Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Replication Errors
Replication Errors [message #367805] Thu, 14 January 2010 01:04 Go to next message
Jonathan Zaldivar  is currently offline Jonathan Zaldivar  United States
Messages: 14
Registered: November 2009
Junior Member
Hello,

I have 5 branches with DCs on each location and the one with the all the
FSMO role is our Corporate DC. I am having trouble clearing the replication
errors from all 5 branches because when I type in "net view \\DC" I get a
message that access was denied.

My plan of action was:

Shutdown all 5 DCs in each location then use ntdsutil to remove all of the 5
DCs instance from our Corporate DCs AD
Clean out the DNS on the Corporate DC in reference to all 5 DCs.
Bring up the 5 DCs and just connected to a hub not on the LAN, then dcpromo
using /forceremoval switch.
Remove from the DNS of the Corporate DC regarding the 5 DCs.
Reboot all 5 DCs and joined to the domain as a member server.
Dcpromo (promoted) all 5 DCs again.

I would like to know if this is the best solution if everything else fails.
Thank you in advance.
Re: Replication Errors [message #367810 is a reply to message #367805] Thu, 14 January 2010 01:14 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Jonathan,

Jonathan Zaldivar wrote:
> I have 5 branches with DCs on each location and the one with the all the
> FSMO role is our Corporate DC. I am having trouble clearing the replication
> errors from all 5 branches because when I type in "net view \\DC" I get a
> message that access was denied.

I wouldn't go down the hard route unless there's really reason to do so.
What do those DC event logs say? Did you restore the DCs recently? Have
you tried resetting the secure channel between the DCs?

Cheers,
Florian
Re: Replication Errors [message #367826 is a reply to message #367805] Thu, 14 January 2010 01:49 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jonathan,

What replication errors do you get, please be more specific. Your solution
is a really hard way and maybe not needed. Also describe what happens before
the errors start, crash, restore from unsupported way of backup?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello,
>
> I have 5 branches with DCs on each location and the one with the all
> the FSMO role is our Corporate DC. I am having trouble clearing the
> replication errors from all 5 branches because when I type in "net
> view \\DC" I get a message that access was denied.
>
> My plan of action was:
>
> Shutdown all 5 DCs in each location then use ntdsutil to remove all of
> the 5
> DCs instance from our Corporate DCs AD
> Clean out the DNS on the Corporate DC in reference to all 5 DCs.
> Bring up the 5 DCs and just connected to a hub not on the LAN, then
> dcpromo
> using /forceremoval switch.
> Remove from the DNS of the Corporate DC regarding the 5 DCs.
> Reboot all 5 DCs and joined to the domain as a member server.
> Dcpromo (promoted) all 5 DCs again.
> I would like to know if this is the best solution if everything else
> fails. Thank you in advance.
>
Re: Replication Errors [message #368222 is a reply to message #367826] Thu, 14 January 2010 11:27 Go to previous messageGo to next message
Jonathan Zaldivar  is currently offline Jonathan Zaldivar  United States
Messages: 14
Registered: November 2009
Junior Member
I apologize for lack of information, so I will write the errors for all the
event ids.

Directory Service Logs
Event ID: 2042 Source: NTDS Replication
Event ID: 1311 Source: NTDS KCC
Event ID: 1925 Source: NTDS KCC

System Logs
Event ID: 4 Source: Kerberos

File Replication Logs:
Event ID: 13559 Source: NtFrs

When running repadmin /showreps I get the following:

KCC could not add this REPLICA LINK due to error.

The target principal name is incorrect







"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
> Hello Jonathan,
>
> What replication errors do you get, please be more specific. Your solution
> is a really hard way and maybe not needed. Also describe what happens
> before the errors start, crash, restore from unsupported way of backup?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hello,
>>
>> I have 5 branches with DCs on each location and the one with the all
>> the FSMO role is our Corporate DC. I am having trouble clearing the
>> replication errors from all 5 branches because when I type in "net
>> view \\DC" I get a message that access was denied.
>>
>> My plan of action was:
>>
>> Shutdown all 5 DCs in each location then use ntdsutil to remove all of
>> the 5
>> DCs instance from our Corporate DCs AD
>> Clean out the DNS on the Corporate DC in reference to all 5 DCs.
>> Bring up the 5 DCs and just connected to a hub not on the LAN, then
>> dcpromo
>> using /forceremoval switch.
>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>> Reboot all 5 DCs and joined to the domain as a member server.
>> Dcpromo (promoted) all 5 DCs again.
>> I would like to know if this is the best solution if everything else
>> fails. Thank you in advance.
>>
>
>
Re: Replication Errors [message #368227 is a reply to message #368222] Thu, 14 January 2010 11:43 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jonathan,

Sounds that some DCs are over the tombstone lifetime. Please post an unedited
dcdiag /v, repadmin /showrepl and netdiag from each DC.

