none
Event ID: 1864 ActiveDirectory_DomainService Replication Error

    Question

  • Hi,

    i m getting bellow error under "Directory Service" events on my every domain controller...

    pls. help me to sort this out.

    -------

    This is the replication status for the following directory partition on this directory server. Directory partition:CN=Configuration,DC=Domain ,DC=com This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals.

    More than 24 hours:
    1
    More than a week:
    1
    More than one month:
    1
    More than two months:
    0

    ---------------------

    repadmin /showvector /latency DC=domain,DC=Com  shows bellows..

    2851c3ac-1108-4aac-9608-a07d32c879e7 @ USN     41591 @ Time (unknown)
    1223c1fc-1402-4b30-833f-c24ba17841b8 @ USN    185138 @ Time (unknown)
    1e5c730d-eddc-4492-b909-b4a27fae2db7 @ USN      6619 @ Time 2005-10-31 12:58:30
    7a922154-dc44-4efd-b4c4-6ca7d5644371 @ USN     22134 @ Time 2007-01-05 11:05:20
    90ef3ee7-54ec-4696-881b-368368ea4f47 @ USN     16591 @ Time 2007-02-20 17:25:02
    fa3c588b-6865-45e6-92d1-854767942944 @ USN   3621800 @ Time 2007-08-29 15:26:18
    e66046a1-4a70-4538-9cc2-b50d50396825 @ USN    973525 @ Time 2007-11-23 10:52:12
    308b9a54-bb7f-4f08-90b6-105365974da9 @ USN     51581 @ Time 2008-03-05 11:05:58
    7e12d19d-6407-4546-920a-97346d2fe4a5 @ USN   1453417 @ Time 2008-05-12 18:26:23
    0044325e-eb34-4067-9ddb-d76d8e926be2 @ USN  10195260 @ Time 2008-05-12 19:07:57
    948c7c7d-c535-42dc-8f03-bd17548242c8 @ USN   1432178 @ Time 2008-05-26 18:20:24
    e3b0b895-9ebe-438b-a95a-af917286995b @ USN  10580025 @ Time 2008-05-27 17:22:15
    d2b7e144-e1f8-4983-85d2-509227bca11d @ USN  10752012 @ Time 2008-06-02 22:22:15
    283f3bea-a49f-4e23-b293-edbb4e801afc @ USN     41031 @ Time 2008-07-04 07:00:12
    ee9a214a-7cb7-4493-9962-2e12032768d7 @ USN     53589 @ Time 2008-07-04 12:50:09
    f998f4f5-5088-47ac-b425-8437550076a4 @ USN  10842471 @ Time 2008-07-08 15:15:13
    7240d8dd-5230-4825-b2ac-f62505d5e678 @ USN   1630669 @ Time 2008-09-26 15:50:38
    fd29e05f-d068-48e7-b391-512e5f91feb3 @ USN  20359052 @ Time 2009-06-15 09:04:42
    626aed3b-6ab6-47c2-bbe1-6948d543a439 @ USN   6675257 @ Time 2009-06-15 09:06:02
    aecb0b51-b38f-4e8d-a1d4-3c8409b3c2a6 @ USN   2669438 @ Time 2009-08-31 07:31:35
    d47a4101-688f-4467-91ef-dca4ffacdf34 @ USN   3333066 @ Time 2009-12-11 09:20:25
    25a579f2-e9db-4a65-9c87-4b9ef0c33538 @ USN   1776084 @ Time 2010-03-19 18:43:38
    13caf359-e384-4f10-85bb-18a9645545b9 @ USN  12084560 @ Time 2010-03-24 17:41:13
    15d09514-1108-44d0-85a5-8c8f05442d7d @ USN   1724423 @ Time 2010-04-07 15:52:43
    9aac8154-4bd7-4942-9eee-cdada4ee13b9 @ USN     57349 @ Time 2010-10-28 10:29:44
    c1638603-067d-4b56-99db-8c951dee801d @ USN  19403280 @ Time 2011-01-06 18:58:50
    a1b069a1-355d-4018-97e0-72cfdb69e6c7 @ USN  11165974 @ Time 2011-01-12 15:39:08
    7a7ce435-2f93-4dd1-95d9-67d623f9a666 @ USN    823756 @ Time 2011-01-27 15:15:27
    b0214bbd-503a-4771-9736-ff436f4fd5dc @ USN     90285 @ Time 2011-01-31 16:13:29
    558a28f3-e4b8-455c-a9d2-dda8ea32a77a @ USN   5220516 @ Time 2012-08-21 11:07:09
    LofacBranch\TECHMAIN                 @ USN   1457345 @ Time 2012-12-21 11:58:20
    Cotta-Road\LCRMAIN                   @ USN   1724284 @ Time 2012-12-21 11:58:23
    CLC-Head-Office\CLCMAIN              @ USN   8042487 @ Time 2012-12-21 11:58:23
    XXXX-Head-Office\ROOTDC          @ USN  57482205 @ Time 2012-12-21 11:59:54
    XXXX-Head-Office\ADC             @ USN  41784326 @ Time 2012-12-21 11:59:58
    XXXX-Head-Office\PDC             @ USN  49975130 @ Time 2012-12-21 12:00:02

