AD Replication Issue
helrigh
Posted messages
6
Status
Membre
-
bendrop Posted messages 12655 Registration date Status Contributeur Last intervention -
bendrop Posted messages 12655 Registration date Status Contributeur Last intervention -
Hello,
I am writing to you because I have an AD replication problem.
I have 2 DCs 2008r2 on VMs on HyperV hosts 2012.
It turns out that today, when trying to add a new machine to the domain, I realized that the two DCs have not been replicated for 2 months!
I tried to force the replication by running repadmin /replicate
or repadmin /syncall
but it does not work. I get an error message saying:
LDAP error 81: Server is offline.
I have followed several leads, and I finally concluded that it was a USN Rollback issue since the DSA not writing = 4
The recommended solution for this problem is to demote the problematic DC (DC1) and then repromote it.
However, DC1 holds all the FSMO roles, and when I try to transfer the roles, I am told that it cannot contact the server...
So on one hand, if I turn off DC2, people can no longer connect to the servers; the message indicates a domain trust issue.
If I turn off DC1, I end up with a DC in the FSMO role...
I'm a bit short on solutions here... :s
Do you have any advice for me?
Thank you in advance for your help :)
Configuration: Windows / Chrome 56.0.2924.87
I am writing to you because I have an AD replication problem.
I have 2 DCs 2008r2 on VMs on HyperV hosts 2012.
It turns out that today, when trying to add a new machine to the domain, I realized that the two DCs have not been replicated for 2 months!
I tried to force the replication by running repadmin /replicate
or repadmin /syncall
but it does not work. I get an error message saying:
LDAP error 81: Server is offline.
I have followed several leads, and I finally concluded that it was a USN Rollback issue since the DSA not writing = 4
The recommended solution for this problem is to demote the problematic DC (DC1) and then repromote it.
However, DC1 holds all the FSMO roles, and when I try to transfer the roles, I am told that it cannot contact the server...
So on one hand, if I turn off DC2, people can no longer connect to the servers; the message indicates a domain trust issue.
If I turn off DC1, I end up with a DC in the FSMO role...
I'm a bit short on solutions here... :s
Do you have any advice for me?
Thank you in advance for your help :)
Configuration: Windows / Chrome 56.0.2924.87
2 réponses
Hello,
the event ID 2095 - > do you have this ID in the event viewer?
The source https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348479(v=ws.10)?redirectedfrom=MSDN of the following.
Shut down the virtual machine of the domain controller that logged the error and make sure it does not restart.
Check if a snapshot of the domain controller was recently used as a restore method. If so, this is likely the source of the error.
Try to determine if any changes were made from this domain controller and propagated to other domain controllers. If the event is due to the snapshot or the copy of a virtual machine being started, try to determine the time at which the USN restore occurred. You can then check the replication partners of this domain controller to determine if any replication has taken place since then.
You can do this by running the Repadmin tool. For more information on using Repadmin, see the article on monitoring and troubleshooting Active Directory replication using Repadmin ([https://www.microsoft.com/fr-fr/?ref=go possibly in English). If you cannot verify this information, seek assistance from Microsoft customer support ([https://www.microsoft.com/fr-fr/?ref=go
Perform a forced demotion of the domain controller. This involves cleaning up its metadata as well as taking the operation master roles (also called "Flexible Single Master Operation" or "FSMO"). For more information, see the section “Recovering from a USN restore” in Microsoft Knowledge Base article 914828 ([https://www.microsoft.com/fr-fr/?ref=go
Delete all old VHD files of the domain controller.
Bye.
the event ID 2095 - > do you have this ID in the event viewer?
The source https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348479(v=ws.10)?redirectedfrom=MSDN of the following.
Shut down the virtual machine of the domain controller that logged the error and make sure it does not restart.
Check if a snapshot of the domain controller was recently used as a restore method. If so, this is likely the source of the error.
Try to determine if any changes were made from this domain controller and propagated to other domain controllers. If the event is due to the snapshot or the copy of a virtual machine being started, try to determine the time at which the USN restore occurred. You can then check the replication partners of this domain controller to determine if any replication has taken place since then.
You can do this by running the Repadmin tool. For more information on using Repadmin, see the article on monitoring and troubleshooting Active Directory replication using Repadmin ([https://www.microsoft.com/fr-fr/?ref=go possibly in English). If you cannot verify this information, seek assistance from Microsoft customer support ([https://www.microsoft.com/fr-fr/?ref=go
Perform a forced demotion of the domain controller. This involves cleaning up its metadata as well as taking the operation master roles (also called "Flexible Single Master Operation" or "FSMO"). For more information, see the section “Recovering from a USN restore” in Microsoft Knowledge Base article 914828 ([https://www.microsoft.com/fr-fr/?ref=go
Delete all old VHD files of the domain controller.
Bye.