Solved

Server 2008R2 Replication problem

Posted on 2014-02-05
8
420 Views
Last Modified: 2014-02-12
My network is setup in a "hub and spoke" configuration with the main office being the hub and three branch locations.  All branches can communicate with the main office via VPN connections.  There are no firewalls blocking any internal traffic.

Main office subnet 10.39.1.0/255.255.255.0   Server Name: APP2 10.39.1.251 (2008R2) Server Name: TS 10.39.1.249  (2003R2)

Fraser branch subnet 10.39.3.0/255.255.255.0  Server Name: FRAS3  10.39.3.250 (2008R2)

Kremmling branch 10.39.5.0/255.255.255.0 Server Name: KREM  10.39.5.250 (2008R2)

Grand Lake branch 10.39.2.0/255.255.255.0  Server Name: GL  10.39.2.250(2008R2)
 
Each of the servers is a DC running AD integrated DNS.  All servers successfully resolve NSLOOKUP of each other.  All servers successfully reply to pings from APP2 server.

Just to be clear, all the branches have full two way unblocked communication with the main office, but they do not have direct communication to each other.  

The problem is, I had to do a dcpromo /forecremoval from a failed server named FRAS2 at Fraser 10.39.3.0.  I replaced it with a server named FRAS3.  I promoted FRAS3 to a DC two days ago.  The server APP2 located at the main office 10.39.1.0 holds all FSMO roles.  AD Sites and Services on APP2 at the main office did not have a ntds connection to FRAS3.  I manually created a connection.  I forced replication  and received the error "The naming context is in the process of being removed."  SEE ATTACHED SCREEN PRINT.  
How do I fix replicaiton?  I have downloaded Microsoft's AD Replication status tool and will post more information as it becomes available.
replication-error.JPG
0
Comment
Question by:dbldiamond
  • 5
  • 2
8 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 39835488
i take it you have gone through this article >>> http://support.microsoft.com/kb/2023704
0
 

Author Comment

by:dbldiamond
ID: 39835495
Yes, I have read the article but have not found any actions that resolve the issue.
0
 
LVL 19

Expert Comment

by:Kash
ID: 39835512
is it possible to initiate replication from app2?


there is this article which is more informative >>>> http://clintboessen.blogspot.co.uk/2013/05/ad-replication-issue-naming-context-is.html
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:dbldiamond
ID: 39835529
FRAS successfully replicates to APP2.  When I try to force replication from APP2 to FRAS I get the error shown in the screen print.  APP2 is the main DC that should be replicating to all of the branch offices.  I am looking at the blog post you mentioned.  Will investigate further...
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39838204
per your screen shot, it is clear that most of the replication paths are manually configured.
It is common problem when you configure the replication paths manually.

By any chance, is there any possibility to delete manual paths and have KCC to auto-build replication topology?
0
 

Accepted Solution

by:
dbldiamond earned 0 total points
ID: 39841579
Sorry I have not posted updates as I have been busy with this problem.  About two weeks ago one of the RAID1 mirrored drives failed.  I replaced the drive and the ARRAY rebuilt.  Apparently, when the drive failed, it created corruption in the AD.  I tried offline AD repair and DB compaction but that failed.  I purchased a Microsoft Support Incident and turned it over to their AD technicians.  I worked with three engineers over two days trying to repair the directory.  It's a very long story and MS Tech Support did many things that did not solve the problem.   Yesterday, the server was so hosed that I could not login in with domain or local administrator accounts in normal, safe, ore DSR Mode.  Ultimately, I decided to bite the bullet and rebuild the server.  Last night I pulled all the old hard drives from the server, installed new ones and rebuilt the server using a different name just to avoid any problems with old metadata.  Then I restored all our data from backup.  This morning I expect to have a few minor issues, but nothing serious.  So the answer for this situation was to rebuild a new server.  The issue that caused the problems to begin with was AD corruption due to HD failure.  

Thanks for the suggestions.  I will ask that this question be closed.
0
 

Author Comment

by:dbldiamond
ID: 39841599
Pramod_ubhe, Yes the replication paths were created manually because the auto configure would not work.  I was trying desperately to force replication.  The server I had problems with as the PDC that held all FSMO roles.  I tried to transfer the roles gracefully but had to size the roles by another server.  The server that was not replicating that had the AD corruption, did manage to replicate to it's same site partner.  However, it appears that replication contained corrupt data.  Both the PDC and the same site partner had to be demoted to member servers.  Yesterday we were able to get the same site partner server promoted back up to a DC.  We attempted to promote APP2 backup up to a DC that failed.  Now that I have rebuilt the server, all NTDS connections are being automatically created.
0
 

Author Closing Comment

by:dbldiamond
ID: 39852784
Ultimately this issue was created by hardware failure and the solution was to rebuild the server with new hard drives.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question