?
Solved

NTDS Replication Event error

Posted on 2009-04-15
19
Medium Priority
?
263 Views
Last Modified: 2012-05-06
I am Running Windows Server 2003 running as Primary Domain Controller/DNS/DHCP.  I have another Windows 2003 server running Exchange 2003 and also a Secondary Domain Controller/DNS/DHCP.  Was checking my system logs and notice that I keep getting this message,
{This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
DC=DomainDnsZones,DC=allied,DC=ad
 
The local domain controller has not recently received replication information from a number of domain controllers.   The count of domain controllers is shown, divided into the following intervals.
 
More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
1
Tombstone lifetime (days):
60
 Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.}

 
0
Comment
Question by:ahmad1467
  • 7
  • 6
  • 5
  • +1
19 Comments
 
LVL 10

Expert Comment

by:Vince Glisson
ID: 24151637
Can you ping all the servers concerned?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 24151790
Please post the output of a "DCDIAG" from EACH of the DCs here.

Also, it is helpful to get out of the mindset of "Primary" and "Secondary" domain controllers in Active Directory, because there is no such thing. All DCs operate in a multi-master mode... meaning all are equal (excluding FSMO roles and GC designation).
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24155300
Seems like you got a tombstoned DC. I think your in trouble if it's is the Exchange DC that is tombstoned...

Run "dcdiag /e /c"

to test both DCs in the same test.


SG
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 10

Expert Comment

by:Vince Glisson
ID: 24158923
0
 

Author Comment

by:ahmad1467
ID: 24159920
I tryied to run dcdiag and it came back with this error

C:\Documents and Settings\Administrator.ALLIED>dcdiag /e/c
'dcdiag' is not recognized as an internal or external command,
operable program or batch file.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24160017
0
 

Author Comment

by:ahmad1467
ID: 24160589
Should I send the logs by attaching text files?  
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24161125
That will work:

Start > Run > dcdiag /e /c > c:\dcdiag.txt

attach the file created.

SG
0
 

Author Comment

by:ahmad1467
ID: 24161520
I have attathed two text files with the logs of my DC's, one is from the server with exchange an the othe is without
1-dcdiag.txt
Exchange-dcdiag-e-c.txt
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24162054
From what I can see you got 3 domain controllers.

Are you familiar with this DC?

"allied-dc.allied.ad"

it's tombstoned and needs to be cleaned out with a metadata cleanup.


SG
0
 
LVL 10

Expert Comment

by:Vince Glisson
ID: 24162931
Yep the dcdiag confirms the tombstone, ouch!!!
Don't see many of these but when you do it makes you grateful your not the one with a tombstoned server.
Here is a thread from right here on EE you should look at...
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22966774.html
 
0
 
LVL 10

Expert Comment

by:Vince Glisson
ID: 24162980
To perform metadata cleanup....
http://support.microsoft.com/kb/216498
http://technet.microsoft.com/en-us/library/cc736378.aspx

I think i would almost reformat and start over....
0
 

Author Comment

by:ahmad1467
ID: 24166949
How does this happen
0
 

Author Comment

by:ahmad1467
ID: 24167079
What would be the down fall of this issue, what other problems could we have because of this

Thanks
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24167274
You mention that you got two DC's, but there are three DC's in your domain.

You didn't answer if you knew this server/DC: "allied-dc.allied.ad" and what is the story behind the missing DC?


SG

0
 

Author Comment

by:ahmad1467
ID: 24167714
I should only have two DC's
The domain name is: allied.ad
The two DC server names should be:
"      DC-ALLIED.allied.ad
"      1MAIL.allied.ad

Testing server: Default-First-Site-Name\1MAIL
      Starting test: Connectivity
         ......................... 1MAIL passed test Connectivity
   
   Testing server: Default-First-Site-Name\ALLIED-DC
      Starting test: Connectivity
         The host 275129c4-28b0-44aa-9599-3d2c08676b65._msdcs.allied.ad could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         ......................... ALLIED-DC failed test Connectivity
   
   Testing server: Default-First-Site-Name\DC-ALLIED
      Starting test: Connectivity
         ......................... DC-ALLIED passed test Connectivity
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24167793
Well there are 3 :) Maybe an old orphan DC

Run a metadata cleanup using ntdsutil to see if you can remove the traces of it.

http://support.microsoft.com/kb/216498

Do the job from i.e. dc-allied. (you need the support tools installed)


SG
0
 
LVL 10

Accepted Solution

by:
Vince Glisson earned 1000 total points
ID: 24171031
Usually happens when you take a server (which was a DC somewhere else) or you take a server which was part of your domain at one time and try to put it back on the domain. More that 60 days offline and the server becomes tombstoned (nicer way of saying it's dead). When DC's are removed from a domain then there is a process to follow to do it cleanly.
The question was asked earllier about if you new where the 3rd dc came from. Looks like your trying to add a DC from another domain to your domain.
0
 

Author Closing Comment

by:ahmad1467
ID: 31570643
Thank you for Alll your help
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question