none
Replication Error 1988 after Sucessful Domain Controller Demotion

    Question

  • Hi. I demoted two 2003 domain controllers in site A that belong to domain A.

    Domain A now has three 2012R2 domain controllers.

    Two DC's are hosted in site A. One DC is hosted in a datacentre in site B. I have a replication issue on the DC hosted in the datacentre.

    [quote]

    Directory Service Event ID 1988
    Source domain controller:
    7a1dee19-9d5c-46ba-84cf-ee3a8a4ebcf9._msdcs.domain.com
    Object:
    CN=9b57d917-0e8e-4ef9-a175-1fe08fcfae01\0ADEL:f843400a-aa66-4412-883b-74fd88c449bb,CN=Deleted Objects,CN=Configuration,DC=domain,DC=com
    Object GUID:
    f843400a-aa66-4412-883b-74fd88c449bb

    DCDIAG /test:replications returns:

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = MYPROBLEMDC
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: SITEB\MYPROBLEMDC
          Starting test: Connectivity
             ......................... MYPROBLEMDC passed test Connectivity

    Doing primary tests

       Testing server: SITEB\MYPROBLEMDC
          Starting test: Replications
             [Replications Check,MYPROBLEMDC] A recent replication attempt failed:
                From DC1 to MYPROBLEMDC
                Naming Context: CN=Configuration,DC=domain,DC=com
                The replication generated an error (8606):
                Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.
                The failure occurred at 2017-02-22 18:04:01.
                The last success occurred at (never).
                222 failures have occurred since the last success.
             [Replications Check,MYPROBLEMDC] A recent replication attempt failed:
                From DC2 to MYPROBLEMDC
                Naming Context: CN=Configuration,DC=domain,DC=com
                The replication generated an error (8606):
                Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.
                The failure occurred at 2017-02-22 18:04:18.
                The last success occurred at (never).
                820 failures have occurred since the last success.
             ......................... MYPROBLEMDC failed test Replications


       Running partition tests on : DomainDnsZones

       Running partition tests on : nl

       Running partition tests on : ForestDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running enterprise tests on : domain.com

    C:\Windows\system32>

    [/quote]

    I have performed a metadata cleanup. Tombstone entries exist in NTDS settings under AD sites and services for the demoted DC's when viewed from the problem DC.

    Can anyone help with this issue, I have been working on it for a couple of days.

    Phil.

    Wednesday, February 22, 2017 5:21 PM

Answers

  • Hi

     Seems to u have lingering object issue(The replication generated an error (8606):,check the article and follow the steps to fix;

    https://support.microsoft.com/en-us/help/2028495/troubleshooting-ad-replication-error-8606-insufficient-attributes-were-given-to-create-an-object

    https://blogs.technet.microsoft.com/askds/2014/09/15/remove-lingering-objects-that-cause-ad-replication-error-8606-and-friends/           


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Beanie Hat Man Wednesday, February 22, 2017 9:10 PM
    Wednesday, February 22, 2017 7:29 PM

All replies

  • Hi

     Seems to u have lingering object issue(The replication generated an error (8606):,check the article and follow the steps to fix;

    https://support.microsoft.com/en-us/help/2028495/troubleshooting-ad-replication-error-8606-insufficient-attributes-were-given-to-create-an-object

    https://blogs.technet.microsoft.com/askds/2014/09/15/remove-lingering-objects-that-cause-ad-replication-error-8606-and-friends/           


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Beanie Hat Man Wednesday, February 22, 2017 9:10 PM
    Wednesday, February 22, 2017 7:29 PM
  • Thanks for the reply. I did try to remove lingering objects previous to my post via the command line but without success (possibly a syntax issue).

    The link below helped remove the lingering objects and replication now reports success.

    https://blogs.technet.microsoft.com/askds/2014/09/15/remove-lingering-objects-that-cause-ad-replication-error-8606-and-friends/   

    Phil.

    Wednesday, February 22, 2017 9:10 PM