Fixing DNS Replication issues

A previous network engineer Added a new server to our Domain about a year ago prior to me arriving. This server was then promoted to a DC.  We have two different Site locations but one Domain (2003) in a single forest (2000).  The original DC holding the FSMO roles are located in the other site.  The DC the new server replaced was then removed from site 2.  I've been working on cleaning up DNS entries over the past few months and users have reported they have been having website loading issues for a year now.  This can be reproduced on all machines except the DC in site 2.  The issue does not affect Site 1.  The website will almost always fail to load the 1st time, even simple sites such as  If they are able to download a file it will download fast without any issues though.  This seems to be a replication issue between AD on the two DC's.

Running DCDiag reports:

      Starting test: Replications
         [Replications Check,CCHSDL380] A recent replication attempt failed:
            From CCSMS-FS1 to CCHSDL380
            Naming Context:
            The replication generated an error (8606):
            Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.

            The failure occurred at 2011-03-22 10:09:09.
            The last success occurred at (never).
            22455 failures have occurred since the last success.
         ......................... CCHSDL380 failed test Replications

Repadmin reports the same issue.  

In DNS the records in both zones are incorrect and don't show records from either zone that have been added within the past year.

When running NTDSUTIL Metadata cleanup the old DC is not listed.  From all of the helpful information on this site it seems that one of the only ways to resolve this issue is to DCPROMO /forceremoval then to rejoin it back as a DC.

Is there any alternative that can be done to resolve this issue?  

The current DC OS's are as follows:

Site 1: 2003R2
Site 2: 2008R2
Sites are VPN connected through their Firebox's
Who is Participating?
bminetwork2277Connect With a Mentor Author Commented:
We were able to lessen the issue that is occurring by correcting incorrect Forwarding Zones in DNS that were pointing to the old DC that is not longer functioning.
There's likely a fair bit to do here since the original forest was 2000 and has been subsequently upgraded.

Before I start walking you through what should be done, I'd like the following logs so I can be sure Directory Services is functioning properly.

On both DCs:

From a CMD window - run DCDIAG /v > c:\{servername}.txt  <= where servername is the name of the machine you're running it on.

Scrub any private info but not to the extent that it makes the log unhelpful.

Attach them here.

bminetwork2277Author Commented:
Able to resolve issue on own.
bminetwork2277Author Commented:
Able to resolve issue on own.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.