider this system as an eligible domain controller.
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: FirstSite\DC2
Starting test: Replications
REPLICATION LATENCY WARNING
DC2: This replication path was preempted by higher priority work.
from DC1 to DC2
Reason: Win32 Error 8418
The last success occurred at (never).
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
DC2: A full synchronization is in progress
from DC1 to DC2
Replication of new changes along this path will be delayed.
The full sync is 99,65% complete.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source DC1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
......................... DC2 passed test Replications
Starting test: NCSecDesc
......................... DC2 passed test NCSecDesc
Starting test: NetLogons
......................... DC2 passed test NetLogons
Starting test: Advertising
Warning: the directory service on DC2 has not completed initial synchronization.
Other services will be delayed.
Verify that the server can replicate.
Warning: DsGetDcName returned information for \\dc1.xxx.xx, when we were trying to reach DC2.
Server is not responding or is not considered suitable.
......................... DC2 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC2 passed test KnowsOfRoleHolders
Starting test: RidManager
Warning: attribute rIdSetReferences missing from CN=DC2,OU=Domain Controllers,DC=xxx,DC=xx
Could not get Rid set Reference :failed with 8481: Win32 Error 8481
......................... DC2 failed test RidManager
Starting test: MachineAccount
......................... DC2 passed test MachineAccount
Starting test: Services
......................... DC2 passed test Services
Starting test: ObjectsReplicated
......................... DC2 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC2 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC2 failed test frsevent
Starting test: kccevent
......................... DC2 passed test kccevent
Starting test: systemlog
......................... DC2 passed test systemlog
Starting test: VerifyReferences
......................... DC2 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxx
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Running enterprise tests on : xxx.xx
Starting test: Intersite
......................... xxx.xx passed test Intersite
Starting test: FsmoCheck
......................... xxx.xx passed test FsmoCheck
Yes. I delete old records from DNS before installing a new server.
When I force replication in AD Site&Services from DC1 to DC2:
Replication operation failed because of schema mismatch between the servers involved.
When I force replication from DC2 to DC1:
Active Directory has replicated connections.
dcdiag report is:
Doing initial required tests
Testing server: FirstSite\DC2
Starting test: Connectivity
The directory service on DC2 has not finished initializing.
In order for the directory service to consider itself synchronized,
it must attempt an initial synchronization with at least one replica
of this server's writeable domain. It must also obtain Rid
information from the Rid FSMO holder.
The directory service has not signalled the event which lets other
services know that it is ready to accept requests. Services such as
the Key Distribution Center, Intersite Messaging Service, and NetLogon
will not consider this system as an eligible domain controller.
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: FirstSite\DC2
Starting test: Replications
REPLICATION LATENCY WARNING
DC2: This replication path was preempted by higher priority work.
from DC1 to DC2
Reason: Win32 Error 8418
The last success occurred at (never).
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
DC2: A full synchronization is in progress
from DC1 to DC2
Replication of new changes along this path will be delayed.
The full sync is 99,65% complete.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source DC1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
......................... DC2 passed test Replications
Starting test: NCSecDesc
......................... DC2 passed test NCSecDesc
Starting test: NetLogons
......................... DC2 passed test NetLogons
Starting test: Advertising
Warning: the directory service on DC2 has not completed initial synchronization.
Other services will be delayed.
Verify that the server can replicate.
Warning: DsGetDcName returned information for \\dc1.xxx.xx, when we were trying to reach DC2.
Server is not responding or is not considered suitable.
