question

razzzz avatar image
0 Votes"
razzzz asked razzzz answered

Prblems with DC Replication

Hello,

Please guys if you have time and knowledge, since i can't figure it by myself.

I have a tree domain, with 3 pain DC's , 2 of them also have DNS roles.
Since a few weeks ago I lost the sync between them and my dcdiag is full of problems.
Since the forest is very big (over 100 domains) all this becomes a very big mess in witch I am lost.

So I have 1 and 5 as DNS and 4 as DC

10.242.0.1 - primary dns
10.242.0.5 - 2nd DNS

10.242.0.4 - DC

Following the DCDIAG from main DC

 Directory Server Diagnosis
    
 Performing initial setup:
    Trying to find home server...
    Home Server = s4
    * Identified AD Forest.
    Done gathering initial info.
    
 Doing initial required tests
    
    Testing server: ***\S4
       Starting test: Connectivity
          ......................... S4 passed test Connectivity
    
 Doing primary tests
    
    Testing server: ***\S4
       Starting test: Advertising
          Warning: S4 is not advertising as a time server.
          ......................... S4 failed test Advertising
       Starting test: FrsEvent
          There are warning or error events within the last 24 hours after the
          SYSVOL has been shared.  Failing SYSVOL replication problems may cause
          Group Policy problems.
          ......................... S4 passed test FrsEvent
       Starting test: DFSREvent
          ......................... S4 passed test DFSREvent
       Starting test: SysVolCheck
          ......................... S4 passed test SysVolCheck
       Starting test: KccEvent
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:04:27
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          An error event occurred.  EventID: 0xC000060E
             Time Generated: 04/16/2021   23:04:28
             Event String:
             The following site has no NTDS Site Settings child object.
          An error event occurred.  EventID: 0xC00007C4
             Time Generated: 04/16/2021   23:05:25
             Event String:
             Active Directory Domain Services Replication encountered the existen
 ce of objects in the following partition that have been deleted from the local d
 omain controllers (DCs) Active Directory Domain Services database.  Not all dire
 ct or transitive replication partners replicated in the deletion before the tomb
 stone lifetime number of days passed.  Objects that have been deleted and garbag
 e collected from an Active Directory Domain Services partition but still exist i
 n the writable partitions of other DCs in the same domain, or read-only partitio
 ns of global catalog servers in other domains in the forest are known as "linger
 ing objects".
          A warning event occurred.  EventID: 0x8000051C
             Time Generated: 04/16/2021   23:07:09
             Event String:
             The Knowledge Consistency Checker (KCC) has detected that successive
  attempts to replicate with the following directory service has consistently fai
 led.
          A warning event occurred.  EventID: 0x8000051C
             Time Generated: 04/16/2021   23:07:09
             Event String:
             The Knowledge Consistency Checker (KCC) has detected that successive
  attempts to replicate with the following directory service has consistently fai
 led.
          A warning event occurred.  EventID: 0x80000785
             Time Generated: 04/16/2021   23:07:09
             Event String:
             The attempt to establish a replication link for the following writab
 le directory partition failed.
          A warning event occurred.  EventID: 0x80000785
             Time Generated: 04/16/2021   23:07:09
             Event String:
             The attempt to establish a replication link for the following writab
 le directory partition failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:07:09
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000785
             Time Generated: 04/16/2021   23:07:09
             Event String:
             The attempt to establish a replication link for the following writab
 le directory partition failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:07:09
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          A warning event occurred.  EventID: 0x80000786
             Time Generated: 04/16/2021   23:07:09
    
    
    