    -------------------------------

    Event Details:

    System
    - Provider
    [ Name] Microsoft-Windows-ActiveDirectory_DomainService
    [ Guid] {0e8478c5-3605-4e8c-8497-1e730c959516}
    [ EventSourceName] NTDS Replication
    - EventID 1864
    [ Qualifiers] 49152
    Version 0
    Level 2
    Task 5
    Opcode 0
    Keywords 0x8080000000000000
    - TimeCreated
    [ SystemTime] 2012-12-06T12:56:56.807264900Z
    EventRecordID 10314
    Correlation
    - Execution
    [ ProcessID] 520
    [ ThreadID] 648
    Channel Directory Service
    Computer PDC.Domain.COM
    - Security
    [ UserID] S-1-5-7
    - EventData
    DC=ForestDnsZones,DC=Domain,DC=com
    1
    1
    0
    0
    0
    60

    ----------------------------

     
    Friday, December 21, 2012 6:40 AM

Answers

All replies

  • pls post

    Please post the below

    - Repadmin /syncall /e /P
    - Dcdiag /v
    - Ipconfig /all

    upload in skydrive.

    in addition,

    Below ports should be opened  in all the DCs for AD/DNS.

    Service

    Port/protocol

    RPC endpoint   mapper

    135/tcp, 135/udp

    Network basic   input/output system (NetBIOS) name service

    137/tcp, 137/udp

    NetBIOS datagram   service

    138/udp

    NetBIOS session   service

    139/tcp

    RPC dynamic   assignment

    Win 2k/2003:1024-65535/tcp
      Win 2008+:49152-65535/tcp

    Server message   block (SMB) over IP (Microsoft-DS)

    445/tcp, 445/udp

    Lightweight   Directory Access Protocol (LDAP)

    389/tcp

    LDAP ping

    389/udp

    LDAP over SSL

    636/tcp

    Global catalog   LDAP

    3268/tcp

    Global catalog   LDAP over SSL

    3269/tcp

    Kerberos

    88/tcp, 88/udp

    Domain Name   Service (DNS)

    53/tcp1, 53/udp

    Use port query for that.

    http://www.microsoft.com/en-in/download/details.aspx?id=17148


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin


    Friday, December 21, 2012 6:48 AM
  • There are multiple reasons for Event ID 1864 to occur,this could be due replication issue between dc,secure channel broken,dns misconfig,lingering object issue,server reached tombstone lifecycle period,etc.

    Please run dcdiag /q and repadmin /replsum to get more information on the issue for further troubleshooting and post the same.

    Event ID: 1864 Source: NTDS Replication
    http://eventid.net/display.asp?eventid=1864&eventno=4849&source=NTDS%20Replication&phase=1

    Troubleshoot NTDS Replication Event ID 1864
    http://nitman.com/2010/03/03/troubleshoot-ntds-replication-event-id-1864/

    Event ID 1864 Repadmin and deleted DCs in Active Directory
    http://networkadminkb.com/KB/a353/event-id-1864-repadmin-and-deleted-dcs-in-active-directory.aspx

    Error Event ID 1864 NTDS Replication
    http://social.technet.microsoft.com/Forums/en/winserverDS/thread/ccae98d9-75cb-4988-8a1a-535b3e1bfeac

    Check the dns setting on the DC most of the time it is due to dns misconfig or required port are not open for AD replication.

    Best practices for DNS client settings on DC and domain members.
    http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    Active Directory and Active Directory Domain Services Port Requirements
    http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

    If the instances of faulty dc's which are removed from network then you need to refer below link.Also if any server have reachead tombstone lifecycle period then you need to demote/promote the DC.

    Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
    http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

    Can you post the netdom query dc,dcdiag /q,repadmin /replsum,ipconfig /all details of the DC.Please use skydrive to post the log.Also let us know how is you domain arhitecture and nos of DC's present in the network.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, December 21, 2012 7:09 AM
  • As I see, the replication was not done since more than one month.

