Link to home
Start Free TrialLog in
Avatar of ipr0ute
ipr0ute

asked on

Active Directory Replacation - Event ID: 1864 ActiveDirectory_DomainService

I get the following 3 same errors every night for these Directory partitions:

1. CN=Schema,CN=Configuration,DC=domain,DC=com
2. CN=Configuration,DC=domain,DC=com
3. DC=domain,DC=com

Attached is my DCdiag /e /v output.

Forest and Domain level is 2008 R2 and two DC's are running 2012 and two DC's are running 2008 R2.

Error below:

This is the replication status for the following directory partition on this directory server.
 
Directory partition:
DC=domain,DC=com
 
This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals.
 
More than 24 hours:
2
More than a week:
2
More than one month:
0
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
180
 
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
 
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".
ADHealth.txt
Avatar of netballi
netballi
Flag of United Kingdom of Great Britain and Northern Ireland image

I would advise disabling IP V6 on all DC and then checking for replication. as you Primary DNS is showing as ::1 which is IP V6 address  and for reason it dosen't play ball with AD
Avatar of ipr0ute
ipr0ute

ASKER

I'll give that a try and let you know if the error goes away.
Hi

Also  what are this IP address configured in DNS 10.10.1.25, 10.20.3.175.

It looks like everything fine point the primary dns to 127.0.0.1

All your DC address Ip showing different address.
DC03.my.domain.com      internet address = 10.20.3.1
DC04.my.domain.com      internet address = 10.20.3.2
DC01.my.domain.com      internet address = 10.10.1.1
DC02.my.domain.com      internet address = 10.10.1.2

Thanks
Jai
As Jai suggested let us know the IP details. In addition to his comments let me know why DC01 is pointing to default gateway (10.10.1.1) in NS records. What is the DC01's IP address is it 1.38 or 1.1? Run Dcdiag /test:DNS on DC01 and let us know the status. Also in IPv6 properties, set it to "obtain ip address automatically" and "obtain dns server address automatically". For more info and DNS best practices check the following link.

DNS Best Practices
Avatar of ipr0ute

ASKER

@netballi - I disabled IPv6 on all the DC's for a few days and it still had this error. Disabling IPv6 did not fix the issue.

@Jaihunt - I tried to do a find and replace in the dcdiag but it looks like it didn't work 100%.

So here is the real IP address break down:

DC03.my.domain.com      internet address = 10.20.3.174
DC04.my.domain.com      internet address = 10.20.3.175
DC01.my.domain.com      internet address = 10.10.1.38
DC02.my.domain.com      internet address = 10.10.1.25

So that should make more sense now.

@zenvenky - I re-enabled IPv6 on all the domain controllers and I've set IPv6 properties to "obtain ip address automatically" and "obtain dns server address automatically". I also followed the "DNS Best Practices" advise to the letter.

Attached is the dcdiag /test:dns results for all 4 DC's.

I won't know until tonight if setting everything to best practice worked. The error always shows up at 7:20pm est once a day.
DC1-test-dns.txt
DC02-test-DNS.txt
DC03-test-dns.txt
DC04-test-dns.txt
Avatar of ipr0ute

ASKER

I still have the same error on all the DC's even with all the changes.
EventId.Net suggests that you can run:

dcdiag /test:replications

to identify the troubled DC.
ASKER CERTIFIED SOLUTION
Avatar of ipr0ute
ipr0ute

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ipr0ute

ASKER

I needed to close this question so I can submit new questions.