NTDS Replication error

Hi

We keep getting the below error appearing in the event viewer on our DC. It's a 2008 R2 server. We also have 2 other DCs, running 2003.

Alongside this, the server keeps having intermittent problems where the company data folder (F: mapped drive to the server /data share) keeps losing connection. When this happens, no connection can be made to the server via UNC path or IP, whether it is pinging or attempting to access the c$ or other shares.

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          19/08/2015 15:04:03
Event ID:      1955
Task Category: Replication
Level:         Information
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      MAINSERVER.sadofskys.local
Description:
Active Directory Domain Services encountered a write conflict when applying replicated changes to the following object.
 
Object:
CN=Administrator,CN=Users,DC=sadofskys,DC=local
Time in seconds:
0
 
Event log entries preceding this entry will indicate whether or not the update was accepted.
 
A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occurs when the object represents a large group with many members, and the functional level of the forest is set to Windows 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring.
 
User Action
Use smaller groups for this operation or raise the forest functional level to Windows Server 2003.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
    <EventID Qualifiers="16384">1955</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>5</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-08-19T14:04:03.978663600Z" />
    <EventRecordID>21148</EventRecordID>
    <Correlation />
    <Execution ProcessID="592" ThreadID="1624" />
    <Channel>Directory Service</Channel>
    <Computer>MAINSERVER.sadofskys.local</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>CN=Administrator,CN=Users,DC=sadofskys,DC=local</Data>
    <Data>0</Data>
  </EventData>
</Event>

Open in new window


Any help would be much appreciated.

Cheers
Dom
cbapartnershipAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy LidbetterCommented:
Hi Dom,

Can you confirm the functional level of the Domain?

Also, can you confirm AD replication is working as expected?

regards

Guy
cbapartnershipAuthor Commented:
Hi Guy

The functional level is 2003.

We're not sure, hence the error above.

Cheers
Dom
Guy LidbetterCommented:
Ho Dom,

Run
Repadmin /Replsum /bySrc /Bydest /sort:Delta

Open in new window

And check if any errors are returned.

Also, please open up powershell on a DC and run
Import-Module ActiveDirectory
Get-ADDomain | fl Name,DomainMode
Get-ADForest | fl Name,ForestMode

Open in new window


And post the results, removing any confidential info of course...

Regards

Guy
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

cbapartnershipAuthor Commented:
There were no errors when running Repadmin



Name       : server
DomainMode : Windows2003Domain

PS C:\Users\administrator.server> Get-ADForest | fl Name,ForestMode

Name       : server.local
ForestMode : Windows2003Forest

Thank you
Guy LidbetterCommented:
Make sure that all FSMO roles are on the server not logging the event.

And possibly try a manual TCP/IP reset on the problematic DC.

To do this:
netsh int ip reset c:\resetlog.txt

Open in new window

This basically reset the Registry params for TCP/IP, the same as reinstalling the protocol. It can somethimes resolve connectivity issues like these
cbapartnershipAuthor Commented:
All of the FSMO roles are on the main DC. The other two DC's are also logging the same event error

I will try the IP reset later this evening when the server wont be used.

Thanks so far
Guy LidbetterCommented:
To be clear, the error is appearing on all DC's, but only one has odd connectivity issues?
cbapartnershipAuthor Commented:
Yes. We only have one mapped drive and that data sits on the main DC.
cbapartnershipAuthor Commented:
Good Morning Guy

I have done the TCP/IP reset and will see how things go today. For the last week or so, it usually goes wrong quite quickly so I will find out if thats worked or not.

I will keep you posted.

Thanks
cbapartnershipAuthor Commented:
Unfortunately we are sill experiencing the same issues. It does seem to be happening more on one particular PC though at the minute. This PC has lost connectivity with the server about 8 times today.

I can start pinging the server from the PC with -t and it comes back with some pings and then drops off all together. Pinging the server by name then pings via IPv6 and it sometimes comes back with 'General Failure'.

Do you have any more thoughts on what I could try please?


Thanks
David AtkinTechnical DirectorCommented:
Hello,

Can you do a dcdiag /v and post the result.

Are you also getting event ID 1083 as well?

Do you have Anti-Virus on all your machines?   Some posts online suggest that it could be caused by the Win32/Conficker Worm

Check your Security logs on your DC for account lockouts.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David AtkinTechnical DirectorCommented:
Any update on this one?
cbapartnershipAuthor Commented:
We run Sophos Endpoint Protection and there's no AV warnings at the moment.

We've actually replaced the PC that was getting the worst of it now and it seems very intermittent elsewhere but I'll keep an eye on it and reopen the question if it hasn't resolved.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.