             Event String:
             The attempt to establish a replication link to a read-only directory
  partition with the following parameters failed.
          ......................... S4 failed test KccEvent
       Starting test: KnowsOfRoleHolders
          ......................... S4 passed test KnowsOfRoleHolders
       Starting test: MachineAccount
          ......................... S4 passed test MachineAccount
       Starting test: NCSecDesc
          ......................... S4 passed test NCSecDesc
       Starting test: NetLogons
          [S4] User credentials does not have permission to perform this
          operation.
          The account used for this test must have network logon privileges
          for this machine's domain.
          ......................... S4 failed test NetLogons
       Starting test: ObjectsReplicated
          ......................... S4 passed test ObjectsReplicated
       Starting test: Replications
          [Replications Check,S4] A recent replication attempt failed:
             From S1 to S4
             Naming Context: DC=xxxxx,DC=ro
             The replication generated an error (8606):
             Insufficient attributes were given to create an object. This object
 may not exist because it may have been deleted and already garbage collected.
    
             The failure occurred at 2021-04-16 22:58:01.
             The last success occurred at 2020-12-28 16:59:32.
             28728 failures have occurred since the last success.
          [Replications Check,S4] A recent replication attempt failed:
             From S5 to S4
             Naming Context: DC=xxxxx,DC=ro
             The replication generated an error (8606):
             Insufficient attributes were given to create an object. This object
 may not exist because it may have been deleted and already garbage collected.
    
             The failure occurred at 2021-04-16 23:06:18.
             The last success occurred at 2020-12-28 17:00:05.
             116520 failures have occurred since the last success.
          ......................... S4 failed test Replications
       Starting test: RidManager
          ......................... S4 passed test RidManager
       Starting test: Services
             Could not open NTDS Service on S4, error 0x5 "Access is denied."
             w32time Service is stopped on [S4]
          ......................... S4 failed test Services
       Starting test: SystemLog
          ......................... S4 failed test SystemLog
       Starting test: VerifyReferences
          ......................... S4 passed test VerifyReferences
    
    
    Running partition tests on : DomainDnsZones
       Starting test: CheckSDRefDom
          ......................... DomainDnsZones passed test CheckSDRefDom
       Starting test: CrossRefValidation
          ......................... DomainDnsZones passed test
          CrossRefValidation
    
    Running partition tests on : ForestDnsZones
       Starting test: CheckSDRefDom
          ......................... ForestDnsZones passed test CheckSDRefDom
       Starting test: CrossRefValidation
          ......................... ForestDnsZones passed test
          CrossRefValidation
    
    Running partition tests on : Schema
       Starting test: CheckSDRefDom
          ......................... Schema passed test CheckSDRefDom
       Starting test: CrossRefValidation
          ......................... Schema passed test CrossRefValidation
    
    Running partition tests on : Configuration
       Starting test: CheckSDRefDom
          ......................... Configuration passed test CheckSDRefDom
       Starting test: CrossRefValidation
          ......................... Configuration passed test CrossRefValidation
    
    Running partition tests on : xxxxx
       Starting test: CheckSDRefDom
          ......................... xxxx passed test CheckSDRefDom
       Starting test: CrossRefValidation
          ......................... xxxxx passed test CrossRefValidation
    
    Running enterprise tests on : xxxxxxx
       Starting test: LocatorCheck
          ......................... xxxxxxx passed test LocatorCheck
       Starting test: Intersite
          ......................... xxxxx passed test Intersite

Thanks again !

windows-active-directory
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

As this is question is related to an on-premises/local Active Directory and not Azure AD Service I modified the tag.


Kind regards
Andreas Baumgarten

0 Votes 0 ·
razzzz avatar image
0 Votes"
razzzz answered

Hello,

Looks like S1 to S5 is ok | S1 to S4 is ok
But S4 to S5 is nok

C:\Windows\system32>repadmin /replicate S1 S4 "DC=xxxx,DC=ro"
Sync from S4 to S1 completed successfully.


C:\Windows\system32>repadmin /replicate S1 S5 "DC=xxxx,DC=ro"
Sync from S5 to S1 completed successfully.


C:\Windows\system32>repadmin /replicate S4 S5 "DC=xxxx,DC=ro"
DsReplicaSync() failed with status 8606 (0x219e):
Insufficient attributes were given to create an object. This object may not
exist because it may have been deleted and already garbage collected.


