Solved

2008 R2 and 2003 DC's one in Tombstone state

Posted on 2013-05-29
6
812 Views
Last Modified: 2013-06-04
Hello,

I have a 2008 R2 Standard server and a 2003 Standard - both DC's and one is in tombstone state.  There was also a previous 2003 DC that I thought was the culprit-- but it was not.  It has been forcefully removed and it's info deleted from AD so that ship has sailed...

The 2008 server has all of the FSMO roles and it reports as such.  The 2003 server reports ERROR when listing the FSMO Role Holder.

I am getting errors on both regarding NETLOGON, AD Replication, and Kerberos.  DNS is out of sync but should be accurate as the IPs of both have not changed.

When I try to force replication through AD Sites & Services I get the following:

On 2003 Box:
Source 2003 to 2008: ..the target principal name is incorrect
Source 2008 to 2003: ..the target principal name is incorrect

On 2008 Box:
Source 2003 to 2008: ...cannot replicate...server has exceeded tombstone lifetime
Source 2008 to 2003: ...the target principal name is incorrect

I am having a hard time figuring out which one of the remaining servers needs to be depromoted and rejoined.  Does that mean the 2008 server is the one that needs to be rejoined?

Also, if that is the case how do I determine that the 2003 server's copy of AD is consistent and valid?

I have been all over Microsoft's articles which show how to fix the issue, I just want to make sure I am doing it correctly.

Please advise.

Thank you!
0
Comment
Question by:bobbailey22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 500 total points
ID: 39205995
0
 

Author Comment

by:bobbailey22
ID: 39206066
Thanks for the link, I appreciate your help.

I got as far as step 2, sub-step 15  before an issue arose:

15. Drill back down to the Servers NTDS Settings and then try to right click the connector on the right and "Replicate now".

I get an error not listed in the "possible errors" category on the page.  Here it is:

"The following error occurred during the attempt to synchronize...from "2003" to Domain Controller "2008": the replication operation encountered a database error.  The operation will not continue"

Any thoughts?
0
 

Author Comment

by:bobbailey22
ID: 39206086
I do get "Possible Error 1" on the 2003 server: Target Principle Name is incorrect.

Should I follow the steps to reset the machine account password?  If so which DC do I run that command on?

Thanks again
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:bobbailey22
ID: 39206206
I went ahead and reset the machine password on the 2003 box and made some progress.

Now when I run repadmin /showreps on the 2008 box I get this:

-----

Default-First-Site-Name\2008

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: af983f68-f1d1-4638-98ad-xxxxxxxx

DSA invocationID: 8b318c5d-3696-470a-b25e-xxxxxxxx



==== INBOUND NEIGHBORS ======================================



DC=domain,DC=local

    Default-First-Site-Name\2003 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxx

        Last attempt @ 2013-05-29 15:08:02 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        18 consecutive failure(s).

        Last success @ (never).



CN=Configuration,DC=domain,DC=local

    Default-First-Site-Name\SEC2K3 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxxx

        Last attempt @ 2013-05-29 15:08:33 was successful.



CN=Schema,CN=Configuration,DC=domain,DC=local

    Default-First-Site-Name\2003 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxx

        Last attempt @ 2013-05-29 14:56:18 was successful.



DC=DomainDnsZones,DC=domain,DC=local

    Default-First-Site-Name\2003 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxxx

        Last attempt @ 2013-05-29 14:56:24 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        3 consecutive failure(s).

        Last success @ (never).



DC=ForestDnsZones,DC=domain,DC=local

    Default-First-Site-Name\2003 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxxxx

        Last attempt @ 2013-05-29 15:04:56 was successful.



Source: Default-First-Site-Name\2003

******* 17 CONSECUTIVE FAILURES since (never)

Last error: 8451 (0x2103):

            The replication operation encountered a database error.
0
 

Accepted Solution

by:
bobbailey22 earned 0 total points
ID: 39208608
Ended up doing the last resort which was to transfer/seize the FSMO roles to 2003 and demote 2008 then repromote.  All is well.  Thanks for your help!
0
 

Author Closing Comment

by:bobbailey22
ID: 39218400
Got it fixed without the requested article but it pointed me in the right direction.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question