DuNuNuBatman
asked on
Active Directory Replication Issues
I'm having trouble with our Active Directory Servers. The changes I make on the backup with Exchange on it is not replicating to the primary, or the other way around. How do I force replication between the two servers?
Jay_Jay70
fyou can force on the conneciton links in AD sites and services....dcdiag will tell you whats going on though
Start the Microsoft Management Console (MMC) Active Directory Sites and Services snap-in.
Expand the Sites branch to show the sites.
Expand the site that contains the DCs. (The default site Default-First-Site-Name might be the only site.)
Expand the servers.
Select the server you want to replicate to, and expand the server.
Double-click NTDS Settings for the server.
Right-click the server you want to replicate from.
Select Replicate Now from the context menu, as the Screen shows.
Click OK in the confirmation dialog box.
This replication is one-way. If you want two-way replication, you need to replicate in each direction.
Expand the Sites branch to show the sites.
Expand the site that contains the DCs. (The default site Default-First-Site-Name might be the only site.)
Expand the servers.
Select the server you want to replicate to, and expand the server.
Double-click NTDS Settings for the server.
Right-click the server you want to replicate from.
Select Replicate Now from the context menu, as the Screen shows.
Click OK in the confirmation dialog box.
This replication is one-way. If you want two-way replication, you need to replicate in each direction.
I would use the command repadmin /showrepl to view status
If you're able, download and run the following script, it will assist in identifying whether or not your DCs are converged -
ftp://falcon.msetechnology.com/scripts/convergeCheck.cmd.txt
Sample output -
C:\>convergecheck /exclude \DCstoExclude.exc
convergeCheck v1.2 / Dean Wells (email address removed - Jay) - July 2007
- No DN was supplied, use "dc=MSET,dc=LOCAL" [Y/N]?y
+ Processing ...
= Initiated at 11:21:33.50 on Fri 10/12/2007
- Domain name : MSET.LOCAL
- Domain DN : dc=MSET,dc=LOCAL
- Canary DN : dc=MSET,dc=LOCAL
- Exclude file: \DCstoExclude.exc
Querying for USNs and canary metadata ... complete.
Displaying detailed convergence results -
SOURCE: falcon.mset.local [canary USN @ 299923]
+ light.mset.local ............. CONVERGED
SOURCE: light.mset.local [canary USN @ 184321]
+ falcon.mset.local ............ CONVERGED
Results complete; summary as follows -
= Initiated at 11:21:33.50 on Fri 10/12/2007
= Completed at 11:21:36.25 on Fri 10/12/2007
- Domain name : MSET.LOCAL
- Domain DN : dc=MSET,dc=LOCAL
- Canary DN : dc=MSET,dc=LOCAL
- Exclude file: \DCstoExclude.exc
+ 3 Domain Controllers were found in the Domain
- 1 Domain Controller[s] administratively excluded
- 2 possible convergence scenario[s] determined
- 2 of which have converged
- Done.
ftp://falcon.msetechnology.com/scripts/convergeCheck.cmd.txt
Sample output -
C:\>convergecheck /exclude \DCstoExclude.exc
convergeCheck v1.2 / Dean Wells (email address removed - Jay) - July 2007
- No DN was supplied, use "dc=MSET,dc=LOCAL" [Y/N]?y
+ Processing ...
= Initiated at 11:21:33.50 on Fri 10/12/2007
- Domain name : MSET.LOCAL
- Domain DN : dc=MSET,dc=LOCAL
- Canary DN : dc=MSET,dc=LOCAL
- Exclude file: \DCstoExclude.exc
Querying for USNs and canary metadata ... complete.
Displaying detailed convergence results -
SOURCE: falcon.mset.local [canary USN @ 299923]
+ light.mset.local ............. CONVERGED
SOURCE: light.mset.local [canary USN @ 184321]
+ falcon.mset.local ............ CONVERGED
Results complete; summary as follows -
= Initiated at 11:21:33.50 on Fri 10/12/2007
= Completed at 11:21:36.25 on Fri 10/12/2007
- Domain name : MSET.LOCAL
- Domain DN : dc=MSET,dc=LOCAL
- Canary DN : dc=MSET,dc=LOCAL
- Exclude file: \DCstoExclude.exc
+ 3 Domain Controllers were found in the Domain
- 1 Domain Controller[s] administratively excluded
- 2 possible convergence scenario[s] determined
- 2 of which have converged
- Done.
