Re: Need help determining where the problem is in my AD replicas
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Sun, 14 Dec 2008 17:18:23 +0000 (UTC)
Hello Jason,
Check the machine which has the error, so Education.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
The only step segment I have not done is the part where you bring down
the server(s) and put them into AD restore mode.
My point of asking for advice was that I can't even tell which of the
two has the corrupted data. I am afraid of doing too much changing
and probing in case it makes the situation worse.
Can you tell from what I posted whether the problem is on the
Education server or the Academic server? What is the best way to
tell? I am very good at researching and following procedures but when
it comes to AD and these are the only 2 DC's and I honestly have no
idea where the corruption resides I am unwilling at this point to
assume anything and don't want to make it worse.
Thanks,
Jason
"Meinolf Weber [MVP-DS]" wrote:
Hello Jason,
Did you follow the provided articles and desribed steps on Educatio
where the errors occur?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I have been trying to figure out which of the two DC on my domain
has the corruption in it's AD database and what to do to fix it.
Any ideas would be very helpful. Here is what errors are being
reported in Directory Services and DNS:
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1084
Date: 12/11/2008
Time: 8:12:55 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: EDUCATION
Description:
Internal event: Active Directory could not update the following
object
with
changes received from the following source domain controller. This
is
because
an error occurred during the application of the changes to Active
Directory
on the domain controller.
Object:
DC=academic,DC=bridgeway.net,CN=MicrosoftDNS,CN=System,DC=bridgeway,
DC
=net
Object GUID:
43ed567a-e147-4cb9-9074-dd1635301c55
Source domain controller:
d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7._msdcs.bridgeway.net
Synchronization of the local domain controller with the source
domain
controller is blocked until this update problem is corrected.
This operation will be tried again at the next scheduled
replication.
User Action Restart the local domain controller if this condition
appears to be related to low system resources (for example, low
physical or virtual memory).
Additional Data
Error value:
8451 The replication operation encountered a database error.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2108
Date: 12/11/2008
Time: 8:12:55 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: EDUCATION
Description:
This event contains REPAIR PROCEDURES for the 1084 event which has
previously been logged. This message indicates a specific issue with
the
consistency of the Active Directory database on this replication
destination.
A database error occurred while applying replicated changes to the
following
object. The database had unexpected contents, preventing the change
from
being made.
Object:
DC=academic,DC=bridgeway.net,CN=MicrosoftDNS,CN=System,DC=bridgeway,
DC
=net
Object GUID:
43ed567a-e147-4cb9-9074-dd1635301c55
Source domain controller:
d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7._msdcs.bridgeway.net
User Action
Please consult KB article 837932,
http://support.microsoft.com/?id=837932.
A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes
hosting
the Active Directory database then retry the operation. Confirm that
the
physical drives hosting the NTDS.DIT and log files do not reside on
drives
where NTFS compression is enabled. Also check for anti-virus
software
accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator
to
rebuild the object container ancestry in the database. This may be
done by
following the instructions in KB article 251343,
http://support.microsoft.com/?id=251343.
3. The problem may be related to the object's parent on this domain
controller. On the source domain controller, move the object to have
a
different parent.
4. If this machine is a global catalog and the error occurs in one
of
the
read-only partitions, you should demote the machine as a global
catalog using
the Global Catalog checkbox in the Sites & Services user interface.
If the
error is occurring in an application partition, you can stop the
application
partition from being hosted on this replica. This may be changed
using
the
ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest
service
pack for your operating system. Prior to booting into Directory
Services
Restore Mode (DSRM), verify that the DSRM password is known.
Otherwise
reset
it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity".
If
corruption is found and other replicas exist, then demote replica
and
check
your hardware. If no replicas are present, restore a system state
backup and
repeat this verification.
7. Perform an offline defragmentation using the "ntdsutil files
compact"
function.
8. The "ntdsutil semantic database analysis" should also be
performed. If
errors are found, they may be corrected using the "go fixup"
function.
Note
that this should not be confused with the database maintenance
function called "ESE repair", which should not be used, since it
causes data loss for Active Directory Databases.
If none of these actions succeed and the replication error
continues, you should demote this domain controller and promote it
again.
Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt.
The
database must be defragmented
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 12/11/2008
Time: 8:28:44 PM
User: N/A
Computer: EDUCATION
Description:
The DNS server has encountered a critical error from the Active
Directory.
Check that the Active Directory is functioning properly. The
extended
error
debug information (which may be empty) is "000020EF: SvcErr:
DSID-02080490,
problem 5012 (DIR_ERROR), data -1414". The event data contains the
error.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 00 ....
-------------------------------------------
These are the results of doing a repadmin /showconn from Education:
repadmin running command /showconn against server localhost
Base DN:
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bridgeway,DC
=n et
==== KCC CONNECTION OBJECTS
============================================
Connection --
Connection name : f3692596-d123-4be7-a5eb-6c667ee5cbe3
Server DNS name : education.bridgeway.net
Server DN name : CN=NTDS
Settings,CN=EDUCATION,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,C N=Configuration,DC=bridgeway,DC=net
Source: Default-First-Site-Name\ACADEMIC
******* 10445 CONSECUTIVE FAILURES since 2008-11-13 14:29:45
Last error: 8451 (0x2103):
The replication operation encountered a database error.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: CN=Configuration,DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: DC=ForestDnsZones,DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration,DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=bridgeway,DC=net
Reason: StaleServersTopology
Replica link has been added.
Connection --
Connection name : c9215653-cf0b-42f1-8edc-797bf225dfbc
Server DNS name : academic.bridgeway.net
Server DN name : CN=NTDS
Settings,CN=ACADEMIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN =Configuration,DC=bridgeway,DC=net
Source: Default-First-Site-Name\EDUCATION
No Failures.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: CN=Configuration,DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=ForestDnsZones,DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration,DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=bridgeway,DC=net
Reason: RingTopology
Replica link has been added.
2 connections found.
These are the results of doing a repadmin /showreps from Education:
Default-First-Site-Name\EDUCATION
DC Options: IS_GC
Site Options: (none)
DC object GUID: 24e32f35-f094-4996-8b8b-66db169710ac
DC invocationID: f856f718-94b2-48cb-86eb-4639c992f389
.
- References:
- Re: Need help determining where the problem is in my AD replicas
- From: Jason Hand
- Re: Need help determining where the problem is in my AD replicas
- Prev by Date: Re: Replace hot server through restored server for some hours
- Next by Date: Re: problem in configuration additional domain controller
- Previous by thread: Re: Need help determining where the problem is in my AD replicas
- Next by thread: Re: Need help determining where the problem is in my AD replicas
- Index(es):
Relevant Pages
|
