Garry Shape
asked on
Help with Warnings and replication issues between Win2008 Domain Controllers?
I've been noticing some Warning logs on Domain Controllers in my AD environment.
Under the Event Viewer > Applications and Services Logs > "File Replication Service", I find there to be many of these types:
Event ID 13508:
The File Replication Service is having trouble enabling replication from DC05 to DC01 for c:\windows\sysvol\domain using the DNS name DC05.cafe.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC05.cafe.com from this computer.
[2] FRS is not running on DC05.cafe.com.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
Followed by:
Event ID: 13509:
The File Replication Service has enabled replication from DC05 to DC01 for c:\windows\sysvol\domain after repeated retries.
And there are others like that but between other DC's as well.
And then this:
Event ID: 13562:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller dc01.cafe.com for FRS replica set configuration information.
The nTDSConnection object cn=032a9a28-d23e-43dc-92ec -08fa47375 516,cn=ntd s settings,cn=dc01,cn=server s,cn=cafe, cn=sites,c n=configur ation,dc=c afenet,dc= com is conflicting with cn=06a14940-4928-4576-ab8e -7b403b92a c76,cn=ntd s settings,cn=dc01,cn=server s,cn=cafe, cn=sites,c n=configur ation,dc=c afenet,dc= com.
Using cn=032a9a28-d23e-43dc-92ec -08fa47375 516,cn=ntd s settings,cn=dc01,cn=server s,cn=cafe, cn=sites,c n=configur ation,dc=c afenet,dc= com
I'm not sure why this would be happening.
There is only one DC I found that has had some sync issues and with the repadmin /showrepl I had found that it was tombstoned and no longer sycning. That is a "DC04", not mentioned in the above event logs, however, and is not a FSMO.
Under the Event Viewer > Applications and Services Logs > "File Replication Service", I find there to be many of these types:
Event ID 13508:
The File Replication Service is having trouble enabling replication from DC05 to DC01 for c:\windows\sysvol\domain using the DNS name DC05.cafe.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC05.cafe.com from this computer.
[2] FRS is not running on DC05.cafe.com.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
Followed by:
Event ID: 13509:
The File Replication Service has enabled replication from DC05 to DC01 for c:\windows\sysvol\domain after repeated retries.
And there are others like that but between other DC's as well.
And then this:
Event ID: 13562:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller dc01.cafe.com for FRS replica set configuration information.
The nTDSConnection object cn=032a9a28-d23e-43dc-92ec
Using cn=032a9a28-d23e-43dc-92ec
I'm not sure why this would be happening.
There is only one DC I found that has had some sync issues and with the repadmin /showrepl I had found that it was tombstoned and no longer sycning. That is a "DC04", not mentioned in the above event logs, however, and is not a FSMO.
ASKER
Is that just the main DCDIAG command with all results? Or is /All supposed to be a parameter; I'm not showing that available from the help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have a tombstoned DC you need to decommission this to stop further issues that you might be encountering in your domain. Use ntdsutil to remove this DC and perform metadata cleanup.
Also what connections are made in AD Sites and Services?
Try and run Check Replication Topology to force the KCC to check replication and re-create connections if necessary.
Will.
Also what connections are made in AD Sites and Services?
Try and run Check Replication Topology to force the KCC to check replication and re-create connections if necessary.
Will.
ASKER
Problem with the tombstoned DC is my admin account was created after it tombstoned and while I can remote into the DC, it's giving access denied types of errors, or trying to launch dcpromo.exe won't open it . "C:\Windows\system32\dcpro mo.exe - Windows cannot access the specified device, path, or file.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry got a duplicate thread going here but technically they are two issues.
I'm reading the "Active Directory" book by O'Reilly, and it says when manually removing a domain controller from Active Directory, if it's not a FSMO, you can simply select the DC within Active Directory Users and Computers MMC and delete it. It says after you do that, the metadata cleanup steps are performed automatically. (Chapter 18: Backup, Recovery and Maintenance).
Only on Windows Server 2003 does it mention having to go into ntdsutil and running commands and stuff.
Is that ok then? So if I'm just deleting it from AD, do I need to shut down the DC first? It's a Virtual Machine -- can I just power it off then delete it from AD?
I'm reading the "Active Directory" book by O'Reilly, and it says when manually removing a domain controller from Active Directory, if it's not a FSMO, you can simply select the DC within Active Directory Users and Computers MMC and delete it. It says after you do that, the metadata cleanup steps are performed automatically. (Chapter 18: Backup, Recovery and Maintenance).
Only on Windows Server 2003 does it mention having to go into ntdsutil and running commands and stuff.
Is that ok then? So if I'm just deleting it from AD, do I need to shut down the DC first? It's a Virtual Machine -- can I just power it off then delete it from AD?
Can you post output of DCDIAG /ALL command from DC05 please?
M