Active Directory: Replication problem

Hi,

1) I have a domain controller called DC1,
2) and a Replica Domain Controller called DC2
3) There is a problem with Replication from these domain controller (come information at DC1 are not replicated to DC2),
4) I tried to force the replication by going to AD Sites and Services ....... i select "Replicate Now" ......but there is an error message...
5) The error message: "The following error occured during the attempt to synchronize naming context boba.com from domain controller DC1 to domain controller DC2; The Active Directory can not replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
This Operation wil not continue.
6) Any Help?
7) Thank you

Tjie
tjieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shadowlesssCommented:
Sounds like you need to unpromote the server and then promote it back as a domain controller
0
shadowlesssCommented:
Sorry to be more specific...demote DC2 and then promote it back as a domain controller
0
tjieAuthor Commented:
" ...demote DC2 and then promote it back as a domain controller"
- How to do it?
- by using dcpromo.exe?
-Post it back please

Thanks,
Tjie
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Mike KlineCommented:
Yes if you dcpromo again it will demote the server to be a member server
In your case you have passed the tombstone lifetime period and the dcprom demotion may not work in that case you could get rid of that DC by using a metadata cleanup http://support.microsoft.com/kb/216498
Then I'd just reinstall and promote the box.
Have you been checking replication regularly on these boxes?
Thanks
Mike
0
shadowlesssCommented:
Yes..just run dcpromo and then follow the wizard to demote it

Before you do this, please verify that this domain controller is not the only global catalog and that it does not hold the operations master role.
0
tjieAuthor Commented:
1) I tried to demote dc2 by executing the "dcpromo", but it failed
-The error message:
The Operation failed because:
Active Directory could not transfer the remaining data in directory partition
CN=Schema, CN=Configuration, DC=boba, DC=com to domain controller
dc1.boba.com
"The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers."
2) So shadowless, your direction does not work
3) Per Mike's suggestion, we have to do the metadata cleanup; it seems too time consuming......Is there any other quick solution?
-Could we just edit the Registry for the Tombstone life time?
4) Post it back both of you please
5) Thank you very much

Tjie
0
Mike KlineCommented:
metadata cleanup is not that time consuming, you can have your other DC up in a few hours.  If you have images for your server image you can have it done within an hour.
Thanks
Mike
0
snusgubbenCommented:
You'll have to run a metadata cleanup since you got a tombstoned DC. It will not replicate thus your other DC will not know that it's being removed.

Install the MS support tools if you don't have them.

Run "repadmin /showreps" to see last succesful replication. Or run a "dcdiag /e"

The remaining DC needs to hold all 5 FSMO: "netdom query fsmo"

If it's not holding the all you'll need to sieze them.

Your remaining DC also need to be a Global Catalog: "dsquery -server -isgc"

Then do as suggested above. Clean it out with ntdsutil and reinstall the server.

You should also find out why they don't replicate.


SG

0
tjieAuthor Commented:
Hi SG,

||The remaining DC needs to hold all 5 FSMO: "netdom query fsmo"||
-I use ntdsutil and successfully move the roles of RID, PDC, Infrastructure and Schema Master to DC1 (Other things: i want to check whether the DC1 has got the Schema master; get the mmc and want to get the AD Schema, but i can not find it there; i believe i have to install something else for it; what is it?)

-Problem: I can not transfer "Domain Naming Master" (I use both GUI and ntdsutil, but both failed) (So the "Domain Naming Master" is still at the "problem domain controller > ....DC2)

|| If it's not holding the all you'll need to sieze them.||

||Your remaining DC also need to be a Global Catalog: "dsquery -server -isgc"||
- Yes, Global Catalog has been at DC1

Please Post another comments before i do "the metadata cleanup"

Thanks,
tjie
0
LANm0nk3yCommented:
This is how you seize the FSMO roles:
http://support.microsoft.com/kb/324801

0
tjieAuthor Commented:
Hi HANmonkk3y,

1) I know how to seize the FSMO roles (Using GUI or ntdsutil),
2) But due to the above problem (Replication problem), i could not seize the "Domain Naming Master". (It is still NOW at DC2)
3) Thank you for the participation
4) I am still waiting for SG's or others' which can solve this # 2

Tjie

0
Mike KlineCommented:
You can't seize using the GUI.   You can only transfer using the GUI.  
Thanks
Mike
0
tjieAuthor Commented:
Hi Mike,

1)Do you have any solution for the #2 above (Seizing or Transferring "Domain Naming Master" from DC2 and DC1?)
2) Or i just continue with the metadata cleanup (and ignoring this #2)?

Thanks,
Tjie
0
Mike KlineCommented:
Run the metadata cleanup then you seize to DC1
When you seize the role the original domain naming master should never be restored on the network (same applies to the RID master and schema master)
Thansk
Mike
0
tjieAuthor Commented:
Hi Mike,

1) I used other machine (than DC2) to apply the ntdsutil (I used DC1 and also other connected servers), but it failed (from the other machines i connect to DC2)
2) The error message:

" The connected server will not remove its own metadata"

3) Should i remove back the FSMO roles to DC2? (if yes, which ones?)

Thanks,
tjie
0
Mike KlineCommented:
Take a look at this article
http://msmvps.com/blogs/ad/archive/2008/12/17/how-to-remove-a-failed-or-offline-dc.aspx
Where in the process is it failing?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.