• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 805
  • Last Modified:

Active directory not replicating one way

I have a single domain with 3 sites and multiple domain controllers.  Two of the sites are not always used all year around and the VPN connection can sometimes be sketchy.  I started noticing KCC errors on my DCs in my main office.  I investigated and it seems that replication seems to be working everywhere except that "from" one of the remote DCs (running server 2003 x64 sp2) to all other DCs its not replicating.  I removed lingering objects on that DC and modified the registry setting to "allow replication with divergent and corrupt partners".  However, I am still getting errors in my logs that the partitions are not replicating.  What else can I do, short of demoting are promoting again this DC?
0
rivkamak
Asked:
rivkamak
  • 4
  • 2
  • 2
  • +1
2 Solutions
 
Mike KlineCommented:
Do you know how long it has been since that DC didn't replicate (repadmin /replsum  or /showrepl.

Are you sure you got rid of all the lingering objects? (any errors in the logs)

Thanks

Mike
0
 
Sarang TinguriaSr EngineerCommented:
Also Can you post the output of below commands from the domain Controller in question

dcdiag /q

Open in new window

repadmin /showrepl

Open in new window

0
 
piyushranusriSystem Cloud SpecialistCommented:
did you manually authorize each domain controller to replicate ?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
rivkamakAuthor Commented:
according to the logs on one of the receiving DCs and it says the last successful replication was on 8/31/2010.

I ran the removal of all lingering objects on all 5 partitions.  one of them showed that there were 2 lingering objects which it removed.
0
 
rivkamakAuthor Commented:
The DCDIAG output is here:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: ZoneII\ZII-SERVER-01
      Starting test: Connectivity
         ......................... ZII-SERVER-01 passed test Connectivity

Doing primary tests

   Testing server: ZoneII\ZII-SERVER-01
      Starting test: Replications
         ......................... ZII-SERVER-01 passed test Replications
      Starting test: NCSecDesc
         ......................... ZII-SERVER-01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... ZII-SERVER-01 passed test NetLogons
      Starting test: Advertising
         ......................... ZII-SERVER-01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ZII-SERVER-01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ZII-SERVER-01 passed test RidManager
      Starting test: MachineAccount
         ......................... ZII-SERVER-01 passed test MachineAccount
      Starting test: Services
         ......................... ZII-SERVER-01 passed test Services
      Starting test: ObjectsReplicated
         ......................... ZII-SERVER-01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ZII-SERVER-01 passed test frssysvol
      Starting test: frsevent
         ......................... ZII-SERVER-01 passed test frsevent
      Starting test: kccevent
         ......................... ZII-SERVER-01 passed test kccevent
      Starting test: systemlog
         ......................... ZII-SERVER-01 passed test systemlog
      Starting test: VerifyReferences
         ......................... ZII-SERVER-01 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : oorah
      Starting test: CrossRefValidation
         ......................... oorah passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... oorah passed test CheckSDRefDom

   Running enterprise tests on : oorah.local
      Starting test: Intersite
         ......................... oorah.local passed test Intersite
      Starting test: FsmoCheck
         ......................... oorah.local passed test FsmoCheck

the REPADMIN /SHOWREPL output is here:

repadmin running command /showrepl against server localhost

ZoneII\ZII-SERVER-01
DC Options: IS_GC
Site Options: (none)
DC object GUID: 7bba2d03-3962-4934-880c-1caf1388b5a4
DC invocationID: 6ff6fa91-9bf3-41b6-a9a7-1744c6af810a

==== INBOUND NEIGHBORS ======================================

DC=oorah,DC=local
    ZoneI\ZI-SERVER-01 via RPC
        DC object GUID: 705ca1b0-50a9-4322-9bf6-4d7951db455c
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-TIMEFORCE via RPC
        DC object GUID: 05f4f28a-a4b0-4ed8-a374-3d2a98766612
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-SERVER2 via RPC
        DC object GUID: 58e2415d-de42-4e53-bfaf-acc00cb63d2c
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-DC1 via RPC
        DC object GUID: c80cb2e7-e286-4688-acd5-f53a6cb126fa
        Last attempt @ 2012-08-22 10:48:41 was successful.

