How to troubleshoot Active Directory operations that fail with error 8456 or 8457: "The...



Similar documents
VMware and VSS: Application Backup and Recovery

How to install Small Business Server 2003 in an existing Active

ms-help://ms.technet.2005mar.1033/enu_kbntrelease/ntrelease/ htm

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe

This article was previously published under Q SUMMARY

9. Which is the command used to remove active directory from a domain controller? Answer: Dcpromo /forceremoval

Windows Server 2008 Active Directory Resource Kit

Symantec Backup Exec 2014 Icon List

Installing Active Directory

Protecting Active Directory

Microsoft Active Directory (AD) Service Log Configuration Guide

Endpoint Client Installation using Group Policy (Logon Script):

Active Directory Restoration

Investigating the Use of Virtual Servers to Improve the Restoration Process of an Active Directory Forest

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

TAC Virtualizing a Windows Active Directory Domain Infrastructure. Chris Skinner Technical Instructor Education Services VMware, Inc.

SAM Backup and Restore Guide. SafeNet Integration Guide

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services

Dell Spotlight on Active Directory Deployment Guide

Troubleshooting Active Directory Replication Errors

Chapter 3: Building Your Active Directory Structure Objectives

Backup and Disaster Recovery Restoration Guide

IT ACADEMY LESSON PLAN. Microsoft Windows Server Active Directory

Directory Backup and Restore

How the Active Directory Installation Wizard Works

Delete Failed DCs from Active Directory

Creating a Domain Tree

Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

NETWRIX ACCOUNT LOCKOUT EXAMINER

Windows Server Firewall Configuration

Active Directory Infrastructure Design Document

Using Emergency Restore to recover the vcenter Server has the following benefits as compared to the above methods:

Tips and Tricks. Active Directory Troubleshooting. Don Jones

Exam : TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist. Title : Version : DEMO

Backup Exec System Recovery 7.0 Best Practices

Active Directory Recovery Planning for Small and Large Organizations. By Alan Klietz Algin Technology LLC. Algin. Technology

Actualtests.com - The Power of Knowing

Forests, trees, and domains

How to Operate Active Directory: Tips & Tricks

Creating a New Domain Tree in the Forest

ms-help://ms.technet.2004jul.1033/win2ksrv/tnoffline/prodtechnol/win2ksrv/reskit/distsys/part1/dsgch06.htm

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering

Backup Exec 12.5 Icons Glossary

WHITE PAPER. Virtualizing a Windows Active Directoy Domain Infrastructure

Outline SSS Microsoft Windows Server 2008 Hyper-V Virtualization

Active Directory backup and restore with Acronis Backup & Recovery 11. Technical white paper. o o. Applies to the following editions: Advanced Server

Module 7: Implementing Sites to Manage Active Directory Replication

Windows.NET Beta 3 Active Directory New Features

Active Directory Disaster Recovery

ACTIVE DIRECTORY REPLICATION: HOW IT WORKS

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide

Univention Corporate Server. Operation of a Samba domain based on Windows NT domain services

MICROSOFT WINDOWS SERVER8 ADMINISTRATION

MCSE TestPrep: Windows NT Server 4, Second Edition Managing Resources

White Paper Monitoring Active Directory Using System Center Operations Manager 2007 R2

BMC Performance Manager Active Directory Best Practices White Paper

Core Active Directory Administration

6425C - Windows Server 2008 R2 Active Directory Domain Services

Implementing and Supporting Microsoft Windows XP Professional

UNIT 5 ADDITIONAL PROJECTS BEFORE YOU BEGIN. Installing a Replica Domain Controller. You want to improve fault tolerance and performance on

IBM Tivoli Storage Manager for Databases Version Data Protection for Microsoft SQL Server Messages IBM

Module 2: Implementing an Active Directory Forest and Domain Structure

Active Directory Diagnostic Tool

Dell Active Administrator 8.0

Microsoft Virtual Labs. Active Directory New User Interface

2003 O/S. when installed (gets installed as a stand alone server) to promoting to D.C. We have to install A.D.

Get Success in Passing Your Certification Exam at first attempt!

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

Active Directory backup and restore with Acronis Backup & Recovery 10

IT Test - Server Administration

5nine Hyper-V Commander

CONFIGURING TARGET ACTIVE DIRECTORY DOMAIN FOR AUDIT BY NETWRIX AUDITOR

Maintaining a Microsoft Windows Server 2003 Environment

With Windows Server 2003 Active Directory

Recovery Manager for Active Directory Forest Edition 8.6.4

Acronis Backup & Recovery 11.5 Quick Start Guide

Windows Server 2012 AD Backup and Disaster Recovery Procedures

Understanding. Active Directory Replication

Integrating LANGuardian with Active Directory

Microsoft. Official Course. Introduction to Active Directory Domain Services. Module 2

Modular Messaging. Release 4.0 Service Pack 4. Whitepaper: Support for Active Directory and Exchange 2007 running on Windows Server 2008 platforms.

