DCDIAG - replication errors

Posted on 2010-01-04
Last Modified: 2012-05-08
hi experts,

using windows 2003 server (standard w/ Service Pack 1). Two sites (Site A & B) and one DC per site (ie DC01 at Site A and DC02 at Site B)

ive attached the dcdiag test results. please advise on how to proceed with resolving replication errors.

thanks in advance
Question by:kenny_klbn
    LVL 13

    Expert Comment

    seems to be link problem with machine account try this
    LVL 13

    Expert Comment

    LVL 57

    Accepted Solution

    Anything happen in early Oct on your network that may have caused this?
    In this case you are running up on that 90 day period since the last success so once you go over the tombstone lifetime you really don't have much of a choice.
    I'd remove AD from this DC and repromote

    1.  Run dcpromo /forceremoval. That will remove AD from the server without replicating (replication is not working anyway).  After the reboot the server will be a standalone box.
    2.  Run a metadata cleanup of the DC that was demoted &  
    Those are my two favorite metadata links
     In your case DC2 doesn't hold any FSMO roles so you don't need to seize them.
     3.  You can then join the server back to the domain and promote it again.
    LVL 74

    Expert Comment

    by:Glen Knight
    What is DC01? Is it still active?

    If they are on different sites is there good communication between the sites?

    Are they both DNS servers?
    LVL 7

    Expert Comment

    Replication can break due to various reasons like name resolution etc. Now, if two DCs do not replicate with each other for more than 30 days, the chances are there that the two machines are not able to access each other. As, every windows based machine changes its machine account's password every 30 days. If its not replicating with other DCs, this password will not replicate with them and hence will result in this situation.
    Just follow this article and run NetDom command as specified in this:

    IMP: You have to do this on PDC first in its own context. Then do it on the other server with PDC's context. So, run this command on both servers (but first on PDC).
    Netdom /resetpwd /server:PDC_NAME /Userd:Domain\user_name /passwordd:"password"




    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now