Re: Need help determining where the problem is in my AD replicas
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Fri, 12 Dec 2008 09:58:51 +0000 (UTC)
Hello Jason,
Did you follow the provided articles and desribed steps on Educatio where the errors occur?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I have been trying to figure out which of the two DC on my domain has
the corruption in it's AD database and what to do to fix it. Any
ideas would be very helpful. Here is what errors are being reported
in Directory Services and DNS:
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1084
Date: 12/11/2008
Time: 8:12:55 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: EDUCATION
Description:
Internal event: Active Directory could not update the following object
with
changes received from the following source domain controller. This is
because
an error occurred during the application of the changes to Active
Directory
on the domain controller.
Object:
DC=academic,DC=bridgeway.net,CN=MicrosoftDNS,CN=System,DC=bridgeway,DC
=net
Object GUID:
43ed567a-e147-4cb9-9074-dd1635301c55
Source domain controller:
d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7._msdcs.bridgeway.net
Synchronization of the local domain controller with the source domain
controller is blocked until this update problem is corrected.
This operation will be tried again at the next scheduled replication.
User Action Restart the local domain controller if this condition
appears to be related to low system resources (for example, low
physical or virtual memory).
Additional Data
Error value:
8451 The replication operation encountered a database error.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2108
Date: 12/11/2008
Time: 8:12:55 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: EDUCATION
Description:
This event contains REPAIR PROCEDURES for the 1084 event which has
previously been logged. This message indicates a specific issue with
the
consistency of the Active Directory database on this replication
destination.
A database error occurred while applying replicated changes to the
following
object. The database had unexpected contents, preventing the change
from
being made.
Object:
DC=academic,DC=bridgeway.net,CN=MicrosoftDNS,CN=System,DC=bridgeway,DC
=net
Object GUID:
43ed567a-e147-4cb9-9074-dd1635301c55
Source domain controller:
d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7._msdcs.bridgeway.net
User Action
Please consult KB article 837932,
http://support.microsoft.com/?id=837932.
A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes
hosting
the Active Directory database then retry the operation. Confirm that
the
physical drives hosting the NTDS.DIT and log files do not reside on
drives
where NTFS compression is enabled. Also check for anti-virus software
accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator
to
rebuild the object container ancestry in the database. This may be
done by
following the instructions in KB article 251343,
http://support.microsoft.com/?id=251343.
3. The problem may be related to the object's parent on this domain
controller. On the source domain controller, move the object to have a
different parent.
4. If this machine is a global catalog and the error occurs in one of
the
read-only partitions, you should demote the machine as a global
catalog using
the Global Catalog checkbox in the Sites & Services user interface.
If the
error is occurring in an application partition, you can stop the
application
partition from being hosted on this replica. This may be changed using
the
ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest
service
pack for your operating system. Prior to booting into Directory
Services
Restore Mode (DSRM), verify that the DSRM password is known. Otherwise
reset
it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity". If
corruption is found and other replicas exist, then demote replica and
check
your hardware. If no replicas are present, restore a system state
backup and
repeat this verification.
7. Perform an offline defragmentation using the "ntdsutil files
compact"
function.
8. The "ntdsutil semantic database analysis" should also be
performed. If
errors are found, they may be corrected using the "go fixup" function.
Note
that this should not be confused with the database maintenance
function called "ESE repair", which should not be used, since it
causes data loss for Active Directory Databases.
If none of these actions succeed and the replication error continues,
you should demote this domain controller and promote it again.
Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The
database must be defragmented
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 12/11/2008
Time: 8:28:44 PM
User: N/A
Computer: EDUCATION
Description:
The DNS server has encountered a critical error from the Active
Directory.
Check that the Active Directory is functioning properly. The extended
error
debug information (which may be empty) is "000020EF: SvcErr:
DSID-02080490,
problem 5012 (DIR_ERROR), data -1414". The event data contains the
error.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 00 ....
-------------------------------------------
These are the results of doing a repadmin /showconn from Education:
repadmin running command /showconn against server localhost
Base DN:
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bridgeway,DC=n
et
==== KCC CONNECTION OBJECTS
============================================
Connection --
Connection name : f3692596-d123-4be7-a5eb-6c667ee5cbe3
Server DNS name : education.bridgeway.net
Server DN name : CN=NTDS
Settings,CN=EDUCATION,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
N=Configuration,DC=bridgeway,DC=net
Source: Default-First-Site-Name\ACADEMIC
******* 10445 CONSECUTIVE FAILURES since 2008-11-13 14:29:45
Last error: 8451 (0x2103):
The replication operation encountered a database error.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: CN=Configuration,DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: DC=ForestDnsZones,DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration,DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
Connection --
Connection name : c9215653-cf0b-42f1-8edc-797bf225dfbc
Server DNS name : academic.bridgeway.net
Server DN name : CN=NTDS
Settings,CN=ACADEMIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN
=Configuration,DC=bridgeway,DC=net
Source: Default-First-Site-Name\EDUCATION
No Failures.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: CN=Configuration,DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=ForestDnsZones,DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration,DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
2 connections found.
