Active Directory The Replication Operation Encountered A Database Error
Contents |
numerous errors with replication, active directory object updates and several other problems. The SYSVOL replication was encountering problems as well. The event log for Active ntdsutil file integrity Directory Domain Services was loaded with errors. The DC was logging event IDs corruption encountered in long-value tree 467, 1173, 1084, 2108, 2042, 1925, 1645, and several others. These logged errors included several issues. Event ID 467 clearly esentutl /k showed that the NTDS database was corrupt. Event ID 467: NTDS (584) NTDSA: Database C:\Windows\NTDS\ntds.dit: Index DRA_USN_index of table datatable is corrupted (0). The event ID 1645 indicated that the SPN for the
Ntdsutil Semantic Database Analysis
DC in question was not registered on the Key Distribution Center. Event ID 1645: Active Directory Domain Services did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN. Destination directory server: 60dcff58-4d57-4da6-9be1-33c4c3604d39._msdcs.domain SPN: E3514235-4B06-11D1-AB04-00C04FC2DCD2/60dcff58-4d57-4da6-9be1-33c4c3604d39/domain@domain User Action this event contains repair procedures for the 1084 Verify that the names of the destination directory server and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination directory server has been recently promoted, it will be necessary for the local directory server’s account data to replicate to the KDC before this directory server can be authenticated. The error 1084 showed that the server was unable to replicate AD objects. Event ID 1084: Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service. Object: CN=%OBJNAME%,OU=%OU1%,OU=%OU2%,OU=%OU3%,DC=%DC1%,DC=%DC2%,DC=%DC3% Object GUID: 396a9042-be32-4aa2-a6b7-255fb3f67348 Source directory service: d33dce76-e290-4c8e-85cb-57a9f18ddcde._msdcs.domain Synchronization of the directory service with the source directory service is blocked until this update problem is corrected. This operation will be tried again at the next scheduled replication. User Action Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory). Additional Data Error value: 8451 The replication operation encountered a database error. Attempting to replicate the server using repadmin
may have a replication issue so I started looking into it and to give a brief background of the environment.. we have almost 48 Windows 2008 R2 domain controllers globally, so we needed to find out where ntdsutil offline defrag and how the replication is broken.. Now, i needed a tool that can go and
Event Id 44 Terminal Services Licensing
check all domain controllers to summarize the replication inbound and outbound replication status.. so Ipulled up "REPADMIN"to find out the inbound and outbound
Last Error 8451 (0x2103)
replication status of my domain.. I ran "repadmin /replsummary" and i started counting dots on the command screen which represent the progress. So after few minutes of processing, I had a summary report of the servers and http://www.emmanuelrached.com/2014/11/20/dc-failing-due-to-corrupt-ntds-db/ unfortunately i found one of our DCs hasn't replicated in last 16 hrs (quite worrying, huh!! ). But just next to it had a reason of the failure which said "The replication operation encountered a database error" Oopps, this is getting interesting now.. So, i logged in to the Domain Controller reporting database issue to investigate further and fix it. The directory service Event log showed me Database index corruption errors.. hmm interesting.. Log http://asknicks.blogspot.com/2013/05/active-directory-database-corruption.html Name: Directory Service Source: NTDS ISAM Date: 10.5.2013 10:03:21 Event ID: 467 Task Category: Database Corruption Level: Error Keywords: Classic User: N/A Computer: Test.domain.local Description: NTDS (492) NTDSA: Database C:\Windows\NTDS\ntds.dit: Index DRA_USN_index of table datatable is corrupted (0). Corrupt database? This willdefinitelyskip a heartbeat of most of the AD administrators.. :( so we ran little PowerShell script to quickly check all domain controllers for Event ID 467 and make sure we are not spreading the corruption over to other servers. Thankfully no other DC isexperiencingthe corruption.. Generally, the corruption can be caused by numerous reasons but i had few in my mind that requires a check there and then... Hardware Outdated Drivers/firmware especially disk controller & controller cache. Sudden power loss Lingering objects Time to fix it then.. most of the time the Domain Administrators prefer to go ahead and rebuild the domain controller and sync everything back, but the real concern is how many changes does this box hold and what would be the impact if we go ahead with demote andre promoteof the server.. hmm, so in our case we decided to go a bitfurtherand look for clues to fix the issue instead of going for a demotion.... So, the question was how can we find more details about the error.. and like always
Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job https://www.experts-exchange.com/questions/28234485/Replication-Issue-on-Additional-Domain-Controller-Windows-2008-R2.html Ways to Get Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor Services Groups Website Testing Store Headlines Experts Exchange > Questions > Replication Issue on Additional Domain Controller Windows 2008 R2 Want to Advertise Here? Solved Replication Issue on Additional Domain Controller Windows 2008 R2 Posted on 2013-09-09 MS Legacy OS MS Server OS Active Directory 1 Verified Solution 27 active directory Comments 2,054 Views Last Modified: 2013-11-15 We have 4 Domain Controllers (ABCDCQ1,ABCDCQ2,ABCDCQ3 and ABCDCQ4). In that ABCDCQ1 having all 5 fsmo roles. It’s single domain environment. We are getting replication error on ABCDCQ2 , this domain controller having Additional Domain Controller role only. We want to resolve replication issue on ABCDCQ2.Result of repadmin /showrepl which we ran on ABCDCQ2 is attached and PFA. We are getting replication active directory the error on DomainDnsZones partition only rest shows successful. Please assist us to resolve replication issue on ABCDCQ2. Replication-issue-on-Additional-.doc 0 Question by:ShailendraJadhav Facebook Twitter LinkedIn Google LVL 38 Active today Best Solution byfootech Have you already looked at Microsoft's guidance for this? They provide troubleshooting steps and resolutions. http://support.microsoft.com/kb/2645996 You could just demote and repromote, but it's better Go to Solution 27 Comments Message Author Comment by:ShailendraJadhav2013-09-09 Would you please look in to this at earliest. We want to provide solution as early as possible to our client. 0 LVL 38 Overall: Level 38 Active Directory 18 MS Legacy OS 8 MS Server OS 8 Message Active today Accepted Solution by:footech2013-09-09 Have you already looked at Microsoft's guidance for this? They provide troubleshooting steps and resolutions. http://support.microsoft.com/kb/2645996 You could just demote and repromote, but it's better to find out the actual cause if possible to help prevent it from happening again. 0 LVL 53 Overall: Level 53 Active Directory 32 MS Server OS 11 MS Legacy OS 10 Message Active 6 days ago Expert Comment by:Will Szymkowski2013-09-09 Take a look at the Directory Service Event Logs on the DC in question. Also run dcdiag /c: (Comprehensive Runs a