Re: Need help determining where the problem is in my AD replicas
- From: "Paul Bergson" <pbbergs@xxxxxxxxxxxxx>
- Date: Mon, 15 Dec 2008 07:19:47 -0600
I would demote and promote Education make sure you get a full backup though.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Jason Hand" <JasonHand@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:2A317ED6-2C4E-431D-B878-0B7D61151E63@xxxxxxxxxxxxxxxx
I have done everything in the list of steps I provided except rebooting into
the AD restore mode. The reason why is that I don't know where the problem
is; Education or Academic and if I restore the good one but the bad one
doesn't get fixed then I am worse off.
I have tried a few other tips like trying to take the GC off of the one you
suspect is bad(which I lean toward Academic but the errors are all coming
from Education--Academic just reports occasional Directory errors but no DNS
errors) and also tried changing the primary dns setting on each one to point
to the other and then try a repladmin /sync as well as the dcdiag /fix and
netdiag /fix and a few other little suggestions. I have tried many things
but it still very much eludes me as to which of these 2 machines truly has
the corruption in it and how to find that out.
Thanks,
Jason
"Paul Bergson" wrote:
What specific steps have you taken?
Do you have free space available on your system drive?
Go through the troubleshooting tips 1 by 1 and if this all fails then I
would report back, but you have plenty of details to press forward. Make
sure you get a backup (System state and all) before proceeding.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Jason Hand" <JasonHand@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6CC4376E-E092-4BDA-8C53-CDE1BE7B4106@xxxxxxxxxxxxxxxx
>I have been trying to figure out which of the two DC on my domain has >the
> corruption in it's AD database and what to do to fix it. Any ideas > would
> be
> very helpful. Here is what errors are being reported in Directory
> Services
> and DNS:
>
> Event Type: Error
> Event Source: NTDS Replication
> Event Category: Replication
> Event ID: 1084
> Date: 12/11/2008
> Time: 8:12:55 PM
> User: NT AUTHORITY\ANONYMOUS LOGON
> Computer: EDUCATION
> Description:
> Internal event: Active Directory could not update the following object
> with
> changes received from the following source domain controller. This is
> because
> an error occurred during the application of the changes to Active
> Directory
> on the domain controller.
>
> Object:
> DC=academic,DC=bridgeway.net,CN=MicrosoftDNS,CN=System,DC=bridgeway,DC=net
> Object GUID:
> 43ed567a-e147-4cb9-9074-dd1635301c55
> Source domain controller:
> d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7._msdcs.bridgeway.net
>
> Synchronization of the local domain controller with the source domain
> controller is blocked until this update problem is corrected.
>
> This operation will be tried again at the next scheduled replication.
>
> User Action
> Restart the local domain controller if this condition appears to be
> related
> to low system resources (for example, low physical or virtual memory).
>
> Additional Data
> Error value:
> 8451 The replication operation encountered a database error.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Error
> Event Source: NTDS Replication
> Event Category: Replication
> Event ID: 2108
> Date: 12/11/2008
> Time: 8:12:55 PM
> User: NT AUTHORITY\ANONYMOUS LOGON
> Computer: EDUCATION
> Description:
> This event contains REPAIR PROCEDURES for the 1084 event which has
> previously been logged. This message indicates a specific issue with > the
> consistency of the Active Directory database on this replication
> destination.
> A database error occurred while applying replicated changes to the
> following
> object. The database had unexpected contents, preventing the change > from
> being made.
>
> Object:
> DC=academic,DC=bridgeway.net,CN=MicrosoftDNS,CN=System,DC=bridgeway,DC=net
> Object GUID:
> 43ed567a-e147-4cb9-9074-dd1635301c55
> Source domain controller:
> d8f79f5a-4b14-4c07-a35f-15b8e93dc0c7._msdcs.bridgeway.net
>
> User Action
>
> Please consult KB article 837932, > http://support.microsoft.com/?id=837932.
> A subset of its repair procedures are listed here.
> 1. Confirm that sufficient free disk space resides on the volumes > hosting
> the Active Directory database then retry the operation. Confirm that > the
> physical drives hosting the NTDS.DIT and log files do not reside on > drives
> where NTFS compression is enabled. Also check for anti-virus software
> accessing these volumes.
> 2. It may be of benefit to force the Security Descriptor Propagator to
> rebuild the object container ancestry in the database. This may be done > by
> following the instructions in KB article 251343,
> http://support.microsoft.com/?id=251343.
> 3. The problem may be related to the object's parent on this domain
> controller. On the source domain controller, move the object to have a
> different parent.
> 4. If this machine is a global catalog and the error occurs in one of > the
> read-only partitions, you should demote the machine as a global catalog
> using
> the Global Catalog checkbox in the Sites & Services user interface. > If
> the
> error is occurring in an application partition, you can stop the
> application
> partition from being hosted on this replica. This may be changed using > the
> ntdsutil.exe command.
> 5. Obtain the most recent ntdsutil.exe by installing the latest service
> pack for your operating system. Prior to booting into Directory > Services
> Restore Mode (DSRM), verify that the DSRM password is known. Otherwise
> reset
> it prior to restarting the system.
