Object Tombstone Found Cause Event ID 8614 & 2042

In this post, there were problems appeared last few months, where the AD replication issue and cause tombstone.

In my example, there are two domain controllers which are NOM-DC1.netoverme.info and NOM-DC2.netoverme.info and one child domain (north.netoverme.info) which is nom-ndc1.north.netoverme.info.

How I found the error?

Here is my finding:

1. Via Repadmin /Showrepl. In this “repadmin /showrepl” result, shows the failure replication result 8614 error.

1

2. Via Event Viewer of Directory Services. In this event log, it shows the event ID 2042 appeared and describing the current of error. In this event ID 2042, the time between replications with this source has exceeded the tombstone lifetime.

2

Workaround Solution:-

What Tombstone? okay, don’t jump to conclusion to do metadata cleanup. try to find the workaround and read the possible way to check from the Microsoft TechNet.

Well, I found this article:

For Event ID 2042, I suggest to read the topic related to the problem.

https://technet.microsoft.com/en-us/library/cc757610(v=ws.10).aspx

For Error 8614, I also suggest to read this link https://support.microsoft.com/en-us/kb/2020053.

Resolved:

How do I resolve this? When you read the two articles that I mentioned above, the solution is almost similar. what you need to do is to edit registry “Allow Replication With Divergent and Corrupt Partner”.

In my case, I create the new key “Allow Replication with Divergent and Corrupt Partner “and give value to “1” on problematic DC which is NOM-DC1.netoverme.info

allow divergent and corrupt partner

After that, I let the replication to be occurred. After few minutes later, I check the AD replicaton using repadmin /showrepl, then there are no more error appeared.

3

After the multiple replication checking done, I modify the registry “Allow Replication with Divergent and Corrupt Partner” and set the value to 0.

However, you may still have failure above after performing the steps above. In that case, you may do uninstall or demote the problematic domain controller by metadata cleanup.

in steps 10 of this https://support.microsoft.com/en-us/kb/2020053 says, “at 50 percent of TSL,make strong push to resolve the replication errors.At 90 percent, consider demoting (forcibly, if it is ncessary, by using the dcpromo /forceremoval command) DCs that are cause replication error.