Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 377
  • Last Modified:

Domain replication Error

Hello I have two physical servers.

In physical01 I have a virtualized domain controller(DC3)  in physical02 I have another domain controller(DC1) and a Exchange Server 2010.

This weekend  the servers were down (power outage) and now the physical01 are down  and only is working physical02.

In DC1 the event viewer shows event Id 1863, and 2092. "the server is own of FSMO rol but is not valid"

And the Exchange server can't mount the database.

Can I repair without start physical01?

thanks
0
limmontreefree
Asked:
limmontreefree
  • 10
  • 8
1 Solution
 
Santosh GuptaCommented:
Hi,

1. Is your FSMO role holder server is up ?, if not then did you planned to make it up ?

if not then

a) perform metadata cleanup for old DC.
b) Seize the FSMO Roles to live server.
c) Make sure that old server name is completely removed from DNS, ADUC and sites and services.
d) Run DCDIAG /V and see the errors.

2. if you can start the FSMO Role holder server then start it, and transfer the roles to running server.
a) Run DCDIAG /V and see the errors.
0
 
limmontreefreeAuthor Commented:
After start the physical01 and DC3 now the exchange database has been mounted properly.

The physical01 was down in the event log Directory service I was:

Warning event 2092 this server is the owner of the FSMO role but it's not valid. This server was not property replicated since the restart. the replication errors prevent the role validation.

Error event 1863 this is the replication state:
latency interval (hours) 24
....

You can modify the latency interval....

What was the problem? the DC3 was down and after 24 hours the other Domain Controller became "not usable"?

thanks
0
 
Santosh GuptaCommented:
We have to collect some data to get Answer for all questions.

1. what are the Operating system you are running.
2. how many server are acting as GC (I guess All) ?
3. it seems DNS if not configured properly. - run DCDIAG /test:DNS
4. Proper Replication  not happening. - run DCDIAG /V
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
limmontreefreeAuthor Commented:
Both DC are W2008R2 and are GC.

In the Dcdiag /test:DNS the only errors are with the forwarders. and with  DCDIAG /V I think all is fine.
Thanks
dcdiag.txt
testDNS.txt
0
 
Santosh GuptaCommented:
Hi,

you are correct, In the Dcdiag /test:DNS the only some errors and DCDIAG /V  is fine.

it seems your Root hints of DNS are not working properly. Please check and fix it.

http://technet.microsoft.com/en-us/library/cc730735.aspx
0
 
limmontreefreeAuthor Commented:
Thanks again, but now I have serveral questions:

I have two domain Controllers, both are DNS server.

Have I to configure in forwarder Tab the other DNS server?

If yes, Have I to mark the checkbox Use root hint if there isn't enabled forwarder?

In other hand.

Where can I take the correct list of root hints servers?

Thanks
0
 
Santosh GuptaCommented:
No, if you donot have any specific DNS server or you dont want to user any other DNS to resolve you dns queries.

you can copy the other server root hints and check if all root hint servers are showing green.

In your exchange server LAN property, did you added both DC IP as DNS ?
0
 
limmontreefreeAuthor Commented:
"No, if you donot have any specific DNS server or you dont want to user any other DNS to resolve you dns queries."  --> I have two DNS servers DC1 and DC3, I want the  servers work together, but I don't know if I have to force it the forward Tab or if it is done itself.....

"you can copy the other server root hints and check if all root hint servers are showing green." --> Ok I can copy,  but from Where, If you are telling me to copy from DC3,  I have the some issue in DC1 and DC3, may be forefront are filtering something?... Are there in Internet a good list to copy it....

"In your exchange server LAN property, did you added both DC IP as DNS ?" --> yes, The weekend the problem was that DC3 was down and DC1 thought:

Warning event 2092 this server is the owner of the FSMO role but it's not valid. This server was not property replicated since the restart. the replication errors prevent the role validation.

Error event 1863 this is the replication state:
latency interval (hours) 24  


So I want to make DCDIAG /test:DNS run fine, and latter think about event 2092.

Thanks.
0
 
limmontreefreeAuthor Commented:
And

"you can copy the other server root hints and check if all root hint servers are showing green."  --> "green Where I have to see it in green"

Thanks and sorry for my bad English ...
0
 
Santosh GuptaCommented:
DNS
0
 
limmontreefreeAuthor Commented:
Thanks you very much I have checked all the root hints server are green except d.root-server.net has a time out error. This error is in my DC1 and DC3. DC1 and DC3 have the same root hint servers

but If I run DCDIAG /test:DSN , I still this warnning: test 1 not passed in this DNS server. AND the last line shows XXXXXXXX.local pass the DNS test.

I'm confused, are important the warning?, what  means?
 
 image
0
 
Santosh GuptaCommented:
Hi,

1. run the cmd and type
"NSLOOKUP localhost" and see the result.

2. go to C:\Windows\System32\drivers\etc and check the HOSTS files for any additional entry.

3. check the LAN card property and see if you have any loopback address configured as DNS, remove it and make sure that only your DC and ADC IP should be there.

4. run IPCONFIG /FLUSHDNS and rerun the DCDIAG /test:DSN

5. Try to replicate and see the results.
0
 
limmontreefreeAuthor Commented:
Ok very interesting:


both DC1 and DC3 when I do NSLOOKUP localhost

tell me dc1.XXXXXXX.local not find localhost: non-existing domain
tell me dc2.XXXXXXX.local not find localhost: non-existing domain

 doing this I found a mistake....
DC1 has primary dns itself 192.168.168.10 and secondary 192.168.168.12 DC3

but DC3 had the same  and I change the order so now it's
DC3 has primary dns itself 192.168.168.12 and secondary 192.168.168.10 DC1.

host are empty as expected.

I have flushed the DNS cache.

And run the DCDIAG /test:DNS.

Now in DC1 the result is the same but in DC3 I only get and error in d.root-servers.net neither can ping it.
So DC3 are running correctly ... but what is happened to DC1??
0
 
limmontreefreeAuthor Commented:
and now finally works fine in DC1 .....

But why has happened this?.

I only change the order of the Ip in the tcptip dns conf.
0
 
Santosh GuptaCommented:
it happens some time.  that's why i did ask to check it in my earlier post, but seems you did not noticed.

any ways..,  

do you have any issue  now ?
0
 
limmontreefreeAuthor Commented:
No, the log is clear..

I have learned a lot .

Thanks.
0
 
limmontreefreeAuthor Commented:
Very helpful.

Thanks again
0
 
Santosh GuptaCommented:
your welcome.... Happy to help...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 10
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now