On a windows 2008 R2 server, in the Event Viewer under Applications and Services logs > Directory Service
I'm getting the following error twice an hour:
Invocation ID of source directory server:
227ee97b-3a70-49b9-acdc-afb2ecb6a872
Name of source directory server:
c92d88b9-2d7d-555b-9cf5-973e98c76226._msdcs.subdomain.domain.com
Tombstone lifetime (days):
180
The replication operation has failed.
User Action:
The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC. Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are located immediately.
Alternate User Action:
Force demote or reinstall the DC(s) that were disconnected.
Despite this error, replication of "all the things I need" seems to be working fine between the two domain controllers. For example, I've verified the following things are replicating:
1) Adding a new computer to the domain
2) Adding a new user to the domain
3) Deleting a user from the domain
4) Deleting a computer from the domain
If I do any of the above tasks on one of the domain controller, the other domain controller almost instantly shows the change. This is my understanding of replication succeeding.
Yet I get the above error twice an hour. Neither of these domain controller have ever been offline longer than 30 minutes and their clocks are in perfect sync.
I can't understand what has really caused this, because what it states doesn't seem to be true.
I've combed both directories object for object, and they seem to be identical. The error says replication is not allowed, but replication is occurring in every practical way I can see.
The only error I see it the error-alert itself. What am I'm I missing? What's really going on?
0 Answers