Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Server Replication fails (Windows server 2003 R2 to Windows Server 2008 R2)

Posted on 2013-06-10
7
Medium Priority
?
478 Views
Last Modified: 2013-06-11
I tried to add a new Windows Server 2008 R2 DC to an existing Domain (Windows 2003 R2 SP2) but got an error when running DCPromo.  

Installation Failed - The Active Directory Domain Services installation operation failed.  Active Directory Domain Services could not replicate the directory partition..... "The source server is currently rejecting replication requests".

I've checked out this MS article: http://support.microsoft.com/kb/2023007, and the issue appears to be a USN rollback error.  Registry shows HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Dsa Not Writable = 4

I'm looking for a different resolution than removing the DC from the domain or restoring a system state backup (details in http://support.microsoft.com/default.aspx?scid=kb;EN-US;875495), as this server is the only Domain Controller in the domain.
0
Comment
Question by:slamit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 39236128
Did you previously have other DCs or have you always had one?   Did you try enabling replication on the box

http://blog.scottlowe.org/2006/08/02/disabling-ad-replication/

Thanks

mike
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39236198
Did you run ADPREP before your doing the DCPROMO on your domain? http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx
0
 

Author Comment

by:slamit
ID: 39236485
mkline71 - we previously had one DC that was giving us trouble, so we force removed. As it turns out, perhaps there was a bigger problem. I'll try enabling replication tonight and let you know how we go. Thanks!

lazarus98 - sure did. Thanks.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 8

Expert Comment

by:piyushranusri
ID: 39236729
your servers are in physical or virtual ?
 did you see Tombstone Lifetime  

firstly check the event log and disk space on 2003 R2 server

i will suggest you to create new 2008 DC then take backup of 2003 R2 and restore it to 2008 R2.
instead of automatic replication try manual replication with a file in test environment.


please share output.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39237406
Please provide us more information how many DCs you have in env currently.As your are aware that your server is in USN rollback assuming you have multiple DCs in evn you can demote/promote the server which is usn rollback state.

Configuring DC either from clone/snapshot/image is not recommended.USN Rollback occurs when an Active Directory Domain Controller is restored via a snapshot or imaging process. Microsoft considers this a non-supported method of restoring Active Directory and it is this type of method that causes an Update Sequence Number (USN) rollback, because it results in the USN on the restored DC to be lower than what the other Domain Controllers are using.

To confirm if the server is in usnrollback check the below parameters.
*Netlogon service is in paused state.
*Event id 2103 will be logged whic will state that The Active Directory database has been restored using an unsupported restoration procedure.
*DSA Not Writable key with value 4 will be created in HKLM\System\CurrentControlSet\Services\NTDS registry path.

If above is true then to fix the issue you need to demote/promote the DC.You cannot demote the faulty DC gracefully you need to do forcefull removal.You need to ran dcpromo/force removal and then run matadata cleanup on other DC(healthy) to remove the instance of faulty DC from AD database and DNS.

Once done you can promote the Server back as DC.If faulty DC is FSMO role holder you need to seize the FSMO on other DC.

Reference link
Forcefull removal of DC: http://support.microsoft.com/kb/332199
Metadata cleanup: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Seize FSMO role: http://www.petri.co.il/seizing_fsmo_roles.htm

If you have singlr DC which is in USN then see this :http://exchangeserverpro.com/recovering-a-single-domain-controller-from-a-usn-rollback

If still issue persist post the dcdiag /q and repadmin /replsum output to get the clear view.

How to restore a Virtualized Domain Controller and prevent USN Rolllback
http://sandeshdubey.wordpress.com/2011/10/02/how-to-restore-a-virtualized-domain-controller-and-prevent-usn-rolllback/

Hope this helps
0
 

Author Comment

by:slamit
ID: 39239355
Thanks Mike, that worked like a charm!

Thanks again!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39239358
Excellent glad to help and happy that you are back up and running
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question