These are the results of doing a repadmin /showreps from Education:
Default-First-Site-Name\EDUCATION
DC Options: IS_GC
Site Options: (none)
DC object GUID: 24e32f35-f094-4996-8b8b-66db169710ac
DC invocationID: f856f718-94b2-48cb-86eb-4639c992f389
==== INBOUND NEIGHBORS ======================================
DC=bridgeway,DC=net
Default-First-Site-Name\ACADEMIC via RPC
DC object GUID: d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7
Last attempt @ 2008-12-11 19:30:23 failed, result 8451
(0x2103):
The replication operation encountered a database error.
10450 consecutive failure(s).
Last success @ 2008-11-13 14:29:45.
CN=Configuration,DC=bridgeway,DC=net
Default-First-Site-Name\ACADEMIC via RPC
DC object GUID: d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7
Last attempt @ 2008-12-11 19:27:45 was successful.
CN=Schema,CN=Configuration,DC=bridgeway,DC=net
Default-First-Site-Name\ACADEMIC via RPC
DC object GUID: d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7
Last attempt @ 2008-12-11 18:46:48 was successful.
DC=DomainDnsZones,DC=bridgeway,DC=net
Default-First-Site-Name\ACADEMIC via RPC
DC object GUID: d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7
Last attempt @ 2008-12-11 18:46:48 was successful.
DC=ForestDnsZones,DC=bridgeway,DC=net
Default-First-Site-Name\ACADEMIC via RPC
DC object GUID: d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7
Last attempt @ 2008-12-11 18:46:48 was successful.
Source: Default-First-Site-Name\ACADEMIC
******* 10445 CONSECUTIVE FAILURES since 2008-11-13 14:29:45
Last error: 8451 (0x2103):
The replication operation encountered a database error.
Lastly-Here is the result of doing a repadmin /showmeta using the GUID
for Academic from Education:
10 entries.
Loc.USN Originating DC Org.USN
Org.Time/Date
Ver Attribute
======= =============== =========
=============
=== =========
77878 Default-First-Site-Name\EDUCATION 77878 2008-01-30
22:53:47 1 objectClass
77878 Default-First-Site-Name\EDUCATION 77878 2008-01-30
22:53:47 1 instanceType
77878 Default-First-Site-Name\EDUCATION 77878 2008-01-30
22:53:47 1 whenCreated
77878 Default-First-Site-Name\EDUCATION 77878 2008-01-30
22:53:47 1 showInAdvancedViewOnly
77878 Default-First-Site-Name\EDUCATION 77878 2008-01-30
22:53:47 1 nTSecurityDescriptor
77878 Default-First-Site-Name\EDUCATION 77878 2008-01-30
22:53:47 1 name
1133205 Default-First-Site-Name\ACADEMIC 1335751 2008-11-12
14:47:57 600 dnsRecord
77878 Default-First-Site-Name\EDUCATION 77878 2008-01-30
22:53:47 1 objectCategory
82031 Default-First-Site-Name\EDUCATION 82031 2008-01-30
23:28:59 1 dNSTombstoned
77878 Default-First-Site-Name\EDUCATION 77878 2008-01-30
22:53:47 1 dc
0 entries.
Type Attribute Last Mod Time
Originating DC Loc.USN Org.USN Ver
======= ============ =============
================= ======= ======= ===
Distinguished Name
=============================
Thanks for any help you can offer. We are a non-profit school and
need all the help we can get!
Thanks,
Jason
.
- Follow-Ups:
- Re: Need help determining where the problem is in my AD replicas
- From: Jason Hand
- Re: Need help determining where the problem is in my AD replicas
- References:
- Need help determining where the problem is in my AD replicas
- From: Jason Hand
- Need help determining where the problem is in my AD replicas
- Prev by Date: Re: Windows 2003 server not responding (hang-up)
- Next by Date: Re: Replace hot server through restored server for some hours
- Previous by thread: Need help determining where the problem is in my AD replicas
- Next by thread: Re: Need help determining where the problem is in my AD replicas
- Index(es):
Relevant Pages
|
