Solved

DNS fails to replicate after adding new 2008 DC

Posted on 2009-05-08
9
1,375 Views
Last Modified: 2012-06-21
I am getting the following error on my 2008 dc:
The attempt to establish a replication link for the following writable directory partition failed.
 
Directory partition:
DC=ForestDnsZones,DC=ahsaa,DC=net
Source directory service:
CN=NTDS Settings,CN=AHSAA-FILE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ahsaa,DC=net
Source directory service address:
98efcd51-ee6d-42a8-ae0b-dbba74273ccb._msdcs.ahsaa.net
Intersite transport (if any):  
 
This directory service will be unable to replicate with the source directory service until this problem is corrected.
 
User Action
Verify if the source directory service is accessible or network connectivity is available.
 
Additional Data
Error value:
1722 The RPC server is unavailable.

I also ran dcdiag /test:dns and received the following error:

Ldap search capabality attribute search failed on server ahsaa-dc, return value = 81

I'm not sure where to go from here.
0
Comment
Question by:rmills8387
  • 5
  • 4
9 Comments
 
LVL 1

Expert Comment

by:mabthal
Comment Utility
Did you add the DC to a windows 2003 domain?
0
 

Author Comment

by:rmills8387
Comment Utility
Yes I did and I ran adprep from the 2008 CD. I also started getting the following error:

It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
 
 The reason that replication is not allowed to continue is that the two DCs may contain lingering objects.  Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".  If the local destination DC was allowed to replicate with the source DC, these potential lingering object would be recreated in the local Active Directory Domain Services database.
 
Time of last successful replication:
2008-11-01 13:04:54
Invocation ID of source directory server:
67480a11-cc83-4810-b7f1-b293e9e10456
Name of source directory server:
67480a11-cc83-4810-b7f1-b293e9e10456._msdcs.ahsaa.net
Tombstone lifetime (days):
60
 
The replication operation has failed.
 
 
User Action:
  The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
 
 If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD.  To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects.  To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".
 
 If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
 
 If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
 
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
 
 Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved.  DCs that fail to inbound replicate deleted objects within tombstone lifetime number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC.  Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are located immediately.
 
Alternate User Action:
 
Force demote or reinstall the DC(s) that were disconnected.
0
 
LVL 1

Expert Comment

by:mabthal
Comment Utility
I have seen this with 2003 DC's and opted to just rebuild the server and rerun dcpromo. I use VMWare and had nothing else running on the tombstoned DC so it was a fairly quick process.
0
 

Author Comment

by:rmills8387
Comment Utility
Which server would I need to rebuild, the 2008? I am getting the same error on my other two DC's. Would you recommend changing the registery to force replication?
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 1

Expert Comment

by:mabthal
Comment Utility
How many DC's do you have? are they all in one site? Which one holds the FSMO roles?
0
 

Author Comment

by:rmills8387
Comment Utility
I have 3 including the 2008 that I just added. The FSMO is on my 2003 DC1 that also has exchange on it. It is old and is running out of disk space. My plan was to add the 2008 DC and install 2007 exchange on it and demote the older 2003 machine. My DC #2 is also a 2003 DC and was added about 2 years ago. All DC's are at the same location.
0
 
LVL 1

Expert Comment

by:mabthal
Comment Utility
So you 100% want to keep the DC with the FSMO roles on it, (I assume this runs DHCP and clients are pointed to it for DNS)..  Is this DC replicating to the other w2k3 DC.?
0
 

Author Comment

by:rmills8387
Comment Utility
I would like to get rid of the one (DC1) that is currently holding the FSMO roles and move them to the new 2008 DC as well as DHCP. DC2 (w2k3) is replicating to DC1. I just notice that the DNS Forward Lookup Zones are now replicated on the new 2008 DC but I'm still getting the above errors in event viewer. Also should the Reverse Lookup Zones replicate to all DC's? They show on DC1 but not on the other 2 DC's.
0
 
LVL 1

Accepted Solution

by:
mabthal earned 500 total points
Comment Utility
I would rebuild the 2008 box run dcpromo (make it a GC) and make sure everything has replicated over. At that point you can transfer the FSMO roles.as well as DHCP.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now