Solved

2008 R2 and 2003 DC's one in Tombstone state

Posted on 2013-05-29
6
811 Views
Last Modified: 2013-06-04
Hello,

I have a 2008 R2 Standard server and a 2003 Standard - both DC's and one is in tombstone state.  There was also a previous 2003 DC that I thought was the culprit-- but it was not.  It has been forcefully removed and it's info deleted from AD so that ship has sailed...

The 2008 server has all of the FSMO roles and it reports as such.  The 2003 server reports ERROR when listing the FSMO Role Holder.

I am getting errors on both regarding NETLOGON, AD Replication, and Kerberos.  DNS is out of sync but should be accurate as the IPs of both have not changed.

When I try to force replication through AD Sites & Services I get the following:

On 2003 Box:
Source 2003 to 2008: ..the target principal name is incorrect
Source 2008 to 2003: ..the target principal name is incorrect

On 2008 Box:
Source 2003 to 2008: ...cannot replicate...server has exceeded tombstone lifetime
Source 2008 to 2003: ...the target principal name is incorrect

I am having a hard time figuring out which one of the remaining servers needs to be depromoted and rejoined.  Does that mean the 2008 server is the one that needs to be rejoined?

Also, if that is the case how do I determine that the 2003 server's copy of AD is consistent and valid?

I have been all over Microsoft's articles which show how to fix the issue, I just want to make sure I am doing it correctly.

Please advise.

Thank you!
0
Comment
Question by:bobbailey22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 500 total points
ID: 39205995
0
 

Author Comment

by:bobbailey22
ID: 39206066
Thanks for the link, I appreciate your help.

I got as far as step 2, sub-step 15  before an issue arose:

15. Drill back down to the Servers NTDS Settings and then try to right click the connector on the right and "Replicate now".

I get an error not listed in the "possible errors" category on the page.  Here it is:

"The following error occurred during the attempt to synchronize...from "2003" to Domain Controller "2008": the replication operation encountered a database error.  The operation will not continue"

Any thoughts?
0
 

Author Comment

by:bobbailey22
ID: 39206086
I do get "Possible Error 1" on the 2003 server: Target Principle Name is incorrect.

Should I follow the steps to reset the machine account password?  If so which DC do I run that command on?

Thanks again
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:bobbailey22
ID: 39206206
I went ahead and reset the machine password on the 2003 box and made some progress.

Now when I run repadmin /showreps on the 2008 box I get this:

-----

Default-First-Site-Name\2008

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: af983f68-f1d1-4638-98ad-xxxxxxxx

DSA invocationID: 8b318c5d-3696-470a-b25e-xxxxxxxx



==== INBOUND NEIGHBORS ======================================



DC=domain,DC=local

    Default-First-Site-Name\2003 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxx

        Last attempt @ 2013-05-29 15:08:02 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        18 consecutive failure(s).

        Last success @ (never).



CN=Configuration,DC=domain,DC=local

    Default-First-Site-Name\SEC2K3 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxxx

        Last attempt @ 2013-05-29 15:08:33 was successful.



CN=Schema,CN=Configuration,DC=domain,DC=local

    Default-First-Site-Name\2003 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxx

        Last attempt @ 2013-05-29 14:56:18 was successful.



DC=DomainDnsZones,DC=domain,DC=local

    Default-First-Site-Name\2003 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxxx

        Last attempt @ 2013-05-29 14:56:24 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        3 consecutive failure(s).

        Last success @ (never).



DC=ForestDnsZones,DC=domain,DC=local

    Default-First-Site-Name\2003 via RPC

        DSA object GUID: 62935a10-6a69-4db9-9a85-xxxxxxxxxxx

        Last attempt @ 2013-05-29 15:04:56 was successful.



Source: Default-First-Site-Name\2003

******* 17 CONSECUTIVE FAILURES since (never)

Last error: 8451 (0x2103):

            The replication operation encountered a database error.
0
 

Accepted Solution

by:
bobbailey22 earned 0 total points
ID: 39208608
Ended up doing the last resort which was to transfer/seize the FSMO roles to 2003 and demote 2008 then repromote.  All is well.  Thanks for your help!
0
 

Author Closing Comment

by:bobbailey22
ID: 39218400
Got it fixed without the requested article but it pointed me in the right direction.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question