Acronis Backup & Recovery 10 Server for Windows. Installation Guide

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services...

How to Configure Microsoft System Operation Manager to Monitor Active Directory, Group Policy and Exchange Changes Using NetWrix Active Directory

TROUBLESHOOTING GUIDE

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

Server Manager Performance Monitor. Server Manager Diagnostics Page. . Information. . Audit Success. . Audit Failure

ST0-141 Q&A. DEMO Version

Implement and Admin Directory Services Infrastructure (70-217)

10215A Implementing and Managing Microsoft Server Virtualization

vtcommander Installing and Starting vtcommander

Windows Time Service Mark E. Donaldson

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Windows Administration Terminal Services, AD and the Windows Registry. INLS 576 Spring 2011 Tuesday, February 24, 2011

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Moving the TRITON Reporting Databases

Upgrade Guide BES12. Version 12.1

Installing Active Directory on Windows Server 2008 by Daniel Petri - January 8, 2009 Printer Friendly Version

User Migration Tool. Note. Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1) 1

Transcription:

Page 1 sur 7 Article ID: 2023007 - Last Review: January 27, 2011 - Revision: 11.0 How to troubleshoot Active Directory operations that fail with error 8456 or 8457: "The source destination server is currently rejecting replication requests" Symptoms 1. The DCPROMO promotion of a new domain controller in an existing forest fails with the error "The source server is currently rejecting replication requests." Dialog title text: Active Directory Installation Wizard Dialog message text: The operation failed because: Active Directory could not transfer the remaining data in directory partition <directory partition DN path> to domain controller <destination DC>. "The source server is currently rejecting replication requests." 2. DCDIAG reports the error "The source server is currently rejecting replication requests" or "The destination server is currently rejecting replication requests." Testing server: Default-First-Site-Name\<DC NAME> Starting test: Replications * Replications Check [Replications Check,<DC NAME>] A recent replication attempt failed: options From IADOMINO to <DC NAME> Naming Context: DC=<DN path of partition> The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at <Date> <Time>. The last success occurred at <Date> <time>. 957 failures have occurred since the last success. Replication has been explicitly disabled through the server Testing server: Default-First-Site-Name\<DC NAME> Starting test: Replications * Replications Check [Replications Check,<DC NAME>] A recent replication attempt failed: From IADOMINO to <DC NAME> Naming Context: DC=<DN path of partition>

Page 2 sur 7 requests. options The replication generated an error (8457): The destination server is currently rejecting replication The failure occurred at <Date> <Time>. The last success occurred at <Date> <time>. 957 failures have occurred since the last success. Replication has been explicitly disabled through the server 3. REPADMIN indicates that incoming and outgoing Active Directory replication may be failing with the error "The source destination server is currently rejecting replication." DC=Contoso,DC=COM <site name>\<dc name> via RPC requests. DC object GUID: <objectguid of source DCs NTDS settings object> Last attempt @ <date> <time> failed, result 8457 (0x2109): The destination server is currently rejecting replication DC=Contoso,DC=COM <site name>\<dc name> via RPC DC object GUID: <objectguid of source DCs NTDS settings object> Last attempt @ <date> <time> failed, result 8456 (0x2108): The source server is currently rejecting replication requests. Note REPADMIN commands may display both the hexadecimal and the decimal equivalent for the "currently rejecting replication" error. 4. Event sources and event IDs that indicate that a USN rollback has occurred include but are not limited to the following. Event source Event ID Event string NTDS KCC 1308 The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed. NTDS KCC 1925 The attempt to establish a replication link for the following writable directory partition failed. NTDS KCC 1926 The attempt to establish a replication link to a read-only directory partition with the following parameters failed NTDS Replication 1586 The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master

Page 3 sur 7 was unsuccessful. A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might occur if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint. The checkpoint process will be tried again in four hours. NTDS Replication 2023 The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition. Microsoft-Windows- ActiveDirectory_DomainService Microsoft-Windows- ActiveDirectory_DomainService 2095 During an Active Directory Domain Services replication request, the local domain controller (DC) identified a remote DC which has received replication data from the local DC by using already acknowledged USN tracking numbers. 2103 The Active Directory Domain Services database was restored by using an unsupported restoration procedure. Active Directory Domain Services will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused. Where embedded status codes 8456 and 8457 map to the following. Decimal error Hexadecimal error Error string 8456 2108 The source server is currently rejecting replication 8457 2109 The destination server is currently rejecting replication 5. NTDS General Event 2013 may be logged in the Directory Services event log. This indicates that a USN rollback occurred because of an unsupported

