Avatar of ipr0ute
ipr0ute
 asked on

Active Directory Replacation - Event ID: 1864 ActiveDirectory_DomainService

I get the following 3 same errors every night for these Directory partitions:

1. CN=Schema,CN=Configuration,DC=domain,DC=com
2. CN=Configuration,DC=domain,DC=com
3. DC=domain,DC=com

Attached is my DCdiag /e /v output.

Forest and Domain level is 2008 R2 and two DC's are running 2012 and two DC's are running 2008 R2.

Error below:

This is the replication status for the following directory partition on this directory server.
 
Directory partition:
DC=domain,DC=com
 
This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals.
 
More than 24 hours:
2
More than a week:
2
More than one month:
0
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
180
 
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
 
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".
ADHealth.txt
Active Directory

Avatar of undefined
Last Comment
ipr0ute

8/22/2022 - Mon
netballi

I would advise disabling IP V6 on all DC and then checking for replication. as you Primary DNS is showing as ::1 which is IP V6 address  and for reason it dosen't play ball with AD
ipr0ute

ASKER
I'll give that a try and let you know if the error goes away.
Jaihunt

Hi

Also  what are this IP address configured in DNS 10.10.1.25, 10.20.3.175.

It looks like everything fine point the primary dns to 127.0.0.1

All your DC address Ip showing different address.
DC03.my.domain.com      internet address = 10.20.3.1
DC04.my.domain.com      internet address = 10.20.3.2
DC01.my.domain.com      internet address = 10.10.1.1
DC02.my.domain.com      internet address = 10.10.1.2

Thanks
Jai
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Venkat Suresh

As Jai suggested let us know the IP details. In addition to his comments let me know why DC01 is pointing to default gateway (10.10.1.1) in NS records. What is the DC01's IP address is it 1.38 or 1.1? Run Dcdiag /test:DNS on DC01 and let us know the status. Also in IPv6 properties, set it to "obtain ip address automatically" and "obtain dns server address automatically". For more info and DNS best practices check the following link.

DNS Best Practices
ipr0ute

ASKER
@netballi - I disabled IPv6 on all the DC's for a few days and it still had this error. Disabling IPv6 did not fix the issue.

@Jaihunt - I tried to do a find and replace in the dcdiag but it looks like it didn't work 100%.

So here is the real IP address break down:

DC03.my.domain.com      internet address = 10.20.3.174
DC04.my.domain.com      internet address = 10.20.3.175
DC01.my.domain.com      internet address = 10.10.1.38
DC02.my.domain.com      internet address = 10.10.1.25

So that should make more sense now.

@zenvenky - I re-enabled IPv6 on all the domain controllers and I've set IPv6 properties to "obtain ip address automatically" and "obtain dns server address automatically". I also followed the "DNS Best Practices" advise to the letter.

Attached is the dcdiag /test:dns results for all 4 DC's.

I won't know until tonight if setting everything to best practice worked. The error always shows up at 7:20pm est once a day.
DC1-test-dns.txt
DC02-test-DNS.txt
DC03-test-dns.txt
DC04-test-dns.txt
ipr0ute

ASKER
I still have the same error on all the DC's even with all the changes.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Adi Adootzi

EventId.Net suggests that you can run:

dcdiag /test:replications

to identify the troubled DC.
ASKER CERTIFIED SOLUTION
ipr0ute

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ipr0ute

ASKER
I needed to close this question so I can submit new questions.