Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How do you fix AD Replication when a server has exceeded the Tombstone lifetime?

Posted on 2007-11-16
15
Medium Priority
?
22,836 Views
Last Modified: 2011-08-18
Recently, I just turned 2 of my 3 domain controller servers back on after being off for quite a while.  Each one is configured to replicate AD from one to another one.  However when the replication process is started I get a exceeded tombstone lifetime error.  The error says: "The AD cannot replicate with this server because the lifetime since the last replication with this server has exceeded the tombstone liftime."
How do I change this so that all three will replicate correctly?  Is it a matter of changing the tombstone lifetime or is there a way that I can re-sync all of my servers with my primary domain controller?  I did try the command repadmin /replicate and other switches and also the command dcdiag.  Those did not help, they only pretty much gave me the same information that I am giving you.

If anyone has any suggestions I would love to hear them.  Thanks!
0
Comment
Question by:GFCU
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +2
15 Comments
 
LVL 30

Expert Comment

by:SteveGTR
ID: 20301786
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 750 total points
ID: 20302995
from everything i have seen, you are stuck, you are going to have to kill those DC's and then clean the rest of your AD.....and then rebuild them and bring them back in...
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20304247
There is a way to resolve this by tweaking each DC such that it ignores the tombstone lifetime.  I really don't advise it though since it will result in any number of inconsistencies in the forest that are oftentimes much more difficult to remedy than your current situation.  Assuming the DCs you mention are indeed limited in number (you said 2 or 3 and that qualifies and they have been turned off vs. used at some other location and therefore in possession of valid data), I'd suggest you run -

DCpromo /forceremoval

... on each recently-switched-on-DC in turn and then repromote the resulting non-domain affiliated server back into the forest (this, of course, assumes other DCs remain from which to source any and all partitions/domains within your forest).

Note - increasing your tombstone lifetime won't help here.

PS - in case you missed it, you posted in the MS-DOS forum :0)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:GFCU
ID: 20315373
Does this still stand true for the Windows Server 2003 operating system too?  and not just the server 2000 os?
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20315420
Does what stand-true?
0
 
LVL 1

Author Comment

by:GFCU
ID: 20315733
My question is, does this apply also to the server 2003 operating system.  not just the server 2000 os.
0
 
LVL 1

Author Comment

by:GFCU
ID: 20315777
The section named "Correct Response to Any Outdated Server Running Windows 2000 Server" is the section that is relevent to me.  The only thing is that I am running Windows Server 2003, NOT Windows Server 2000.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20315887
same rules apply
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20315945
Nod, everything applies.  In fact, it's more applicable to 2003 than to 2000.
0
 
LVL 1

Author Comment

by:GFCU
ID: 20316017
Either way, this is correct for this version???
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20316038
Yes.
0
 
LVL 1

Author Comment

by:GFCU
ID: 20330959
Thanks for the info, this is a work in progress.  I will keep you updated.  Thanks!
0
 
LVL 1

Author Comment

by:GFCU
ID: 21116575
I reloaded a new server with ad and started replication from new.  Thanks for the help.
0
 

Expert Comment

by:prointeg
ID: 21839523
Windows 2003 Domain controllers (4)
Date&Time got whacked out by VMware's network time service changing domain controller date & time settings to different times and months.  Don't ask but I've now seen this happen at 4 client sites running ESX 3.5 with MS domain controllers.

The servers got completely out of sync and replication halted... of course.

I had to rebuilt the security connection between one domain controller and PDC emulator using netdom reset password utility but I think the real fix was setting the registry entry using the article below that "Allow Replication With Divergent and Corrupt Partner".

I ran repadmin to remove lingering objects which wasn't too hard once you grasped the syntax.  Just use repadmin /showrepl to find the GUID and directory partition object.  Mine was: CN=Configuration,DC=yourmomma,DC=com

Reboot the domain controllers and try a manual replication using AD sites & services MMC tool.

Good luck and I hope maybe I can spark some ideas you weren't seeing at first.

Someday someone will right an AD repair tool for windows that dows all this but until then....

Adam
Professional Integrations LLC
www.professionalintegrations.com



http://technet2.microsoft.com/windowsserver/en/library/4f504103-1a16-41e1-853a-c68b77bf3f7e1033.mspx?mfr=true
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question