Also check this page where you will find all your Event IDs:
http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I apologize for lack of information, so I will write the errors for
> all the event ids.
>
> Directory Service Logs
> Event ID: 2042 Source: NTDS Replication
> Event ID: 1311 Source: NTDS KCC
> Event ID: 1925 Source: NTDS KCC
> System Logs
> Event ID: 4 Source: Kerberos
> File Replication Logs:
> Event ID: 13559 Source: NtFrs
> When running repadmin /showreps I get the following:
>
> KCC could not add this REPLICA LINK due to error.
>
> The target principal name is incorrect
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>
>> Hello Jonathan,
>>
>> What replication errors do you get, please be more specific. Your
>> solution is a really hard way and maybe not needed. Also describe
>> what happens before the errors start, crash, restore from unsupported
>> way of backup?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello,
>>>
>>> I have 5 branches with DCs on each location and the one with the all
>>> the FSMO role is our Corporate DC. I am having trouble clearing the
>>> replication errors from all 5 branches because when I type in "net
>>> view \\DC" I get a message that access was denied.
>>>
>>> My plan of action was:
>>>
>>> Shutdown all 5 DCs in each location then use ntdsutil to remove all
>>> of
>>> the 5
>>> DCs instance from our Corporate DCs AD
>>> Clean out the DNS on the Corporate DC in reference to all 5 DCs.
>>> Bring up the 5 DCs and just connected to a hub not on the LAN, then
>>> dcpromo
>>> using /forceremoval switch.
>>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>>> Reboot all 5 DCs and joined to the domain as a member server.
>>> Dcpromo (promoted) all 5 DCs again.
>>> I would like to know if this is the best solution if everything else
>>> fails. Thank you in advance.
Re: Replication Errors [message #368299 is a reply to message #368227] Thu, 14 January 2010 12:49 Go to previous messageGo to next message
Jonathan Zaldivar  is currently offline Jonathan Zaldivar  United States
Messages: 14
Registered: November 2009
Junior Member
I've attached the logs in a zip file. Thank you for all your help.


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dc4708cc63690bbcd144@msnews.microsoft.com...
> Hello Jonathan,
>
> Sounds that some DCs are over the tombstone lifetime. Please post an
> unedited
> dcdiag /v, repadmin /showrepl and netdiag from each DC.
>
> Also check this page where you will find all your Event IDs:
> http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
>> I apologize for lack of information, so I will write the errors for
>> all the event ids.
>>
>> Directory Service Logs
>> Event ID: 2042 Source: NTDS Replication
>> Event ID: 1311 Source: NTDS KCC
>> Event ID: 1925 Source: NTDS KCC
>> System Logs
>> Event ID: 4 Source: Kerberos
>> File Replication Logs:
>> Event ID: 13559 Source: NtFrs
>> When running repadmin /showreps I get the following:
>>
>> KCC could not add this REPLICA LINK due to error.
>>
>> The target principal name is incorrect
>>
>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>> news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>>
>>> Hello Jonathan,
>>>
>>> What replication errors do you get, please be more specific. Your
>>> solution is a really hard way and maybe not needed. Also describe
>>> what happens before the errors start, crash, restore from unsupported
>>> way of backup?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Hello,
>>>>
>>>> I have 5 branches with DCs on each location and the one with the all
>>>> the FSMO role is our Corporate DC. I am having trouble clearing the
>>>> replication errors from all 5 branches because when I type in "net
>>>> view \\DC" I get a message that access was denied.
>>>>
>>>> My plan of action was:
>>>>
>>>> Shutdown all 5 DCs in each location then use ntdsutil to remove all
>>>> of
>>>> the 5
>>>> DCs instance from our Corporate DCs AD
>>>> Clean out the DNS on the Corporate DC in reference to all 5 DCs.
>>>> Bring up the 5 DCs and just connected to a hub not on the LAN, then
>>>> dcpromo
>>>> using /forceremoval switch.
>>>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>>>> Reboot all 5 DCs and joined to the domain as a member server.
>>>> Dcpromo (promoted) all 5 DCs again.
>>>> I would like to know if this is the best solution if everything else
>>>> fails. Thank you in advance.
>
>


Re: Replication Errors [message #368316 is a reply to message #368299] Thu, 14 January 2010 13:09 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jonathan,

Your DC "NCS18" has got the last replication 2008-11-05, over ONE year ago,
form all other DCs according to the dcdiag output. Is that the only DC with
replication errors or did the others also have them.

