Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 833
  • Last Modified:

DC replication fails with event ID 1864 & 1988

Hi Experts,

DC1: W2003 with FSMO roles (192.168.2.5)
DC2: W2008Ent and recently moved from hyper-v to Esxi.(192.168.2.31)

After I moved the DC2 vm from hyper-v to esxi I started to have error ID 1864 & 1988 related to replication of DC.
I did moved FSMO from DC2 to DC1 as I thought the DC2 could be down for a while. in the end it was only about 6 hours down time.

Initially I had 5 eventID1864 errors(DC,configuration,schema,domaindnszones,and forestdnszones) on DC2.
But after ran
"repadmin /options DC2 -DISABLE_OUTBOUND_REPL" and "repadmin /options DC2 -DISABLE_INBOUND_REPL"
errors were disappered with result of dcdiag as below.

=====================================================
Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   Home Server = DC2

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Wellington\DC2

      Starting test: Connectivity

         ......................... DC2 passed test Connectivity



Doing primary tests

   
   Testing server: Wellington\DC2

      Starting test: Advertising

         ......................... DC2 passed test Advertising

      Starting test: FrsEvent

         ......................... DC2 passed test FrsEvent

      Starting test: DFSREvent

         ......................... DC2 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... DC2 passed test SysVolCheck

      Starting test: KccEvent

         ......................... DC2 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... DC2 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... DC2 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=xxxxx,DC=xxx,DC=org,DC=nz
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=xxxxx,DC=xxx,DC=org,DC=nz
         ......................... DC2 failed test NCSecDesc

      Starting test: NetLogons

         ......................... DC2 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... DC2 passed test ObjectsReplicated

      Starting test: Replications

         ......................... DC2 passed test Replications

      Starting test: RidManager

         ......................... DC2 passed test RidManager

      Starting test: Services

         ......................... DC2 passed test Services

      Starting test: SystemLog

         ......................... DC2 passed test SystemLog

      Starting test: VerifyReferences

         ......................... DC2 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mpsad

      Starting test: CheckSDRefDom

         ......................... mpsad passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mpsad passed test CrossRefValidation

   
   Running enterprise tests on : xxxxx.xxx.org.nz

      Starting test: LocatorCheck

         ......................... xxxxx.xxx.org.nz passed test LocatorCheck

      Starting test: Intersite

         ......................... xxxxx.xxx.org.nz passed test Intersite
=====================================================

On DC1, it was 5 ID 1864s before fixing on dc2, but it is now 2 eventID 1988 & 1864.

How can I solve this errors?

Cheers,
Yasuyasu
1864-on-DC1.txt
1988-on-DC1.txt
repadmin-showreps-on-DC1.txt
0
YasuYasu
Asked:
YasuYasu
  • 2
  • 2
1 Solution
 
Santosh GuptaCommented:
Hi,

#1. seems you had a domain controller with IP 192.168.2.108 and it still exist in database, pls run metadata cleanup for 108 DC.

##2. Make sure you have no more records for 108 DC in DNS, ADUC and Site & Services.

###3
Enable Loose Replication Consistency


 To enable Loose Replication Consistency, follow these steps on the domain controller 2003 that reports the errors messages. Locate and click the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

2.Click Add Value on the Edit menu.
3.Add the following value:
Value Name: Strict Replication Consistency
 Data type: REG_DWORD
 Value data: If the value is 1, change it to 0

####4. Run DCDIAG /V
0
 
YasuYasuAuthor Commented:
Hi santosh,

Thanks for your advice. I have followed your steps but there is new error error event  1388 attached. It looks like I still have a 192.168.2.108 domain controller.

I ran "repadmin /removelingeringobjects DC2 DC1_object_GUID DC=xxxxx,DC=xxx,DC=org,DC=nz" Is this correct?

Cheers,
Yasu
1388-on-DC1.txt
dcdiag-V-result.txt
0
 
Santosh GuptaCommented:
hi,

Yes, you are right, it needs to be removed. Please go though the links and remove the 108 DC from everywhere.
http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx
http://mcpmag.com/articles/2006/05/30/cleaning-up-after-ad.aspx?admgarea=BDNA

After all these if you see the same event then pls make sure that server 108 have been remove from all these locations.

1. ADSU
2. DNS
3. Site and Services
0
 
YasuYasuAuthor Commented:
Hi Santosh,

thanks for your reply. after I have an error, I re-tried to this again and errors were disappered. DCDIAG doesn't have errors either.

Thank you!
YasuYasu
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now