?
Solved

AD sync issues

Posted on 2014-10-09
6
Medium Priority
?
53 Views
Last Modified: 2016-03-16
We're currently on exchange 2003 sp2.  Our exchange and ad are on the same server.  We are working with consultants to upgrade but in the meantime we're experiencing problems.  We have not upgraded or implemented anything yet.  Late last week our server rebooted itself 3 times.  FYI, automatic updates is turned off.  It stopped doing that but now we're finding some ldap syncs breaking with 3rd party software.   FYI, we've not changed anything.  We have 3 domain controllers.  They are virtualized.  

I'm seeing a lot of NetBT event ID 4321 errors.   . .  could not be registered on the interface with IP address domain controller.  The machine with the IP address primary domain controller did not allow the name to be claimed by the machine.  And event id 2093 and 1864.  Worried if we're having replication problems.  Don't even know where to start. Any help would be appreciated.
0
Comment
Question by:GCBIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 1

Expert Comment

by:TORLYSIT
ID: 40371368
You may want to check and make sure your WINS servers are healthy? Check to see if the IP address(es) of your primary and secondary WINS server(s) on the server's network adapter are correct.

Also, check to see if your WINS servers are reporting any errors of their own?

I would definitely recommend you separate your DC and Exchange servers.
0
 

Author Comment

by:GCBIT
ID: 40371420
Just find out my admin made a snapshot of the server, tried to update the vmware tools.  It didn't work so he went back to the snapshot.  I think this is what caused the problem.  I found this article http://support.microsoft.com/kb/2023007 and trying to figure out what to do.
0
 

Author Comment

by:GCBIT
ID: 40371425
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:GCBIT
ID: 40371441
i don't think that's it.  We're not getting event id 2095.  Just found out he had installed symantec shortly before the issues starting happening.  So we receive event id 2093 and 1864 every night around 9:58 pm.
0
 
LVL 1

Accepted Solution

by:
TORLYSIT earned 2000 total points
ID: 40371466
Event ID 1864 just advises that the DC has not recieved a replication in 24 hours.

If the second article you posted is correct, you need to resync the DC. There is no real easy way.

1. DCPROMO and demote the DC. (MAKE SURE YOU TRANSFER FSMO ROLES OFF THIS BOX FIRST!)
2. Shut down the demoted server.
3. Log onto another DC on your domain and do a Metadata cleanup. (http://support2.microsoft.com/kb/216498)
4. Restart the demoted DC
5. Promote it back to DC and reconfigure as before.

If the DC was snapshoted and reset, the AD database it came back with was not the one that AD was expecting and caused some sync issues.

Domain Controllers are one of the few servers where a snapshot is not recommended. Backup your LDAP database and restore it onto a fresh Domain Controller in the event of catastrophe. If you have more than one DC, just promote a server to DC and pick up where you left off.
0
 

Author Comment

by:GCBIT
ID: 40377150
looks like we have 3 domain controllers:
server A runs all the FSMO roles & is the GD
server B is the server that was reverted to snapshot and has exchange and ad
server C runs our intranet

Would I just demote server b or server b & c?
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question