Solved

Fixing DNS Replication issues

Posted on 2011-03-22
4
1,847 Views
Last Modified: 2012-05-11
A previous network engineer Added a new server to our Domain about a year ago prior to me arriving. This server was then promoted to a DC.  We have two different Site locations but one Domain (2003) in a single forest (2000).  The original DC holding the FSMO roles are located in the other site.  The DC the new server replaced was then removed from site 2.  I've been working on cleaning up DNS entries over the past few months and users have reported they have been having website loading issues for a year now.  This can be reproduced on all machines except the DC in site 2.  The issue does not affect Site 1.  The website will almost always fail to load the 1st time, even simple sites such as google.com.  If they are able to download a file it will download fast without any issues though.  This seems to be a replication issue between AD on the two DC's.

Running DCDiag reports:

      Starting test: Replications
         [Replications Check,CCHSDL380] A recent replication attempt failed:
            From CCSMS-FS1 to CCHSDL380
            Naming Context:
            DC=DomainDnsZones,DC=ccs,DC=calvinchristian,DC=local
            The replication generated an error (8606):
            Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.

            The failure occurred at 2011-03-22 10:09:09.
            The last success occurred at (never).
            22455 failures have occurred since the last success.
         ......................... CCHSDL380 failed test Replications


Repadmin reports the same issue.  

In DNS the records in both zones are incorrect and don't show records from either zone that have been added within the past year.

When running NTDSUTIL Metadata cleanup the old DC is not listed.  From all of the helpful information on this site it seems that one of the only ways to resolve this issue is to DCPROMO /forceremoval then to rejoin it back as a DC.

Is there any alternative that can be done to resolve this issue?  

The current DC OS's are as follows:

Site 1: 2003R2
Site 2: 2008R2
Sites are VPN connected through their Firebox's
0
Comment
Question by:bminetwork2277
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35195813
There's likely a fair bit to do here since the original forest was 2000 and has been subsequently upgraded.

Before I start walking you through what should be done, I'd like the following logs so I can be sure Directory Services is functioning properly.

On both DCs:

From a CMD window - run DCDIAG /v > c:\{servername}.txt  <= where servername is the name of the machine you're running it on.

Scrub any private info but not to the extent that it makes the log unhelpful.

Attach them here.

0
 
LVL 1

Accepted Solution

by:
bminetwork2277 earned 0 total points
ID: 35231921
We were able to lessen the issue that is occurring by correcting incorrect Forwarding Zones in DNS that were pointing to the old DC that is not longer functioning.
0
 
LVL 1

Author Comment

by:bminetwork2277
ID: 35231928
Able to resolve issue on own.
0
 
LVL 1

Author Closing Comment

by:bminetwork2277
ID: 35304226
Able to resolve issue on own.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question