Solved

Server Replication fails (Windows server 2003 R2 to Windows Server 2008 R2)

Posted on 2013-06-10
7
463 Views
Last Modified: 2013-06-11
I tried to add a new Windows Server 2008 R2 DC to an existing Domain (Windows 2003 R2 SP2) but got an error when running DCPromo.  

Installation Failed - The Active Directory Domain Services installation operation failed.  Active Directory Domain Services could not replicate the directory partition..... "The source server is currently rejecting replication requests".

I've checked out this MS article: http://support.microsoft.com/kb/2023007, and the issue appears to be a USN rollback error.  Registry shows HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Dsa Not Writable = 4

I'm looking for a different resolution than removing the DC from the domain or restoring a system state backup (details in http://support.microsoft.com/default.aspx?scid=kb;EN-US;875495), as this server is the only Domain Controller in the domain.
0
Comment
Question by:slamit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39236128
Did you previously have other DCs or have you always had one?   Did you try enabling replication on the box

http://blog.scottlowe.org/2006/08/02/disabling-ad-replication/

Thanks

mike
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39236198
Did you run ADPREP before your doing the DCPROMO on your domain? http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx
0
 

Author Comment

by:slamit
ID: 39236485
mkline71 - we previously had one DC that was giving us trouble, so we force removed. As it turns out, perhaps there was a bigger problem. I'll try enabling replication tonight and let you know how we go. Thanks!

lazarus98 - sure did. Thanks.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:piyushranusri
ID: 39236729
your servers are in physical or virtual ?
 did you see Tombstone Lifetime  

firstly check the event log and disk space on 2003 R2 server

i will suggest you to create new 2008 DC then take backup of 2003 R2 and restore it to 2008 R2.
instead of automatic replication try manual replication with a file in test environment.


please share output.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39237406
Please provide us more information how many DCs you have in env currently.As your are aware that your server is in USN rollback assuming you have multiple DCs in evn you can demote/promote the server which is usn rollback state.

Configuring DC either from clone/snapshot/image is not recommended.USN Rollback occurs when an Active Directory Domain Controller is restored via a snapshot or imaging process. Microsoft considers this a non-supported method of restoring Active Directory and it is this type of method that causes an Update Sequence Number (USN) rollback, because it results in the USN on the restored DC to be lower than what the other Domain Controllers are using.

To confirm if the server is in usnrollback check the below parameters.
*Netlogon service is in paused state.
*Event id 2103 will be logged whic will state that The Active Directory database has been restored using an unsupported restoration procedure.
*DSA Not Writable key with value 4 will be created in HKLM\System\CurrentControlSet\Services\NTDS registry path.

If above is true then to fix the issue you need to demote/promote the DC.You cannot demote the faulty DC gracefully you need to do forcefull removal.You need to ran dcpromo/force removal and then run matadata cleanup on other DC(healthy) to remove the instance of faulty DC from AD database and DNS.

Once done you can promote the Server back as DC.If faulty DC is FSMO role holder you need to seize the FSMO on other DC.

Reference link
Forcefull removal of DC: http://support.microsoft.com/kb/332199
Metadata cleanup: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Seize FSMO role: http://www.petri.co.il/seizing_fsmo_roles.htm

If you have singlr DC which is in USN then see this :http://exchangeserverpro.com/recovering-a-single-domain-controller-from-a-usn-rollback

If still issue persist post the dcdiag /q and repadmin /replsum output to get the clear view.

How to restore a Virtualized Domain Controller and prevent USN Rolllback
http://sandeshdubey.wordpress.com/2011/10/02/how-to-restore-a-virtualized-domain-controller-and-prevent-usn-rolllback/

Hope this helps
0
 

Author Comment

by:slamit
ID: 39239355
Thanks Mike, that worked like a charm!

Thanks again!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39239358
Excellent glad to help and happy that you are back up and running
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question