Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Domain replication Error

Posted on 2014-03-16
18
Medium Priority
?
373 Views
Last Modified: 2014-03-20
Hello I have two physical servers.

In physical01 I have a virtualized domain controller(DC3)  in physical02 I have another domain controller(DC1) and a Exchange Server 2010.

This weekend  the servers were down (power outage) and now the physical01 are down  and only is working physical02.

In DC1 the event viewer shows event Id 1863, and 2092. "the server is own of FSMO rol but is not valid"

And the Exchange server can't mount the database.

Can I repair without start physical01?

thanks
0
Comment
Question by:limmontreefree
  • 10
  • 8
18 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39933486
Hi,

1. Is your FSMO role holder server is up ?, if not then did you planned to make it up ?

if not then

a) perform metadata cleanup for old DC.
b) Seize the FSMO Roles to live server.
c) Make sure that old server name is completely removed from DNS, ADUC and sites and services.
d) Run DCDIAG /V and see the errors.

2. if you can start the FSMO Role holder server then start it, and transfer the roles to running server.
a) Run DCDIAG /V and see the errors.
0
 

Author Comment

by:limmontreefree
ID: 39933954
After start the physical01 and DC3 now the exchange database has been mounted properly.

The physical01 was down in the event log Directory service I was:

Warning event 2092 this server is the owner of the FSMO role but it's not valid. This server was not property replicated since the restart. the replication errors prevent the role validation.

Error event 1863 this is the replication state:
latency interval (hours) 24
....

You can modify the latency interval....

What was the problem? the DC3 was down and after 24 hours the other Domain Controller became "not usable"?

thanks
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39934250
We have to collect some data to get Answer for all questions.

1. what are the Operating system you are running.
2. how many server are acting as GC (I guess All) ?
3. it seems DNS if not configured properly. - run DCDIAG /test:DNS
4. Proper Replication  not happening. - run DCDIAG /V
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:limmontreefree
ID: 39935630
Both DC are W2008R2 and are GC.

In the Dcdiag /test:DNS the only errors are with the forwarders. and with  DCDIAG /V I think all is fine.
Thanks
dcdiag.txt
testDNS.txt
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39937061
Hi,

you are correct, In the Dcdiag /test:DNS the only some errors and DCDIAG /V  is fine.

it seems your Root hints of DNS are not working properly. Please check and fix it.

http://technet.microsoft.com/en-us/library/cc730735.aspx
0
 

Author Comment

by:limmontreefree
ID: 39939326
Thanks again, but now I have serveral questions:

I have two domain Controllers, both are DNS server.

Have I to configure in forwarder Tab the other DNS server?

If yes, Have I to mark the checkbox Use root hint if there isn't enabled forwarder?

In other hand.

Where can I take the correct list of root hints servers?

Thanks
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39939336
No, if you donot have any specific DNS server or you dont want to user any other DNS to resolve you dns queries.

you can copy the other server root hints and check if all root hint servers are showing green.

In your exchange server LAN property, did you added both DC IP as DNS ?
0
 

Author Comment

by:limmontreefree
ID: 39939408
"No, if you donot have any specific DNS server or you dont want to user any other DNS to resolve you dns queries."  --> I have two DNS servers DC1 and DC3, I want the  servers work together, but I don't know if I have to force it the forward Tab or if it is done itself.....

"you can copy the other server root hints and check if all root hint servers are showing green." --> Ok I can copy,  but from Where, If you are telling me to copy from DC3,  I have the some issue in DC1 and DC3, may be forefront are filtering something?... Are there in Internet a good list to copy it....

"In your exchange server LAN property, did you added both DC IP as DNS ?" --> yes, The weekend the problem was that DC3 was down and DC1 thought:

Warning event 2092 this server is the owner of the FSMO role but it's not valid. This server was not property replicated since the restart. the replication errors prevent the role validation.

Error event 1863 this is the replication state:
latency interval (hours) 24  


So I want to make DCDIAG /test:DNS run fine, and latter think about event 2092.

Thanks.
0
 

Author Comment

by:limmontreefree
ID: 39939413
And

"you can copy the other server root hints and check if all root hint servers are showing green."  --> "green Where I have to see it in green"

Thanks and sorry for my bad English ...
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39939455
DNS
0
 

Author Comment

by:limmontreefree
ID: 39941663
Thanks you very much I have checked all the root hints server are green except d.root-server.net has a time out error. This error is in my DC1 and DC3. DC1 and DC3 have the same root hint servers

but If I run DCDIAG /test:DSN , I still this warnning: test 1 not passed in this DNS server. AND the last line shows XXXXXXXX.local pass the DNS test.

I'm confused, are important the warning?, what  means?
 
 image
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 2000 total points
ID: 39942067
Hi,

1. run the cmd and type
"NSLOOKUP localhost" and see the result.

2. go to C:\Windows\System32\drivers\etc and check the HOSTS files for any additional entry.

3. check the LAN card property and see if you have any loopback address configured as DNS, remove it and make sure that only your DC and ADC IP should be there.

4. run IPCONFIG /FLUSHDNS and rerun the DCDIAG /test:DSN

5. Try to replicate and see the results.
0
 

Author Comment

by:limmontreefree
ID: 39942887
Ok very interesting:


both DC1 and DC3 when I do NSLOOKUP localhost

tell me dc1.XXXXXXX.local not find localhost: non-existing domain
tell me dc2.XXXXXXX.local not find localhost: non-existing domain

 doing this I found a mistake....
DC1 has primary dns itself 192.168.168.10 and secondary 192.168.168.12 DC3

but DC3 had the same  and I change the order so now it's
DC3 has primary dns itself 192.168.168.12 and secondary 192.168.168.10 DC1.

host are empty as expected.

I have flushed the DNS cache.

And run the DCDIAG /test:DNS.

Now in DC1 the result is the same but in DC3 I only get and error in d.root-servers.net neither can ping it.
So DC3 are running correctly ... but what is happened to DC1??
0
 

Author Comment

by:limmontreefree
ID: 39942932
and now finally works fine in DC1 .....

But why has happened this?.

I only change the order of the Ip in the tcptip dns conf.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39942976
it happens some time.  that's why i did ask to check it in my earlier post, but seems you did not noticed.

any ways..,  

do you have any issue  now ?
0
 

Author Comment

by:limmontreefree
ID: 39942986
No, the log is clear..

I have learned a lot .

Thanks.
0
 

Author Closing Comment

by:limmontreefree
ID: 39942990
Very helpful.

Thanks again
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39943014
your welcome.... Happy to help...
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question