G
Guest
Hi,
I have a problem with replication to a child domain (test.optimax.co.uk)
that I recently had to manually rebuild as the only available DC died.
To rebuild the domain I had to manually remove all entries to the old
test.optimax.co.uk domain, and then re dcpromo a new box.
Since then, I cannot replicate test.optimax.co.uk from a dc that belongs to
the parent domain optimax.co.uk but is in a remote site.
Replication to parent domain controllers in the same site is no problem.
The error messages I get in the eventlog are:
Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1083
Date: 24/06/2005
Time: 09:50:11
User: Everyone
Computer: OPTBIRDC01
Description:
Replication warning: The directory is busy. It couldn't update object
DC=test,DC=Optimax,DC=co,DC=uk with changes made by directory
ea7055e5-e659-41f8-9b7e-574280d6ac1a._msdcs.Optimax.co.uk. Will try again
later.
Closely Followed by:
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 24/06/2005
Time: 09:50:11
User: N/A
Computer: OPTBIRDC01
Description:
The attempt to establish a replication link with parameters
Partition: DC="test
CNF:a48382c3-f66b-4fda-8eac-5cf5c0baf279",DC=Optimax,DC=co,DC=uk
Source DSA DN: CN=NTDS
Settings,CN=OPTLONDC01,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=Optimax,DC=co,DC=uk
Source DSA Address: ea7055e5-e659-41f8-9b7e-574280d6ac1a._msdcs.Optimax.co.uk
Inter-site Transport (if any): CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=Optimax,DC=co,DC=uk
failed with the following status:
The directory service is too busy to complete the replication operation at
this time.
The record data is the status code. This operation will be retried.
Data: 0000: f6 20 00 00 ö ..
Both these messages are can be ok, as the DC is reporting itself as busy
which may be true. However I am seeing these mesages over and over again, so
its obvious that the server is not busy, somehow it cannot be contacted.
I checked the IP of the GUID in the message and it is going to the correct
FSMO role holder.
If a run DCDIAG, then I get an error on the KCCEVENT test, all the others
are ok.
so running dcdiag /V /TEST:KCCEVENT gives pretty the same information as
displayed in the event logs. Not much help.
Looking up event id 1083 on the web the most relevant article I can find is
MS article 296714.
"A duplicate object is present in Active Directory for the replication
partner of the local domain controller. When the local domain controller
receives the replication updates that contain duplicate objects from the
domain controller's replication partner, the local domain controller cannot
perform the updates on those objects, and therefore it logs a warning in the
directory service event log."
Which sounds to me as very likely because of the way I had to recently
remove and re-add the test domain.
So I tried connecting with LDP.exe as the article sugests.
This is where I get a bit lost
From the site where I am having problems, I can connect to the DC that I
want to replicate with, and Bind no problem.
when I search for
Base DN: dc=test,dc=optimax,dc=co,dc=uk
Filter objectclass=*
I get the following:
***Searching...
ldap_search_s(ld, "dc=test,dc=optimax,dc=co,dc=uk", 1, "objectclass=*",
attrList, 0, &msg)
Error: Search: Referral. <10>
Result <10>: 0000202B: RefErr: DSID-031005E2, data 0, 1 access points
ref 1: 'test.optimax.co.uk'
Matched DNs:
Getting 0 entries:
I think Error 10 has something to do with the fact that the DC is looking
for the test object, cannot find it and then tries to refer the request, at
which point it can go no further.
I am not really sure what the next steps to troubleshoot this are, this is
serious LDAP terriotory where I have not been before!
Any ideas (thanks if you even got this far) would be great!
I have not changed any of the passwords recently.
Nick
I have a problem with replication to a child domain (test.optimax.co.uk)
that I recently had to manually rebuild as the only available DC died.
To rebuild the domain I had to manually remove all entries to the old
test.optimax.co.uk domain, and then re dcpromo a new box.
Since then, I cannot replicate test.optimax.co.uk from a dc that belongs to
the parent domain optimax.co.uk but is in a remote site.
Replication to parent domain controllers in the same site is no problem.
The error messages I get in the eventlog are:
Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1083
Date: 24/06/2005
Time: 09:50:11
User: Everyone
Computer: OPTBIRDC01
Description:
Replication warning: The directory is busy. It couldn't update object
DC=test,DC=Optimax,DC=co,DC=uk with changes made by directory
ea7055e5-e659-41f8-9b7e-574280d6ac1a._msdcs.Optimax.co.uk. Will try again
later.
Closely Followed by:
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 24/06/2005
Time: 09:50:11
User: N/A
Computer: OPTBIRDC01
Description:
The attempt to establish a replication link with parameters
Partition: DC="test
CNF:a48382c3-f66b-4fda-8eac-5cf5c0baf279",DC=Optimax,DC=co,DC=uk
Source DSA DN: CN=NTDS
Settings,CN=OPTLONDC01,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=Optimax,DC=co,DC=uk
Source DSA Address: ea7055e5-e659-41f8-9b7e-574280d6ac1a._msdcs.Optimax.co.uk
Inter-site Transport (if any): CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=Optimax,DC=co,DC=uk
failed with the following status:
The directory service is too busy to complete the replication operation at
this time.
The record data is the status code. This operation will be retried.
Data: 0000: f6 20 00 00 ö ..
Both these messages are can be ok, as the DC is reporting itself as busy
which may be true. However I am seeing these mesages over and over again, so
its obvious that the server is not busy, somehow it cannot be contacted.
I checked the IP of the GUID in the message and it is going to the correct
FSMO role holder.
If a run DCDIAG, then I get an error on the KCCEVENT test, all the others
are ok.
so running dcdiag /V /TEST:KCCEVENT gives pretty the same information as
displayed in the event logs. Not much help.
Looking up event id 1083 on the web the most relevant article I can find is
MS article 296714.
"A duplicate object is present in Active Directory for the replication
partner of the local domain controller. When the local domain controller
receives the replication updates that contain duplicate objects from the
domain controller's replication partner, the local domain controller cannot
perform the updates on those objects, and therefore it logs a warning in the
directory service event log."
Which sounds to me as very likely because of the way I had to recently
remove and re-add the test domain.
So I tried connecting with LDP.exe as the article sugests.
This is where I get a bit lost
From the site where I am having problems, I can connect to the DC that I
want to replicate with, and Bind no problem.
when I search for
Base DN: dc=test,dc=optimax,dc=co,dc=uk
Filter objectclass=*
I get the following:
***Searching...
ldap_search_s(ld, "dc=test,dc=optimax,dc=co,dc=uk", 1, "objectclass=*",
attrList, 0, &msg)
Error: Search: Referral. <10>
Result <10>: 0000202B: RefErr: DSID-031005E2, data 0, 1 access points
ref 1: 'test.optimax.co.uk'
Matched DNs:
Getting 0 entries:
I think Error 10 has something to do with the fact that the DC is looking
for the test object, cannot find it and then tries to refer the request, at
which point it can go no further.
I am not really sure what the next steps to troubleshoot this are, this is
serious LDAP terriotory where I have not been before!
Any ideas (thanks if you even got this far) would be great!
I have not changed any of the passwords recently.
Nick