Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

DC/FSMO

Avatar of YOlanie_Visser
YOlanie_VisserFlag for Monaco asked on
Windows Server 2003
19 Comments1 Solution2085 ViewsLast Modified:
Hi Guys,

I have run into a bit of an issue, 8 days ago I lost one of the Domain controllers, the drives burnt out and luckily i had another 2 GC DC's onsite. And two other servers in a different location/site were taken out as well. All 3 servers will not be put onto the domain again.

now I'm having  a few issues on replication, I keep getting the following errors:
---
Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      2093
Date:            6/30/2010
Time:            11:48:31 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      EIDBAD001
Description:

The remote server which is the owner of a FSMO role is not responding.  This server has not replicated with the FSMO role owner recently.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: CN=Schema,CN=Configuration,DC=x,DC=internal
FSMO Server DN: CN=NTDS Settings,CN=CINHAD001,CN=Servers,CN=NH,CN=Sites,CN=Configuration,DC=xt,DC=internal
Latency threshold (hours): 24
Elapsed time since last successful replication (hours): 221
 
User Action:
 
This server has not replicated successfully with the FSMO role holder server.
1. The FSMO role holder server may be down or not responding. Please address the problem with this server.
2. Determine whether the role is set properly on the FSMO role holder server. If the role needs to be adjusted, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
3. If the FSMO role holder server used to be a domain controller, but was not demoted successfully, then the objects representing that server are still in the forest. This can occur if a domain controller has its operating system reinstalled or if a forced removal is performed.  These lingering state objects should be removed using the NTDSUTIL.EXE metadata cleanup function.
4. The FSMO role holder may not be a direct replication partner. If it is an indirect or transitive partner, then there are one or more intermediate replication partners through which replication data must flow. The total end to end replication latency should be smaller than the replication latency threshold, or else this warning may be reported prematurely.
5. Replication is blocked somewhere along the path of servers between the FSMO role holder server and this server.  Consult your forest topology plan to determine the likely route for replication between these servers. Check the status of replication using repadmin /showrepl at each of these servers.
 
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 

-------------
Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1865
Date:            7/1/2010
Time:            1:13:47 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      EIAFAD001
Description:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
 
Sites:
CN=KY,CN=Sites,CN=Configuration,DC=x,DC=internal
CN=NH,CN=Sites,CN=Configuration,DC=x,DC=internal
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1864
Date:            6/30/2010
Time:            11:48:31 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      EIDBAD001
Description:
This is the replication status for the following directory partition on the local domain controller.
 
Directory partition:
CN=Configuration,DC=cohort,DC=internal
 
The local domain controller has not recently received replication information from a number of domain controllers.   The count of domain controllers is shown, divided into the following intervals.
 
More than 24 hours:
5
More than a week:
5
More than one month:
1
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
60
 Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Any Ideas? Help!
ASKER CERTIFIED SOLUTION
Avatar of Cliff Galiher
Commented:
This problem has been solved!
Unlock 1 Answer and 19 Comments.
See Answers