Object Tombstone Found Cause Event ID 8614 & 2042

In this post, there were problems appeared last few months, where the AD replication issue and cause tombstone.

In my example, there are two domain controllers which are NOM-DC1.netoverme.info and NOM-DC2.netoverme.info and one child domain (north.netoverme.info) which is nom-ndc1.north.netoverme.info.

How I found the error?

Here is my finding:

1. Via Repadmin /Showrepl. In this “repadmin /showrepl” result, shows the failure replication result 8614 error.

1

2. Via Event Viewer of Directory Services. In this event log, it shows the event ID 2042 appeared and describing the current of error. In this event ID 2042, the time between replications with this source has exceeded the tombstone lifetime.

2

Workaround Solution:-

What Tombstone? okay, don’t jump to conclusion to do metadata cleanup. try to find the workaround and read the possible way to check from the Microsoft TechNet.

Well, I found this article:

For Event ID 2042, I suggest to read the topic related to the problem.

https://technet.microsoft.com/en-us/library/cc757610(v=ws.10).aspx

For Error 8614, I also suggest to read this link https://support.microsoft.com/en-us/kb/2020053.

Resolved:

How do I resolve this? When you read the two articles that I mentioned above, the solution is almost similar. what you need to do is to edit registry “Allow Replication With Divergent and Corrupt Partner”.

In my case, I create the new key “Allow Replication with Divergent and Corrupt Partner “and give value to “1” on problematic DC which is NOM-DC1.netoverme.info

allow divergent and corrupt partner

After that, I let the replication to be occurred. After few minutes later, I check the AD replicaton using repadmin /showrepl, then there are no more error appeared.

3

After the multiple replication checking done, I modify the registry “Allow Replication with Divergent and Corrupt Partner” and set the value to 0.

However, you may still have failure above after performing the steps above. In that case, you may do uninstall or demote the problematic domain controller by metadata cleanup.

in steps 10 of this https://support.microsoft.com/en-us/kb/2020053 says, “at 50 percent of TSL,make strong push to resolve the replication errors.At 90 percent, consider demoting (forcibly, if it is ncessary, by using the dcpromo /forceremoval command) DCs that are cause replication error.

Advertisements

Schema Mismatch

Hi,

before I begin, just want to say Happy New Year 2014 to all..

Okay, I would like to share this screenshot below:

mismatch schema

 

You have seen this error lately? must be panic right and start to search into the TechNet.

Here is the article link http://support.microsoft.com/kb/2734946 .

In my case, there is a some period that between domain controllers have not replicated. Some of the DC was offline when I installed Exchange Server. So the while setup the Exchange, the setup will extend the AD schema. So since the Schema partition is forestwide, it might change and update the Schema FSMO role as well.

 

Resolution: you can manually force replication or wait the replication time takes place.

Error AD Replication: (8456) The source server is currently rejecting replication requests Part 2

I just want to continue on how to do possible solution on previous post below

https://netoverme.wordpress.com/2012/11/26/error-ad-replication-8456-the-source-server-is-currently-rejecting-replication-requests/

another way is to restore the system state backup from recent backup.

How?

1. reboot the server and log in in DSRM mode.

dsrm mode

2.    Use command prompt to restore the previous backup.

restorebackup

run the command

wbadmin start systemstaterecovery -version:your recent backup version”

let the backup finished until the screen below.

successful restore backup

it will ask the server to restart. press Y to proceed.

 

3.  then, verify the successful replication.

verify success replication

Error AD Replication: (8456) The source server is currently rejecting replication requests

It comes to my attention to share some of AD replication error that might be available or faced in your organization. I always run this replication summary, “Repadmin /Replsummary” and gets the output below:

 

The error above is (8456) The source server is currently rejecting replication requests.

 

when I go to the URL link http://support.microsoft.com/kb/2023007, there are helpful for me to troubleshoot.

 

I have followed some steps to troubleshoot and solution:

1. I have checked the possible cause of this. I checked the registry to check the status on “DSA not Writable”.  Run Regedit.

Go to the HKLM -> System -> CurrentControlSet -> Services -> NTDS -> Paramaters.

On Setting DSA Not Writable. Check the value and I capture the screenshot below:

 

The DSA Not Writable is set to 4. When checking on the table of link http://support.microsoft.com/kb/2023007, it shows and means that USN Rollback occurred.

The active directory was incorrectly roll back due to cause following below:

– snapshot of Virtual Machine was taken or was saved on previous snapshot.

– Restoring DC on using Imaging such as Norton Ghost.

2. I also checked the Event Viewer on Directory Service. The Event ID 1308 shows the failure of the replication.

 

 

 

3. I have no choice to decommission the affected domain controller by using DCPROMO /ForceRemoval.

4. After I successfully forced removal of the affected domain controller, I then use the Metadata cleanup to remove the domain controller. Check the url link – > https://netoverme.wordpress.com/2011/06/03/metadata-cleanup-in-windows-2003/

5. After that, remove the server record in DNS, Active Directory Site and Services.

6. On the affected server (previous affected domain controller), I then promote back to become a domain controller to have multiple domain controller.

 

I will update more on any kind of possible solution.

 

Thank you.