?
Solved

Missing Registry Key for Strict Replication

Posted on 2012-08-24
8
Medium Priority
?
2,764 Views
Last Modified: 2012-08-24
After running the the BPA on Server 2008 R2 we receive a warning under Active Directory Domain Services stating "Strict Replication consistency should be enabled on all domain controllers in this forest". After researching the issue there are two ways to correct this issue, one using repadmin and another by simply changing the value in the registry key, the issue we have is that the Registry key "HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict Replication Consistency" doesnt exist. The "strict replication consistency" entry is not under the parameters entry. Any thoughts?
0
Comment
Question by:mbb-law
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38330122
You should be able to add it manually.  Haven't tested but if you enable it using repadmin dows it get created for you? (I've always done it using repadmin)

Thanks

Mike
0
 
LVL 11

Expert Comment

by:netballi
ID: 38330133
It appears you are being informed that there are  tombstoned objects in your domain which are being replicated the

"HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict Replication Consistency" key prevent replication from a corrupt DC partners.

following link has better explanation.


http://blogs.dirteam.com/blogs/paulbergson/archive/2011/03/08/preventing-lingering-object-replication-in-active-directory.aspx
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38330158
It is not telling him that he has tombstones, it is just saying to enable strict replication consistency (he is using the best practices analyzer)

Thanks

Mike
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 38330244
It's not unusual for registry keys for not-so-common settings/options to not exist, I often see MS KB articles that instruct you specifically to create a registry key.

However,this KB article reads to me like there is one way to enable Strict Replication, which is to use repadmin - and registry info is just gee-whiz informational FYI stuff. I'd also note that the article states that repadmin changes two registry keys.

(Actually, the article says that to determine if Strict Replication is currently enabled you should use regedit and check the value of the key, but to actually change the setting you should use repadmin)
0
 

Author Comment

by:mbb-law
ID: 38330301
Using Repadmin it states the command should be as follows:

repadmin /regkey <DC_LIST> {+|-}<key>

I have been unable to get this to work but may be entering this wrong, i am trying

repadmin /HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Services\NTDS\Parameters * +strict

I must be missing something somewhere.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 38330324
You don't need to enter the key there just

repadmin.exe /regkey <dcname> +strict

Thanks

Mike
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 38330328
No, "/regkey" is mean to be entered literally - not replaced with a registry key. You should type the following exactly:

repadmin /regkey * +strict

Open in new window

0
 

Author Closing Comment

by:mbb-law
ID: 38330335
That got it Mike, thanks all for your help!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question