Page 4 sur 7 rollback or restore of the Active Directory Database. Event Type: Error Event Source: NTDS General Event Category: Service Control Event ID: 2103 Date: <date> Time: <time> User: <user name> Computer: <computer name> Description: The Active Directory database has been restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused. User Action See previous event logs for details. For more information, vist the Help and Support Center at http://support.microsoft.com/. 6. NTDS General Event 1393 may be logged in the Directory Services event log. This indicates that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space: Event Type: Error Event Source: NTDS General Event Category: Service Control Event ID: 1393 Date: <date> Time: <time> User: <user name> Computer: <computer name> Description: Attempts to update the Directory Service database are failing with error 112. Since Windows will be unable to log on users while this condition persists, the NetLogon service is being paused. Make sure that sufficient free disk space is available on the drives where the directory database and log files reside. Cause Incoming or outgoing replication was automatically disabled by the operating system because of multiple root causes or was manually disabled by an administrator. The operating system automatically makes four configuration changes when one of three conditions occurs. The four configuration changes are as follows: 1. Incoming Active Directory replication is disabled. 2. Outgoing Active Directory replication is disabled. 3. "DSA not writable" is set to a nonzero value in the registry. 4. The NETLOGON service status is changed from "running" to "paused."

Page 5 sur 7 The three events that trigger these four automatic configuration changes are as follows: 1. A USN rollback occurred (NTDS General Event 2103). 2. The hard disk is full (NTDS General Event 1393). 3. A corrupt UTD vector is present (Event 2881). All four configuration changes can also be made manually by a user who has sufficient credentials. Do not assume that any nonzero value for "DSA not writable" or that a source or destination server "is currently rejecting replication requests" during DCPROMO / AD Replication definitively means that a USN rollback has occurred and that such domain controllers implicitly have to be force-demoted or force-repromoted. Demotion may be the correct option. However, it may be excessive in the case of insufficient free disk space. Resolution 1. Check the value for "DSA not writable." For each domain controller that is logging the 8456 or 8457 error, determine whether one of the three triggering events automatically disabled incoming or outgoing Active Directory Replication by reading the value for "DSA not writable" from the local registry. When replication is automatically disabled, the operating system writes one of four possible values to "DSA not writable": Path Setting HKLM\System\CurrentControlSet\Services\NTDS DSA not writable Type (Reg_dword) Values #define DSA_WRITABLE_GEN 1 #define DSA_WRITABLE_NO_SPACE 2 #define DSA_WRITABLE_USNROLLBCK 4 #define DSA_WRITABLE_CORRUPT_UTDV 8 A value of 1 can be written only when the forest version is incompatible with the OS (for example, the W2K DC is promoted into a W2K3 forest functional level forest or the like). A value of 2 means that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space. A value of 4 means that a USN rollback occurred because the Active Directory database was incorrectly rolled back in time. Operations that are known to cause a USN rollback include the following: The booting from previously saved virtual machine snapshots of domain controller role computers on Hyper-V or VMWARE hosts Incorrect physical-to-virtual (P2V) conversions in forests that contain more than one domain controller

Page 6 sur 7 Restoring DC role computers by using imaging products such as Ghost Rolling the contents of a partition that is hosting the active directory database back in time by using an advanced disk subsystem A value of 8 indicates that the up-to-dateness-vector is corrupted on the local DC. Technically, "DSA not writable" could consist of multiple values. For example, a registry value of 10 would indicate insufficient disk space and a corrupted UTD. Typically, a single value is written to "DSA not writable." Note It is common for support professionals and administrators to partly disable the replication quarantine by enabling outgoing replication, by enabling incoming replication, by changing the startup value for the NETLOGON service from disabled to automatic, and by starting the NETLOGON service. Therefore, the full quarantine configuration may not be in place when it is examined. 2. Check the Directory Service event log for quarantine events. Assuming the Directory Service event log has not wrapped, you may find one or more related events logged in the Directory Service event log of a domain controller that is logging the 8456 or 8457 error. NTDS General 2103 The Active Directory database was restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused. User Action See previous event logs for more information. NTDS General Event 1393 There is insufficient space on the disk. Event 2881 Not applicable 3. Perform the recovery based on the value of "DSA not writable" or on events that are logged on the system: If "DSA not writable" equals 4 or if NTDS General Event 2103 is logged, perform the recovery steps for a USN Rollback. For more information, see Microsoft Knowledge Base article 875495. If "DSA not writable" equals 2 or if NTDS General event 1393 is logged, check for sufficient free disk space on the physical and virtual partitions that are hosting the Active Directory database and log files. Free up space as required. If "DSA not writable" equals 8, demote and then repromote the domain controller before it can replicate its bad value to other domain controllers in the forest.

Page 7 sur 7 APPLIES TO Keywords: KB2023007 Vous avez besoin d'une aide supplémentaire? Contactez le support technique par email, en ligne ou par téléphone Aide et Support Microsoft 2011 Microsoft

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information