none
Event it 8456,8457 coming in active directory

    Question

  • Hi

      we are having two windows server 2008 domain controllers(one is primary and other is secondary). I checked the replication between two DC by repadmin command, iam getting the event id 8456, 8457. Replication percentage also 40%. How to fix this...

    thanks

    Tuesday, May 15, 2012 1:27 PM

Answers

  • Can you please post dcdiag /q and repadmin /replsum results here so that we can have clear idea on this?

    However you can please have look at below MS KB and thread on event ID

    http://support.microsoft.com/kb/2023007

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/0555b1c1-44be-4e09-8ba3-c7753944a453

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, May 15, 2012 1:32 PM
  • Hello,

    To start, please proceed like that:

    • Make sure that each DC has one IP address in use and one NIC card enabled (All other cards should be disabled)
    • Make sure that RRAS is disabled on DCs
    • Make sure that each public DNS server is set as a forwarder and not in IP settings of DCs
    • Make sure that each DC is a DNS and GC server
    • Make each DC points to the other one as primary DNS server, its private IP address as secondary one and 127.0.0.1 as third one

    Once done, run ipconfig /registerdns and restart netlogon on each DC you. After that, run repadmin /syncall.

    Check also that needed ports for AD replication are not blocked: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx

    You can use PortQryUI or PortQry V2 for checking.

    Please also note that there is no primary and secondary DCs. All DCs are RW except RODCs.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer


    Tuesday, May 15, 2012 1:39 PM

All replies

  • Can you please post dcdiag /q and repadmin /replsum results here so that we can have clear idea on this?

    However you can please have look at below MS KB and thread on event ID

    http://support.microsoft.com/kb/2023007

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/0555b1c1-44be-4e09-8ba3-c7753944a453

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, May 15, 2012 1:32 PM
  • Hello,

    To start, please proceed like that:

    • Make sure that each DC has one IP address in use and one NIC card enabled (All other cards should be disabled)
    • Make sure that RRAS is disabled on DCs
    • Make sure that each public DNS server is set as a forwarder and not in IP settings of DCs
    • Make sure that each DC is a DNS and GC server
    • Make each DC points to the other one as primary DNS server, its private IP address as secondary one and 127.0.0.1 as third one

    Once done, run ipconfig /registerdns and restart netlogon on each DC you. After that, run repadmin /syncall.

    Check also that needed ports for AD replication are not blocked: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx

    You can use PortQryUI or PortQry V2 for checking.

    Please also note that there is no primary and secondary DCs. All DCs are RW except RODCs.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer


    Tuesday, May 15, 2012 1:39 PM
  • Is this two DC's are VM are physical machine? Have you used any snapshot or image or cloning tool to configure these DC's? Also, post the complete error messages not just event id. Its a wild guess based on the events, there is USN rollback issue & replication are disabled for both the DC.

    Please elaborate about your AD/DC setup.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, May 15, 2012 3:15 PM
  • It seems that server is restored form image backup or cloned and hence you are getting the above eventid "The destination server is currently rejecting replication requests"

    If the server is in USN rollback the netlogon service will be pause state and a strong evidence for this would be dsa not writable key will be created with value 4.Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters and check the same.

    If server is in USN rollback you need to forcefully demote DC followed by metadata cleanup.If faulty DC is fsmo role holder you need to seize the role.

    Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
    http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

    It could be also the case that replication has been disabled manually.You can use repadmin command to check the same.
    http://support.microsoft.com/kb/321153

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, May 16, 2012 9:00 AM
  • Hi Vino,
     
    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
     
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
     
    Best Regards
     
    Kevin

    TechNet Community Support

    Friday, May 18, 2012 4:10 AM
  • Hi

      Actually inbound and outbound replication has been disabled in my server.. After enabling the replication by using repadmin disable_outbound_replication command problem fixed now iam not getting this error.

    thanks

    Sunday, May 27, 2012 5:47 AM
  • The question is who disabled the replication & why? Each should be in sync with all other DC and if one DC is out of date then it may lead to more issues and since issue has been resolved, i would suggest perform thorough analysis of your environment using in built tools like dcdiag/repadmin etc as well as using event logs to prevent anymore issues from occuring.

    What does DCDIAG actually… do? http://blogs.technet.com/b/askds/archive/2011/03/22/what-does-dcdiag-actually-do.aspx


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Sunday, May 27, 2012 5:51 AM
  • Hi

      how to check who has disabled that replication... i ran dcdiag and repadmin command , now everything fine..

    thanks

    Sunday, May 27, 2012 6:23 AM
  • You can find by checking event id in the event logs of the DC, if you have auditing in place else nope. You can find on which DC change was made using repadmin /showobjmeta

    http://blogs.technet.com/b/ad/archive/2006/06/12/435501.aspx


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Sunday, May 27, 2012 6:31 AM