sentiblue
Posts: 11
Joined: 23.Apr.2003
Status: offline
|
Hello folks... I've found the cause and fix... I'd like to share here in hope to help anyone in the same situation
Cause: http://support.microsoft.com/kb/899148/en-us
Seems that ISA2004SP2 and Windows2003SP1 carry incompatible RPC Protocol Suites. These protocols are used in the replication process.
Furthermore, ISA2004SP2 enables Strict RPC by default... even if you disable this, it still won't do any good.
All you have to do is upgrade the Domain Controllers to SP2 and the RPC Protocol Suites in this SP become compatible with ISA2004 and replication will go through.
Now you can still have further replication problems if
1. Your remote DC has not replicated with the FSMO for an extended period of time (default tombstone lifecycle is 60 days). The remote DC will refuse to initiate replication nor accept incoming replication.
2. The FSMO machine has deleted some objects, but the divergent DC still maintains it... by default strict replication blocks incoming objects from the divergent DC so that garbage objects cannot get re-introduced to the AD. It will take incoming replication from the FSMO, but the FSMO wont accept changes made in the remote DC.
Resolution
1. To re-group your divergent DCs into replication, please follow this link
http://support.microsoft.com/kb/873319/en-us (search for the word "Divergent")
2. To clean up lingering objects in the remote DC and have it ready for re-sync, please do this
A. Download and install the support tools package for windows 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=A34EDCF2-EBFD-4F99-BBC4-E93154C332D6&displaylang=en
B. Find event ID 1988 in your event viewer. That tells your the ID of the remote DC. It's the line below Source DC:
In my case: 46cf019e-4a0e-4435-a479-645a813f2d9f._msdcs.mydomain.com
Below is the exerpt of the event log entry
quote:
Active Directory Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory database. Not all direct or transitive replication partners replicated in the deletion before the tombstone lifetime number of days passed. Objects that have been deleted and garbage collected from an Active Directory partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".
This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory database. This replication attempt has been blocked.
The best solution to this problem is to identify and remove all lingering objects in the forest.
Source DC (Transport-specific network address):
46cf019e-4a0e-4435-a479-645a813f2d9f._msdcs.mydomain.com
Object:
CN=Servers\0ADEL:0961e2ed-33e3-4bcc-b0ab-b65b9ef8d35d,CN=TXHOU\0ADEL:76b5e29a-54a9-4247-8fb6-005a35a323e4,CN=Sites,CN=Configuration,DC=mydomain,DC=com
Object GUID:
0961e2ed-33e3-4bcc-b0ab-b65b9ef8d35d
User Action:
Remove Lingering Objects:
The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".
C. on the FSMO, type this
repadmin /removelingeringobjects <remoteID> <fsmoID> <NC>
Example:
repadmin /removelingeringobjects 46cf019e-4a0e-4435-a479-645a813f2d9f._msdcs.mydomain.com 7e76756f-312d-4952-b5df-f3a4850fe831 DC=mydomain,DC=com
These commands require the support tools installed
Where
<remoteID> is the thing you found in the event log, step B
<fsmoID> can be found by typing this on the FSMO machine: repadmin /showreps <<< first couple lines of the output is the DC Object GUID
<NC> is the partition of the domain/forest having trouble... these are the possible 5 options of your partitions.
DC=mydomain,DC=com
CN=Configuration,DC=mydomain,DC=com
CN=Schema,CN=Configuration,DC=mydomain,DC=com
DC=DomainDnsZones,DC=mydomain,DC=com
DC=ForestDnsZones,DC=mydomain,DC=com
Good luck!!!
< Message edited by sentiblue -- 25.Apr.2007 6:56:45 PM >
|
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
Unable to replicate Active Directory - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread