none
Problem with replication on domain naming master

    Question

  • Hi we have problem with replication on one domain naming master, inbound replication is working , but outbound domain partition replication is blocked for about one month due to lingering object event 1988.

    I have run lingering object liqidator and found hundreds of lingering object in reference dcs which is healthy so i decide not to remove lingering objects from all healthy controller's. What should I do to resolve this problem?

    Thanks for help.

    OSO

    Tuesday, January 17, 2017 4:48 PM

All replies

  • you should run repadmin and remove the lingering objects to resolve the issue, best to compare with PDC and remove

    http://www.windowstricks.in/2009/07/removing-lingering-objects.html

    http://www.windowstricks.in/2009/07/how-to-find-domain-controller-that.html


    Regards www.windowstricks.in

    Tuesday, January 17, 2017 6:14 PM
  • Hi

     Follow the steps on the articles to remove lingering objects;

    https://technet.microsoft.com/en-us/library/cc794840(v=ws.10).aspx?f=255&mspperror=-2147217396

    https://technet.microsoft.com/en-us/library/cc949124(v=ws.10).aspx

    https://blogs.technet.microsoft.com/askds/2014/09/15/remove-lingering-objects-that-cause-ad-replication-error-8606-and-friends/

    Also verify dc's health with "dcdiag" for other issues.(tombstone lifetime errors,etc..)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, January 17, 2017 7:49 PM
  • hi logs from dcdiag and repadmin is here https://1drv.ms/f/s!Akm7pSaxh1iny6R41yXnEDjz5jShRQ
    Tuesday, January 17, 2017 8:44 PM
  • Hi,

    Please also check related firewall outbound rules and if you have configured the trust types<incoming only> if you have?

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 18, 2017 7:52 AM
    Moderator
  • Hi andy firewall is ok outbound connection is by default allowed, yes there is incoming trusts with old non existing nt4 domains this can be ignored.

    Probem is that this DC is primary DNS server for whole domain and also DHCP for main office, so disruption will be problem. I'm just thinking that force demote wil help in this situation what you think?

    OSO

    Wednesday, January 18, 2017 8:07 AM
  • Hi

     As you said force demotion is an option on your situation if you do this,then you should perform metadata cleanup;

    Metadata ;https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

    and also check for usn rollback isssue ; https://support.microsoft.com/en-us/kb/875495

    https://blogs.msmvps.com/acefekay/2013/10/17/windows-server-2012-ad-cloning-snapshot-support-preventing-usn-rollbacks/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by AshPoxon Wednesday, January 18, 2017 12:14 PM
    Wednesday, January 18, 2017 8:37 AM
  • Hi is there some problem that might occure with this force removal approach, that can cause whole AD became not operational?

    Thanks OSO

    Wednesday, January 18, 2017 2:09 PM
  • So you should fix that,when you forcefully demote this problematic dc then perfom metadata cleanup,all records should be remove from domain about this problematic dc.Finally you can add other clean install server as domain controller again.That's the procedure.

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, January 19, 2017 7:11 AM
  • Hi Burak during the force demote will be probably better take this DC off network because only domain partition is not replicate? I have plan to repromote this server again because this is primary DNS server for domain and lot of serveres has this fixed in network config. What else should I do

    1.wait for whole enterprise replication after metadata cleanup

    2. delete old database from disk

    3. what else?

    Thursday, January 19, 2017 8:02 AM
  • Thanks for advice force removal fixed replication problem :)
    Monday, January 23, 2017 2:56 PM