AD controllers wont synchronize data

-

i have 3 domain controllers in 2008 ad environment. days ago found 1 corrupt , caused problems. server first server in domain , holds certificate service + dfs registrations. servers running on vmware. decided restore de server old backup (12 months old). restored server fine off course outdated , needs synchronized 2 existing.

first cleaned little in dns following procedure:

renamed system32\config\netlogon.dns , netlogon.dnb files
ipconfig /registerdns
net stop netlogon
net start netlogon

that eliminated first error had replication. “the target principal name is
incorrect” next remove lingerine objects using: repadmin /removelingeringobjects restored_server1.domain.com 83feb989-46eb-4c0b-9c6f-bae9ec24542c "dc=domain, dc=com"

then tried following:

repadmin /replicate restored_server1.domain.com working_dc.domain.com dc=domain,dc=com /force

repadmin /replicate restored_server1.domain.com working_dc.domain.com cn=configuration, dc=domain,dc=com /force

repadmin /replicate restored_server1.domain.com working_dc.domain.com cn=schema,cn=configuration, dc=domain,dc=com /force

c:\users\administrator > repadmin /replicate restored_server1.domain.com working_dc.domain.com dc=domain,dc=com /force

repadmin can't connect "home server", because of following error.  try

specifying different home server /homeserver:[dns name]

error: ldap lookup operation failed following error:

 

    ldap error 82(0x52): local error

    server win32 error 0(0x0):

    extended information:

 

 

c:\users\administrator> repadmin /replicate restored_server1.domain.com working_dc.domain.com cn=configuration, dc=domain,dc=com /force

repadmin can't connect "home server", because of following error.  try specifying different home server /homeserver:[dns name]

error: ldap lookup operation failed following error:

 

    ldap error 82(0x52): local error

    server win32 error 0(0x0):

    extended information:

 

 

c:\users\administrator> repadmin /replicate restored_server1.domain.com working_dc.domain.com cn=schema,cn=configuration, dc=domain,dc=com /force

repadmin can't connect "home server", because of following error.  try

specifying different home server /homeserver:[dns name]

error: ldap lookup operation failed following error:

 

    ldap error 82(0x52): local error

    server win32 error 0(0x0):

    extended information:

 

so tried same 3 commands on restored domain controller.

repadmin /replicate restored_server1.domain.com working_dc.domain.com dc=domain,dc=com /force

repadmin /replicate restored_server1.domain.com working_dc.domain.com cn=configuration, dc=domain,dc=com /force

repadmin /replicate restored_server1.domain.com working_dc.domain.com cn=schema,cn=configuration, dc=domain,dc=com /force

 

c:\users\administrator > repadmin /replicate restored_server1.domain.com working_dc.domain.com dc=domain,dc=com /force

dsreplicasync() failed status 8418 (0x20e2):

    the replication operation failed because of schema mismatch between servers involved.

 

 

c:\users\administrator > repadmin /replicate restored_server1.domain.com working_dc.domain.com cn=configuration, dc=domain,dc=com /force

dsreplicasync() failed status 8418 (0x20e2):

    the replication operation failed because of schema mismatch between servers involved.

 

 

c:\users\administrator > repadmin /replicate restored_server1.domain.com working_dc.domain.com cn=schema,cn=configuration, dc=domain,dc=com /force

dsreplicasync() failed status 8451 (0x2103):

    the replication operation encountered database error.

 

any appreciated :-)

i have 3 domain controllers in 2008 ad environment. days ago found 1 corrupt , caused problems. server first server in domain , holds certificate service + dfs registrations. servers running on vmware. decided restore de server old backup (12 months old). restored server fine off course outdated , needs synchronized 2 existing.

you restored dc using 12 months old backup , backup has crossed tombstone period. running certificate services dfs on dc bad design , problem when simple option can done using demote , re-promote of dc when run dc additonal applications.

did use system state backup restore dc or image/snapshot/clone, cloning/imaging/snapshot dc not recommended.

http://support.microsoft.com/kb/888794

the above errors showing secure channel broken, schema mismatch due old been used , see more problems now. should have never been used 12months old backup , backup dc should used based on tombstone period configured in environment.

my suggestion transfer necessary services other dc(if possible ca/dfs on member server) , demote dc.

there no difference between first dc , last dc, because dc shares same info except application installed on particular dc. suggestion demote dc , transfer fsmo role, time server role or other services running on dc dc.

 

regards  

awinish vishwakarma

my blog:  awinish.wordpress.com

this posting provided as-is no warranties/guarantees , confers no rights.


Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more

Failed to setup initiator portal. Error status is given in the dump data.

-
hi team, server configured boot san  after booting  facing issue windows server 2008 r2 system logs continuously generating iscsi port error event id 5 failed setup initiator portal. error status given in dump data. eventdata \device\raidport1 000004000100000000000000050000c0000000000000000000000000000000000000000000000000070200c0 binary data: in words 0000: 00040000 00000001 00000000 c0000005 0008: 00000000 00000000 00000000 00000000 0010: 00000000 00000000 c0000207 in bytes 0000: 00 00 04 00 01 00 00 00 ........ 0008: 00 00 00 00 05 00 00 c0 .......À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 07 02 00 c0 ...À hi, please read through article below troubleshoot issue: error event id 5 logged in system log on computer uses iscsi software initiator connect iscsi target device http://suppo...
Read more