Please post the complete unedited repadmin /showrepl from EACH DC in the
domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I've attached the logs in a zip file. Thank you for all your help.
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911dc4708cc63690bbcd144@msnews.microsoft.com...
>
>> Hello Jonathan,
>>
>> Sounds that some DCs are over the tombstone lifetime. Please post an
>> unedited
>> dcdiag /v, repadmin /showrepl and netdiag from each DC.
>> Also check this page where you will find all your Event IDs:
>> http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I apologize for lack of information, so I will write the errors for
>>> all the event ids.
>>>
>>> Directory Service Logs
>>> Event ID: 2042 Source: NTDS Replication
>>> Event ID: 1311 Source: NTDS KCC
>>> Event ID: 1925 Source: NTDS KCC
>>> System Logs
>>> Event ID: 4 Source: Kerberos
>>> File Replication Logs:
>>> Event ID: 13559 Source: NtFrs
>>> When running repadmin /showreps I get the following:
>>> KCC could not add this REPLICA LINK due to error.
>>>
>>> The target principal name is incorrect
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>> news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>>>
>>>> Hello Jonathan,
>>>>
>>>> What replication errors do you get, please be more specific. Your
>>>> solution is a really hard way and maybe not needed. Also describe
>>>> what happens before the errors start, crash, restore from
>>>> unsupported way of backup?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Hello,
>>>>>
>>>>> I have 5 branches with DCs on each location and the one with the
>>>>> all the FSMO role is our Corporate DC. I am having trouble
>>>>> clearing the replication errors from all 5 branches because when I
>>>>> type in "net view \\DC" I get a message that access was denied.
>>>>>
>>>>> My plan of action was:
>>>>>
>>>>> Shutdown all 5 DCs in each location then use ntdsutil to remove
>>>>> all
>>>>> of
>>>>> the 5
>>>>> DCs instance from our Corporate DCs AD
>>>>> Clean out the DNS on the Corporate DC in reference to all 5 DCs.
>>>>> Bring up the 5 DCs and just connected to a hub not on the LAN,
>>>>> then
>>>>> dcpromo
>>>>> using /forceremoval switch.
>>>>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>>>>> Reboot all 5 DCs and joined to the domain as a member server.
>>>>> Dcpromo (promoted) all 5 DCs again.
>>>>> I would like to know if this is the best solution if everything
>>>>> else
>>>>> fails. Thank you in advance.
Re: Replication Errors [message #368424 is a reply to message #368316] Thu, 14 January 2010 15:10 Go to previous messageGo to next message
Jonathan Zaldivar  is currently offline Jonathan Zaldivar  United States
Messages: 14
Registered: November 2009
Junior Member
The server was place in storage so the tomstone lifetime is over a year now.
The NCS01 server is Windows 2000 so the repadmin /showrepl does not work. I
used a diferent switch /showreps. I hope this helps and thank you again for
the help.


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dc48b8cc6374ff54de70@msnews.microsoft.com...
> Hello Jonathan,
>
> Your DC "NCS18" has got the last replication 2008-11-05, over ONE year
> ago,
> form all other DCs according to the dcdiag output. Is that the only DC
> with
> replication errors or did the others also have them.
>
> Please post the complete unedited repadmin /showrepl from EACH DC in the
> domain.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
>> I've attached the logs in a zip file. Thank you for all your help.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>> news:6cb2911dc4708cc63690bbcd144@msnews.microsoft.com...
>>
>>> Hello Jonathan,
>>>
>>> Sounds that some DCs are over the tombstone lifetime. Please post an
>>> unedited
>>> dcdiag /v, repadmin /showrepl and netdiag from each DC.
>>> Also check this page where you will find all your Event IDs:
>>> http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers
>>> no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> I apologize for lack of information, so I will write the errors for
>>>> all the event ids.
>>>>
>>>> Directory Service Logs
>>>> Event ID: 2042 Source: NTDS Replication
>>>> Event ID: 1311 Source: NTDS KCC
>>>> Event ID: 1925 Source: NTDS KCC
>>>> System Logs
>>>> Event ID: 4 Source: Kerberos
>>>> File Replication Logs:
>>>> Event ID: 13559 Source: NtFrs
>>>> When running repadmin /showreps I get the following:
>>>> KCC could not add this REPLICA LINK due to error.
>>>>
>>>> The target principal name is incorrect
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>>> news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>>>>
>>>>> Hello Jonathan,
>>>>>
>>>>> What replication errors do you get, please be more specific. Your
>>>>> solution is a really hard way and maybe not needed. Also describe
>>>>> what happens before the errors start, crash, restore from
>>>>> unsupported way of backup?
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Hello,
>>>>>>
>>>>>> I have 5 branches with DCs on each location and the one with the
>>>>>> all the FSMO role is our Corporate DC. I am having trouble
>>>>>> clearing the replication errors from all 5 branches because when I
>>>>>> type in "net view \\DC" I get a message that access was denied.
>>>>>>
>>>>>> My plan of action was:
>>>>>>
>>>>>> Shutdown all 5 DCs in each location then use ntdsutil to remove
>>>>>> all
>>>>>> of
>>>>>> the 5
>>>>>> DCs instance from our Corporate DCs AD
>>>>>> Clean out the DNS on the Corporate DC in reference to all 5 DCs.
>>>>>> Bring up the 5 DCs and just connected to a hub not on the LAN,
>>>>>> then
>>>>>> dcpromo
>>>>>> using /forceremoval switch.
>>>>>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>>>>>> Reboot all 5 DCs and joined to the domain as a member server.
>>>>>> Dcpromo (promoted) all 5 DCs again.
>>>>>> I would like to know if this is the best solution if everything
>>>>>> else
>>>>>> fails. Thank you in advance.
>
>


  • Attachment: Repadmin.zip
    (Size: 4.56KB, Downloaded 53 times)
Re: Replication Errors [message #368658 is a reply to message #368424] Thu, 14 January 2010 21:16 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jonathan Zaldivar" <jczaldivar1@verizon.net> wrote in message
news:%23gamcZWlKHA.1540@TK2MSFTNGP06.phx.gbl...
> The server was place in storage so the tomstone lifetime is over a year
> now. The NCS01 server is Windows 2000 so the repadmin /showrepl does not
> work. I used a diferent switch /showreps. I hope this helps and thank you
> again for the help.
>


As Meinolf indicated, it seems NCS18 is the culprit and the only DC that
needs to be cleaned out of AD. If it was placed in storage wihtout properly
demoting it, for whatever reason, it's pretty much useless, I'm sorry to
say. The best course of action is to keep it unplugged, and run a Metadata
Cleanup removing its reference from the current AD database.

