none
event ID 1864

    Question

  • Hello,

    I have 3 DC: DC-1, DC-2, and DC-3 (window server 2008R2) with domain and forest functional level 2008R2. There is only one domain MyDomain.local and all 3 DC are in one site. All three DC are global catalog and DNS servers.

    On all three DC I receive at every 24 hours the following error in Event Viewer, Directory Service log:
    --------------------------------------------------------------
     Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          3/22/2010 4:14:07 PM
    Event ID:      1864
    Task Category: Replication
    Level:         Error
    Keywords:      Classic
    User:          ANONYMOUS LOGON
    Computer:      DC-1.MyDomain.local
    Description:
    This is the replication status for the following directory partition on this directory server.
     Directory partition:
    CN=Schema,CN=Configuration,DC=MyDomain,DC=local
     This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals.
     More than 24 hours:
    1
    More than a week:
    1
    More than one month:
    0
    More than two months:
    0
    More than a tombstone lifetime:
    0
    Tombstone lifetime (days):
    180
     Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
     To identify the directory servers by name, use the dcdiag.exe tool.
    You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".

    --------------------------------------------------------------
     

    This error repeats three times for the following directory partitions:CN=Schema,CN=Configuration,DC=MyDomain,DC=local    CN=Configuration,DC=MyDomain,DC=local  and DC=MyDomain,DC=local

    The only place where I found a reference to an removed DC was in registry HKLM\System\CurrentControlSet\Services\NTDS\Parameters where the key “Src Root Domain Srv ” have the value of “CCTI-DC2.mydomain.local ”. CCTI-DC2 was an DC that was removed from the network with dcpromo. Please advise me what should I do with this key: delete or rename and put the name of actual PDC here?

     

    To identify the source of event ID 1864 and eliminate the cause in the last week I’ve done the following:

    1. Checked to see if there is a reference to a removed domain controller in:

    -           Active Directory site and services -> My_site -> Servers

    -          Active Directory users and computers -> Domain Controllers

    Everything is OK, there are listed only 3 DC that are functional.


    2. With ADSI Edit looked at CN=LostAnd Found that is empty .  Also checked CN=Topology,CN=Domain System Volume,CN=DFSR-Globalsettings,CN=System,DC=MyDomain,DC=local  where are listed only the 3 functional DC.


    3. Checked DNS and deleted any reference to an removed DC


    4. Checked NTDS with NTDSUTIL . As you can see from the output there are only 3 DC:
    --------------------------------------------------------------
    metadata cleanup: select operation target
    select operation target: list domains
    Found 1 domain(s)
    0 - DC= MyDomain,DC=local
    select operation target: select domain 0
    No current site
    Domain - DC=MyDomain,DC=local
    No current server
    No current Naming Context
    select operation target: list sites
    Found 1 site(s)
    0 - CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local
    select operation target: select site 0
    Site - CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local
    Domain - DC=MyDomain,DC=local
    No current server
    No current Naming Context
    select operation target: list servers in site
    Found 3 server(s)
    0 - CN=DC-3,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local

    1 - CN=DC-1,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local

    2 - CN=DC-2,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local

     --------------------------------------------------------------


    5.  Used repadmin/showreps on all 3 DC and everything is OK . Here is the output from the DC-1:
    --------------------------------------------------------------
    MySite\DC-1
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: 9f02251e-a27c-4c4f-864b-e2242fff6437
    DSA invocationID: a24a837b-2655-4c9b-94bb-cf6a235a4351

    ==== INBOUND NEIGHBORS ======================================

    DC=MyDomain,DC=local
        MySite\DC-3 via RPC
            DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
            Last attempt @ 2010-03-23 11:44:04 was successful.
        MySite\DC-2 via RPC
            DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
            Last attempt @ 2010-03-23 11:45:22 was successful.

    CN=Configuration,DC=MyDomain,DC=local
        MySite\DC-3 via RPC
            DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
            Last attempt @ 2010-03-23 10:59:01 was successful.
        MySite\DC-2 via RPC
            DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
            Last attempt @ 2010-03-23 10:59:01 was successful.

