none
Remove Lingering Objects with status 8440 (0x20f8) RRS feed

  • Question

  • hi everyone , am trying to use removelingeringobjects:

    DsReplicaVerifyObjectsW() failed with status 8440 (0x20f8):
        The naming context specified for this replication operation is invalid.

    below the event viewer :

    Source domain controller:
    c8883965-df3d-4e90-ae39-a9b990796323._msdcs.MYDC.COM
    Object:
    CN=54890f5b-c906-4e4e-a238-e13c9ebbce15\0ADEL:c93aa172-dfc4-4ebe-91c2-a6c0d6d36857,CN=Deleted Objects,CN=Configuration,DC=MYDC,DC=COM
    Object GUID:
    c93aa172-dfc4-4ebe-91c2-a6c0d6d36857  This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory Domain Services database.  This replication attempt has been blocked.
     
     The best solution to this problem is to identify and remove all lingering objects in the forest.
     

    and the command that i used is :

    repadmin  /removelingeringobjects ho1.mydc.com c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 CN=Deleted Objects,CN=Configuration,DC=MYDC,DC=COM /advisory_mode

    is any problem with the command ? please help


    Osma Othman

    Sunday, December 1, 2019 2:10 PM

All replies

  • Hi,

    You can enable strict replication consistency using repadmin command to remove lingeringobjects

    repadmin /regkey * +strict

    You can also use regedit key to enable strict replication consistency:

    The setting for replication consistency is stored in the Strict Replication Consistency entry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.

    The values for the Strict Replication Consistency registry entry are as follows:

    • Value: 1 (0 to disable)

    • Default: 1 (enabled) in a new Windows Server 2003 or Windows Server 2008 forest; otherwise 0.

    • Data type: REG_DWORD


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    Sunday, December 1, 2019 2:30 PM
  • thank you for your quick reply ,

    but If you have any lingering objects identified, you will need to remove this prior to enabling strict replication consistency.
    • Edited by Osama123 Sunday, December 1, 2019 3:03 PM
    Sunday, December 1, 2019 2:56 PM
  • thank you for your quick reply ,

    but If you have any lingering objects identified, you will need to remove this prior to enabling strict replication consistency.

    Hi,

    If you enable strict replication consistency. Lingering object will be removed automatically without blocking the replication.


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    • Marked as answer by Osama123 Sunday, December 1, 2019 6:12 PM
    • Unmarked as answer by Osama123 Sunday, December 1, 2019 6:12 PM
    Sunday, December 1, 2019 4:19 PM
  • Hello Osma,

    Thank you for posting in our TechNet forum.

    According to your description, I can get the issue that the lingering objects happened and we got the error 8440;

    Refer to the command you used:
    repadmin  /removelingeringobjects ho1.mydc.com c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 CN=Deleted Objects,CN=Configuration,DC=MYDC,DC=COM /advisory_mode; It has some errors in naming context.

    Please run the command as administrator to check the naming context: repadmin /showrepl

    1.So the naming context looks like this:
    Domain: DC=Domain,DC=com
    Configuration: CN=Configuration,DC=domain,DC=com
    Schema: CN=Schema,CN=Configuration,DC=domain,DC=com
    Application:
    DC=DomainDnsZones,DC=Domain,DC=com DC=ForestDnsZones,DC=Domain,DC=com

    2.About the command to remove lingering object, the following is the sample for your reference.
    Command to check lingering object list: repadmin /removelingeringobjects <Name of Target DC> <GUID of Source DC> <Naming Context> /advisory_mode


    Command to remove lingering object:
    repadmin /removelingeringobjects <Name of Target DC> <GUID of Source DC> <Naming Context>


    For example:
    I have two DCs in a.local domain. vchzho720VM (DC name):  DSA object GUID: 42b23c41-9479-4d72-8667-5332444adacd

    vchzho0280VM(DC name): DSA object GUID: a4ee466d-f68e-4ae0-9a7c-b570c4dcd124

    3.We need to check which partition the lingering objects store with above commands, and we can remove them in corresponding partition if we find them.
    For the meaning of some above parameters, we can refer to the following table:

    Parameter

    Description

    Name of Target DC

    Specifies the host name of a destination domain controller, a list of domain controllers separated by a space, or * for all domain controllers in the enterprise. See above for detailed syntax.

    GUID of Source DC

    Specifies the GUID of the source (reference) domain controller that will be used to identify objects that are outdated (lingering) on the destination. Obtain the GUID by running repadmin /showrepl against the source domain controller that you are using as the reference server.

    NamingContextDN

    Specifies the distinguished name of the directory partition from which the lingering objects are to be removed.

    advisory_mode

    Prints a list of objects that are found in the directory of the destination domain controller that are not found in the directory of the source domain controller. Objects are not removed if this parameter is used. Prints a list of objects that are found in the directory of the destination domain controller that are not found in the directory of the source domain controller. Objects are not removed if this parameter is used.




    Best Regards,
    Jolin Lu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 2, 2019 8:24 AM
  • thank you for your great reply , but still same problem , i think the problem is with the NamingContexDN

    since its contain symbols:please check below you will find (( \0ADEL ))

    54890f5b-c906-4e4e-a238-e13c9ebbce15\0ADEL:c93aa172-dfc4-4ebe-91c2-a6c0d6d36857,CN=Deleted Objects,CN=Configuration,DC=MYDC,DC=COM


    Osma Othman

    Monday, December 2, 2019 9:13 AM
  • First of all when you are using /advisory_mode switch the lingering objects are just logged but not actually removed, you have to run the same command without /advisory_mode to actually remove objects.

    repadmin /removelingeringobjects dcname.foobar.foo.bar.net 71bd32ed-0c26-4c3f-b5b 0-a0e744331734 "dc=foobar,dc=foo,dc=bar,dc=net" /advisory_mode
    Monday, December 2, 2019 11:12 AM
  • i think the problem is with the location : CN=Deleted Objects,CN=Configuration,DC=MYDC,DC=COM.

    since the object is in the deleted CN.

    from the below logs , could please tell me what is the code exactly :

    Source domain controller:
    c8883965-df3d-4e90-ae39-a9b990796323._msdcs.MYDC.COM
    Object:
    CN=54890f5b-c906-4e4e-a238-e13c9ebbce15\0ADEL:c93aa172-dfc4-4ebe-91c2-a6c0d6d36857,CN=Deleted Objects,CN=Configuration,DC=MYDC,DC=COM
    Object GUID:
    c93aa172-dfc4-4ebe-91c2-a6c0d6d36857  This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory Domain Services database.  This replication attempt has been blocked.


    Osma Othman

    Monday, December 2, 2019 12:19 PM
  • Hello Osma,

    The following commands are edited according to your environment.

    please check the lingering objects in these five partitions.

    If the lingering objects exist, please run the command without advisory_mode to delete the lingering objects.

    Configuration:

    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "CN=Configuration,DC=MYDC,DC=COM" /advisory_mode
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "CN=Configuration,DC=MYDC,DC=COM" 


    Domain:
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "DC=MYDC,DC=COM" /advisory_mode
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "DC=MYDC,DC=COM" 


    Shema:
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "CN=Schema,CN=Configuration,DC=MYDC,DC=COM" /advisory_mode
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "CN=Schema,CN=Configuration,DC=MYDC,DC=COM" 


    Application-domain:
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "DC=DomainDnsZones,DC=MYDC,DC=COM" /advisory_mode
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "DC=DomainDnsZones,DC=MYDC,DC=COM" 


    Application-forest:
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "DC=ForestDnsZones,DC=MYDC,DC=COM" /advisory_mode
    repadmin  /removelingeringobjects ho1 c93aa172-dfc4-4ebe-91c2-a6c0d6d36857 "DC=ForestDnsZones,DC=MYDC,DC=COM" 

    If you still have any questions or concerns, please provide the screenshot for me to check.

    Jolin Lu

    Best regard.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 3, 2019 10:18 AM
  • Hello Osama,

    Believe you are doing well. This is a kind follow up on this case.

    May I know the latest status? Thanks and looking forward to your reply.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 5, 2019 10:34 AM

  • Hi,
    I am writing to see if the issue is resolved or not? If anything is unclear, please feel free to update here.

    Thank you for your time and support.


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 12, 2019 4:04 AM
    Moderator