Solved

Fixing DNS Replication issues

Posted on 2011-03-22
4
1,826 Views
Last Modified: 2012-05-11
A previous network engineer Added a new server to our Domain about a year ago prior to me arriving. This server was then promoted to a DC.  We have two different Site locations but one Domain (2003) in a single forest (2000).  The original DC holding the FSMO roles are located in the other site.  The DC the new server replaced was then removed from site 2.  I've been working on cleaning up DNS entries over the past few months and users have reported they have been having website loading issues for a year now.  This can be reproduced on all machines except the DC in site 2.  The issue does not affect Site 1.  The website will almost always fail to load the 1st time, even simple sites such as google.com.  If they are able to download a file it will download fast without any issues though.  This seems to be a replication issue between AD on the two DC's.

Running DCDiag reports:

      Starting test: Replications
         [Replications Check,CCHSDL380] A recent replication attempt failed:
            From CCSMS-FS1 to CCHSDL380
            Naming Context:
            DC=DomainDnsZones,DC=ccs,DC=calvinchristian,DC=local
            The replication generated an error (8606):
            Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.

            The failure occurred at 2011-03-22 10:09:09.
            The last success occurred at (never).
            22455 failures have occurred since the last success.
         ......................... CCHSDL380 failed test Replications


Repadmin reports the same issue.  

In DNS the records in both zones are incorrect and don't show records from either zone that have been added within the past year.

When running NTDSUTIL Metadata cleanup the old DC is not listed.  From all of the helpful information on this site it seems that one of the only ways to resolve this issue is to DCPROMO /forceremoval then to rejoin it back as a DC.

Is there any alternative that can be done to resolve this issue?  

The current DC OS's are as follows:

Site 1: 2003R2
Site 2: 2008R2
Sites are VPN connected through their Firebox's
0
Comment
Question by:bminetwork2277
  • 3
4 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35195813
There's likely a fair bit to do here since the original forest was 2000 and has been subsequently upgraded.

Before I start walking you through what should be done, I'd like the following logs so I can be sure Directory Services is functioning properly.

On both DCs:

From a CMD window - run DCDIAG /v > c:\{servername}.txt  <= where servername is the name of the machine you're running it on.

Scrub any private info but not to the extent that it makes the log unhelpful.

Attach them here.

0
 
LVL 1

Accepted Solution

by:
bminetwork2277 earned 0 total points
ID: 35231921
We were able to lessen the issue that is occurring by correcting incorrect Forwarding Zones in DNS that were pointing to the old DC that is not longer functioning.
0
 
LVL 1

Author Comment

by:bminetwork2277
ID: 35231928
Able to resolve issue on own.
0
 
LVL 1

Author Closing Comment

by:bminetwork2277
ID: 35304226
Able to resolve issue on own.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Manual DNS and blocking mapped drives 8 102
active directory 3 46
Is it possible to host a website on a windows vps 4 65
DNS server picking up wrong IP address of server 10 57
This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question