    CN=Schema,CN=Configuration,DC=MyDomain,DC=local
        MySite\DC-2 via RPC
            DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
            Last attempt @ 2010-03-23 10:59:02 was successful.
        MySite\DC-3 via RPC
            DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
            Last attempt @ 2010-03-23 10:59:02 was successful.

    DC=ForestDnsZones,DC=MyDomain,DC=local
        MySite\DC-2 via RPC
            DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
            Last attempt @ 2010-03-23 10:59:02 was successful.
        MySite\DC-3 via RPC
            DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
            Last attempt @ 2010-03-23 10:59:02 was successful.

    DC=DomainDnsZones,DC=MyDomain,DC=local
        MySite\DC-3 via RPC
            DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
            Last attempt @ 2010-03-23 10:59:02 was successful.
        MySite\DC-2 via RPC
            DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
            Last attempt @ 2010-03-23 10:59:02 was successful.

    --------------------------------------------------------------


    6. Run dcdiag an all 3 DC.
    All test are OK here are the output from DC1:
    --------------------------------------------------------------
     Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       Home Server = DC-1
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: MySite\DC-1
          Starting test: Connectivity
             ......................... DC-1 passed test Connectivity

    Doing primary tests

       Testing server: MySite\DC-1
          Starting test: Advertising
             ......................... DC-1 passed test Advertising
          Starting test: FrsEvent
             ......................... DC-1 passed test FrsEvent
          Starting test: DFSREvent
             ......................... DC-1 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... DC-1 passed test SysVolCheck
          Starting test: KccEvent
             ......................... DC-1 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... DC-1 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... DC-1 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... DC-1 passed test NCSecDesc
          Starting test: NetLogons
             ......................... DC-1 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... DC-1 passed test ObjectsReplicated
          Starting test: Replications
             ......................... DC-1 passed test Replications
          Starting test: RidManager
             ......................... DC-1 passed test RidManager
          Starting test: Services
             ......................... DC-1 passed test Services
          Starting test: SystemLog
             ......................... DC-1 passed test SystemLog
          Starting test: VerifyReferences
             ......................... DC-1 passed test VerifyReferences

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation
     
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation
     
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
            ......................... Schema passed test CrossRefValidation
     
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
     
       Running partition tests on : MyDomain
          Starting test: CheckSDRefDom
             ......................... MyDomain passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... MyDomain passed test CrossRefValidation

       Running enterprise tests on : mydomain.local
          Starting test: LocatorCheck
             ......................... MyDomain.local passed test LocatorCheck
          Starting test: Intersite
             ......................... MyDomain.local passed test Intersite

    --------------------------------------------------------------

     

    7. Checked with repadmin /showvector /latency … even here everything seems to be OK:
    --------------------------------------------------------------
    repadmin /showvector /latency CN=Schema,CN=Configuration,DC=MyDomain,DC=local
    Caching GUIDs.
    MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN  417853 @ Time 2010-02-27 15:49:00
    MySite\CCTI-DC1\0ADEL:7679d269-19c2-4440-9b6e-da597ae133b1 (deleted DSA) @ USN 503710 @ Time 2010-03-12 17:59:21
    MySite\CCTI-DC3\0ADEL:ed2133ee-8e57-4edf-8aff-c9635a1525c6 (deleted DSA) @ USN 110900 @ Time 2010-03-15 15:06:26
    MySite\DC1\0ADEL:4de8a1cf-b8eb-4297-a480-6bf8ac34c343 (deleted DSA) @ USN 22892 @ Time 2010-03-15 19:09:06
    MySite\DC3\0ADEL:1960fdc7-938e-4128-a0d4-ae152fe52284 (deleted DSA) @ USN 15079 @ Time 2010-03-17 12:37:27
    MySite\DC1\0ADEL:4de8a1cf-b8eb-4297-a480-6bf8ac34c343 (deleted DSA) @ USN 18718 @ Time 2010-03-17 13:32:45
    MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN 96683 @ Time 2010-03-17 19:20:50
    MySite\DC-2                    @ USN     39243 @ Time 2010-03-23 08:59:02
    MySite\DC-3                    @ USN     39370 @ Time 2010-03-23 08:59:02
    MySite\DC-1                    @ USN     37164 @ Time 2010-03-23 09:36:27