......................... DC2 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC2 passed test KnowsOfRoleHolders
Starting test: RidManager
Warning: attribute rIdSetReferences missing from CN=DC2,OU=Domain Controllers,DC=xxx,DC=xx
Could not get Rid set Reference :failed with 8481: Win32 Error 8481
......................... DC2 failed test RidManager
Starting test: MachineAccount
......................... DC2 passed test MachineAccount
Starting test: Services
......................... DC2 passed test Services
Starting test: ObjectsReplicated
......................... DC2 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC2 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC2 failed test frsevent
Starting test: kccevent
......................... DC2 passed test kccevent
Starting test: systemlog
......................... DC2 passed test systemlog
Starting test: VerifyReferences
......................... DC2 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxx
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Running enterprise tests on : xxx.xx
Starting test: Intersite
......................... xxx.xx passed test Intersite
Starting test: FsmoCheck
......................... xxx.xx passed test FsmoCheck
is the dc2 win2k3 r2 ?
is the sysvol and netlogon shared on dc2 ?
can you use replmon to force replication of all the directory partitions
can you use replmon to force replication of all the directory partitions
ASKER
No. Not Win2k3_R2.
SYSVOL, NETLOGON - now shared. But with errors in the Event Log:
Event ID 13508, NtFrs
The File Replication Service is having trouble enabling replication from DC1 to DC2 for c:\windows\sysvol\domain using the DNS name dc1.xxx.xx. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name dc1.xxx.xx from this computer.
[2] FRS is not running on dc1.xxx.xx.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at
=========================
EventID 13509, NtFrs
The File Replication Service has enabled replication from DC1 to DC2 for c:\windows\sysvol\domain after repeated retries.
SYSVOL, NETLOGON - now shared. But with errors in the Event Log:
Event ID 13508, NtFrs
The File Replication Service is having trouble enabling replication from DC1 to DC2 for c:\windows\sysvol\domain using the DNS name dc1.xxx.xx. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name dc1.xxx.xx from this computer.
[2] FRS is not running on dc1.xxx.xx.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at
=========================
EventID 13509, NtFrs
The File Replication Service has enabled replication from DC1 to DC2 for c:\windows\sysvol\domain after repeated retries.
change the debug logging
http://support.microsoft.com/kb/838179/en-us
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B825782
have you tried to run dcpromo /adv Install from media ?
http://support.microsoft.com/kb/838179/en-us
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B825782
have you tried to run dcpromo /adv Install from media ?
Make sure you do not have ANY ISP DNS addresses on any NIC inside your LAN - this includes the servers. Point only to your own DNS servers and rely on Forwarding to resolve Internet queries.
If any of the servers have 2 NICs, make sure the LAN-side connection is at the top of the binding order.
I noticed a RID Master failure - can you identify all the servers that hold the FSMO roles and are they online?
If any of the servers have 2 NICs, make sure the LAN-side connection is at the top of the binding order.
I noticed a RID Master failure - can you identify all the servers that hold the FSMO roles and are they online?
ASKER
To Netman66:
No ISP DNS (two internal Microsoft DNS-servers).
No multi-NIC (one NIC for one DC-server).
All FSMO roles holded by DC1 (i transfered or seized it at ntdsutil to DC1)
But, how can I confirm an online status of them?
No ISP DNS (two internal Microsoft DNS-servers).
No multi-NIC (one NIC for one DC-server).
All FSMO roles holded by DC1 (i transfered or seized it at ntdsutil to DC1)
But, how can I confirm an online status of them?
use "netdom query" fsmo on dc1
netdom is a part of support tools
netdom is a part of support tools
If you can see them in the GUI ( the roles ) then they're online - it will tell you if it cannot connect.
ASKER
"netdom query fsmo" report:
Schema owner dc1.xxx.xx
Domain role owner dc1.xxx.xx
PDC role dc1.xxx.xx
RID pool manager dc1.xxx.xx
Infrastructure owner dc1.xxx.xx
In GUI I see three roles Ok.
Schema owner dc1.xxx.xx
Domain role owner dc1.xxx.xx
PDC role dc1.xxx.xx
RID pool manager dc1.xxx.xx
Infrastructure owner dc1.xxx.xx
In GUI I see three roles Ok.
can you also run repadmin /showreps.
can you use replmon to force replication on each dir partition.
can you use replmon to force replication on each dir partition.
