Microsoft's Best Practice Analyzer
The problem I am experiencing my DNS servers are slow to resolve host names. See error below from the event viewer:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDi
Date: 6/1/2017 8:31:46 AM
Event ID: 1864
Task Category: Replication
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: SYSK8MVDC1.sysk8.local
Description:
This is the replication status for the following directory partition on this directory server.
Directory partition:
DC=SITK8INT,DC=sysk8,DC=lo
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
2
More than a week:
2
More than one month:
2
More than two months:
2
More than a tombstone lifetime:
2
Tombstone lifetime (days):
180
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
==========
I am new to working with BPA and started by opening Server Manager, Clicked on Roles, Selected DNS as the role I was interested in analyzing but options were available to continue. The issue I am having is how do I launch the BPA. I assume I need to install it first, since it is not obviously presented.
How do I install BPA?
I have an MSDN Corporate account, so I assume I can download BPA from there. Correct?
Am I correct to assume that BPA is already a service (turned-off) by default on versions 2008 R2 and above?
Thank you advance.
Lipotech
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDi
Date: 6/1/2017 8:31:46 AM
Event ID: 1864
Task Category: Replication
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: SYSK8MVDC1.sysk8.local
Description:
This is the replication status for the following directory partition on this directory server.
Directory partition:
DC=SITK8INT,DC=sysk8,DC=lo
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
2
More than a week:
2
More than one month:
2
More than two months:
2
More than a tombstone lifetime:
2
Tombstone lifetime (days):
180
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
==========
I am new to working with BPA and started by opening Server Manager, Clicked on Roles, Selected DNS as the role I was interested in analyzing but options were available to continue. The issue I am having is how do I launch the BPA. I assume I need to install it first, since it is not obviously presented.
How do I install BPA?
I have an MSDN Corporate account, so I assume I can download BPA from there. Correct?
Am I correct to assume that BPA is already a service (turned-off) by default on versions 2008 R2 and above?
Thank you advance.
Lipotech
Can you post the results of the following,
repadmin /test:replication
repadmin /showrepl <hostname of domain controller> /verbose /all /intersite >c:\repl.txt
And can you also post the results from
dcdiag.exe /e /f:"C:\dcdiag.txt"
That command will produce a text file in the root of C drive on the DC you run it on called "dcdiag.txt" that you can post
repadmin /test:replication
repadmin /showrepl <hostname of domain controller> /verbose /all /intersite >c:\repl.txt
And can you also post the results from
dcdiag.exe /e /f:"C:\dcdiag.txt"
That command will produce a text file in the root of C drive on the DC you run it on called "dcdiag.txt" that you can post
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This shows that you've had an AD replication issue for quite a while:
How many total domain controllers are in the domain?
More than a tombstone lifetime:
2
Tombstone lifetime (days):
180
How many total domain controllers are in the domain?
ASKER
I am running Windows Server Enterprise SP2. I am following the instruction below, but I cannot see the BPA under the summary page.
To scan a role by using the BPA GUI:
Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
In the tree pane, open Roles, and then select the role for which you want to open BPA.
In the details pane, open the Summary section, and then open the Best Practices Analyzer area.
Click Scan This Role to start a scan.
I can open the Summary section, but the BPA does not appear as an option. So I never get to Click Scan This Role. What am I missing?
Lipotech
To scan a role by using the BPA GUI:
Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
In the tree pane, open Roles, and then select the role for which you want to open BPA.
In the details pane, open the Summary section, and then open the Best Practices Analyzer area.
Click Scan This Role to start a scan.
I can open the Summary section, but the BPA does not appear as an option. So I never get to Click Scan This Role. What am I missing?
Lipotech
ASKER
Justin,
I will post the reports you requested later shortly. But, for right now I am curious why I cannot see the BPA under the Summary Window. Any ideas?
Lipotech
I will post the reports you requested later shortly. But, for right now I am curious why I cannot see the BPA under the Summary Window. Any ideas?
Lipotech
ASKER
I resorted to using PowerShell cmdlets to run the BPA. I am running into the current error message when I attempt to import the Server Manager module. Can someone please why this error is presenting.