    --------------------------------------------------------------
     

    8. Checked in this forum for similar problems but I haven’t find a solution that work in my situation:

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/af95a256-4aeb-4780-b1af-cce3b6c1bcdd/

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ccae98d9-75cb-4988-8a1a-535b3e1bfeac

    http://social.technet.microsoft.com/Forums/fi-FI/winserverDS/thread/567922cd-9c0b-44db-bdbb-803fec000163

    9. So finally here I am …. any new idea how to get rid of this error would be really appreciated  :)

    Tuesday, March 23, 2010 12:25 PM

Answers

  • MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN  417853 @ Time 2010-02-27 15:49:00
    MySite\CCTI-DC1\0ADEL:7679d269-19c2-4440-9b6e-da597ae133b1 (deleted DSA) @ USN 503710 @ Time 2010-03-12 17:59:21
    MySite\CCTI-DC3\0ADEL:ed2133ee-8e57-4edf-8aff-c9635a1525c6 (deleted DSA) @ USN 110900 @ Time 2010-03-15 15:06:26
    MySite\DC1\0ADEL:4de8a1cf-b8eb-4297-a480-6bf8ac34c343 (deleted DSA) @ USN 22892 @ Time 2010-03-15 19:09:06
    MySite\DC3\0ADEL:1960fdc7-938e-4128-a0d4-ae152fe52284 (deleted DSA) @ USN 15079 @ Time 2010-03-17 12:37:27
    MySite\DC1\0ADEL:4de8a1cf-b8eb-4297-a480-6bf8ac34c343 (deleted DSA) @ USN 18718 @ Time 2010-03-17 13:32:45
    MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN 96683 @ Time 2010-03-17 19:20:50

    Ok, if the dates from repadmin /showvector /latency are correct, then these DC's were just recently deleted/removed from the domain....correct?  See dates above in bold, they indicate the last time replication took place for these DCs.

    These replication objects will not be delete until half the Tobmstone Lifetime has expired, which will be either 60 or 180 days.  The event ID 1864 will probably go away after that. 

    How to determine the tombstone lifetime for the forest
    http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20determine%20the%20tombstone%20lifetime%20for%20the%20forest.aspx

    Error messages occur after demoting and promoting a domain controller with the same name 
    http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/Error%20messages%20occur%20after%20demoting%20and%20promoting%20a%20domain%20controller%20with%20the%20same%20name.aspx

    • Marked as answer by florin_i Tuesday, March 23, 2010 9:22 PM
    • Unmarked as answer by florin_i Tuesday, March 23, 2010 9:22 PM
    • Marked as answer by florin_i Sunday, March 28, 2010 3:47 PM
    Tuesday, March 23, 2010 2:54 PM

All replies

  • Have you checked the loat and found container in the active directory

     

    Open the ADSI Edit MMC snap-in.

    1. On the Action menu, click Connect to.

    2. In the Connection Settings dialog box, in the Name field, enter a name for the ADSI connection. Under Connection Point, select Select a well known Naming Context, and then select Configuration in the drop-down menu. Click OK.

    3. In the left pane, double-click the Configuration object, and then double-click LostAndFoundConfig.

    4. In the right pane, delete all objects and containers. Right-click the object or container, click Delete, and then click Yes.

    5. Exit ADSI Edit.


    http://www.virmansec.com/blogs/skhairuddin
    Tuesday, March 23, 2010 12:50 PM
  • Hello,

    on all my tests deleted machines are not listed with there old name like yours:

    MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN  417853 @ Time 2010-02-27 15:49:00
    etc.

    in my domain all removed DCs are only listed with a GUI and not a name also in Windows server 2008 R2, where a DC is removed.