How to remove data in Active Directory after an unsuccessful domain
controller demotion Windows 2000 and 2003
http://support.microsoft.com/kb/216498

or

Cleanup Metadata Windows 2003
http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

As for NCS18, the best course of action is to wipe and rebuild it from
scratch and promote it back into the domain.

If possible, we would like to see an ipconfig /all from each of your
remaining DCs. This will help us evaluate your current DNS resolver and DCs
for any configuration errors or mis-configurations.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.
Re: Replication Errors [message #368710 is a reply to message #368424] Thu, 14 January 2010 23:23 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jonathan,

Correct on windows 2000 /showreps is used. You should never disconnect a
DC over the tombstone lifetime, so as you are having multiple DCs, kick out
that NCS18 according to the article posted form Ace.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> The server was place in storage so the tomstone lifetime is over a
> year now. The NCS01 server is Windows 2000 so the repadmin /showrepl
> does not work. I used a diferent switch /showreps. I hope this helps
> and thank you again for the help.
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911dc48b8cc6374ff54de70@msnews.microsoft.com...
>
>> Hello Jonathan,
>>
>> Your DC "NCS18" has got the last replication 2008-11-05, over ONE
>> year
>> ago,
>> form all other DCs according to the dcdiag output. Is that the only
>> DC
>> with
>> replication errors or did the others also have them.
>> Please post the complete unedited repadmin /showrepl from EACH DC in
>> the domain.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I've attached the logs in a zip file. Thank you for all your help.
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>> news:6cb2911dc4708cc63690bbcd144@msnews.microsoft.com...
>>>
>>>> Hello Jonathan,
>>>>
>>>> Sounds that some DCs are over the tombstone lifetime. Please post
>>>> an
>>>> unedited
>>>> dcdiag /v, repadmin /showrepl and netdiag from each DC.
>>>> Also check this page where you will find all your Event IDs:
>>>> http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> I apologize for lack of information, so I will write the errors
>>>>> for all the event ids.
>>>>>
>>>>> Directory Service Logs
>>>>> Event ID: 2042 Source: NTDS Replication
>>>>> Event ID: 1311 Source: NTDS KCC
>>>>> Event ID: 1925 Source: NTDS KCC
>>>>> System Logs
>>>>> Event ID: 4 Source: Kerberos
>>>>> File Replication Logs:
>>>>> Event ID: 13559 Source: NtFrs
>>>>> When running repadmin /showreps I get the following:
>>>>> KCC could not add this REPLICA LINK due to error.
>>>>> The target principal name is incorrect
>>>>>
>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>>>> news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>>>>>
>>>>>> Hello Jonathan,
>>>>>>
>>>>>> What replication errors do you get, please be more specific. Your
>>>>>> solution is a really hard way and maybe not needed. Also describe
>>>>>> what happens before the errors start, crash, restore from
>>>>>> unsupported way of backup?
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> Hello,
>>>>>>>
>>>>>>> I have 5 branches with DCs on each location and the one with the
>>>>>>> all the FSMO role is our Corporate DC. I am having trouble
>>>>>>> clearing the replication errors from all 5 branches because when
>>>>>>> I type in "net view \\DC" I get a message that access was
>>>>>>> denied.
>>>>>>>
>>>>>>> My plan of action was:
>>>>>>>
>>>>>>> Shutdown all 5 DCs in each location then use ntdsutil to remove
>>>>>>> all
>>>>>>> of
>>>>>>> the 5
>>>>>>> DCs instance from our Corporate DCs AD
>>>>>>> Clean out the DNS on the Corporate DC in reference to all 5 DCs.
>>>>>>> Bring up the 5 DCs and just connected to a hub not on the LAN,
>>>>>>> then
>>>>>>> dcpromo
>>>>>>> using /forceremoval switch.
>>>>>>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>>>>>>> Reboot all 5 DCs and joined to the domain as a member server.
>>>>>>> Dcpromo (promoted) all 5 DCs again.
>>>>>>> I would like to know if this is the best solution if everything
>>>>>>> else
>>>>>>> fails. Thank you in advance.
Re: Replication Errors [message #368722 is a reply to message #368710] Fri, 15 January 2010 00:08 Go to previous messageGo to next message
Jonathan Zaldivar  is currently offline Jonathan Zaldivar  United States
Messages: 14
Registered: November 2009
Junior Member
NCS18 has all the 5 FSMO roles so if I unplugged how can I create a new
domain controller with the original setup and connect the other remaining 5
DCs. Thank you.

