Re: AD Replication
- From: "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 07:17:41 -0500
This appears to be a pretty obscure error, I'm with Jorge on following
KB837932 exactly. I would make sure you have a good backup of your system
state before you started and take a second backup on completion.
--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Cats Solutions" <support@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%235%23IMAIxGHA.1888@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,
We have started to get the following errors on our GC server,
Event ID 2108
Source NTDS Replication
This event contains REPAIR PROCEDURES for the 1084 event which has
previously been logged. This message indicates a specific issue with the
consistency of the Active Directory database on this replication
destination. A database error occurred while applying replicated changes
to the following object. The database had unexpected contents, preventing
the change from being made.
Object:
CN=NTDS Site
Settings,CN=Swindon-HQ,CN=Sites,CN=Configuration,DC=CATS-SOLUTIONS,DC=LOCAL
Object GUID:
48bea53b-4614-4691-9441-75250a382671
Source domain controller:
de640ead-0bce-4402-9e99-7ef1a445b611._msdcs.CATS-SOLUTIONS.LOCAL
User Action
Please consult KB article 837932, http://support.microsoft.com/?id=837932.
A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting
the Active Directory database then retry the operation. Confirm that the
physical drives hosting the NTDS.DIT and log files do not reside on drives
where NTFS compression is enabled. Also check for anti-virus software
accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to
rebuild the object container ancestry in the database. This may be done by
following the instructions in KB article 251343,
http://support.microsoft.com/?id=251343.
3. The problem may be related to the object's parent on this domain
controller. On the source domain controller, move the object to have a
different parent.
4. If this machine is a global catalog and the error occurs in one of the
read-only partitions, you should demote the machine as a global catalog
using the Global Catalog checkbox in the Sites & Services user interface.
If the error is occurring in an application partition, you can stop the
application partition from being hosted on this replica. This may be
changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service
pack for your operating system. Prior to booting into Directory Services
Restore Mode (DSRM), verify that the DSRM password is known. Otherwise
reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity". If
corruption is found and other replicas exist, then demote replica and
check your hardware. If no replicas are present, restore a system state
backup and repeat this verification.
7. Perform an offline defragmentation using the "ntdsutil files compact"
function.
8. The "ntdsutil semantic database analysis" should also be performed. If
errors are found, they may be corrected using the "go fixup" function.
Note that this should not be confused with the database maintenance
function called "ESE repair", which should not be used, since it causes
data loss for Active Directory Databases.
If none of these actions succeed and the replication error continues, you
should demote this domain controller and promote it again.
Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The
database must be defragmented
Event ID 1084
Source NTDS Replication
Internal event: Active Directory could not update the following object
with changes received from the following source domain controller. This is
because an error occurred during the application of the changes to Active
Directory on the domain controller.
Object:
CN=NTDS Site
Settings,CN=Swindon-HQ,CN=Sites,CN=Configuration,DC=CATS-SOLUTIONS,DC=LOCAL
Object GUID:
48bea53b-4614-4691-9441-75250a382671
Source domain controller:
de640ead-0bce-4402-9e99-7ef1a445b611._msdcs.CATS-SOLUTIONS.LOCAL
Synchronization of the local domain controller with the source domain
controller is blocked until this update problem is corrected.
This operation will be tried again at the next scheduled replication.
User Action
Restart the local domain controller if this condition appears to be
related to low system resources (for example, low physical or virtual
memory).
Additional Data
Error value:
8451 The replication operation encountered a database error.
Event ID: 1173
Source NTDS
Internal event: Active Directory has encountered the following exception
and associated parameters.
Exception:
e0010004
Parameter:
0
Additional Data
Error value:
-1414
Internal ID:
2080490
Event ID 467
Soucre 467
NTDS (680) NTDSA: Index INDEX_00020078 of table datatable is corrupted
(0).
When I run repadmin /showmeta "48bea53b-4614-4691-9441-75250a382671" to
try and find out what this is I get DsReplicaGetInfo() failed with status
8439 (0x20f7):
Can't retrieve message string 8439 (0x20f7), error 1815 from any DC.
We have 3 DC's with one GC with ops masters running (which is producing
the errors)
Looked at KB837932 but not sure if the problem is in the read-only or
program partition so stopped at that point, pleanty of space on NTDS
partition no compresion or antivirus running.
Any Ideas cheers
Darren
.
- References:
- AD Replication
- From: Cats Solutions
- AD Replication
- Prev by Date: Re: adding a shortcut
- Next by Date: Re: Joining workstation to domain when computer object with same name already exists there
- Previous by thread: Re: AD Replication
- Next by thread: Re: AD Replication
- Index(es):
Relevant Pages
|
