The following forum(s) have migrated to Microsoft Q&A: All English Windows Server forums!
Visit Microsoft Q&A to post new questions.

Learn More

Remove From My Forums

Windows server 2008 DC error 1863

Question
0

Sign in to vote

Hi, I have a problem with errors in Windows Server 2008. My 2008 server is DC which holds FSMO role. I just add the second domain controller in remote location (server 2003). After that in event viewer start show up error logs for AD Event ID 1863.

This is the replication status for the following directory partition on this directory server.

Directory partition:
DC=ForestDnsZones,DC=sweet,DC=local

This directory server has not received replication information from a number of directory servers within the configured latency interval.

Latency Interval (Hours):
24
Number of directory servers in all sites:
1
Number of directory servers in this site:
1

The latency interval can be modified with the following registry key.

Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)

To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".

Its shows up only on 9am moring every day and there is only 4 these logs at the same time. I check dcdiag on both servers, repadmin and time sync. All seems to be ok.

I also notice that last night on remote server error shows up with w32time. I'm thinking that connection between server were lost. Any Ideas?

Tuesday, June 21, 2011 6:17 AM

All replies

0

Sign in to vote

Hello,

make sure no firewall is blocking required ports: http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx

Time sync requires UDP 123 to be open.

Please post an unedited ipconfig /all from both DC/DNS servers.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Tuesday, June 21, 2011 6:21 AM
0

Sign in to vote

I checked all ports on server 2008 and they are open. On remote server 2003 I disable firewall to check if that helps.

On server 2008 instade of going to Administrative tools > Windows Firewall with Advanced security I went to Control Panel > WIndows Firewall > Firewall settings > exceptions > and put check mark next to Netlogon Service. Usually errors shows up on 9 am in morning after I make this change errors didnt shows up. Will monitor this.

Windows firewall in administrative tools and taht one in control panel are diferent? I thought that are the same.

Tuesday, June 21, 2011 7:27 AM
1

Sign in to vote

Event id 1863 relates to presence of lingering object in the AD environment.

http://support.microsoft.com/kb/910205

Determine the tombstone lifetime for the forest

http://technet.microsoft.com/en-us/library/cc784932%28WS.10%29.aspx

Lingering object issues

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9f114f3f-e8ef-4ac6-846f-8e61d6324d9a

What does repadmin /showrepl or repadmin /show reps says

You can also run comprehensive test of your AD environment to find the issues like replication,dc's health etc using DCDIAG /V/C/D/E/S:DCNAME >C:\DCDIAG.LOG

If, there is lingering object in the DC, demote the DC & promote it back, because removing lingering object is not easy & successful in most of the instances,i prefer not to waste time, demote & promote is best way.

Regards

Awinish Vishwakarma| CHECK MY BLOG

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Tuesday, June 21, 2011 7:39 AM
0

Sign in to vote

I did dcdiag and all seems to be ok.

repadmin /showrepl :

Repadmin: running command /showrepl against full DC localhost

Default-First-Site-Name\server2008

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: c8ffc459-b6ee-4bc8-a108-d999baca5733

DSA invocationID: f7bc270d-19d2-4016-85c3-47bb6e48ea17

==== INBOUND NEIGHBORS ======================================

DC=sweet,DC=local

    Default-First-Site-Name\server2003 via RPC

        DSA object GUID: cc44535d-8465-432c-adda-8c4e3e1c8183

        Last attempt @ 2011-06-21 09:43:17 was successful.

CN=Configuration,DC=sweet,DC=local

    Default-First-Site-Name\server2003 via RPC

        DSA object GUID: cc44535d-8465-432c-adda-8c4e3e1c8183

        Last attempt @ 2011-06-21 09:38:40 was successful.

CN=Schema,CN=Configuration,DC=sweet,DC=local

    Default-First-Site-Name\server2003 via RPC

        DSA object GUID: cc44535d-8465-432c-adda-8c4e3e1c8183

        Last attempt @ 2011-06-21 08:47:27 was successful.

DC=DomainDnsZones,DC=sweet,DC=local

    Default-First-Site-Name\server2003 via RPC

        DSA object GUID: cc44535d-8465-432c-adda-8c4e3e1c8183

        Last attempt @ 2011-06-21 08:47:27 was successful.

DC=ForestDnsZones,DC=sweet,DC=local

    Default-First-Site-Name\server2003 via RPC

        DSA object GUID: cc44535d-8465-432c-adda-8c4e3e1c8183

        Last attempt @ 2011-06-21 08:47:27 was successful.

Tuesday, June 21, 2011 7:48 AM
0

Sign in to vote

Can you upload below info to skydrive, please don't post output here.

DCDIAG /V/C/D/E/S:DCNAME >C:\DCDIAG.LOG

http://explore.live.com/windows-live-skydrive

Please share below info too.

-No of Forest/domain,
-No of DC's with their OS & SP level,
-No of sites & bandwidth with them,
-DLF/FFL level.

Regards

Awinish Vishwakarma| CHECK MY BLOG

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Tuesday, June 21, 2011 8:28 AM
0

Sign in to vote

Link to DCDiAG:

https://skydrive.live.com/redir.aspx?cid=eb7e53d5e071bd29&resid=EB7E53D5E071BD29!102

-No of Forest/domain : 1

-No of DC's with their OS & SP level:

Server 2008 Standard 64Bits Service Pack 2

Server 2003 R2 64Bits Service Pack 2

-No of sites & bandwidth with them:

2 sites, each one in different cities

Main site with server 2008 (FSMO holder) 10Mb/s up and down

Remote site with server 2003 (second DC) 4Mb/s up and down

-DLF/FFL level:

DLF: was 2000 and I raise up now to 2003

Tuesday, June 21, 2011 9:11 AM
0

Sign in to vote

While clicking, i'm receving below error

This item might not exist or is no longer available

Make sure file is shared with public access.

Regards

Awinish Vishwakarma| CHECK MY BLOG

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Tuesday, June 21, 2011 9:42 AM
0

Sign in to vote

OK I make it public. Should be available.

Tuesday, June 21, 2011 10:01 AM
0

Sign in to vote

I found the DCdiag report is clean & windows 2008 DC is only pointing to itself in DNS, it should also point to windows 2003 DC as alternate DNS server since both DC are also DNS servers.For lingering object, you are required to use repadmin /removelingeringobjects Destination_DC_List SourceDCGUID NamingContextDN /advisory_mode

Regards

Awinish Vishwakarma| CHECK MY BLOG

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Tuesday, June 21, 2011 11:03 AM
0

Sign in to vote

Hello,

which event viewer error is listed for:

Starting test: FrsEvent

         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared. Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Warning Event occurred. EventID: 0x800034C8

            Time Generated: 06/20/2011   09:58:58

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = File Replication Service) could not be

            retrieved, error 0x3afc)

on Windows server 2008? And which one for:

Starting test: DFSREvent

         The DFS Replication Event Log.
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared. Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Warning Event occurred. EventID: 0x80000002

            Time Generated: 06/21/2011   05:10:21

            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x13d)

on Windows server 2003?

Please run adprep /rodcprep after everything is working again to prevent this error message in the output:

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

Please configure Windows server 2008 to use ONLY the old DC/DNS on the NIC as preferred and run ipconfig /flushdns and ipconfig /registerdns and restart the server.

Alos configure on each DNS server the forwarders to the ISPs DNS server.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Tuesday, June 21, 2011 11:05 AM
0

Sign in to vote

On 2008 it was for NtFrs EventID 13512 (after restarting ntfrs service) after that warning Information came up EventID 13516 that "The file replication service is no longer preventing the computer from becoming domain controller."

On 2003 server only error I see at this time is for POPcon service.

2008 Server is using the old DC/DNS which it is by it self. I'm going to setup forwarders on 2003 server.

Tuesday, June 21, 2011 12:03 PM
0

Sign in to vote

Hi,

Just to confirm that I had this issue today, did all the dc diag and repadmin checks. Lots of errors so demoted the dc and then promoted it again and everything is working fine again.

Thanks!

Craig

Monday, July 6, 2015 10:41 AM