CN=Configuration,DC=oorah,DC=local
    ZoneI\ZI-SERVER-01 via RPC
        DC object GUID: 705ca1b0-50a9-4322-9bf6-4d7951db455c
        Last attempt @ 2012-08-22 10:48:38 was successful.
    Main-Office\OORAH-TIMEFORCE via RPC
        DC object GUID: 05f4f28a-a4b0-4ed8-a374-3d2a98766612
        Last attempt @ 2012-08-22 10:48:38 was successful.
    Main-Office\OORAH-SERVER2 via RPC
        DC object GUID: 58e2415d-de42-4e53-bfaf-acc00cb63d2c
        Last attempt @ 2012-08-22 10:48:39 was successful.
    Main-Office\OORAH-DC1 via RPC
        DC object GUID: c80cb2e7-e286-4688-acd5-f53a6cb126fa
        Last attempt @ 2012-08-22 10:48:39 was successful.

CN=Schema,CN=Configuration,DC=oorah,DC=local
    ZoneI\ZI-SERVER-01 via RPC
        DC object GUID: 705ca1b0-50a9-4322-9bf6-4d7951db455c
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-TIMEFORCE via RPC
        DC object GUID: 05f4f28a-a4b0-4ed8-a374-3d2a98766612
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-SERVER2 via RPC
        DC object GUID: 58e2415d-de42-4e53-bfaf-acc00cb63d2c
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-DC1 via RPC
        DC object GUID: c80cb2e7-e286-4688-acd5-f53a6cb126fa
        Last attempt @ 2012-08-22 10:48:41 was successful.

DC=DomainDnsZones,DC=oorah,DC=local
    ZoneI\ZI-SERVER-01 via RPC
        DC object GUID: 705ca1b0-50a9-4322-9bf6-4d7951db455c
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-TIMEFORCE via RPC
        DC object GUID: 05f4f28a-a4b0-4ed8-a374-3d2a98766612
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-SERVER2 via RPC
        DC object GUID: 58e2415d-de42-4e53-bfaf-acc00cb63d2c
        Last attempt @ 2012-08-22 10:48:41 was successful.
    Main-Office\OORAH-DC1 via RPC
        DC object GUID: c80cb2e7-e286-4688-acd5-f53a6cb126fa
        Last attempt @ 2012-08-22 10:48:42 was successful.

DC=ForestDnsZones,DC=oorah,DC=local
    ZoneI\ZI-SERVER-01 via RPC
        DC object GUID: 705ca1b0-50a9-4322-9bf6-4d7951db455c
        Last attempt @ 2012-08-22 10:48:43 was successful.
    Main-Office\OORAH-TIMEFORCE via RPC
        DC object GUID: 05f4f28a-a4b0-4ed8-a374-3d2a98766612
        Last attempt @ 2012-08-22 10:48:43 was successful.
    Main-Office\OORAH-SERVER2 via RPC
        DC object GUID: 58e2415d-de42-4e53-bfaf-acc00cb63d2c
        Last attempt @ 2012-08-22 10:48:43 was successful.
    Main-Office\OORAH-DC1 via RPC
        DC object GUID: c80cb2e7-e286-4688-acd5-f53a6cb126fa
        Last attempt @ 2012-08-22 10:48:43 was successful.
0
 
Mike KlineCommented:
oh ok then you are way past the tombstone lifetime on that box.

In this case you can forcefully demote the box

dcpromo /forceremoval
http://kpytko.wordpress.com/2011/08/30/decommissioning-broken-domain-controller/

Then clean it up in AD   http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Did the box hold any FSMO roles?

After the demotion and cleanup and once that cleanup has been replicated around then you can promote the box again.
0
 
rivkamakAuthor Commented:
what do you mean when you say "did you manually authorize each domain controller to replicate ?"

are you referring to bridgeheads? connections? or something else?
0
 
rivkamakAuthor Commented:
It doesn't hold any fsmo roles.  I know that I can demote it and promote it again, my question is whether I can get it to start replicating without doing that?
0
 
Sarang TinguriaSr EngineerCommented:
No you should not enable replication of Tombstoned DC without demote/Promote
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now