error event id 1864 but replication is OK!

  • 208 Views
  • Last Post 07 February 2017
MatCollins posted this 30 January 2017

Hello Experts!

We have a Hub-n-Spoke AD in which, in some child domains I see error 1864 in event viewer which indicates there has been longtime since the last time Schema,Configuration partition had been replicated. 

The point is, although there are errors like that in ever viewer, but I see no error when i run Repadmin /syncall or even when I force replication between two domain controllers in Site-n-Services, I get no errors.

Do you guiys think shall I ignore it?

Order By: Standard | Newest | Votes
gmondrag posted this 30 January 2017

You'd better check everything related to the error. Here is a blog where a user experienced a similar issue for days and all the troubleshooting steps followed to actually make sure the error disappeared. This may help you: https://social.technet.microsoft.com/Forums/sharepoint/en-US/5ee08d4f-7ae6-4919-b0d6-4c912339d4b4/event-id-1864-activedirectorydomainservice-replication-error?forum=winserverDS

daemonr00t posted this 30 January 2017

Bear in mind that the error might be specific to a certain partition while others are ok.

Try making a diagram of your topology and check the flow of the replication so you can pinpoint where the issue is.

You better take care of this before exceeding the TSL and getting that partition completely banned from replication (assuming SRC is enabled).

 

 

~danny CS


Sent from Mail for Windows 10

 

show

MatCollins posted this 31 January 2017

Thank you everyone!

Well talking about the partitions, it shows that the 'Configuration' partition has not been replicated for long time but..wait a minute, I just upgraded the whole forest to 2012 R2 which means the ADPREP updates had received by all DC's. In addition why it shows that event for 'Configuration' partition while I can replicate IN\OUT from that DC to my root domains.. I am confused...

There is one more thing. I also see 1864 events from domain partitions outside.. I mean we have a hub-n-spoke with 5 child domains, so assuming that, why would Domain A tries to replicate information (Domain Partition not Schema) of Domain B. I do not get it..

Thanks for your ideas.

daemonr00t posted this 31 January 2017

Bear in mind that the Global Catalog follows the same replication topology info as the Configuration and Schema partitions.


Have you checked in the Lost-N-Found container for any conflicting nTDSSettings objects?







~dannyCS


Sent from my mobile







show

MatCollins posted this 05 February 2017

Sorry for the delay..

So I found out something which made me not to ignore this error although there is no replication error. Lets consider my envronment:

We have 10 child domains. I call it Child domain 1..10. Here is the problem:

  • In domain 1 there are 1864 events which indicates that it needs replication from domain 5.6.7..
  • In domain 2 there are 1864 events which indicates that it needs replication from domain 5.6.7.
  • In domain 3 there are 1864 events which indicates that it needs replication from domain 5.6.7.
  • In domain 4 there are 1864 events which indicates that it needs replication from domain 5.6.7.

OK! sound strange. Because they are child domains. So:

  • Why "dc=domain 1,dc=contoso,dc=com" needs replicatation from "DC=domain 2,dc=contoso,dc=com"? They are domain partitions!

So far I found out I have replication problems event from (domain 5,6,7, Configuration, Schema) in all domains though the repadmin and dcdiag shows OK!

Daemon can you be clearer to me please? In lost-n-found i see nothing.

daemonr00t posted this 05 February 2017

Based on what you describe I smell a Global Catalog issue here.


Remember a GC is a read-only subset of all domain partitions in the forest.


Can you try dropping and the recreating the GC on one of the faulty servers?



~dannyCS


Sent from my Windows Phone








show

MatCollins posted this 06 February 2017

Thank you. Yes I can test.

Is unchecking the Global Catalog checkbox in site and services for one of those domains (5,6,7) is enough and after that the GC partition should wipe itself from NTDS or I have to do more thing?

MatCollins posted this 06 February 2017

Update: I did a "re-GlobalCatalog" on domain controllers of one of the child domains and waiting to see the results.

Just a side question: In a hub-and-spoke topolgy with child domains and when there is no routing between child domains, how a DC from domain B can have PAS replication with Domain C when there is no routing?

 

daemonr00t posted this 06 February 2017

There should be routing somewhere as the Configuration and Schema partitions are the same forest wide.


GC follows Configuration replication topology.







~dannyCS


Sent from my mobile







show

Rajeev Chauhan posted this 06 February 2017

if  could have  used repadmin /unhost <dc-name> <partition-name> repadmin /rehost <dc-name> <partition to rehost> <good-source-dc>


show

MatCollins posted this 07 February 2017

Update: After doing what u suggested Danny, I still have problems. So I see error 1864 which indicates:

  • "This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals. "

Basically I have error 1864 for partitions below in all my child domains. (DomainA,B,C are always in event, There is no sign of other DomainsD,E,F,..)

  • DC=DomainA,DC=Contoso,DC=Com 
  • DC=DomainB,DC=Contoso,DC=Com 
  • DC=DomainC,DC=Contoso,DC=Com
  • DC=ForestDnsZones,DC=Contoso,DC=Com
  • CN=Schema,CN=Configuration,DC=Contoso,DC=Com
  • CN=Configuration,DC=Contoso,DC=Com

 

MatCollins posted this 07 February 2017

Another Update: Just noticed in LostnfoundConfig in ADSIEDIT, I have conflicted objects as below:

I will surely delete them and probably it will my problem. But the questions are:

  • How did they generated?
  • Why these CNF objects, result in that event ID in all domain controllers? 

This questions are so important because I would like to understand what happened in background. 

P.S: Thank you Danny for guiding me! :)

Rajeev Chauhan posted this 07 February 2017

Check your site and service and see how replication is set. CNF can be removed.


show

daemonr00t posted this 07 February 2017

A couple of things here…

 

Yeah, get rid of those CNF objects, they are just the outcome of the conflict resolution process.

You can find more information here

http://windowsitpro.com/windows/i-have-objects-my-active-directory-ad-domain-have-cnf-their-name-followed-globally-unique-id

 

Now keep in mind that AD assumes all network segments are routable/reachable to check your connections.

 

I would remove any static bridgeheads and also issue KCC on all controllers.

 

Then I also suggest checking replication with this tool

http://activedirectoryutils.codeplex.com/

 

This must be done slowly as it’s a forest wide thing. So before pulling the trigger make a diagram of the environment, check how is info flowing and then work based on that.

 

On the DNS side, are all DCs properly registered in the _msdcs zone?

 

~danny CS


Sent from Mail for Windows 10

 

show

Close