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dc5018cc63cad52bc732@msnews.microsoft.com...
> Hello Jonathan,
>
> Correct on windows 2000 /showreps is used. You should never disconnect a
> DC over the tombstone lifetime, so as you are having multiple DCs, kick
> out that NCS18 according to the article posted form Ace.
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> The server was place in storage so the tomstone lifetime is over a
>> year now. The NCS01 server is Windows 2000 so the repadmin /showrepl
>> does not work. I used a diferent switch /showreps. I hope this helps
>> and thank you again for the help.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>> news:6cb2911dc48b8cc6374ff54de70@msnews.microsoft.com...
>>
>>> Hello Jonathan,
>>>
>>> Your DC "NCS18" has got the last replication 2008-11-05, over ONE
>>> year
>>> ago,
>>> form all other DCs according to the dcdiag output. Is that the only
>>> DC
>>> with
>>> replication errors or did the others also have them.
>>> Please post the complete unedited repadmin /showrepl from EACH DC in
>>> the domain.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers
>>> no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> I've attached the logs in a zip file. Thank you for all your help.
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>>> news:6cb2911dc4708cc63690bbcd144@msnews.microsoft.com...
>>>>
>>>>> Hello Jonathan,
>>>>>
>>>>> Sounds that some DCs are over the tombstone lifetime. Please post
>>>>> an
>>>>> unedited
>>>>> dcdiag /v, repadmin /showrepl and netdiag from each DC.
>>>>> Also check this page where you will find all your Event IDs:
>>>>> http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers
>>>>> no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> I apologize for lack of information, so I will write the errors
>>>>>> for all the event ids.
>>>>>>
>>>>>> Directory Service Logs
>>>>>> Event ID: 2042 Source: NTDS Replication
>>>>>> Event ID: 1311 Source: NTDS KCC
>>>>>> Event ID: 1925 Source: NTDS KCC
>>>>>> System Logs
>>>>>> Event ID: 4 Source: Kerberos
>>>>>> File Replication Logs:
>>>>>> Event ID: 13559 Source: NtFrs
>>>>>> When running repadmin /showreps I get the following:
>>>>>> KCC could not add this REPLICA LINK due to error.
>>>>>> The target principal name is incorrect
>>>>>>
>>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>>>>> news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>>>>>>
>>>>>>> Hello Jonathan,
>>>>>>>
>>>>>>> What replication errors do you get, please be more specific. Your
>>>>>>> solution is a really hard way and maybe not needed. Also describe
>>>>>>> what happens before the errors start, crash, restore from
>>>>>>> unsupported way of backup?
>>>>>>>
>>>>>>> Best regards
>>>>>>>
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I have 5 branches with DCs on each location and the one with the
>>>>>>>> all the FSMO role is our Corporate DC. I am having trouble
>>>>>>>> clearing the replication errors from all 5 branches because when
>>>>>>>> I type in "net view \\DC" I get a message that access was
>>>>>>>> denied.
>>>>>>>>
>>>>>>>> My plan of action was:
>>>>>>>>
>>>>>>>> Shutdown all 5 DCs in each location then use ntdsutil to remove
>>>>>>>> all
>>>>>>>> of
>>>>>>>> the 5
>>>>>>>> DCs instance from our Corporate DCs AD
>>>>>>>> Clean out the DNS on the Corporate DC in reference to all 5 DCs.
>>>>>>>> Bring up the 5 DCs and just connected to a hub not on the LAN,
>>>>>>>> then
>>>>>>>> dcpromo
>>>>>>>> using /forceremoval switch.
>>>>>>>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>>>>>>>> Reboot all 5 DCs and joined to the domain as a member server.
>>>>>>>> Dcpromo (promoted) all 5 DCs again.
>>>>>>>> I would like to know if this is the best solution if everything
>>>>>>>> else
>>>>>>>> fails. Thank you in advance.
>
>
Re: Replication Errors [message #368739 is a reply to message #368722] Fri, 15 January 2010 00:55 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jonathan,

Disconnect NCS18 from the network, now seize the FSMO roles to one of the
other DCs and then do the metadata cleanup. Then format the "broken" machine
and completely reinstall it from scratch. As you have run the cleanup according
to:
http://support.microsoft.com/kb/555846/en-us

