Solved

Domain replication Error

Posted on 2014-03-16
18
300 Views
Last Modified: 2014-03-20
Hello I have two physical servers.

In physical01 I have a virtualized domain controller(DC3)  in physical02 I have another domain controller(DC1) and a Exchange Server 2010.

This weekend  the servers were down (power outage) and now the physical01 are down  and only is working physical02.

In DC1 the event viewer shows event Id 1863, and 2092. "the server is own of FSMO rol but is not valid"

And the Exchange server can't mount the database.

Can I repair without start physical01?

thanks
0
Comment
Question by:limmontreefree
  • 10
  • 8
18 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39933486
Hi,

1. Is your FSMO role holder server is up ?, if not then did you planned to make it up ?

if not then

a) perform metadata cleanup for old DC.
b) Seize the FSMO Roles to live server.
c) Make sure that old server name is completely removed from DNS, ADUC and sites and services.
d) Run DCDIAG /V and see the errors.

2. if you can start the FSMO Role holder server then start it, and transfer the roles to running server.
a) Run DCDIAG /V and see the errors.
0
 

Author Comment

by:limmontreefree
ID: 39933954
After start the physical01 and DC3 now the exchange database has been mounted properly.

The physical01 was down in the event log Directory service I was:

Warning event 2092 this server is the owner of the FSMO role but it's not valid. This server was not property replicated since the restart. the replication errors prevent the role validation.

Error event 1863 this is the replication state:
latency interval (hours) 24
....

You can modify the latency interval....

What was the problem? the DC3 was down and after 24 hours the other Domain Controller became "not usable"?

thanks
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39934250
We have to collect some data to get Answer for all questions.

1. what are the Operating system you are running.
2. how many server are acting as GC (I guess All) ?
3. it seems DNS if not configured properly. - run DCDIAG /test:DNS
4. Proper Replication  not happening. - run DCDIAG /V
0
 

Author Comment

by:limmontreefree
ID: 39935630
Both DC are W2008R2 and are GC.

In the Dcdiag /test:DNS the only errors are with the forwarders. and with  DCDIAG /V I think all is fine.
Thanks
dcdiag.txt
testDNS.txt
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39937061
Hi,

you are correct, In the Dcdiag /test:DNS the only some errors and DCDIAG /V  is fine.

it seems your Root hints of DNS are not working properly. Please check and fix it.

http://technet.microsoft.com/en-us/library/cc730735.aspx
0
 

Author Comment

by:limmontreefree
ID: 39939326
Thanks again, but now I have serveral questions:

I have two domain Controllers, both are DNS server.

Have I to configure in forwarder Tab the other DNS server?

If yes, Have I to mark the checkbox Use root hint if there isn't enabled forwarder?

In other hand.

Where can I take the correct list of root hints servers?

Thanks
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39939336
No, if you donot have any specific DNS server or you dont want to user any other DNS to resolve you dns queries.

you can copy the other server root hints and check if all root hint servers are showing green.

In your exchange server LAN property, did you added both DC IP as DNS ?
0
 

Author Comment

by:limmontreefree
ID: 39939408
"No, if you donot have any specific DNS server or you dont want to user any other DNS to resolve you dns queries."  --> I have two DNS servers DC1 and DC3, I want the  servers work together, but I don't know if I have to force it the forward Tab or if it is done itself.....

"you can copy the other server root hints and check if all root hint servers are showing green." --> Ok I can copy,  but from Where, If you are telling me to copy from DC3,  I have the some issue in DC1 and DC3, may be forefront are filtering something?... Are there in Internet a good list to copy it....

"In your exchange server LAN property, did you added both DC IP as DNS ?" --> yes, The weekend the problem was that DC3 was down and DC1 thought:

Warning event 2092 this server is the owner of the FSMO role but it's not valid. This server was not property replicated since the restart. the replication errors prevent the role validation.

Error event 1863 this is the replication state:
latency interval (hours) 24  


So I want to make DCDIAG /test:DNS run fine, and latter think about event 2092.

Thanks.
0
 

Author Comment

by:limmontreefree
ID: 39939413
And

"you can copy the other server root hints and check if all root hint servers are showing green."  --> "green Where I have to see it in green"

Thanks and sorry for my bad English ...
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39939455
DNS
0
 

Author Comment

by:limmontreefree
ID: 39941663
Thanks you very much I have checked all the root hints server are green except d.root-server.net has a time out error. This error is in my DC1 and DC3. DC1 and DC3 have the same root hint servers

but If I run DCDIAG /test:DSN , I still this warnning: test 1 not passed in this DNS server. AND the last line shows XXXXXXXX.local pass the DNS test.

I'm confused, are important the warning?, what  means?
 
 image
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39942067
Hi,

1. run the cmd and type
"NSLOOKUP localhost" and see the result.

2. go to C:\Windows\System32\drivers\etc and check the HOSTS files for any additional entry.

3. check the LAN card property and see if you have any loopback address configured as DNS, remove it and make sure that only your DC and ADC IP should be there.

4. run IPCONFIG /FLUSHDNS and rerun the DCDIAG /test:DSN

5. Try to replicate and see the results.
0
 

Author Comment

by:limmontreefree
ID: 39942887
Ok very interesting:


both DC1 and DC3 when I do NSLOOKUP localhost

tell me dc1.XXXXXXX.local not find localhost: non-existing domain
tell me dc2.XXXXXXX.local not find localhost: non-existing domain

 doing this I found a mistake....
DC1 has primary dns itself 192.168.168.10 and secondary 192.168.168.12 DC3

but DC3 had the same  and I change the order so now it's
DC3 has primary dns itself 192.168.168.12 and secondary 192.168.168.10 DC1.

host are empty as expected.

I have flushed the DNS cache.

And run the DCDIAG /test:DNS.

Now in DC1 the result is the same but in DC3 I only get and error in d.root-servers.net neither can ping it.
So DC3 are running correctly ... but what is happened to DC1??
0
 

Author Comment

by:limmontreefree
ID: 39942932
and now finally works fine in DC1 .....

But why has happened this?.

I only change the order of the Ip in the tcptip dns conf.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39942976
it happens some time.  that's why i did ask to check it in my earlier post, but seems you did not noticed.

any ways..,  

do you have any issue  now ?
0
 

Author Comment

by:limmontreefree
ID: 39942986
No, the log is clear..

I have learned a lot .

Thanks.
0
 

Author Closing Comment

by:limmontreefree
ID: 39942990
Very helpful.

Thanks again
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39943014
your welcome.... Happy to help...
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now