ASKER
repadmin /showreps on DC1:
C:\>repadmin /showreps
FirstSite\DC1
DC Options: IS_GC
Site Options: (none)
DC object GUID: c70eddfe-cb14-4279-8714-22
DC invocationID: 0c6552ea-dc0e-4144-9dd3-43
==== INBOUND NEIGHBORS ==========================
DC=xxx,DC=xx
FirstSite\DC2 via RPC
DC object GUID: 49560625-954e-4bb9-a36a-69
Last attempt @ 2006-07-07 10:57:00 was successful.
CN=Configuration,DC=xxx,DC
FirstSite\DC2 via RPC
DC object GUID: 49560625-954e-4bb9-a36a-69
Last attempt @ 2006-07-07 11:18:36 was successful.
SecondSite\DC3 via RPC
DC object GUID: cf5ddc0f-c3e1-4a42-8421-a8
Last attempt @ 2006-07-07 11:27:00 was successful.
CN=Schema,CN=Configuration
FirstSite\DC2 via RPC
DC object GUID: 49560625-954e-4bb9-a36a-69
Last attempt @ 2006-07-07 10:57:00 was successful.
SecondSite\DC3 via RPC
DC object GUID: cf5ddc0f-c3e1-4a42-8421-a8
Last attempt @ 2006-07-07 11:27:00 was successful.
DC=seconddomain,DC=xx
SecondSite\DC3 via RPC
DC object GUID: cf5ddc0f-c3e1-4a42-8421-a8
Last attempt @ 2006-07-07 11:27:00 was successful.
repadmin /showreps on DC2:
C:\>repadmin /showreps
FirstSite\DC2
DC Options: (none)
Site Options: (none)
DC object GUID: 49560625-954e-4bb9-a36a-69
DC invocationID: 76c51da3-33de-4409-ab14-3d
==== INBOUND NEIGHBORS ==========================
DC=xxx,DC=xx
FirstSite\DC1 via RPC
DC object GUID: c70eddfe-cb14-4279-8714-22
Last attempt @ 2006-07-07 11:33:57 was delayed for a normal reason, result 8418 (0x20e2):
Can't retrieve message string 8418 (0x20e2), error 1815.
Last success @ (never).
CN=Configuration,DC=xxx,DC
FirstSite\DC1 via RPC
DC object GUID: c70eddfe-cb14-4279-8714-22
Last attempt @ 2006-07-07 11:27:51 was successful.
CN=Schema,CN=Configuration
FirstSite\DC1 via RPC
DC object GUID: c70eddfe-cb14-4279-8714-22
Last attempt @ 2006-07-07 10:49:06 was successful.
C:\>repadmin /showreps
FirstSite\DC1
DC Options: IS_GC
Site Options: (none)
DC object GUID: c70eddfe-cb14-4279-8714-22
DC invocationID: 0c6552ea-dc0e-4144-9dd3-43
==== INBOUND NEIGHBORS ==========================
DC=xxx,DC=xx
FirstSite\DC2 via RPC
DC object GUID: 49560625-954e-4bb9-a36a-69
Last attempt @ 2006-07-07 10:57:00 was successful.
CN=Configuration,DC=xxx,DC
FirstSite\DC2 via RPC
DC object GUID: 49560625-954e-4bb9-a36a-69
Last attempt @ 2006-07-07 11:18:36 was successful.
SecondSite\DC3 via RPC
DC object GUID: cf5ddc0f-c3e1-4a42-8421-a8
Last attempt @ 2006-07-07 11:27:00 was successful.
CN=Schema,CN=Configuration
FirstSite\DC2 via RPC
DC object GUID: 49560625-954e-4bb9-a36a-69
Last attempt @ 2006-07-07 10:57:00 was successful.
SecondSite\DC3 via RPC
DC object GUID: cf5ddc0f-c3e1-4a42-8421-a8
Last attempt @ 2006-07-07 11:27:00 was successful.
