• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1957
  • Last Modified:

Windows 2003 replication error

I am seeing errors with one particular domain controller (win2003)

DC=mydomain,DC=com
    yah\DC00 via RPC
        DSA object GUID: 8a784cb6-8b0f-4980-a0a8-8acf6593b5bb
        Last attempt @ 2010-09-21 16:40:33 failed, result 8304 (0x2070):
            The maximum size of an object has been exceeded.
        26911 consecutive failure(s).
        Last success @ 2010-09-03 13:51:27.
    mydomain\DC03 via RPC
        DSA object GUID: 99586208-7010-4a45-b287-260f64570904
        Last attempt @ 2010-09-21 16:41:10 failed, result 8304 (0x2070):
            The maximum size of an object has been exceeded.
        25176 consecutive failure(s).
        Last success @ 2010-09-03 13:51:37.



number of errors in the event log

why is this?
0
shankshank
Asked:
shankshank
2 Solutions
 
Mike KlineCommented:
what are the events you are seeing, is this only happening on one DC?
0
 
rhinocerosCommented:
>>Last attempt @ 2010-09-21 16:40:33 failed, result 8304 (0x2070):
>> The maximum size of an object has been exceeded.

I supposed "Windows Error 0x00002070 - 8304"
The maximum size of an object has been exceeded.
ERROR_DS_MAX_OBJ_SIZE_EXCEEDED

Active Directory KB 8304
http://kb.monitorware.com/kbeventdb-detail-id-4648.html

How To Fix Error 8304 - Error Code 0x2070
http://www.wmpub.com/error8304_errorcode0x2070.php
http://www.windows-error-repair.org/error-code/8304.html
0
 
shankshankAuthor Commented:
yeah only one DC is seeing this. it's strange.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
shankshankAuthor Commented:
yeah definitely not replicating...
0
 
shankshankAuthor Commented:
Error value:
8304 The maximum size of an object has been exceeded.
0
 
dmoecoloradoCommented:
Any luck with this error ?

I am also experiencing it on 3 out of 15 Domain Controllers - the three are all members in the same AD site.
0
 
shankshankAuthor Commented:
i deleted some objects that were not replicating and that seemed to fix it..
0
 
dmoecoloradoCommented:
This was quite a process to clean this issue up.

As it turned out, our issue was ultimately casued due to a third party softwares population of the "proxyaddresses" attribute of a paticular AD object.

I have included the resolution in the hopes that this may provide assistance for someone in the future.

Thank you everyone for your input.

David

--------------------------------------

It was my pleasure to assist you during your issue “AD replication error :- (8304) The maximum size of an object has been exceeded "

Here is a summary of the key points of the case for your records.


PROBLEM:       AD replication error :- (8304) The maximum size of an object has been exceeded

RESOLUTION:
1)  Initially when the case was opened we were getting errors in Repadmin /replsum as “(8304) The maximum size of an object has been exceeded” for xxxxx Site.

2) When checked the replication part we found that we were getting errors for Configuration partition replication However we had issues with Domain partition replication as well.

3) We checked and found that we were getting event ID 2042 on all the domain controllers stating that the domain controllers were in Tombstoned state.

4) We created a Registry key on all the DC’s  as “Allow replication with divergent and corrupt partner” at HKEY- Local-machine\System\CurrentControlSet\Services\NTDS\Parameters

5) We forced the replication and we found that we started getting event ID’s 1566, 1311 and 1864 for KCC events.

6) When went through the entire topology we found that we had “Hub and Spoke Topology” where “xxxxx Site” being the Hub site but that wasn’t configured properly.

7) Hence we configured the Hub and Spoke topology correctly and we deleted all the KCC connection objects from on the DC’s from Active directory sites and services.

8) We ran repadmin /KCC * to create connection objects with all the domain controllers.

9) Now when we ran Repadmin /syncall /AePd to force the replication we got the same “8304 error” for configuration partition replication.

10) We took LDIFDE dump for configuration partition from <your-domain-controller> (bad server)  in order to take that dump we ran:- ldifde –f ldifde.ldf –d “CN=Configuration,Dc=<your-domain>,dc=com”.

