Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Event ID 1864

Posted on 2008-11-12
13
Medium Priority
?
860 Views
Last Modified: 2012-08-14
Hi,

I receive the following error message on the DC. We only run 1 DC so there is no need for replication. How can i remove those replication objects?

The local domain controller has not recently received replication information from a number of domain controllers.   The count of domain controllers is shown, divided into the following intervals.
 
More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
1
Tombstone lifetime (days):
180
 Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:ktpoitm
  • 7
  • 6
13 Comments
 
LVL 20

Expert Comment

by:mkbean
ID: 22940041
Did you ever have another DC?  If so it looks like it may have not been removed properly.   Here is a link to remove a DC that is no longer functional.  http://support.microsoft.com/kb/216498

Thanks,
Brian
0
 
LVL 1

Author Comment

by:ktpoitm
ID: 22940093
Hi thx for the answer. Yes we had 3 Domain Controller before, but there is only one DC in the metadata.
So unfortunately that is not the problem

Thx
Sebastian
0
 
LVL 20

Expert Comment

by:mkbean
ID: 22940168
Sebastian,
Run the following command from the cmd prompt to see if it tells you who the culprit is:
repadmin /replsum /errorsonly >> c:\temp\readmin_err.txt

Thanks,
Brian
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 1

Author Comment

by:ktpoitm
ID: 22940206
i ran the command and the output is as followed :
Replication Summary Start Time: 2008-11-12 10:04:58



Beginning data collection for replication summary, this may take awhile:

  ....





Source DC           largest delta  fails/total  %%  error





Destination DC    largest delta    fails/total  %%  error

Assertion


0
 
LVL 20

Expert Comment

by:mkbean
ID: 22940219
Well that is a wealth of info. :)  It did complete correct?

Brian
0
 
LVL 1

Author Comment

by:ktpoitm
ID: 22940254
it did not give me any error message :P. It seems like the DC tries to replicated with an non existing server. Would it help if i rebuild the second Domain Controller move everything over to it and rebuild DC1, or would that move the Problem?
0
 
LVL 20

Expert Comment

by:mkbean
ID: 22940291
I'm not 100% sure on that but it would seem that it would move the problem since that really isn't doing anything to remove the issue.
0
 
LVL 1

Author Comment

by:ktpoitm
ID: 22940304
Do you have any idea how to resolve the issue?
0
 
LVL 20

Expert Comment

by:mkbean
ID: 22940345
My next step would be to search though AD using LDP to see if I could find anything.  That is going to take some time though.
0
 
LVL 1

Author Comment

by:ktpoitm
ID: 22940588
I just checked ldap and saw some NTDS entries under Lostandfound. Could that have anything to do with it?
0
 
LVL 20

Expert Comment

by:mkbean
ID: 22940637
Only if it was the same names as your old DCs.  If you find anything for those old DCs remove it.
0
 
LVL 1

Author Comment

by:ktpoitm
ID: 22940720
i ran dcdiag and got the following error. I dont know if that has anything to do with it, im just shooting in the dark right now

  Starting test: VerifyEnterpriseReferences
         The following problems were found while verifying various important DN

         references.  Note, that  these problems can be reported because of

         latency in replication.  So follow up to resolve the following

         problems, only if the same problem is reported on all DCs for a given

         domain or if  the problem persists after replication has had

         reasonable time to replicate changes.
            [1] Problem: Missing Expected Value

             Base Object: CN=LostAndFoundConfig,CN=Configuration,DC=ktpo,DC=ops

             Base Object Description: "Server Object"

             Value Object Attribute: serverReference

             Value Object Description: "DC Account Object"

             Recommended Action: This could hamper authentication (and thus

            replication,  etc).  Check if this server is deleted, and if so

            clean up this DCs Account  Object.  If the problem persists and

            this is not a deleted DC, authoratively restore the DSA object from

            a good copy, for example the DSA on the DSA's home server.

             
            [2] Problem: Missing Expected Value

             Base Object: CN=LostAndFoundConfig,CN=Configuration,DC=ktpo,DC=ops

             Base Object Description: "Server Object"

             Value Object Attribute: serverReference

             Value Object Description: "DC Account Object"

             Recommended Action: This could hamper authentication (and thus

            replication,  etc).  Check if this server is deleted, and if so

            clean up this DCs Account  Object.  If the problem persists and

            this is not a deleted DC, authoratively restore the DSA object from

            a good copy, for example the DSA on the DSA's home server.

             
         ......................... KTPO05DC1 failed test VerifyEnterpriseReferences
0
 
LVL 20

Accepted Solution

by:
mkbean earned 1000 total points
ID: 22940832
It seems to me that it is saying the objects still exist somewhere in AD.  Since it has been more than 180 days you really can't restore it and remove it again.  It has to be somewhere in the metadata.

Brian
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question