DC=seconddomain,DC=xx
SecondSite\DC3 via RPC
DC object GUID: cf5ddc0f-c3e1-4a42-8421-a8
Last attempt @ 2006-07-07 11:27:00 was successful.
repadmin /showreps on DC2:
C:\>repadmin /showreps
FirstSite\DC2
DC Options: (none)
Site Options: (none)
DC object GUID: 49560625-954e-4bb9-a36a-69
DC invocationID: 76c51da3-33de-4409-ab14-3d
==== INBOUND NEIGHBORS ==========================
DC=xxx,DC=xx
FirstSite\DC1 via RPC
DC object GUID: c70eddfe-cb14-4279-8714-22
Last attempt @ 2006-07-07 11:33:57 was delayed for a normal reason, result 8418 (0x20e2):
Can't retrieve message string 8418 (0x20e2), error 1815.
Last success @ (never).
CN=Configuration,DC=xxx,DC
FirstSite\DC1 via RPC
DC object GUID: c70eddfe-cb14-4279-8714-22
Last attempt @ 2006-07-07 11:27:51 was successful.
CN=Schema,CN=Configuration
FirstSite\DC1 via RPC
DC object GUID: c70eddfe-cb14-4279-8714-22
Last attempt @ 2006-07-07 10:49:06 was successful.
is sp1 applied ?
are events like
Event Source: Active Directory
Event Type: Error
Event ID: 8418
Description:
The replication operation failed because of a schema mismatch between the servers involved logged.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B825782
if yes check this out.
do you also happen to have exchange in the domain if yes can you run
Repadmin /showobjmeta *
"CN=inetOrgPerson,CN=Schem
are events like
Event Source: Active Directory
Event Type: Error
Event ID: 8418
Description:
The replication operation failed because of a schema mismatch between the servers involved logged.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B825782
if yes check this out.
do you also happen to have exchange in the domain if yes can you run
Repadmin /showobjmeta *
"CN=inetOrgPerson,CN=Schem
ASKER
SP1 applied
C:\>repadmin /showobjmeta * "CN=inetOrgPerson,CN=Schem
repadmin running command /showobjmeta against server dc1.xxx.xx
25 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectClass
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 cn
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 instanceType
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 whenCreated
3508235 FirstSite\DC1 3508235 2005-02-17 18:01:55 1 possSuperiors
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 subClassOf
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 governsID
3508235 FirstSite\DC1 3508235 2005-02-17 18:01:55 1 mayContain
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 rDNAttID
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 showInAdvancedViewOnly
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 adminDisplayName
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 adminDescription
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 nTSecurityDescriptor
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectClassCategory
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 lDAPDisplayName
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 name
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 schemaIDGUID
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 systemOnly
3508235 FirstSite\DC1 3508235 2005-02-17 18:01:55 2 systemPossSuperiors
3508235 FirstSite\DC1 3508235 2005-02-17 18:01:55 2 systemMayContain
3509085 FirstSite\DC1 3509085 2005-02-17 18:06:04 3 defaultSecurityDescriptor
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 systemFlags
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 defaultHidingValue
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectCategory
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 defaultObjectCategory
0 entries.
Type Attribute Last Mod Time Originating DC Loc.USN Org.USN Ver
======= ============ ============= ================= ======= ======= ===
Distinguished Name
==========================
repadmin running command /showobjmeta against server dc3.seconddomain.xx
Caching GUIDs.
..
25 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectClass
595978 SecondSite\DC3 595978 2005-02-17 18:00:58 1 cn
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 instanceType
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 whenCreated
596210 FirstSite\DC1 3508235 2005-02-17 18:01:55 1 possSuperiors
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 subClassOf
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 governsID
596210 FirstSite\DC1 3508235 2005-02-17 18:01:55 1 mayContain
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 rDNAttID
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 showInAdvancedViewOnly
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 adminDisplayName
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 adminDescription
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 nTSecurityDescriptor
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectClassCategory
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 lDAPDisplayName
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 name
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 schemaIDGUID
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 systemOnly
596210 FirstSite\DC1 3508235 2005-02-17 18:01:55 2 systemPossSuperiors
596210 FirstSite\DC1 3508235 2005-02-17 18:01:55 2 systemMayContain
596210 FirstSite\DC1 3509085 2005-02-17 18:06:04 3 defaultSecurityDescriptor
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 systemFlags
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 defaultHidingValue
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectCategory
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 defaultObjectCategory
Caching GUIDs.
