Solved

DC replication fails with event ID 1864 & 1988

Posted on 2014-03-17
4
799 Views
Last Modified: 2014-03-23
Hi Experts,

DC1: W2003 with FSMO roles (192.168.2.5)
DC2: W2008Ent and recently moved from hyper-v to Esxi.(192.168.2.31)

After I moved the DC2 vm from hyper-v to esxi I started to have error ID 1864 & 1988 related to replication of DC.
I did moved FSMO from DC2 to DC1 as I thought the DC2 could be down for a while. in the end it was only about 6 hours down time.

Initially I had 5 eventID1864 errors(DC,configuration,schema,domaindnszones,and forestdnszones) on DC2.
But after ran
"repadmin /options DC2 -DISABLE_OUTBOUND_REPL" and "repadmin /options DC2 -DISABLE_INBOUND_REPL"
errors were disappered with result of dcdiag as below.

=====================================================
Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   Home Server = DC2

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Wellington\DC2

      Starting test: Connectivity

         ......................... DC2 passed test Connectivity



Doing primary tests

   
   Testing server: Wellington\DC2

      Starting test: Advertising

         ......................... DC2 passed test Advertising

      Starting test: FrsEvent

         ......................... DC2 passed test FrsEvent

      Starting test: DFSREvent

         ......................... DC2 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... DC2 passed test SysVolCheck

      Starting test: KccEvent

         ......................... DC2 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... DC2 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... DC2 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=xxxxx,DC=xxx,DC=org,DC=nz
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=xxxxx,DC=xxx,DC=org,DC=nz
         ......................... DC2 failed test NCSecDesc

      Starting test: NetLogons

         ......................... DC2 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... DC2 passed test ObjectsReplicated

      Starting test: Replications

         ......................... DC2 passed test Replications

      Starting test: RidManager

         ......................... DC2 passed test RidManager

      Starting test: Services

         ......................... DC2 passed test Services

      Starting test: SystemLog

         ......................... DC2 passed test SystemLog

      Starting test: VerifyReferences

         ......................... DC2 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mpsad

      Starting test: CheckSDRefDom

         ......................... mpsad passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mpsad passed test CrossRefValidation

   
   Running enterprise tests on : xxxxx.xxx.org.nz

      Starting test: LocatorCheck

         ......................... xxxxx.xxx.org.nz passed test LocatorCheck

      Starting test: Intersite

         ......................... xxxxx.xxx.org.nz passed test Intersite
=====================================================

On DC1, it was 5 ID 1864s before fixing on dc2, but it is now 2 eventID 1988 & 1864.

How can I solve this errors?

Cheers,
Yasuyasu
1864-on-DC1.txt
1988-on-DC1.txt
repadmin-showreps-on-DC1.txt
0
Comment
Question by:YasuYasu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39933836
Hi,

#1. seems you had a domain controller with IP 192.168.2.108 and it still exist in database, pls run metadata cleanup for 108 DC.

##2. Make sure you have no more records for 108 DC in DNS, ADUC and Site & Services.

###3
Enable Loose Replication Consistency


 To enable Loose Replication Consistency, follow these steps on the domain controller 2003 that reports the errors messages. Locate and click the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

2.Click Add Value on the Edit menu.
3.Add the following value:
Value Name: Strict Replication Consistency
 Data type: REG_DWORD
 Value data: If the value is 1, change it to 0

####4. Run DCDIAG /V
0
 

Author Comment

by:YasuYasu
ID: 39936277
Hi santosh,

Thanks for your advice. I have followed your steps but there is new error error event  1388 attached. It looks like I still have a 192.168.2.108 domain controller.

I ran "repadmin /removelingeringobjects DC2 DC1_object_GUID DC=xxxxx,DC=xxx,DC=org,DC=nz" Is this correct?

Cheers,
Yasu
1388-on-DC1.txt
dcdiag-V-result.txt
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39937096
hi,

Yes, you are right, it needs to be removed. Please go though the links and remove the 108 DC from everywhere.
http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx
http://mcpmag.com/articles/2006/05/30/cleaning-up-after-ad.aspx?admgarea=BDNA

After all these if you see the same event then pls make sure that server 108 have been remove from all these locations.

1. ADSU
2. DNS
3. Site and Services
0
 

Author Closing Comment

by:YasuYasu
ID: 39949083
Hi Santosh,

thanks for your reply. after I have an error, I re-tried to this again and errors were disappered. DCDIAG doesn't have errors either.

Thank you!
YasuYasu
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
aes256 Ransomware on SBS 2011 13 75
How to install a font on WIN2003SBS/IIS 6 & test 17 79
Building highly redundant OnPremise ADFS service ? 15 67
Windows 10 Policy for Flash 3 59
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question