GarryBaker
asked on
Event ID 1955 & 1083
I've had several problem with replication on my DC's over the last few months. I've seem to have fixed the issues by demoting the second DC cleaning up metadata and removing all details of the server from AD, DNS etc. I then rebuilt the second DC and promoted into the domain again.
I have been checking the system and things seem to be all working ok except for the occasional DS error
Reported on DC1
Information
Source: NTDS Replication
Time: 08:18:47
Event ID: 1955
Description
Active Directory encountered a write conflict when applying replicated changes to the following object
Object
CN=User name,OU=All_users,DC=Domai n,DC=Local
Time in seconds
0
Event log entries preceding this entry will indeicate whether or not the update was accepted.
A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occures when the object represents a large group with many members, and the functional level of the forest is set to Win 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring
User Action
Use smaller groups for this operation or raise the functional level to Win Server 2003
Source: NTDS Replication
Time: 08:18:47
Event ID: 1083
Description
Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information
Object
CN=User Name,OU+All_users,DC=Domai n,DC=Local
Network Address
4d7980ef-3780-4a9c-95f7-b0 d4b60a483b ._msdcs.do main.local
This operation will be tried again later.
I have looked up the network address and this relates to DC2
This was triggered when a user account lockout was reset, I do not get any other errors or infromation reported again later on either DC, I have checked the security log and I can see that the user logged back on the domain ok (DC1 Authenticated the Users Logon)
I have been going through the security log on DC2 and it does not seem to authenticate as many user as DC1, mostley seems to be Directory Services Access (Event ID 836/837) and server account logon/logoff (Event ID 540/576).
I've run DCdiag on both DC's and both seem to be ok, also frsdiag all ok.
I have also run REPLMON and in the status reports I get a log of the following errors.
Current Transitive REplication Partner Statuse
Directory Partition: DC xxxxxxxx
Partner Name: **DELETED SERVER #xx
Partner GUID: guid number
USN: usn number
Does anyone have any ideas?
I have been checking the system and things seem to be all working ok except for the occasional DS error
Reported on DC1
Information
Source: NTDS Replication
Time: 08:18:47
Event ID: 1955
Description
Active Directory encountered a write conflict when applying replicated changes to the following object
Object
CN=User name,OU=All_users,DC=Domai
Time in seconds
0
Event log entries preceding this entry will indeicate whether or not the update was accepted.
A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occures when the object represents a large group with many members, and the functional level of the forest is set to Win 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring
User Action
Use smaller groups for this operation or raise the functional level to Win Server 2003
Source: NTDS Replication
Time: 08:18:47
Event ID: 1083
Description
Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information
Object
CN=User Name,OU+All_users,DC=Domai
Network Address
4d7980ef-3780-4a9c-95f7-b0
This operation will be tried again later.
I have looked up the network address and this relates to DC2
This was triggered when a user account lockout was reset, I do not get any other errors or infromation reported again later on either DC, I have checked the security log and I can see that the user logged back on the domain ok (DC1 Authenticated the Users Logon)
I have been going through the security log on DC2 and it does not seem to authenticate as many user as DC1, mostley seems to be Directory Services Access (Event ID 836/837) and server account logon/logoff (Event ID 540/576).
I've run DCdiag on both DC's and both seem to be ok, also frsdiag all ok.
I have also run REPLMON and in the status reports I get a log of the following errors.
Current Transitive REplication Partner Statuse
Directory Partition: DC xxxxxxxx
Partner Name: **DELETED SERVER #xx
Partner GUID: guid number
USN: usn number
Does anyone have any ideas?
2 different opinions here, the last post even states that the REPLMON output is normal if you delete a DC:
http://www.servernewsgroups.net/group/microsoft.public.windows.server.active_directory/topic17006.aspx
http://www.servernewsgroups.net/group/microsoft.public.windows.server.active_directory/topic17006.aspx
ASKER
Ok looks like the deleted server accounts are left over tombstone information that will sort there selfs out in 60 days. With regards the the accont replication issue, this is not restricted to a single account and does not happen on every change. The changes are normally either password reset or account locks reset.
Not sure on Jack Wang comments
So, I suggest you delete all the connection objects for SA3DC1 and recreate
it to try again.
Also, you may open the properties of this object and change the following attribute repltopologystayofexecutio n from <notset> to 1.