..
DsReplicaGetInfo() failed with status 50 (0x32):
Can't retrieve message string 50 (0x32), error 1815.
----------------
Now I demoted DC2 to member server. I want trying to delete broken record through tombstonelifitime on DC1.
Today I undeleted this record in old place. And now replication failed in this place of AD.
Error 8418?
No It wasn't.
About replication only:
NTDS General 1173
NTDS General 1039
NTDS Replication 1699
That errors every 5min in Directory Service Event Log on DC1.
C:\>repadmin /showobjmeta * "CN=inetOrgPerson,CN=Schem
repadmin running command /showobjmeta against server dc1.xxx.xx
25 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectClass
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 cn
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 instanceType
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 whenCreated
3508235 FirstSite\DC1 3508235 2005-02-17 18:01:55 1 possSuperiors
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 subClassOf
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 governsID
3508235 FirstSite\DC1 3508235 2005-02-17 18:01:55 1 mayContain
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 rDNAttID
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 showInAdvancedViewOnly
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 adminDisplayName
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 adminDescription
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 nTSecurityDescriptor
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectClassCategory
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 lDAPDisplayName
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 name
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 schemaIDGUID
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 systemOnly
3508235 FirstSite\DC1 3508235 2005-02-17 18:01:55 2 systemPossSuperiors
3508235 FirstSite\DC1 3508235 2005-02-17 18:01:55 2 systemMayContain
3509085 FirstSite\DC1 3509085 2005-02-17 18:06:04 3 defaultSecurityDescriptor
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 systemFlags
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 defaultHidingValue
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectCategory
3507961 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 defaultObjectCategory
0 entries.
Type Attribute Last Mod Time Originating DC Loc.USN Org.USN Ver
======= ============ ============= ================= ======= ======= ===
Distinguished Name
==========================
repadmin running command /showobjmeta against server dc3.seconddomain.xx
Caching GUIDs.
..
25 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectClass
595978 SecondSite\DC3 595978 2005-02-17 18:00:58 1 cn
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 instanceType
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 whenCreated
596210 FirstSite\DC1 3508235 2005-02-17 18:01:55 1 possSuperiors
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 subClassOf
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 governsID
596210 FirstSite\DC1 3508235 2005-02-17 18:01:55 1 mayContain
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 rDNAttID
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 showInAdvancedViewOnly
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 adminDisplayName
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 adminDescription
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 nTSecurityDescriptor
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectClassCategory
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 lDAPDisplayName
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 name
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 schemaIDGUID
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 systemOnly
596210 FirstSite\DC1 3508235 2005-02-17 18:01:55 2 systemPossSuperiors
596210 FirstSite\DC1 3508235 2005-02-17 18:01:55 2 systemMayContain
596210 FirstSite\DC1 3509085 2005-02-17 18:06:04 3 defaultSecurityDescriptor
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 systemFlags
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 defaultHidingValue
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 objectCategory
595978 FirstSite\DC1 3507961 2005-02-17 18:00:50 1 defaultObjectCategory
Caching GUIDs.
..
DsReplicaGetInfo() failed with status 50 (0x32):
Can't retrieve message string 50 (0x32), error 1815.
----------------
Now I demoted DC2 to member server. I want trying to delete broken record through tombstonelifitime on DC1.
Today I undeleted this record in old place. And now replication failed in this place of AD.
Error 8418?
No It wasn't.
About replication only:
NTDS General 1173
NTDS General 1039
NTDS Replication 1699
That errors every 5min in Directory Service Event Log on DC1.
ASKER
Problem was resolved by deleting this broken object from AD.
Thanks to all for help, so you give me a think! :-)
Thanks to all for help, so you give me a think! :-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;216498
would not recommend changing the tombstone period.
did you delete the entries in dns for the old server.
after promoting the new dc do you have a dcdiag ?
what error is reported if you force replication from Ad sites & services.