ASKER
Here is the output I get when I run dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\EXCHANG
Starting test: Connectivity
......................... EXCHANGE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\EXCHANG
Starting test: Replications
[Replications Check,EXCHANGE] A recent replication attempt failed:
From PRINTSERVER to EXCHANGE
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2007-10-12 09:59:20.
The last success occurred at 2003-02-21 21:51:58.
286 failures have occurred since the last success.
[Replications Check,EXCHANGE] A recent replication attempt failed:
From PRINTSERVER to EXCHANGE
Naming Context: CN=Configuration,DC=pcfloa
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2007-10-12 10:06:31.
The last success occurred at 2003-02-21 21:57:28.
760 failures have occurred since the last success.
[Replications Check,EXCHANGE] A recent replication attempt failed:
From PRINTSERVER to EXCHANGE
Naming Context: DC=pcfloans,DC=local
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2007-10-12 10:10:59.
The last success occurred at 2003-02-21 22:05:19.
2247 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
EXCHANGE: Current time is 2007-10-12 10:14:21.
CN=Schema,CN=Configuration
Last replication recieved from PRINTSERVER at 2003-02-21 21:51:58.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=pcfloa
Last replication recieved from PRINTSERVER at 2003-02-21 21:57:28.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=pcfloans,DC=local
Last replication recieved from PRINTSERVER at 2003-02-21 22:05:19.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... EXCHANGE passed test Replications
Starting test: NCSecDesc
......................... EXCHANGE passed test NCSecDesc
Starting test: NetLogons
......................... EXCHANGE passed test NetLogons
Starting test: Advertising
......................... EXCHANGE passed test Advertising
Starting test: KnowsOfRoleHolders
......................... EXCHANGE passed test KnowsOfRoleHolders
Starting test: RidManager
......................... EXCHANGE passed test RidManager
Starting test: MachineAccount
......................... EXCHANGE passed test MachineAccount
Starting test: Services
......................... EXCHANGE passed test Services
Starting test: ObjectsReplicated
......................... EXCHANGE passed test ObjectsReplicated
Starting test: frssysvol
......................... EXCHANGE passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... EXCHANGE failed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/12/2007 10:04:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/12/2007 10:06:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/12/2007 10:06:35
(Event String could not be retrieved)
......................... EXCHANGE failed test kccevent
Starting test: systemlog
......................... EXCHANGE passed test systemlog
Starting test: VerifyReferences
......................... EXCHANGE passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : pcfloans
Starting test: CrossRefValidation
......................... pcfloans passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... pcfloans passed test CheckSDRefDom
Running enterprise tests on : pcfloans.local
Starting test: Intersite
......................... pcfloans.local passed test Intersite
Starting test: FsmoCheck
......................... pcfloans.local passed test FsmoCheck
I'm looking at the tombstone lifetime part. How do I fix that?
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\EXCHANG
Starting test: Connectivity
......................... EXCHANGE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\EXCHANG
Starting test: Replications
[Replications Check,EXCHANGE] A recent replication attempt failed:
From PRINTSERVER to EXCHANGE
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2007-10-12 09:59:20.
The last success occurred at 2003-02-21 21:51:58.
286 failures have occurred since the last success.
[Replications Check,EXCHANGE] A recent replication attempt failed:
From PRINTSERVER to EXCHANGE
Naming Context: CN=Configuration,DC=pcfloa
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2007-10-12 10:06:31.
The last success occurred at 2003-02-21 21:57:28.
760 failures have occurred since the last success.
[Replications Check,EXCHANGE] A recent replication attempt failed:
From PRINTSERVER to EXCHANGE
Naming Context: DC=pcfloans,DC=local
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2007-10-12 10:10:59.
The last success occurred at 2003-02-21 22:05:19.
2247 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
EXCHANGE: Current time is 2007-10-12 10:14:21.
