Solved

AD sync issues

Posted on 2014-10-09
6
46 Views
Last Modified: 2016-03-16
We're currently on exchange 2003 sp2.  Our exchange and ad are on the same server.  We are working with consultants to upgrade but in the meantime we're experiencing problems.  We have not upgraded or implemented anything yet.  Late last week our server rebooted itself 3 times.  FYI, automatic updates is turned off.  It stopped doing that but now we're finding some ldap syncs breaking with 3rd party software.   FYI, we've not changed anything.  We have 3 domain controllers.  They are virtualized.  

I'm seeing a lot of NetBT event ID 4321 errors.   . .  could not be registered on the interface with IP address domain controller.  The machine with the IP address primary domain controller did not allow the name to be claimed by the machine.  And event id 2093 and 1864.  Worried if we're having replication problems.  Don't even know where to start. Any help would be appreciated.
0
Comment
Question by:GCBIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 1

Expert Comment

by:TORLYSIT
ID: 40371368
You may want to check and make sure your WINS servers are healthy? Check to see if the IP address(es) of your primary and secondary WINS server(s) on the server's network adapter are correct.

Also, check to see if your WINS servers are reporting any errors of their own?

I would definitely recommend you separate your DC and Exchange servers.
0
 

Author Comment

by:GCBIT
ID: 40371420
Just find out my admin made a snapshot of the server, tried to update the vmware tools.  It didn't work so he went back to the snapshot.  I think this is what caused the problem.  I found this article http://support.microsoft.com/kb/2023007 and trying to figure out what to do.
0
 

Author Comment

by:GCBIT
ID: 40371425
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:GCBIT
ID: 40371441
i don't think that's it.  We're not getting event id 2095.  Just found out he had installed symantec shortly before the issues starting happening.  So we receive event id 2093 and 1864 every night around 9:58 pm.
0
 
LVL 1

Accepted Solution

by:
TORLYSIT earned 500 total points
ID: 40371466
Event ID 1864 just advises that the DC has not recieved a replication in 24 hours.

If the second article you posted is correct, you need to resync the DC. There is no real easy way.

1. DCPROMO and demote the DC. (MAKE SURE YOU TRANSFER FSMO ROLES OFF THIS BOX FIRST!)
2. Shut down the demoted server.
3. Log onto another DC on your domain and do a Metadata cleanup. (http://support2.microsoft.com/kb/216498)
4. Restart the demoted DC
5. Promote it back to DC and reconfigure as before.

If the DC was snapshoted and reset, the AD database it came back with was not the one that AD was expecting and caused some sync issues.

Domain Controllers are one of the few servers where a snapshot is not recommended. Backup your LDAP database and restore it onto a fresh Domain Controller in the event of catastrophe. If you have more than one DC, just promote a server to DC and pick up where you left off.
0
 

Author Comment

by:GCBIT
ID: 40377150
looks like we have 3 domain controllers:
server A runs all the FSMO roles & is the GD
server B is the server that was reverted to snapshot and has exchange and ad
server C runs our intranet

Would I just demote server b or server b & c?
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Static IP Address Assignment 10 81
Script to find any empty OU and nested OU in Active Directory 2 64
Tips on reducing the size of AD (DIT) database 5 35
User Account issue 6 40
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question