If this value is not set it defaults to 14 days. The value is in days. This value is replicated to the other domain controllers and it is up to the KCC on each machine to clean up the replication objects. Once it is replicated and it has been 24 hours the old replication objects will be removed. This value shoudl then be set back to <not set>
With regards to removing the DC, this was done only last week. See this preivies question you helped with.
https://www.experts-exchange.com/questions/23631977/Event-ID's-673-539.html
Not sure on Jack Wang comments
So, I suggest you delete all the connection objects for SA3DC1 and recreate
it to try again.
Also, you may open the properties of this object and change the following attribute repltopologystayofexecutio
If this value is not set it defaults to 14 days. The value is in days. This value is replicated to the other domain controllers and it is up to the KCC on each machine to clean up the replication objects. Once it is replicated and it has been 24 hours the old replication objects will be removed. This value shoudl then be set back to <not set>
With regards to removing the DC, this was done only last week. See this preivies question you helped with.
https://www.experts-exchange.com/questions/23631977/Event-ID's-673-539.html
Oh, yes, I remember. I though everything would running fine now... sigh...
Just to make sure, domain IS set to Windows 2003 functional level?
Just to make sure, domain IS set to Windows 2003 functional level?
ASKER
Same as, thought it was all working ok then 2 days ago these started to appear almost felt like giving up and going home.
Yes it is running Win2K3 functional level.
Yes it is running Win2K3 functional level.
See eventid.net for some possibly solutions for the 1083:
http://www.eventid.net/display.asp?eventid=1083&eventno=919&source=NTDS%20Replication&phase=1
http://www.eventid.net/display.asp?eventid=1083&eventno=919&source=NTDS%20Replication&phase=1
ASKER
Thanks already been through this post.
I've already tried the moving the DC to a different OU replicating and moving back again but this has not made a difference.
I have also gone through LDP and checked the account on the domain and only one occurance is found, also this is not restricted to a single account.
I've already tried the moving the DC to a different OU replicating and moving back again but this has not made a difference.
I have also gone through LDP and checked the account on the domain and only one occurance is found, also this is not restricted to a single account.
ASKER
I am planning on a complete system reboot today at 12 will update if any different.
ASKER
OK I have rebooted the system, I haven't seen any of the NTDS replication errors yet. however it is early days I'm and now waiting for my sys admin to let me know when any account changes haoppen.
However I did get a couple of errors on booting the PDC, they were as follows
Source NTDS Replication
Event ID 2092
Description
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of it partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected
FSMO Role CN=Partitions,CN=configura tion,DC=Do main=DC=Lo cal
FSMO Role CN=Schema, CN=configuration,DC=Domain ,DC=Local
Think this is ok as the 2nd DC had not yet been turned on and is the primary DC repliation partner. Once the 2nd DC was up I rebooted the Primary DC again and did not get this messages.
I also started to get Event ID 1030 & 1058, Source Userenv only on the Primary DC, but again these cleared once I rebooted the primary DC again.
Are these errors normal I do I still have problems with the primary DC ?
However I did get a couple of errors on booting the PDC, they were as follows
Source NTDS Replication
Event ID 2092
Description
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of it partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected
FSMO Role CN=Partitions,CN=configura
FSMO Role CN=Schema, CN=configuration,DC=Domain
Think this is ok as the 2nd DC had not yet been turned on and is the primary DC repliation partner. Once the 2nd DC was up I rebooted the Primary DC again and did not get this messages.
I also started to get Event ID 1030 & 1058, Source Userenv only on the Primary DC, but again these cleared once I rebooted the primary DC again.
Are these errors normal I do I still have problems with the primary DC ?
ASKER
Looks like the problem is still occuring, my system admin changed a password yesterday and it errored again with events 1955 & 1083
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If its just a single user name, maybe deleting and recreating the user helps.
But pobably this problem is a better match:
http://groups.google.com/group/microsoft.public.windows.server.migration/browse_frm/thread/05cf81c8a02eb957?hl=en&lr=&ie=UTF-8&c2coff=1&rnum=1&prev=/groups%3Fq%3DEvent%2B1955%2BNTDS%2BReplication%26hl%3Den%26lr%3D%26ie%3DUTF-8%26c2coff%3D1%26sa%3DG
Scroll down to post number 7 from Jack Wang
Hope it helps