Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
after migrating replication stop between windows 2003 to windows 2008 r2

Answered after migrating replication stop between windows 2003 to windows 2008 r2

  • Monday, March 18, 2013 10:43 AM
     
     
    Sign In to Vote
    0

    Dear All,

    In my enviornement windows 2003 was running as DC, I installed windows 2008 r2 as a ADC and tranasferred FSMO roles on windows 2008 R2. when both servers were restarted all AD attributes migrated to windows 2008 r2 after that I create some test users account but was not able to replicate on windows 2008 r2.

    I would like to anyone can help me out that what would be happened that replication between domain controller stopped.

    regards,

     

All Replies

  • Monday, March 18, 2013 11:15 AM
     
     
    Sign In to Vote
    1

    Hello,

    please upload the following files, so we can get an overview about the domain and DCs:

    ipconfig /all >c:\ipconfig.txt [all DCs]
    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
    ADREPLSTATUS: http://www.microsoft.com/en-us/download/details.aspx?id=30005 can also be exported to file.

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) http://explore.live.com/windows-live-skydrive and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • Monday, March 18, 2013 9:46 PM
     
     
    Sign In to Vote
    0

    You can start with the basic troubleshooting steps:

    1. Make sure that both DCs are DNS and GC servers (For high availability)
    2. Make each DC points to the other one as primary DNS server, its private IP address as secondary one and 127.0.0.1 as third one
    3. Make sure that each DC has only one IP address in use and only one NIC card enabled (Other NICs should be disabled)
    4. Make sure that public DNS servers are configured as forwarders and not in IP settings of DCs
    5. Make sure that needed ports for AD replication are opened in both directions: http://technet.microsoft.com/en-us/library/bb727063.aspx You can use PortQryUI for checks

    Once done, check in your DNS system if there obsolete / old DNS records for your DCs. After that, run ipconfig /registerdns and restart netlogon on each DC you have.

    If this does not help, you can try to temporary disable security software in use on DCs.

    If the problem persists, please post the output of commands asked by Meinolf.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

     
  • Tuesday, March 19, 2013 4:06 AM
     
     
    Sign In to Vote
    0

    Hi Meinolf and Mr. X,

    Thanks for your posting, definately i will post the result on sky drive as Meinolf provided the link.

    Regards,

     
  • Tuesday, March 19, 2013 7:01 PM
     
     
    Sign In to Vote
    0

    Hi Meinolf and Mr. X,

    I uploaded the files on sky drive, Please find below the link.

    https://skydrive.live.com/redir?resid=A93467C402389321!110&authkey=!ANyFnshoU1hF6OY

    Thanks,

     
  • Tuesday, March 19, 2013 10:30 PM
     
     Answered
    Sign In to Vote
    0

    53

                Directory service:

                CN=NTDS Settings,CN=DOMAIN2003,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TEST,DC=local

                Period of time (minutes):

                17848

                

                The Connection object for this directory service will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this directory service resumes, the temporary connection will be removed.

                

                Additional Data

                Error value:

                8614 The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

             An error event occurred.  EventID: 0xC00007FA

                Time Generated: 03/18/2013   10:26:49

                Event String:

                It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

                

                 The reason that replication is not allowed to continue is that the two DCs may contain lingering objects.  Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".  If the local destination DC was allowed to replicate with the source DC, these potential lingering object would be recreated in the local Active Directory Domain Services database.

                

                Time of last successful replication:

                2012-05-30 22:01:54

                Invocation ID of source directory server:

                82fc1cef-f3e6-4059-88b1-78678e18b5f4

                Name of source directory server:

                82fc1cef-f3e6-4059-88b1-78678e18b5f4._msdcs.TEST.local

                Tombstone lifetime (days):

                60

     Your old DC is tombstoned since it have not received a replica since more than 60 days. That is why the changes were not replicated. Please demote it focibly using dcpromo /forceremoval, do a metadata cleanup and promote it again.

    To do a metadata cleanup: http://technet.microsoft.com/en-us/library/cc736378(v=ws.10).aspx

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

     
  • Thursday, March 21, 2013 4:46 AM
     
     
    Sign In to Vote
    0

    Is there any other way to start replication between domain controller, it will difficult for me to forcefully remove my old DC. Kindly suggest any other alternate that help to restore old DC.

    Thanks,

     
  • Sunday, March 31, 2013 7:10 AM
     
     Answered
    Sign In to Vote
    0

    Is there any other way to start replication between domain controller, it will difficult for me to forcefully remove my old DC. Kindly suggest any other alternate that help to restore old DC.

    Thanks,

    No. Once a DC is tombstoned, you can only forcibly demote and promote it again to have the replication back again. Of course, you would need to do a metadata cleanup in this case.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Get Active Directory User Last Logon

    Create an Active Directory test domain similar to the production one

     
  • Monday, April 01, 2013 2:28 PM
     
     
    Sign In to Vote
    0
    Hi, From the logs shared it seem that the DC has been marked as tombstoned, and can still allow the replication by following the action plan 1.Click Start, click Run, type regedit, and then click OK. 2.Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters 3.In the details pane, create or edit the registry entry as follows: If the registry entry exists in the details pane, modify the entry as follows: 1. In the details pane, right-click Allow Replication With Divergent and Corrupt Partner, and then click Modify. 2. In the Value data box, type 1, and then click OK. If the registry entry does not exist, create the entry as follows: 1. Right-click Parameters, click New, and then click DWORD Value. 2. Type the name Allow Replication With Divergent and Corrupt Partner, and then press ENTER. 3. Double-click the entry. In the Value data box, type 1, and then click OK. microsoft article http://technet.microsoft.com/en-us/library/cc757610(v=ws.10).aspx Demoting domain controller should be the last resort