> 6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity". If
> corruption is found and other replicas exist, then demote replica and
> check
> your hardware. If no replicas are present, restore a system state > backup
> and
> repeat this verification.
> 7. Perform an offline defragmentation using the "ntdsutil files > compact"
> function.
> 8. The "ntdsutil semantic database analysis" should also be performed. > If
> errors are found, they may be corrected using the "go fixup" function.
> Note
> that this should not be confused with the database maintenance function
> called "ESE repair", which should not be used, since it causes data > loss
> for
> Active Directory Databases.
>
> If none of these actions succeed and the replication error continues, > you
> should demote this domain controller and promote it again.
>
> Additional Data
> Primary Error value:
> 8451 The replication operation encountered a database error.
> Secondary Error value:
> -1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The
> database must be defragmented
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Error
> Event Source: DNS
> Event Category: None
> Event ID: 4015
> Date: 12/11/2008
> Time: 8:28:44 PM
> User: N/A
> Computer: EDUCATION
> Description:
> The DNS server has encountered a critical error from the Active > Directory.
> Check that the Active Directory is functioning properly. The extended
> error
> debug information (which may be empty) is "000020EF: SvcErr:
> DSID-02080490,
> problem 5012 (DIR_ERROR), data -1414". The event data contains the > error.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 01 00 00 00 ....
>
>
> -------------------------------------------
>
> These are the results of doing a repadmin /showconn from Education:
>
>
>
> repadmin running command /showconn against server localhost
>
>
>
> Base DN:
> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bridgeway,DC=net
>
> ==== KCC CONNECTION OBJECTS > ============================================
>
> Connection --
>
> Connection name : f3692596-d123-4be7-a5eb-6c667ee5cbe3
>
> Server DNS name : education.bridgeway.net
>
> Server DN name : CN=NTDS
> Settings,CN=EDUCATION,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bridgeway,DC=net
>
> Source: Default-First-Site-Name\ACADEMIC
>
> ******* 10445 CONSECUTIVE FAILURES since 2008-11-13 14:29:45
>
> Last error: 8451 (0x2103):
>
> The replication operation encountered a database error.
>
> TransportType: intrasite RPC
>
> options: isGenerated
>
> ReplicatesNC: CN=Configuration,DC=bridgeway,DC=net
>
> Reason: StaleServersTopology
>
> Replica link has been added.
>
> ReplicatesNC: DC=ForestDnsZones,DC=bridgeway,DC=net
>
> Reason: StaleServersTopology
>
> Replica link has been added.
>
> ReplicatesNC: DC=bridgeway,DC=net
>
> Reason: StaleServersTopology
>
> Replica link has been added.
>
> ReplicatesNC: CN=Schema,CN=Configuration,DC=bridgeway,DC=net
>
> Reason: StaleServersTopology
>
> Replica link has been added.
>
> ReplicatesNC: DC=DomainDnsZones,DC=bridgeway,DC=net
>
> Reason: StaleServersTopology
>
> Replica link has been added.
>
> Connection --
>
> Connection name : c9215653-cf0b-42f1-8edc-797bf225dfbc
>
> Server DNS name : academic.bridgeway.net
>
> Server DN name : CN=NTDS
> Settings,CN=ACADEMIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bridgeway,DC=net
>
> Source: Default-First-Site-Name\EDUCATION
>
> No Failures.
>
> TransportType: intrasite RPC
>
> options: isGenerated
>
> ReplicatesNC: CN=Configuration,DC=bridgeway,DC=net
>
> Reason: RingTopology
>
> Replica link has been added.
>
> ReplicatesNC: DC=ForestDnsZones,DC=bridgeway,DC=net
>
> Reason: RingTopology
>
> Replica link has been added.
>
> ReplicatesNC: DC=bridgeway,DC=net
>
> Reason: RingTopology
>
> Replica link has been added.
>
> ReplicatesNC: CN=Schema,CN=Configuration,DC=bridgeway,DC=net
>
> Reason: RingTopology
>
> Replica link has been added.
>
> ReplicatesNC: DC=DomainDnsZones,DC=bridgeway,DC=net
>
> Reason: RingTopology
>
> Replica link has been added.
>
> 2 connections found.
>
>
>
> These are the results of doing a repadmin /showreps from Education:
>
> Default-First-Site-Name\EDUCATION
>
> DC Options: IS_GC
>
> Site Options: (none)
>
.
- References:
- Need help determining where the problem is in my AD replicas
- From: Jason Hand
- Re: Need help determining where the problem is in my AD replicas
- From: Paul Bergson
- Re: Need help determining where the problem is in my AD replicas
- From: Jason Hand
- Need help determining where the problem is in my AD replicas
- Prev by Date: Re: Lost Resources
- Next by Date: Re: Exclude Admin account from Account Locked out policy
- Previous by thread: Re: Need help determining where the problem is in my AD replicas
- Next by thread: Re: Need help determining where the problem is in my AD replicas
- Index(es):
Relevant Pages
|