    Please check this article about lingering objects:

    http://support.microsoft.com/kb/910205

    So the repadmin /showrepl is error free on DC2 and DC3 also?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, March 23, 2010 12:53 PM
  • Syed,
    I followed your steps but there are no objects in LostAndFoundConfig.

    Meinolf,
    Yes, repadmin /showrepl are error free in DC-2 and DC-3 also. I just double check that.
    I've read the article about lingering objects but I don't know what to do next.

    Thanks for replay.

    Tuesday, March 23, 2010 1:35 PM
  • Have you tried restarting the DC after removing all the stale entries ?? just a thought try restarting and see if it works and also post

    DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log

     


    http://www.virmansec.com/blogs/skhairuddin
    Tuesday, March 23, 2010 1:39 PM
  • Yes, I have restarted all DC a few days ago.

    I can't put the output of the DCDIAG /V /C /D /E /s:dc-1 in this post because it seems is to big and I received an error when I try to do so.

    Tuesday, March 23, 2010 2:37 PM
  • Hello,

    you can use Windows sky drive for this with your Windows Live ID:

    http://skydrive.live.com


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, March 23, 2010 2:44 PM
  • MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN  417853 @ Time 2010-02-27 15:49:00
    MySite\CCTI-DC1\0ADEL:7679d269-19c2-4440-9b6e-da597ae133b1 (deleted DSA) @ USN 503710 @ Time 2010-03-12 17:59:21
    MySite\CCTI-DC3\0ADEL:ed2133ee-8e57-4edf-8aff-c9635a1525c6 (deleted DSA) @ USN 110900 @ Time 2010-03-15 15:06:26
    MySite\DC1\0ADEL:4de8a1cf-b8eb-4297-a480-6bf8ac34c343 (deleted DSA) @ USN 22892 @ Time 2010-03-15 19:09:06
    MySite\DC3\0ADEL:1960fdc7-938e-4128-a0d4-ae152fe52284 (deleted DSA) @ USN 15079 @ Time 2010-03-17 12:37:27
    MySite\DC1\0ADEL:4de8a1cf-b8eb-4297-a480-6bf8ac34c343 (deleted DSA) @ USN 18718 @ Time 2010-03-17 13:32:45
    MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN 96683 @ Time 2010-03-17 19:20:50

    Ok, if the dates from repadmin /showvector /latency are correct, then these DC's were just recently deleted/removed from the domain....correct?  See dates above in bold, they indicate the last time replication took place for these DCs.

    These replication objects will not be delete until half the Tobmstone Lifetime has expired, which will be either 60 or 180 days.  The event ID 1864 will probably go away after that. 

    How to determine the tombstone lifetime for the forest
    http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20determine%20the%20tombstone%20lifetime%20for%20the%20forest.aspx

    Error messages occur after demoting and promoting a domain controller with the same name 
    http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/Error%20messages%20occur%20after%20demoting%20and%20promoting%20a%20domain%20controller%20with%20the%20same%20name.aspx

    • Marked as answer by florin_i Tuesday, March 23, 2010 9:22 PM
    • Unmarked as answer by florin_i Tuesday, March 23, 2010 9:22 PM
    • Marked as answer by florin_i Sunday, March 28, 2010 3:47 PM
    Tuesday, March 23, 2010 2:54 PM
  • Hello,

    Thanks for the tip! Here is the link for the output of DCDIAG /V /C /D /E /s:dc-1

    http://cid-9a53e572c527419b.skydrive.live.com/self.aspx/.Public/dcdiag.log

     

    Gunner999

    Yes the dates are correct and these DC are recently removed. The tombstone lifetime for forest is 180 days. Thanks for the links but I don't have any errors specified in your link .

