Wednesday, September 19, 2007

Wake Active Directory from the Dead

So you have this 10-server test setup with multiple domains, multiple domain controllers, member servers and clients. It is running Virtual Server and for some months ago you left it and now it is time to use it again.

You power it back on and everything works - - - Not (If you seen Borat you know what I mean!)
The object changes I made in the child domain did not appear in the GC on the parent domain!?

Looking into the problem, I found this event -

Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2042
Date: 19-09-2007
Time: 11:37:04
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SRV02
Description:
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
The reason that replication is not allowed to continue is that the two machine's views of deleted objects may now be different. The source machine may still have copies of objects that have been deleted (and garbage collected) on this machine. If they were allowed to replicate, the source machine might return objects which have already been deleted.
Time of last successful replication:
2007-04-12 15:57:10
Invocation ID of source:
032bf6c8-f6b8-032b-0100-000000000000
Name of source:
d063611f-7ff1-4445-a7bf-45bd0066dcc6._msdcs.dlt-root.as
Tombstone lifetime (days):
60

The replication operation has failed.

User Action:

Determine which of the two machines was disconnected from the forest and is now out of date. You have three options:

1. Demote or reinstall the machine(s) that were disconnected.
2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent deleted objects and then resume replication.
3. Resume replication. Inconsistent deleted objects may be introduced. You can continue replication by using the following registry key. Once the systems replicate once, it is recommended that you remove the key to reinstate the protection.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner

Oh no - do I have to rebuild it all? Fortunately not. Doing a series (the message says registry key, but it is a value) of -
reg \\server\HKLM\System\CurrentControlSet\Services\NTDS\Parameters /v "Allow Replication With Divergent and Corrupt Partner" /t reg_dword /d 1

(one line, but may be wrapped here)

and restarting the domain controllers solved the problem.

Read more in Event ID 2042: It has been too long since this machine replicated

1 comment:

IT Problems said...

thanks, we hadnt seen this errors message for a while. Got replication going again. we used this, there is a also a good walkthourhg here.

http://www.techieshelp.com/it-has-been-too-long-since-this-machine-replicated/