you can now use the old name again. Also make sure that the other DCs are
also Global catalog server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> NCS18 has all the 5 FSMO roles so if I unplugged how can I create a
> new domain controller with the original setup and connect the other
> remaining 5 DCs. Thank you.
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911dc5018cc63cad52bc732@msnews.microsoft.com...
>
>> Hello Jonathan,
>>
>> Correct on windows 2000 /showreps is used. You should never
>> disconnect a
>> DC over the tombstone lifetime, so as you are having multiple DCs,
>> kick
>> out that NCS18 according to the article posted form Ace.
>> Best regards
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> The server was place in storage so the tomstone lifetime is over a
>>> year now. The NCS01 server is Windows 2000 so the repadmin /showrepl
>>> does not work. I used a diferent switch /showreps. I hope this helps
>>> and thank you again for the help.
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>> news:6cb2911dc48b8cc6374ff54de70@msnews.microsoft.com...
>>>
>>>> Hello Jonathan,
>>>>
>>>> Your DC "NCS18" has got the last replication 2008-11-05, over ONE
>>>> year
>>>> ago,
>>>> form all other DCs according to the dcdiag output. Is that the only
>>>> DC
>>>> with
>>>> replication errors or did the others also have them.
>>>> Please post the complete unedited repadmin /showrepl from EACH DC
>>>> in
>>>> the domain.
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> I've attached the logs in a zip file. Thank you for all your help.
>>>>>
>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>>>> news:6cb2911dc4708cc63690bbcd144@msnews.microsoft.com...
>>>>>
>>>>>> Hello Jonathan,
>>>>>>
>>>>>> Sounds that some DCs are over the tombstone lifetime. Please post
>>>>>> an
>>>>>> unedited
>>>>>> dcdiag /v, repadmin /showrepl and netdiag from each DC.
>>>>>> Also check this page where you will find all your Event IDs:
>>>>>> http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx
>>>>>> Best regards
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers
>>>>>> no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> I apologize for lack of information, so I will write the errors
>>>>>>> for all the event ids.
>>>>>>>
>>>>>>> Directory Service Logs
>>>>>>> Event ID: 2042 Source: NTDS Replication
>>>>>>> Event ID: 1311 Source: NTDS KCC
>>>>>>> Event ID: 1925 Source: NTDS KCC
>>>>>>> System Logs
>>>>>>> Event ID: 4 Source: Kerberos
>>>>>>> File Replication Logs:
>>>>>>> Event ID: 13559 Source: NtFrs
>>>>>>> When running repadmin /showreps I get the following:
>>>>>>> KCC could not add this REPLICA LINK due to error.
>>>>>>> The target principal name is incorrect
>>>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in
>>>>>>> message news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>>>>>>>
>>>>>>>> Hello Jonathan,
>>>>>>>>
>>>>>>>> What replication errors do you get, please be more specific.
>>>>>>>> Your solution is a really hard way and maybe not needed. Also
>>>>>>>> describe what happens before the errors start, crash, restore
>>>>>>>> from unsupported way of backup?
>>>>>>>>
>>>>>>>> Best regards
>>>>>>>>
>>>>>>>> Meinolf Weber
>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>> warranties,
>>>>>>>> and
>>>>>>>> confers no rights.
>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>> ** HELP us help YOU!!!
>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I have 5 branches with DCs on each location and the one with
>>>>>>>>> the all the FSMO role is our Corporate DC. I am having trouble
>>>>>>>>> clearing the replication errors from all 5 branches because
>>>>>>>>> when I type in "net view \\DC" I get a message that access was
>>>>>>>>> denied.
>>>>>>>>>
>>>>>>>>> My plan of action was:
>>>>>>>>>
>>>>>>>>> Shutdown all 5 DCs in each location then use ntdsutil to
>>>>>>>>> remove
>>>>>>>>> all
>>>>>>>>> of
>>>>>>>>> the 5
>>>>>>>>> DCs instance from our Corporate DCs AD
>>>>>>>>> Clean out the DNS on the Corporate DC in reference to all 5
>>>>>>>>> DCs.
>>>>>>>>> Bring up the 5 DCs and just connected to a hub not on the LAN,
>>>>>>>>> then
>>>>>>>>> dcpromo
>>>>>>>>> using /forceremoval switch.
>>>>>>>>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>>>>>>>>> Reboot all 5 DCs and joined to the domain as a member server.
>>>>>>>>> Dcpromo (promoted) all 5 DCs again.
>>>>>>>>> I would like to know if this is the best solution if
>>>>>>>>> everything
>>>>>>>>> else
>>>>>>>>> fails. Thank you in advance.
Re: Replication Errors [message #369172 is a reply to message #368739] Fri, 15 January 2010 11:58 Go to previous messageGo to next message
Jonathan Zaldivar  is currently offline Jonathan Zaldivar  United States
Messages: 14
Registered: November 2009
Junior Member
What if I transfer it to a DC not realizing that it does not have DNS
installed becasue it was an acquired network?


