Solved

DC replication fails with event ID 1864 & 1988

Posted on 2014-03-17
4
815 Views
Last Modified: 2014-03-23
Hi Experts,

DC1: W2003 with FSMO roles (192.168.2.5)
DC2: W2008Ent and recently moved from hyper-v to Esxi.(192.168.2.31)

After I moved the DC2 vm from hyper-v to esxi I started to have error ID 1864 & 1988 related to replication of DC.
I did moved FSMO from DC2 to DC1 as I thought the DC2 could be down for a while. in the end it was only about 6 hours down time.

Initially I had 5 eventID1864 errors(DC,configuration,schema,domaindnszones,and forestdnszones) on DC2.
But after ran
"repadmin /options DC2 -DISABLE_OUTBOUND_REPL" and "repadmin /options DC2 -DISABLE_INBOUND_REPL"
errors were disappered with result of dcdiag as below.

=====================================================
Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   Home Server = DC2

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Wellington\DC2

      Starting test: Connectivity

         ......................... DC2 passed test Connectivity



Doing primary tests

   
   Testing server: Wellington\DC2

      Starting test: Advertising

         ......................... DC2 passed test Advertising

      Starting test: FrsEvent

         ......................... DC2 passed test FrsEvent

      Starting test: DFSREvent

         ......................... DC2 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... DC2 passed test SysVolCheck

      Starting test: KccEvent

         ......................... DC2 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... DC2 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... DC2 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=xxxxx,DC=xxx,DC=org,DC=nz
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=xxxxx,DC=xxx,DC=org,DC=nz
         ......................... DC2 failed test NCSecDesc

      Starting test: NetLogons

         ......................... DC2 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... DC2 passed test ObjectsReplicated

      Starting test: Replications

         ......................... DC2 passed test Replications

      Starting test: RidManager

         ......................... DC2 passed test RidManager

      Starting test: Services

         ......................... DC2 passed test Services

      Starting test: SystemLog

         ......................... DC2 passed test SystemLog

      Starting test: VerifyReferences

         ......................... DC2 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mpsad

      Starting test: CheckSDRefDom

         ......................... mpsad passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mpsad passed test CrossRefValidation

   
   Running enterprise tests on : xxxxx.xxx.org.nz

      Starting test: LocatorCheck

         ......................... xxxxx.xxx.org.nz passed test LocatorCheck

      Starting test: Intersite

         ......................... xxxxx.xxx.org.nz passed test Intersite
=====================================================

On DC1, it was 5 ID 1864s before fixing on dc2, but it is now 2 eventID 1988 & 1864.

How can I solve this errors?

Cheers,
Yasuyasu
1864-on-DC1.txt
1988-on-DC1.txt
repadmin-showreps-on-DC1.txt
0
Comment
Question by:YasuYasu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39933836
Hi,

#1. seems you had a domain controller with IP 192.168.2.108 and it still exist in database, pls run metadata cleanup for 108 DC.

##2. Make sure you have no more records for 108 DC in DNS, ADUC and Site & Services.

###3
Enable Loose Replication Consistency


 To enable Loose Replication Consistency, follow these steps on the domain controller 2003 that reports the errors messages. Locate and click the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

2.Click Add Value on the Edit menu.
3.Add the following value:
Value Name: Strict Replication Consistency
 Data type: REG_DWORD
 Value data: If the value is 1, change it to 0

####4. Run DCDIAG /V
0
 

Author Comment

by:YasuYasu
ID: 39936277
Hi santosh,

Thanks for your advice. I have followed your steps but there is new error error event  1388 attached. It looks like I still have a 192.168.2.108 domain controller.

I ran "repadmin /removelingeringobjects DC2 DC1_object_GUID DC=xxxxx,DC=xxx,DC=org,DC=nz" Is this correct?

Cheers,
Yasu
1388-on-DC1.txt
dcdiag-V-result.txt
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39937096
hi,

Yes, you are right, it needs to be removed. Please go though the links and remove the 108 DC from everywhere.
http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx
http://mcpmag.com/articles/2006/05/30/cleaning-up-after-ad.aspx?admgarea=BDNA

After all these if you see the same event then pls make sure that server 108 have been remove from all these locations.

1. ADSU
2. DNS
3. Site and Services
0
 

Author Closing Comment

by:YasuYasu
ID: 39949083
Hi Santosh,

thanks for your reply. after I have an error, I re-tried to this again and errors were disappered. DCDIAG doesn't have errors either.

Thank you!
YasuYasu
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question