Avatar of ipr0ute
 asked on

Active Directory Replacation - Event ID: 1864 ActiveDirectory_DomainService

I get the following 3 same errors every night for these Directory partitions:

1. CN=Schema,CN=Configuration,DC=domain,DC=com
2. CN=Configuration,DC=domain,DC=com
3. DC=domain,DC=com

Attached is my DCdiag /e /v output.

Forest and Domain level is 2008 R2 and two DC's are running 2012 and two DC's are running 2008 R2.

Error below:

This is the replication status for the following directory partition on this directory server.
Directory partition:
This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
More than a week:
More than one month:
More than two months:
More than a tombstone lifetime:
Tombstone lifetime (days):
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".
Active Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon

I would advise disabling IP V6 on all DC and then checking for replication. as you Primary DNS is showing as ::1 which is IP V6 address  and for reason it dosen't play ball with AD

I'll give that a try and let you know if the error goes away.


Also  what are this IP address configured in DNS,

It looks like everything fine point the primary dns to

All your DC address Ip showing different address.
DC03.my.domain.com      internet address =
DC04.my.domain.com      internet address =
DC01.my.domain.com      internet address =
DC02.my.domain.com      internet address =

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Venkat Suresh

As Jai suggested let us know the IP details. In addition to his comments let me know why DC01 is pointing to default gateway ( in NS records. What is the DC01's IP address is it 1.38 or 1.1? Run Dcdiag /test:DNS on DC01 and let us know the status. Also in IPv6 properties, set it to "obtain ip address automatically" and "obtain dns server address automatically". For more info and DNS best practices check the following link.

DNS Best Practices

@netballi - I disabled IPv6 on all the DC's for a few days and it still had this error. Disabling IPv6 did not fix the issue.

@Jaihunt - I tried to do a find and replace in the dcdiag but it looks like it didn't work 100%.

So here is the real IP address break down:

DC03.my.domain.com      internet address =
DC04.my.domain.com      internet address =
DC01.my.domain.com      internet address =
DC02.my.domain.com      internet address =

So that should make more sense now.

@zenvenky - I re-enabled IPv6 on all the domain controllers and I've set IPv6 properties to "obtain ip address automatically" and "obtain dns server address automatically". I also followed the "DNS Best Practices" advise to the letter.

Attached is the dcdiag /test:dns results for all 4 DC's.

I won't know until tonight if setting everything to best practice worked. The error always shows up at 7:20pm est once a day.

I still have the same error on all the DC's even with all the changes.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Adi Adootzi

EventId.Net suggests that you can run:

dcdiag /test:replications

to identify the troubled DC.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

I needed to close this question so I can submit new questions.