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dc50a8cc63d7aa1283da@msnews.microsoft.com...
> Hello Jonathan,
>
> Disconnect NCS18 from the network, now seize the FSMO roles to one of the
> other DCs and then do the metadata cleanup. Then format the "broken"
> machine and completely reinstall it from scratch. As you have run the
> cleanup according to:
> http://support.microsoft.com/kb/555846/en-us
>
> you can now use the old name again. Also make sure that the other DCs are
> also Global catalog server.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> NCS18 has all the 5 FSMO roles so if I unplugged how can I create a
>> new domain controller with the original setup and connect the other
>> remaining 5 DCs. Thank you.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>> news:6cb2911dc5018cc63cad52bc732@msnews.microsoft.com...
>>
>>> Hello Jonathan,
>>>
>>> Correct on windows 2000 /showreps is used. You should never
>>> disconnect a
>>> DC over the tombstone lifetime, so as you are having multiple DCs,
>>> kick
>>> out that NCS18 according to the article posted form Ace.
>>> Best regards
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> The server was place in storage so the tomstone lifetime is over a
>>>> year now. The NCS01 server is Windows 2000 so the repadmin /showrepl
>>>> does not work. I used a diferent switch /showreps. I hope this helps
>>>> and thank you again for the help.
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>>> news:6cb2911dc48b8cc6374ff54de70@msnews.microsoft.com...
>>>>
>>>>> Hello Jonathan,
>>>>>
>>>>> Your DC "NCS18" has got the last replication 2008-11-05, over ONE
>>>>> year
>>>>> ago,
>>>>> form all other DCs according to the dcdiag output. Is that the only
>>>>> DC
>>>>> with
>>>>> replication errors or did the others also have them.
>>>>> Please post the complete unedited repadmin /showrepl from EACH DC
>>>>> in
>>>>> the domain.
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers
>>>>> no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> I've attached the logs in a zip file. Thank you for all your help.
>>>>>>
>>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>>>>> news:6cb2911dc4708cc63690bbcd144@msnews.microsoft.com...
>>>>>>
>>>>>>> Hello Jonathan,
>>>>>>>
>>>>>>> Sounds that some DCs are over the tombstone lifetime. Please post
>>>>>>> an
>>>>>>> unedited
>>>>>>> dcdiag /v, repadmin /showrepl and netdiag from each DC.
>>>>>>> Also check this page where you will find all your Event IDs:
>>>>>>> http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx
>>>>>>> Best regards
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers
>>>>>>> no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> I apologize for lack of information, so I will write the errors
>>>>>>>> for all the event ids.
>>>>>>>>
>>>>>>>> Directory Service Logs
>>>>>>>> Event ID: 2042 Source: NTDS Replication
>>>>>>>> Event ID: 1311 Source: NTDS KCC
>>>>>>>> Event ID: 1925 Source: NTDS KCC
>>>>>>>> System Logs
>>>>>>>> Event ID: 4 Source: Kerberos
>>>>>>>> File Replication Logs:
>>>>>>>> Event ID: 13559 Source: NtFrs
>>>>>>>> When running repadmin /showreps I get the following:
>>>>>>>> KCC could not add this REPLICA LINK due to error.
>>>>>>>> The target principal name is incorrect
>>>>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in
>>>>>>>> message news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>>>>>>>>
>>>>>>>>> Hello Jonathan,
>>>>>>>>>
>>>>>>>>> What replication errors do you get, please be more specific.
>>>>>>>>> Your solution is a really hard way and maybe not needed. Also
>>>>>>>>> describe what happens before the errors start, crash, restore
>>>>>>>>> from unsupported way of backup?
>>>>>>>>>
>>>>>>>>> Best regards
>>>>>>>>>
>>>>>>>>> Meinolf Weber
>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>> warranties,
>>>>>>>>> and
>>>>>>>>> confers no rights.
>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> I have 5 branches with DCs on each location and the one with
>>>>>>>>>> the all the FSMO role is our Corporate DC. I am having trouble
>>>>>>>>>> clearing the replication errors from all 5 branches because
>>>>>>>>>> when I type in "net view \\DC" I get a message that access was
>>>>>>>>>> denied.
>>>>>>>>>>
>>>>>>>>>> My plan of action was:
>>>>>>>>>>
>>>>>>>>>> Shutdown all 5 DCs in each location then use ntdsutil to
>>>>>>>>>> remove
>>>>>>>>>> all
>>>>>>>>>> of
>>>>>>>>>> the 5
>>>>>>>>>> DCs instance from our Corporate DCs AD
>>>>>>>>>> Clean out the DNS on the Corporate DC in reference to all 5
>>>>>>>>>> DCs.
>>>>>>>>>> Bring up the 5 DCs and just connected to a hub not on the LAN,
>>>>>>>>>> then
>>>>>>>>>> dcpromo
>>>>>>>>>> using /forceremoval switch.
>>>>>>>>>> Remove from the DNS of the Corporate DC regarding the 5 DCs.
>>>>>>>>>> Reboot all 5 DCs and joined to the domain as a member server.
>>>>>>>>>> Dcpromo (promoted) all 5 DCs again.
>>>>>>>>>> I would like to know if this is the best solution if
>>>>>>>>>> everything
>>>>>>>>>> else
>>>>>>>>>> fails. Thank you in advance.
>
>
Re: Replication Errors [message #369472 is a reply to message #369172] Fri, 15 January 2010 19:20 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jonathan Zaldivar" <jczaldivar1@verizon.net> wrote in message
news:uyeH2ShlKHA.3476@TK2MSFTNGP06.phx.gbl...
> What if I transfer it to a DC not realizing that it does not have DNS
> installed becasue it was an acquired network?
>
>

FSMO roles and DNS services are two different things in the respect that if
a FSMO role exists on a DNS server or not. DNS simply resolves hostnames to
IP addresses. It does store DC locator records, but not specifically FSMO
locator records. Once a DC has been resolved and located, then if the
querying service on the DC is looking for a DC holding a FSMO role, it will
construct an LDAP query to the DC.

I would simply suggest to *seize* the FSMO roles to another DC as soon as
possible to prevent any other domain related issues.

Ace
Re: Replication Errors [message #369554 is a reply to message #369172] Sat, 16 January 2010 02:11 Go to previous message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jonathan,

