Solved

NTDS Replication Failure, Unable to access Domain Resources

Posted on 2007-11-15
11
1,576 Views
Last Modified: 2010-04-21
We are having problems with some users being able to logon to the domain but once they are connected they are unable to access any network resources.  For example, they cannot connect to our exchange server or connect to any of the network share.  I took a look at this post since we are getting the same event id's. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22573456.html but I am not able to raise to forest functional level to 2003 since we still have a few 2000 servers on the domain.  We have 2 DC runnings 2003 and the workstations that are having trouble are running xp sp2.  One fix that seems to temporarily work is resetting the users password.  It will then work fine for about a month.  But here are the events....
Event Type:      Information
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1955
Date:            11/15/2007
Time:            8:40:44 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      HDA00
Description:
Active Directory encountered a write conflict when applying replicated changes to the following object.
 
Object:
CN=User Name,CN=Users,DC=hdainc,DC=com
Time in seconds:
0  
 
Event log entries preceding this entry will indicate whether or not the update was accepted.
 
A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occurs when the object represents a large group with many members, and the functional level of the forest is set to Windows 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring.
 
User Action
Use smaller groups for this operation or raise the functional level to Windows Server 2003.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1083
Date:            11/8/2007
Time:            8:41:26 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      HDA00
Description:
Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information.
 
Object:
CN=User Name,CN=Users,DC=hdainc,DC=com
Network address:
229862d8-201c-4b3f-b75e-d330e5ff8458._msdcs.hdainc.com
 
This operation will be tried again later.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:hdainc
  • 6
  • 4
11 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 100 total points
ID: 20289822
> "I am not able to raise to forest functional level to 2003 since we still have a few 2000 servers"

To clarify - do you still have Windows 2000 Domain Controllers on your network?  Or just Windows 2000 member servers.  If the latter, you can raise the functional level to 2003 - domain/forest functional level only cares about the OS of your domain controllers, not any member servers on your network.
0
 

Author Comment

by:hdainc
ID: 20289977
We will try this out then.  Thanks for the info.
0
 

Author Comment

by:hdainc
ID: 20289990
One more thing.  Can this cause any conflicts with anything?  Or do I just raise the level and be done?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:hdainc
ID: 20290104
Here is some more information.  I'm not sure if it will change your answer.

To update the forest functional level, the domain controllers in the forest must be running the appropriate version of windows, and no domains in the forest can have a domain functional level of Windows 2000 mixed or Windows Server 2003 interim.            
            
Forest root domain name            
hdainc.com            
            
Current forest functional level            
Windows 2000            
            
The following domains include domain controllers that are running earlier versions of windows:            
Domain Name      Domain Controller      Version of Windows
            
            
The following domains must be updated to a domain functional level of Windows 2000 native or Windows Server 2003:            
Domain Name      Current Domain Functional Level      
fosterandhunt.hdainc.com      Windows 2000 mixed      
            
0
 
LVL 12

Assisted Solution

by:opie6373
opie6373 earned 400 total points
ID: 20290554
here is a good article.  you can update the domain fosterandhunt.hdainc.com to windows 2000 native no problem.  windows 2000 mixed is you have nt 4.0 servers.

http://www.computerperformance.co.uk/w2k3/w2k3_mixedvnative.htm

since i noticed you have exchange i am including this link which talks about exchange and mixed/native modes.  

0
 
LVL 12

Assisted Solution

by:opie6373
opie6373 earned 400 total points
ID: 20290557
man i always do that. sorry here is the link:

http://support.microsoft.com/kb/270143
0
 

Author Comment

by:hdainc
ID: 20291971
Another question that isn't answer in those articles.  We still have a couple of workstations that run windows 98.  Can the forest/domain level still be changed?
0
 
LVL 12

Assisted Solution

by:opie6373
opie6373 earned 400 total points
ID: 20292223
yes.  the domain level only cares about domain controllers.  as long as there are no NT domain controllers you can switch to 2k native.

And Good God Man----windows 98?  yikes!
0
 

Author Comment

by:hdainc
ID: 20295195
Same with the forest level I'm assuming?
0
 
LVL 12

Assisted Solution

by:opie6373
opie6373 earned 400 total points
ID: 20297905
yes
0
 

Author Closing Comment

by:hdainc
ID: 31409336
Opie was very nice and seemed eager to help!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best Server Board For The Money 19 72
Raid 6 or Raid 10? 19 178
extra RAM sticks on server board 9 34
Downgrade From Domain to WorkGroup 3 37
Usually shares are where we want them for our users and we tend to take them for granted. There are times, however, when those shares may disappear causing difficulty for your users. One of the first things to try is searching for files that shou…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now