Solved

DC replication fails with event ID 1864 & 1988

Posted on 2014-03-17
4
791 Views
Last Modified: 2014-03-23
Hi Experts,

DC1: W2003 with FSMO roles (192.168.2.5)
DC2: W2008Ent and recently moved from hyper-v to Esxi.(192.168.2.31)

After I moved the DC2 vm from hyper-v to esxi I started to have error ID 1864 & 1988 related to replication of DC.
I did moved FSMO from DC2 to DC1 as I thought the DC2 could be down for a while. in the end it was only about 6 hours down time.

Initially I had 5 eventID1864 errors(DC,configuration,schema,domaindnszones,and forestdnszones) on DC2.
But after ran
"repadmin /options DC2 -DISABLE_OUTBOUND_REPL" and "repadmin /options DC2 -DISABLE_INBOUND_REPL"
errors were disappered with result of dcdiag as below.

=====================================================
Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   Home Server = DC2

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Wellington\DC2

      Starting test: Connectivity

         ......................... DC2 passed test Connectivity



Doing primary tests

   
   Testing server: Wellington\DC2

      Starting test: Advertising

         ......................... DC2 passed test Advertising

      Starting test: FrsEvent

         ......................... DC2 passed test FrsEvent

      Starting test: DFSREvent

         ......................... DC2 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... DC2 passed test SysVolCheck

      Starting test: KccEvent

         ......................... DC2 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... DC2 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... DC2 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=xxxxx,DC=xxx,DC=org,DC=nz
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=xxxxx,DC=xxx,DC=org,DC=nz
         ......................... DC2 failed test NCSecDesc

      Starting test: NetLogons

         ......................... DC2 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... DC2 passed test ObjectsReplicated

      Starting test: Replications

         ......................... DC2 passed test Replications

      Starting test: RidManager

         ......................... DC2 passed test RidManager

      Starting test: Services

         ......................... DC2 passed test Services

      Starting test: SystemLog

         ......................... DC2 passed test SystemLog

      Starting test: VerifyReferences

         ......................... DC2 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mpsad

      Starting test: CheckSDRefDom

         ......................... mpsad passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mpsad passed test CrossRefValidation

   
   Running enterprise tests on : xxxxx.xxx.org.nz

      Starting test: LocatorCheck

         ......................... xxxxx.xxx.org.nz passed test LocatorCheck

      Starting test: Intersite

         ......................... xxxxx.xxx.org.nz passed test Intersite
=====================================================

On DC1, it was 5 ID 1864s before fixing on dc2, but it is now 2 eventID 1988 & 1864.

How can I solve this errors?

Cheers,
Yasuyasu
1864-on-DC1.txt
1988-on-DC1.txt
repadmin-showreps-on-DC1.txt
0
Comment
Question by:YasuYasu
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39933836
Hi,

#1. seems you had a domain controller with IP 192.168.2.108 and it still exist in database, pls run metadata cleanup for 108 DC.

##2. Make sure you have no more records for 108 DC in DNS, ADUC and Site & Services.

###3
Enable Loose Replication Consistency


 To enable Loose Replication Consistency, follow these steps on the domain controller 2003 that reports the errors messages. Locate and click the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

2.Click Add Value on the Edit menu.
3.Add the following value:
Value Name: Strict Replication Consistency
 Data type: REG_DWORD
 Value data: If the value is 1, change it to 0

####4. Run DCDIAG /V
0
 

Author Comment

by:YasuYasu
ID: 39936277
Hi santosh,

Thanks for your advice. I have followed your steps but there is new error error event  1388 attached. It looks like I still have a 192.168.2.108 domain controller.

I ran "repadmin /removelingeringobjects DC2 DC1_object_GUID DC=xxxxx,DC=xxx,DC=org,DC=nz" Is this correct?

Cheers,
Yasu
1388-on-DC1.txt
dcdiag-V-result.txt
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39937096
hi,

Yes, you are right, it needs to be removed. Please go though the links and remove the 108 DC from everywhere.
http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx
http://mcpmag.com/articles/2006/05/30/cleaning-up-after-ad.aspx?admgarea=BDNA

After all these if you see the same event then pls make sure that server 108 have been remove from all these locations.

1. ADSU
2. DNS
3. Site and Services
0
 

Author Closing Comment

by:YasuYasu
ID: 39949083
Hi Santosh,

thanks for your reply. after I have an error, I re-tried to this again and errors were disappered. DCDIAG doesn't have errors either.

Thank you!
YasuYasu
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question