A DC must not be DNS server. You must have at least one DNS server in the
domain/forest. So seizing the FSMO roles to another machines doesn't require
the DC to be also DNS server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> What if I transfer it to a DC not realizing that it does not have DNS
> installed becasue it was an acquired network?
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911dc50a8cc63d7aa1283da@msnews.microsoft.com...
>
>> Hello Jonathan,
>>
>> Disconnect NCS18 from the network, now seize the FSMO roles to one of
>> the
>> other DCs and then do the metadata cleanup. Then format the "broken"
>> machine and completely reinstall it from scratch. As you have run the
>> cleanup according to:
>> http://support.microsoft.com/kb/555846/en-us
>> you can now use the old name again. Also make sure that the other DCs
>> are also Global catalog server.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> NCS18 has all the 5 FSMO roles so if I unplugged how can I create a
>>> new domain controller with the original setup and connect the other
>>> remaining 5 DCs. Thank you.
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>> news:6cb2911dc5018cc63cad52bc732@msnews.microsoft.com...
>>>
>>>> Hello Jonathan,
>>>>
>>>> Correct on windows 2000 /showreps is used. You should never
>>>> disconnect a
>>>> DC over the tombstone lifetime, so as you are having multiple DCs,
>>>> kick
>>>> out that NCS18 according to the article posted form Ace.
>>>> Best regards
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> The server was place in storage so the tomstone lifetime is over a
>>>>> year now. The NCS01 server is Windows 2000 so the repadmin
>>>>> /showrepl does not work. I used a diferent switch /showreps. I
>>>>> hope this helps and thank you again for the help.
>>>>>
>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>>>> news:6cb2911dc48b8cc6374ff54de70@msnews.microsoft.com...
>>>>>
>>>>>> Hello Jonathan,
>>>>>>
>>>>>> Your DC "NCS18" has got the last replication 2008-11-05, over ONE
>>>>>> year
>>>>>> ago,
>>>>>> form all other DCs according to the dcdiag output. Is that the
>>>>>> only
>>>>>> DC
>>>>>> with
>>>>>> replication errors or did the others also have them.
>>>>>> Please post the complete unedited repadmin /showrepl from EACH DC
>>>>>> in
>>>>>> the domain.
>>>>>> Best regards
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers
>>>>>> no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> I've attached the logs in a zip file. Thank you for all your
>>>>>>> help.
>>>>>>>
>>>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in
>>>>>>> message news:6cb2911dc4708cc63690bbcd144@msnews.microsoft.com...
>>>>>>>
>>>>>>>> Hello Jonathan,
>>>>>>>>
>>>>>>>> Sounds that some DCs are over the tombstone lifetime. Please
>>>>>>>> post
>>>>>>>> an
>>>>>>>> unedited
>>>>>>>> dcdiag /v, repadmin /showrepl and netdiag from each DC.
>>>>>>>> Also check this page where you will find all your Event IDs:
>>>>>>>> http://technet.microsoft.com/en-us/library/cc738415(WS.10).aspx
>>>>>>>> Best regards
>>>>>>>> Meinolf Weber
>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>> warranties,
>>>>>>>> and
>>>>>>>> confers
>>>>>>>> no rights.
>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>> ** HELP us help YOU!!!
>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>> I apologize for lack of information, so I will write the
>>>>>>>>> errors for all the event ids.
>>>>>>>>>
>>>>>>>>> Directory Service Logs
>>>>>>>>> Event ID: 2042 Source: NTDS Replication
>>>>>>>>> Event ID: 1311 Source: NTDS KCC
>>>>>>>>> Event ID: 1925 Source: NTDS KCC
>>>>>>>>> System Logs
>>>>>>>>> Event ID: 4 Source: Kerberos
>>>>>>>>> File Replication Logs:
>>>>>>>>> Event ID: 13559 Source: NtFrs
>>>>>>>>> When running repadmin /showreps I get the following:
>>>>>>>>> KCC could not add this REPLICA LINK due to error.
>>>>>>>>> The target principal name is incorrect
>>>>>>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in
>>>>>>>>> message
>>>>>>>>> news:6cb2911dc3d78cc63160007148c@msnews.microsoft.com...
>>>>>>>>>> Hello Jonathan,
>>>>>>>>>>
>>>>>>>>>> What replication errors do you get, please be more specific.
>>>>>>>>>> Your solution is a really hard way and maybe not needed. Also
>>>>>>>>>> describe what happens before the errors start, crash, restore
>>>>>>>>>> from unsupported way of backup?
>>>>>>>>>>
>>>>>>>>>> Best regards
>>>>>>>>>>
>>>>>>>>>> Meinolf Weber
>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>>> warranties,
>>>>>>>>>> and
>>>>>>>>>> confers no rights.
>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> I have 5 branches with DCs on each location and the one with
>>>>>>>>>>> the all the FSMO role is our Corporate DC. I am having
>>>>>>>>>>> trouble clearing the replication errors from all 5 branches
>>>>>>>>>>> because when I type in "net view \\DC" I get a message that
>>>>>>>>>>> access was denied.
>>>>>>>>>>>
>>>>>>>>>>> My plan of action was:
>>>>>>>>>>>
>>>>>>>>>>> Shutdown all 5 DCs in each location then use ntdsutil to
>>>>>>>>>>> remove
>>>>>>>>>>> all
>>>>>>>>>>> of
>>>>>>>>>>> the 5
>>>>>>>>>>> DCs instance from our Corporate DCs AD
>>>>>>>>>>> Clean out the DNS on the Corporate DC in reference to all 5
>>>>>>>>>>> DCs.
>>>>>>>>>>> Bring up the 5 DCs and just connected to a hub not on the
>>>>>>>>>>> LAN,
>>>>>>>>>>> then
>>>>>>>>>>> dcpromo
>>>>>>>>>>> using /forceremoval switch.
>>>>>>>>>>> Remove from the DNS of the Corporate DC regarding the 5
>>>>>>>>>>> DCs.
>>>>>>>>>>> Reboot all 5 DCs and joined to the domain as a member
>>>>>>>>>>> server.
>>>>>>>>>>> Dcpromo (promoted) all 5 DCs again.
>>>>>>>>>>> I would like to know if this is the best solution if
>>>>>>>>>>> everything
>>>>>>>>>>> else
>>>>>>>>>>> fails. Thank you in advance.
Previous Topic:User suddenly can no longer 'join workstation to the domain' denie
Next Topic:backup
Goto Forum:
  


Current Time: Fri Jan 19 00:43:27 MST 2018

Total time taken to generate the page: 0.03733 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software