    Tuesday, March 23, 2010 3:02 PM
  • Hi

    I think your pain point here in DC-2 you need to review network configuration and network device for that server I think this sever drop some packets in sometimes not all times so check everything  related to network in that server (firewall, network card , network cable every thing

    Saturday, March 27, 2010 1:14 PM
  • Agree to sameh you dc-2 is having mis configured settings. Check the DNS settings other wise try restarting the server and see if it helps.
    http://www.virmansec.com/blogs/skhairuddin
    Saturday, March 27, 2010 4:00 PM
  • Thank you to all for replays.

    Finally I solved the problem by removing all objects from recycle bin and  tumbstoned objects.

     

    Monday, March 29, 2010 1:14 PM
  • Finally I solved the problem by removing all objects from recycle bin and  tumbstoned objects.

    can u explain how u do that?

    same scenario.. have 4 dc .. del dc 4... its still giving some error...

     

    Friday, August 20, 2010 6:25 AM
  • Finally I solved the problem by removing all objects from recycle bin and  tumbstoned objects.

    can u explain how u do that?

    same scenario.. have 4 dc .. del dc 4... its still giving some error...


    Hello,

    please create your ownposting with the situation on your system. Just because some problems look the same as from other posters ther solution must not apply to your system. So it is better to start a new thread and describe your problem with all error messages and output from the support tools.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Friday, August 20, 2010 6:45 AM
  • no mames wey
    Friday, May 16, 2014 5:10 PM
  • Hello,

    I had the same issue after migrate all my DC from 2008 server to 2012 server.

    Yo can clean the recycle bin with those powershell command :

    there is many objects form different types :

    ****** List objects :

    Find a filter to your DC name and replace It in the first command

    Get-ADObject -filter 'isDeleted -eq $true -and name -like "*DC*"' -includeDeletedObjects -property * |ft msds-lastKnownRdn,lastKnownParent -auto -wrap
    Get-ADObject -filter 'isDeleted -eq $true -and name -like "Domain*"' -includeDeletedObjects -property * |ft msds-lastKnownRdn,lastKnownParent -auto -wrap
    Get-ADObject -filter 'isDeleted -eq $true -and name -like "DFSR*"' -includeDeletedObjects -property * |ft msds-lastKnownRdn,lastKnownParent -auto -wrap
    Get-ADObject -filter 'isDeleted -eq $true -and name -like "RID*"' -includeDeletedObjects -property * | ft msds-lastKnownRdn,lastKnownParent -auto -wrap
    Get-ADObject -filter 'isDeleted -eq $true -and name -like "Sysvol*"' -includeDeletedObjects -property * | ft msds-lastKnownRdn,lastKnownParent -auto -wrap

    ****** Remove objects :

    Get-ADObject -filter 'isDeleted -eq $true -and name -like "*DC*"' -includeDeletedObjects -property * | Remove-ADObject -Confirm:$false
    Get-ADObject -filter 'isDeleted -eq $true -and name -like "Domain*"' -includeDeletedObjects -property * | Remove-ADObject -Confirm:$false
    Get-ADObject -filter 'isDeleted -eq $true -and name -like "DFSR*"' -includeDeletedObjects -property * | Remove-ADObject -Confirm:$false
    Get-ADObject -filter 'isDeleted -eq $true -and name -like "RID*"' -includeDeletedObjects -property * | Remove-ADObject -Confirm:$false
    Get-ADObject -filter 'isDeleted -eq $true -and name -like "Sysvol*"' -includeDeletedObjects -property * | Remove-ADObject -Confirm:$false

    Tuesday, June 21, 2016 3:20 PM
  • Dear All,

    We have faced same issue in Windows 2003 domain controllers when we introduced windows 2008 R2 domain controllers in same environment.

    Finally, we got the root cause of issue it was related with connections in AD Site and Services.

    As per our customer, we have to demote OS 2003 DC's and need to promote DC with same name and IP with OS 2008 R2.

    We deleted site connections of demoted DC's from those site which is having Windows 2003 domain controllers and manually created connection with OS 2008 R2 DC's, after 45 min, replication becomes healthy.


    Kirpal Singh

    Tuesday, July 19, 2016 4:56 AM