CN=Schema,CN=Configuration
Last replication recieved from PRINTSERVER at 2003-02-21 21:51:58.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=pcfloa
Last replication recieved from PRINTSERVER at 2003-02-21 21:57:28.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=pcfloans,DC=local
Last replication recieved from PRINTSERVER at 2003-02-21 22:05:19.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... EXCHANGE passed test Replications
Starting test: NCSecDesc
......................... EXCHANGE passed test NCSecDesc
Starting test: NetLogons
......................... EXCHANGE passed test NetLogons
Starting test: Advertising
......................... EXCHANGE passed test Advertising
Starting test: KnowsOfRoleHolders
......................... EXCHANGE passed test KnowsOfRoleHolders
Starting test: RidManager
......................... EXCHANGE passed test RidManager
Starting test: MachineAccount
......................... EXCHANGE passed test MachineAccount
Starting test: Services
......................... EXCHANGE passed test Services
Starting test: ObjectsReplicated
......................... EXCHANGE passed test ObjectsReplicated
Starting test: frssysvol
......................... EXCHANGE passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... EXCHANGE failed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/12/2007 10:04:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/12/2007 10:06:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/12/2007 10:06:35
(Event String could not be retrieved)
......................... EXCHANGE failed test kccevent
Starting test: systemlog
......................... EXCHANGE passed test systemlog
Starting test: VerifyReferences
......................... EXCHANGE passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : pcfloans
Starting test: CrossRefValidation
......................... pcfloans passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... pcfloans passed test CheckSDRefDom
Running enterprise tests on : pcfloans.local
Starting test: Intersite
......................... pcfloans.local passed test Intersite
Starting test: FsmoCheck
......................... pcfloans.local passed test FsmoCheck
I'm looking at the tombstone lifetime part. How do I fix that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SKTRN is correct but be aware that blindly implementing this setting can cause far worse a problem than the one you're currently dealing with.
This is a deliverate replication block on Microsoft' part ... the 2 DCs haven't spoken for a period of time that is longer than they'll keep deleted objects for, as such, any deleted object that originated on either DC will not be deleted from the other resulting in something we call 'lingering objects'.
I would recommend that you first determine the cause of the replication failure before permitting such divergent DCs to talk again. It's usually related to DNS and merely that the source server referenced by DCDIAG has been forcibly removed or simply thrown away.
I would recommend that you first determine the cause of the replication failure before permitting such divergent DCs to talk again. It's usually related to DNS and merely that the source server referenced by DCDIAG has been forcibly removed or simply thrown away.
Agreed there are some definite chances for problems. I would verify that the AD information on the server showing as out of sync does not contain any outdated or lingering information.
ASKER
I think I know what it was. I recently moved the servers and noticed that the time on the domain controller was set to the year 97. So the cmos battery had gone bad so the time had reset. I think that is what caused this in the first place, because they were functioning fine before.
Preface the supplied script with -
[BEGIN SCRIPT]
set /a NUM=%1 + 1 2>nul && (
echo It's a number
REM continue processing
) || (
echo Nope, that's garbage to me
REM End your script here
)
[END SCRIPT]
[BEGIN SCRIPT]
set /a NUM=%1 + 1 2>nul && (
echo It's a number
REM continue processing
) || (
echo Nope, that's garbage to me
REM End your script here
)
[END SCRIPT]
Very likely, I have seen the same in the past. I would still verify AD information, then verify time is updating correctly and staying in sync. Then use the registry setting.
Please disregard previous post -- sooooooooooo obviously and entirely the wrong thread :0)
If time is out of whack then you'll need to ensure the machine with the back CMOS battery isn't serving as a time source. If you're positive things were fine beforehand (within tombstone lifetime), them implement the setting per SKTRN on the DC where you ran the DCDIAG command ... ensure it's time is fixed first.
ASKER
Yea, I had fixed the time when I moved it but didn't notice the issue until I had to add a new user. It looks like they are replicating fine now though. I just added and deleted some users and it was showing up on the other server as well.
So, thanks for the help guys!
So, thanks for the help guys!
Congrats on getting it up and going.