Help with Warnings and replication issues between Win2008 Domain Controllers?

I've been noticing some Warning logs on Domain Controllers in my AD environment.
Under the Event Viewer > Applications and Services Logs > "File Replication Service", I find there to be many of these types:

Event ID 13508:
The File Replication Service is having trouble enabling replication from DC05 to DC01 for c:\windows\sysvol\domain using the DNS name FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 [1] FRS can not correctly resolve the DNS name from this computer.
 [2] FRS is not running on
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

Followed by:

Event ID: 13509:
The File Replication Service has enabled replication from DC05 to DC01 for c:\windows\sysvol\domain after repeated retries.

And there are others like that but between other DC's as well.

And then this:

Event ID: 13562:

Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller for FRS replica set configuration information.
 The nTDSConnection object cn=032a9a28-d23e-43dc-92ec-08fa47375516,cn=ntds settings,cn=dc01,cn=servers,cn=cafe,cn=sites,cn=configuration,dc=cafenet,dc=com is conflicting with cn=06a14940-4928-4576-ab8e-7b403b92ac76,cn=ntds settings,cn=dc01,cn=servers,cn=cafe,cn=sites,cn=configuration,dc=cafenet,dc=com.
Using cn=032a9a28-d23e-43dc-92ec-08fa47375516,cn=ntds settings,cn=dc01,cn=servers,cn=cafe,cn=sites,cn=configuration,dc=cafenet,dc=com

I'm not sure why this would be happening.
There is only one DC I found that has had some sync issues and with the repadmin /showrepl I had found that it was tombstoned and no longer sycning. That is a "DC04", not mentioned in the above event logs, however, and is not a FSMO.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:

Can you post output of DCDIAG /ALL command from DC05 please?

garryshapeAuthor Commented:
Is that just the main DCDIAG command with all results? Or is /All supposed to be a parameter; I'm not showing that available from the help.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
sorry just post me the dcdiag command will do fine.

I was mixing it up with dcdiag /fixall.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Will SzymkowskiSenior Solution ArchitectCommented:
If you have a tombstoned DC you need to decommission this to stop further issues that you might be encountering in your domain. Use ntdsutil to remove this DC and perform metadata cleanup.

Also what connections are made in AD Sites and Services?

Try and run Check Replication Topology to force the KCC to check replication and re-create connections if necessary.

garryshapeAuthor Commented:
Problem with the tombstoned DC is my admin account was created after it tombstoned and while I can remote into the DC, it's giving access denied types of errors, or trying to launch dcpromo.exe won't open it . "C:\Windows\system32\dcpromo.exe - Windows cannot access the specified device, path, or file.
Will SzymkowskiSenior Solution ArchitectCommented:
What you might have to do then is manually run ntdsutil on another DC and forceally remove the tombstoned DC. Also deleting the computer account from the Domain Controllers OU as well as removing any SRV records from the zone in DNS.

Once you have done this just power off the DC and or reformat it.

If it does not hold any of the FSMO roles then you do not need to seize any of the roles either. Once this is removed make sure SItes and Services are creating connections to the DC's that are still in your environment.

If a DC is not working propoelry you need to remove it. Don't just leave it powered on because you are just going to create more issues when users create accounts/group policies/authenticate etc.

Manually do a metadata cleanup and power off the DC.

Also make sure that you update your DHCP scopes and remove this DC from DNS if it configured.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
Sorry got a duplicate thread going here but technically they are two issues.

I'm reading the "Active Directory" book by O'Reilly, and it says when manually removing a domain controller from Active Directory, if it's not a FSMO, you can simply select the DC within Active Directory Users and Computers MMC and delete it. It says after you do that, the metadata cleanup steps are performed automatically. (Chapter 18: Backup, Recovery and Maintenance).

Only on Windows Server 2003 does it mention having to go into ntdsutil and running commands and stuff.

Is that ok then? So if I'm just deleting it from AD, do I need to shut down the DC first? It's a Virtual Machine -- can I just power it off then delete it from AD?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.