11) We found that an object with DN path :-  CN=Microsoft System Attendant\0ADEL:4b9b5f23-95a0-4f6c-86c6-25f0985c62b1,CN=Deleted Objects,CN=Configuration,DC=<your-domain>,DC=com had an attribute name “ProxyAddresses” had multiple instances (upto 1257 in counts) and was not getting removed as it was in Deleted objects container but “ISdeleted” flag was not stamped on the attribute.
The attribute looked like:-
proxyAddresses: RFAX:Microsoft System Attendant86588@
proxyAddresses: rfax:Microsoft System Attendant41572@
proxyAddresses: rfax:Microsoft System Attendant62092@
proxyAddresses: rfax:Microsoft System Attendant61108@
proxyAddresses: rfax:Microsoft System Attendant81626@
proxyAddresses: rfax:Microsoft System Attendant36610@
proxyAddresses: rfax:Microsoft System Attendant57130@
proxyAddresses: rfax:Microsoft System Attendant56146@
proxyAddresses: rfax:Microsoft System Attendant76664@
proxyAddresses: rfax:Microsoft System Attendant31648@
proxyAddresses: rfax:Microsoft System Attendant52168@
proxyAddresses: rfax:Microsoft System Attendant72686@
proxyAddresses: rfax:Microsoft System Attendant71702@
proxyAddresses: rfax:Microsoft System Attendant26686@
proxyAddresses: rfax:Microsoft System Attendant47206@
proxyAddresses: rfax:Microsoft System Attendant67724@
proxyAddresses: rfax:Microsoft System Attendant66742@

   
12) Hence It wasn’t getting removed. We tried changing the Isdeleted attribute for that object using LDP.exe tool but it failed with “constrained violation error” as it was deleted object container.

13)  We also found that few of the domain controllers doesn’t have the registry key named “Strict replication consistency” at HKEY-Local-machine\System\CurrentControlSet\Services\NTDS\Parameters.
Note:- “strict replication consistency” is the key that is responsible for protecting the domain controllers from replicating Lingering Objects.

14) Hence we created “strict Replication Consistency” on all the domain controllers.

15) Now when forced replication using repadmin /syncall /AePd we started getting “Event ID 1988” For lingering Objects.

16) Hence we  ran following command to get rid of lingering objects on all the domain controllers:

repadmin /removelingeringobjects <your-domain-controller> 577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com
repadmin /removelingeringobjects <your-domain-controller>577cb7ed-58e2-48b7-aab9-3ced1387657a CN=Configuration,DC=<your-domain>,DC=com

17)  Now we were not getting “Event ID 1988” anymore and Domain partition was getting replicated across the domain.

18)  But we were still getting event ID “8304 The maximum size of an object has been exceeded” when ran repadmin /replsum.

19)  Hence we took the LDifde dump from <your-domain-controller>by running :- ldifde -f good.ldf -s <your-domain-controller> -d "CN=Configuration,DC=<your-domain>,DC=com" -r (objectclass=exchangeadminservice) -x -p subtree -l "replpropertymetadata,objectguid,repluptodate" -1

20) From the output of the above command we found that object with DN “CN=Microsoft System Attendant\0ADEL:4b9b5f23-95a0-4f6c-86c6-25f0985c62b1,CN=Deleted Objects,CN=Configuration,DC=<your-domain>,DC=com” was located in Lost and found container on <your-domain-controller> whereas when ran the same command on <your-other-domain-controller> we found that it was there in deleted object container.

21)  We went to <your-domain-controller>and we opened Adsiedit.msc and we found that object in lost and found container and we went to the properties of “CN=Microsoft System Attendant\0ADEL:4b9b5f23-95a0-4f6c-86c6-25f0985c62b1,CN=Deleted Objects,CN=Configuration,DC=<your-domain>,DC=com” and found “proxyaddresses” there.

22)  We removed all 1257 entries manually and forced replication from “<your-domain-controller>” and the information got replicated to all the Dc’s and those multiple instances got removed from all other Dc’s as well. And now when we ran repadmin /replsum we do not see any more errors.

Conclusion:- After reviewing all the logs collected from your environment we’ve found that the issue was caused by “RightFax Software” and that stamped multiple “Proxyaddresses” to that object and The reason why we cannot delete it from <your-domain-controller> is that the object is too big and isdeleted flag wasn’t stamped on that object.

Related Articles:-

¿      Windows Server 2003-based domain controllers show a decrease in performance when they process certain Active Directory objects:-  :-http://support.microsoft.com/default.aspx?scid=kb;EN-US;914036

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now