Solved

AD sync issues

Posted on 2014-10-09
6
49 Views
Last Modified: 2016-03-16
We're currently on exchange 2003 sp2.  Our exchange and ad are on the same server.  We are working with consultants to upgrade but in the meantime we're experiencing problems.  We have not upgraded or implemented anything yet.  Late last week our server rebooted itself 3 times.  FYI, automatic updates is turned off.  It stopped doing that but now we're finding some ldap syncs breaking with 3rd party software.   FYI, we've not changed anything.  We have 3 domain controllers.  They are virtualized.  

I'm seeing a lot of NetBT event ID 4321 errors.   . .  could not be registered on the interface with IP address domain controller.  The machine with the IP address primary domain controller did not allow the name to be claimed by the machine.  And event id 2093 and 1864.  Worried if we're having replication problems.  Don't even know where to start. Any help would be appreciated.
0
Comment
Question by:GCBIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 1

Expert Comment

by:TORLYSIT
ID: 40371368
You may want to check and make sure your WINS servers are healthy? Check to see if the IP address(es) of your primary and secondary WINS server(s) on the server's network adapter are correct.

Also, check to see if your WINS servers are reporting any errors of their own?

I would definitely recommend you separate your DC and Exchange servers.
0
 

Author Comment

by:GCBIT
ID: 40371420
Just find out my admin made a snapshot of the server, tried to update the vmware tools.  It didn't work so he went back to the snapshot.  I think this is what caused the problem.  I found this article http://support.microsoft.com/kb/2023007 and trying to figure out what to do.
0
 

Author Comment

by:GCBIT
ID: 40371425
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:GCBIT
ID: 40371441
i don't think that's it.  We're not getting event id 2095.  Just found out he had installed symantec shortly before the issues starting happening.  So we receive event id 2093 and 1864 every night around 9:58 pm.
0
 
LVL 1

Accepted Solution

by:
TORLYSIT earned 500 total points
ID: 40371466
Event ID 1864 just advises that the DC has not recieved a replication in 24 hours.

If the second article you posted is correct, you need to resync the DC. There is no real easy way.

1. DCPROMO and demote the DC. (MAKE SURE YOU TRANSFER FSMO ROLES OFF THIS BOX FIRST!)
2. Shut down the demoted server.
3. Log onto another DC on your domain and do a Metadata cleanup. (http://support2.microsoft.com/kb/216498)
4. Restart the demoted DC
5. Promote it back to DC and reconfigure as before.

If the DC was snapshoted and reset, the AD database it came back with was not the one that AD was expecting and caused some sync issues.

Domain Controllers are one of the few servers where a snapshot is not recommended. Backup your LDAP database and restore it onto a fresh Domain Controller in the event of catastrophe. If you have more than one DC, just promote a server to DC and pick up where you left off.
0
 

Author Comment

by:GCBIT
ID: 40377150
looks like we have 3 domain controllers:
server A runs all the FSMO roles & is the GD
server B is the server that was reverted to snapshot and has exchange and ad
server C runs our intranet

Would I just demote server b or server b & c?
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question