Ok, so is the general concensis that I should attempt to get them talking again? If I kill off the 2000 (which isn't too bad since although it's the primary (so to speak), it's only being used as a file server.
If it's best to do this, how do I hand the reins to my 2003 and gracefully get the 2000 out of the domain. Re adding it doesn't look to be a problem really as long as the 2003 will let it come back. On Fri, Mar 13, 2009 at 3:00 PM, Brian Desmond <[email protected]> wrote: > OK so at this point this box needs to be wiped. 2000 can't be forcibly > demoted without some funny business which I'm not going to document on this > DL, so, wipe the box, and then do a metadata cleanup of the now wiped DC. You > can repromote it after you rebuild it. This isn't a reparable situation... > > > > Thanks, > Brian Desmond > [email protected] > > c - 312.731.3132 > > Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ > Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian > > > -----Original Message----- > From: Free, Bob [mailto:[email protected]] > Sent: Friday, March 13, 2009 11:01 AM > To: NT System Admin Issues > Subject: RE: Replication stopped, how to get going again? > > Yea I started reading this thread did some quick math in my head and > screaming to myself tombstone lifetime, don't let it replicate! > > -----Original Message----- > From: David Lum [mailto:[email protected]] > Sent: Friday, March 13, 2009 7:51 AM > To: NT System Admin Issues > Subject: RE: Replication stopped, how to get going again? > > Um...296635 minutes is about 205 days, it's been broken a long, long time.... > > -----Original Message----- > From: Michael Reid [mailto:[email protected]] > Sent: Friday, March 13, 2009 7:38 AM > To: NT System Admin Issues > Subject: Re: Replication stopped, how to get going again? > > Darn it! I checked the NTDS setting and it's the 2000 server that is > the first server. So now I'm lost on who has lost contact with whome. > > So to sum up at this point: > > Server REMS...2003 that has the error in the event log is NOT the GC > for the domain > Server MAIN...2000 is the GC for the domain and is not getting > different items in the event log but no errors. Most relevant is this: > > "The Directory Service consistency checker has noticed that 7405 > successive replication attempts with CN=NTDS > Settings,CN=REMS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=crystalhomes,DC=com > have failed over a period of 296635 minutes. The connection object > for this server will be kept in place, and new temporary connections > will established to ensure that replication continues. The Directory > Service will continue to retry replication with CN=NTDS > Settings,CN=REMS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=crystalhomes,DC=com; > once successful the temporary connection will be removed. "" > > > > On Fri, Mar 13, 2009 at 10:01 AM, Miller Bonnie L. > <[email protected]> wrote: >> It sounds like the computer account password on the dc that is getting the >> "denied" error is still out of sync--you might try re-syncing it again using >> netdom.exe and/or nltest.exe since it sounds like you're still within 60 >> days of the problem first happening. >> >> To see who is a GC, open ADS&S, drill down to the server object, and get >> properties of the NTDS Settings. >> >> I think you might have trouble with a straight DCpromo at this point since >> they already aren't talking to each other. If re-syncing the DC account >> doesn't work, you'll need to look into using NTDSutil to remove the problem >> dc. >> >> -Bonnie >> >> -----Original Message----- >> From: Michael Reid [mailto:[email protected]] >> Sent: Friday, March 13, 2009 6:52 AM >> To: NT System Admin Issues >> Subject: Re: Replication stopped, how to get going again? >> >> Yes, these servers have been working fine for a year or so. Then a >> month or so ago they got disconnected. Someone else dealt with that >> and they reset the computer account password and it started >> replicating again (didn't get more details than that). >> >> I found that link too, but since that it wasn't a recent addition I >> didn't follow up with it. >> >> >> On Fri, Mar 13, 2009 at 9:44 AM, David Lum <[email protected]> wrote: >>> Has replication ever worked? Is one of these a new DC? >>> >>> Have you Googled that error message? First link takes you here: >>> http://support.microsoft.com/kb/329860 >>> David Lum // SYSTEMS ENGINEER >>> NORTHWEST EVALUATION ASSOCIATION >>> (Desk) 971.222.1025 // (Cell) 503.267.9764 >>> -----Original Message----- >>> From: Michael Reid [mailto:[email protected]] >>> Sent: Friday, March 13, 2009 6:40 AM >>> To: NT System Admin Issues >>> Subject: Replication stopped, how to get going again? >>> >>> We have a 2003 and a 2000 server. Both are Domain controllers (or are >>> suppose to be). When I go into AD users and computers, the second >>> server shows up as a DC. When I go into the first server (2003) it >>> shows it as a member server. >>> >>> on the 2003 I get this error: 8453 Replication access was denied. >>> >>> Passwords, expiries, etc aren't being replicated. I was thinking of >>> just re adding the second server to the domain again by DCPROMO'ing >>> it. However, this wouldn't go well if it's the global catalogue server >>> I'm assuming. How could I tell which server was made first (the GC)? >>> >>> Any other suggestions? >>> >>> 'preciate it. >>> >>> Michael >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >>> >>> >>> >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