Again, thanks a ton !

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

razzzz avatar image
0 Votes"
razzzz answered razzzz edited

I wish all people are like you, a truly lifesaver.
Thank you very, very much for your time and everything you shared.

Indeed I ran that tool and deleted the lingering objects a few days ago but only after I've added the registry values you point I finally got this:

CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

I did this from the S4, S5 and S1 all went ok

Now, If the 3 main domains are ok, we/you :) can focus onto the forest domains.
There are 150 forest domain controllers. A lot of them are running Windows Server 2003 (yes, I know how it sound but trust me it's even worse working with them...)
A 1/4% are Servers 2008 and the rest Server 2012 - the one I managed to change (let's say ... 10 max 15).

Main DC's are : S4 is 2012 | S1 and S5 are Server 2008
The Forest is a complete mess... Sometimes domain users can't connect onto the 2003 Servers and can onto the 2012. Sometimes I can only connect with the local adm acc.
To sum it up, if I may, and of course if you have the time and possibility to track more of my problem....
How to make sure, one by one, tree domain are communicating with main DC's ?

Running a dcdiag from S1 a loooot of errors, but will bring front a few:

   Starting test: SysVolCheck
      [S1] An net use or LsaPolicy operation failed with error 53,
      The network path was not found..
      ......................... S1 failed test SysVolCheck
   Starting test: KccEvent
      A warning event occurred.  EventID: 0x80000786
         Time Generated: 04/27/2021   19:20:32
         Event String:
         The attempt to establish a replication link to a read-only directory  partition with the following parameters failed.

         The failure occurred at 2021-04-27 19:03:43.
         The last success occurred at (never).
         58 failures have occurred since the last success.
      [Replications Check,S1] A recent replication attempt failed:
         From treedomianX to S1
         Naming Context: DC=treedoian,DC=maindomain,DC=ro
         The replication generated an error (1256):
         The remote system is not available. For information about network troubleshooting, see Windows Help.


   Starting test: Replications
      [Replications Check,S1] A recent replication attempt failed:
         From treedomainX to S1
         Naming Context: DC=ForestDnsZones,DC=maindomain,DC=ro
         The replication generated an error (1256):
         The remote system is not available. For information about network troubleshooting, see Windows Help.

         The failure occurred at 2021-04-27 19:02:10.
         The last success occurred at 2021-04-26 06:50:05.
         14 failures have occurred since the last success.

   Starting test: Replications
      [Replications Check,S1] A recent replication attempt failed:
         From treedomainX to S1
         Naming Context: DC=ForestDnsZones,DC=maindomain,DC=ro
         The replication generated an error (1256):
         The remote system is not available. For information about network troubleshooting, see Windows Help.

         The failure occurred at 2021-04-27 19:02:10.
         The last success occurred at 2021-04-26 06:50:05.
         14 failures have occurred since the last success.


        The processing of Group Policy failed. Windows attempted to read the

file \\xxxx\sysvol\xxxxx\Policies{policiname}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 04/27/2021 19:36:07


Thank you !


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered DaisyZhou-MSFT edited

Hello @razzzz,

Thank you for your update.

I am very glad that the information is helpful and the AD replication problem between S1, S4 and S5 has been solved.

Usually, a post only focuses on the troubleshooting of one problem, as you mentioned, our time is also very precious.

However, if you are currently experiencing a lot of problems, you can open a lot of posts, and different posts explain different problems. We are happy to help you.

At the same time, if the problem in this post has been resolved, and if my reply is helpful to you, please accept my helpful post to accept answer. This can help other people with similar problems on the forum to find the answer to the question easily and fast.

As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!

Thank you very much for your understanding and support.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou


============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

razzzz avatar image
0 Votes"
razzzz answered

Again thank you for everything !

Will get back with a new post, after Easter :)

Happy Easter (if you celebrate it) you all !

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.