    Please start with the basic troubleshooting steps:

    • Make sure that each DC has only one NIC card enabled (All other ones should be disabled) and only one IP address in use
    • Make sure that public DNS servers are configured as forwarders and not in IP settings of DCs
    • Choose a healthy DC / DNS servers and make all DCs you have point to it as primary DNS server
    • Make each DC / DNS server points to its private IP address as secondary DNS server
    • Make sure that needed ports for AD replication are opened between all DCs you have and are not filtered: http://technet.microsoft.com/en-us/library/bb727063.aspx You can use PortQryUI for checks

    Once done, run ipconfig /registerdns and restart netlogon on each DC you have.

    After that, you can use dcdiag and repadmin commands to check DCs health and AD replication status.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, December 21, 2012 9:42 AM
  • Dear i.biswajith,

    find the requested log's via bellow link...

    and i am following steps of other replies. and requesting all of you to have look on log's.

    -----------

    - Repadmin /syncall /e /P

    - Dcdiag /v

    - Ipconfig /all

    https://skydrive.live.com/redir?resid=A691A22887BFC893!135&authkey=!AM_klMn0M1aH3jY

    Friday, December 21, 2012 2:26 PM
  • Dear i.biswajith,

    one more findings on your port requirement, expect below two services all other ports are opened(I can telnet). 

    Network basic   input/output system (NetBIOS) name service 137/tcp, 137/udp

    NetBIOS datagram   service  138/udp

    ----------------------------------------

    ***important note :  And as a reason for this issue i am thinking that one of newly added DC which was malfunctioned. And i have done the force removal about one month ago. and i did the metadata clean up and it was succeeded.

    4 Domain Controller are located on "head-office" site in same subnet and other 3 DC's are located on different sites, which connected via VPN.


    Friday, December 21, 2012 3:36 PM
  • I agree with i.Biswajith. I saw logs of ipconfig and DCDiag. Dcdiag is clean, but in ipconfig I see 127.0.0.1 as preferred DNS. Remove it and make 151.206 as preferred DNS and other DNS as secondary. Once it is done, restart DNS, Netlogon and ipconfig /flushdns & ipconfig /registerdns. Now check replication between DCs using repadmin /replsummary. If you see any errors in repadmin please let us know.

    Friday, December 21, 2012 3:56 PM
  • You have only posted dcdiag /v of LOLCROOTDC server and that look on but in system log you are getting The session setup from computer 'RND' failed because the security database does not contain a trust account 'RND$' referenced by the specified computer whcih indicates secure channel of this computer is broken,you can rejoin the machine to domain to fix the issue.

    In case if RND is instances of orphan Dc then you need to run metadata cleanup:http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx

    As ventak pointed out there is loopback ip address set as preferred dns setting,remove the same as already you have pointed the server to itself.If you want loopback ip address then set it as alternate See this for more details.DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry:http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx

    Restart the netlogon and dns server after setting the dns and run ipconfig /flushdns and ipconfig /registerdns and force the replication between dc by repadmin /syncall /AdeP or use AD sites and services.If you are reporting error while replication post the error message.Also post the other dcdiag/q and repadmin /replsum output and ipconfig /all details of DC.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, December 22, 2012 6:11 AM
  • Hi,

    sorry for the dalay in reply. Appriciate you all responces.

    i have follow the IPCONFIG DNS configuration. and uploaded the all log's.

    dcdiag /q

    repadmin /replsum

    Netdom query DC

    Netdom query fsmo

     ipconfig /all

    dcdiag /v

    other than that i tried to push replication by directory partition wise and got errors. uploaded those log's as well.

    • repadmin /syncall /APed dc=domain,dc=com
    • repadmin /syncall /APed cn=configuration, dc=domain,dc=com
    • repadmin /syncall /Aped cn=schema,cn=configuration,dc=domain,dc=com


    Wednesday, December 26, 2012 3:16 PM
  • The dcdiag/v and repadmin output indicates that there is no replication issue.But in repadmin /syncall you are getting The RPC server is unavailable.You are getting the error "The RPC server is unavailable" relates to port being blocked or network connectivity issue.

    Disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
    Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    Active Directory Firewall Ports - Let's Try To Make This Simple
    http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx

    Note:It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.

    http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

    Force there replication with repadmin command or AD sites and services and check.Also you have posted the log of root server check the health of other DC's as well and ensure that dns,port requiremnt and above parameters are in place.Also ensure that AD sites and service is configured correctly.If manaul conection are created in Ad sites and service delete same and run repadmin /kcc required topology will be create after some time interval.http://blogs.technet.com/b/markmoro/archive/2011/08/05/you-are-not-smarter-than-the-kcc.aspx

    Designing the Site Topology for Windows Server 2008 AD DS
    http://technet.microsoft.com/en-us/library/cc772013(v=ws.10).aspx

    Managing Sites
    http://technet.microsoft.com/en-us/library/bb727051.aspx

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, December 27, 2012 2:02 AM
  • Ok. I have gone through every answer and could found root course. The bellow link has helped me out.

     http://eventid.net/display.asp?eventid=1864&eventno=4849&source=NTDS%20Replication&phase=1

     there was a DC which was newlly added to domain call lolcbdc.lolc.com, not replicated. Due to that this above error (1864) was popedout on every DC.

     Anyway I just forcefully remove the lolcbdc.lolc.com from domain and did a metadata cleanup. Error diaappiered.

     Then as next step I added a another DC call lolcsdc.lolc.com to the domain.

     But I am getting error on directory services, event ID 1863 as following,

    -----------

     This is the replication status for the following directory partition on this directory server.

     Directory partition:

    DC=LOLC,DC=com

     This directory server has not received replication information from a number of directory servers within the configured latency interval.

     Latency Interval (Hours):

    24

    Number of directory servers in all sites:

    5

    Number of directory servers in this site:

    3

     The latency interval can be modified with the following registry key.

     Registry Key:

    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)

     ----------------------

    It seems replication issue is still there with the new DC  as well.

     And none of connections has created automatically in under server object in NTDS setting on site and services.

    but all sysvol and netlogon has created and replicated. and three other DC's on same site and no firewall or AV restriction...

    i think something has gone wrong with my DC's...

    I hope now I can get targeted answer from you all?

    Monday, January 07, 2013 7:37 AM
  • Refer below link for above error.
    http://www.eventid.net/display-eventid-1863-source-NTDS%20Replication-eventno-4774-phase-1.htm
    http://www.eventid.net/display.asp?eventid=1862&eventno=2446&source=NTDS%20Replication&phase=1
    http://social.technet.microsoft.com/Forums/en/winserverDS/thread/8de515cf-4262-49d5-b607-4f8dab74fecd

    Please post the ipconfig /all,dcdiag /q and repadmin /replsum output of all DC to get the clear view.Please use skydrive to post the log.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, January 07, 2013 10:01 AM
  • Hi Sandesh,

    thanks for the update.

    none of links not supported me to find a solution. i am uploading requested files to bellow path.

    https://skydrive.live.com/redir?resid=A691A22887BFC893!135&authkey=!AM_klMn0M1aH3jY

    appreciate your support..

    Monday, January 07, 2013 11:54 AM
  • The dcdiag output are clear and also repadmin /replsum.However in New-sdc-repadmin-replsum.log below error occured.
    Experienced the following operational errors trying to retrieve replication information:
    58 - CLCMAIN.LOLC.COM
    58 - TechMAIN.LOLC.COM

    It seems that server is not reachable check the connectivity and required port are open for AD communication.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

    Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
    Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    Note:It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, January 07, 2013 2:09 PM
  • Dear Sandesh,

    thanks for the reply.

    actually this techmain and clcmain are the other DC's which located at remote AD sites (yes connected via firewall).

    but all other DC's (which i post the log's) are in the same subnet (same AD site). and rootdc is holding all FSMO roles.

    Is that New SDC server is replicating properly with all DC's in same site, according to log's?

    Then why it not creating automatic connections in NTDS settings to AD's on same site?

    is there any other things i have to check?

    yes. definitely i ll look in to techmain & clcmain, but i hope there is some other issue since it is not replicating same site DC's.

    and i am getting same error event ID for other directory partitions on SDC such as,

    CN=Schema,CN=Configuration,DC=LOLC,DC=com

    CN=Configuration,DC=LOLC,DC=com

    DC=LOLC,DC=com

    and i am uploading (skydrive) repadmin /showvector /letancy dc=xx,dc=xx on rootdc and sdc for your reference.

    Tuesday, January 08, 2013 5:14 AM
  • How is your AD site is it hub and spoke or mesh,etc.Ensure that AD site is configured correctly and there should be no manaul connection create let kcc do the job.http://blogs.technet.com/b/markmoro/archive/2011/08/05/you-are-not-smarter-than-the-kcc.aspx

    If the connection object is created with site where there is no physical connectivity then you will face replication issue.Ensure Ad sites is set correctly as per physical topology.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Tuesday, January 08, 2013 9:16 AM