PS C:\Users\Administrator> Import-Module ServerManager
Import-Module : The specified module 'ServerManager' was not loaded because no valid module file was found in any
module directory.
At line:1 char:1
+ Import-Module ServerManager
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (ServerManager:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Mic
Thanks,
Lipotech
PS C:\Users\Administrator> Import-Module ServerManager
Import-Module : The specified module 'ServerManager' was not loaded because no valid module file was found in any
module directory.
At line:1 char:1
+ Import-Module ServerManager
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (ServerManager:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Mic
Thanks,
Lipotech
I am running Windows Server Enterprise SP2.
Assuming that's Windows Server 2008 Enterprise SP2, I don't believe there's a BPA built into the OS for anything older than 2008 R2. This thread appears to indicate that the ServerManager PS module is also unavailable prior to 2008 R2.
ASKER
Is there away to install BPA on Windows Server 2008 Enterprise SP2?
Lipotech
Lipotech
I don't think there is. I've been searching for one, but I don't see anything prior to 2008 R2. The one exception is that there's a downloadable BPA for Small Business Server 2008, but I doubt it'll run on a non-SBS server. Even if it does, it'll report a lot of irrelevant errors, since your server won't have all of the SBS components installed.
ASKER
Based on my research I have concluded that you are correct DrDave242. There is no reliable way to install BPA on Windows 2008 Enterprise. I must now refocus my attention to discovering why I am experiencing DNS performance issues within the domain. I have noted the replication errors I am experiencing in a previous post within this thread. My question now is can the replication errors I am experiencing be the root cause of my DNS performance issues?
Justin, within minutes I will be following your recommendations presented in a previous comment on how to troubleshoot the errors I discovered in the event logs. I Copied and Pasted again below for convenience:
The problem I am experiencing my DNS servers are slow to resolve host names. See error below from the event viewer:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDi
Date: 6/1/2017 8:31:46 AM
Event ID: 1864
Task Category: Replication
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: SYSK8MVDC1.sysk8.local
Description:
This is the replication status for the following directory partition on this directory server.
Directory partition:
DC=SITK8INT,DC=sysk8,DC=lo
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
2
More than a week:
2
More than one month:
2
More than two months:
2
More than a tombstone lifetime:
2
Tombstone lifetime (days):
180
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
My question now is can the replication errors I am experiencing be the root cause of my DNS performance issues? I want to thank both of you once again for your support.
Lipotech
Justin, within minutes I will be following your recommendations presented in a previous comment on how to troubleshoot the errors I discovered in the event logs. I Copied and Pasted again below for convenience:
The problem I am experiencing my DNS servers are slow to resolve host names. See error below from the event viewer:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDi
Date: 6/1/2017 8:31:46 AM
Event ID: 1864
Task Category: Replication
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: SYSK8MVDC1.sysk8.local
Description:
This is the replication status for the following directory partition on this directory server.
Directory partition:
DC=SITK8INT,DC=sysk8,DC=lo
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
2
More than a week:
2
More than one month:
2
More than two months:
2
More than a tombstone lifetime:
2
Tombstone lifetime (days):
180
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
My question now is can the replication errors I am experiencing be the root cause of my DNS performance issues? I want to thank both of you once again for your support.
Lipotech
Replication issue could cause the DNS lags ... in your case 2 of the DC;'s are tombstoned and needs to be force demoted followed by metadata cleanup and then re promoted.
If they are removed from the environment and no longer exist then please perform metadata cleanup only
If they are removed from the environment and no longer exist then please perform metadata cleanup only
ASKER
I am going to keep this Question opened a while longer until I perform the recommendations made by Justin and Sarang. Should have the results from the diags shortly.
Lipotech
Lipotech
See
How to open BPA
You can open BPA in the Server Manager console by opening the home page for a server role that supports BPA.
To open BPA in Server Manager
Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
In the tree pane, open Roles, and then select the role for which you want to open BPA.
In the details pane, open the Summary section, and then open the Best Practices Analyzer area.
Running BPA
For more information about how to run BPA scans
See