Hello, I have recently added 2 2003 R2 DC's to my 2k domain. Just transerred the FSMO roles to the first new DC and all seems ok, despite some errors in the event log about there being 2 primary DC's on the network, but a MS article said if I can still log on I can ignore it, I have not had any more of these errors today (I moved them yesterday).
But on the second DC, I now have the following error in the event log;
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2108
Date: 11/12/2007
Time: 09:24:15
User: NT AUTHORITY\SYSTEM
Computer: Domain Controller name
Description:
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.
Object:
CN=a5891a3f-9aab-4ef8-a925-6dd7e29979e7,CN=Partitions,CN=Configuration,DC=XX,DC=local
Object GUID:
878dafdf-2f23-4893-924e-079f74c64e05
Source domain controller:
531b1230-f708-4e02-9015-0097b9291f91._msdcs.XX.local
User Action
Please consult KB article 837932, A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, 3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity". If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the "ntdsutil files compact" function.
8. The "ntdsutil semantic database analysis" should also be performed. If errors are found, they may be corrected using the "go fixup" function. Note that this should not be confused with the database maintenance function called "ESE repair", which should not be used, since it causes data loss for Active Directory Databases.
If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.
Additional Data
Primary Error value:
8409 A database error has occurred.
Secondary Error value:
1 Incorrect function.
For more information, see Help and Support Center at
Now, I have read up and I think the most straight forward thing to do is to untick the box so it no longer holds a Global Catalogue and demote it, as it does not hold any FSMO roles, then promote it again.
My questions are, if people logged on this morning and got authenticated by this DC, will they be thrown off the network?
Has anybody else had this? Did it work?
Thank you loads for any help given. All DC's are totally up to date and I do not see an replication errors on the other DC's.
Regards,
D.
I plug you in, dim the lights,
Electric Barbarella !
But on the second DC, I now have the following error in the event log;
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2108
Date: 11/12/2007
Time: 09:24:15
User: NT AUTHORITY\SYSTEM
Computer: Domain Controller name
Description:
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.
Object:
CN=a5891a3f-9aab-4ef8-a925-6dd7e29979e7,CN=Partitions,CN=Configuration,DC=XX,DC=local
Object GUID:
878dafdf-2f23-4893-924e-079f74c64e05
Source domain controller:
531b1230-f708-4e02-9015-0097b9291f91._msdcs.XX.local
User Action
Please consult KB article 837932, A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, 3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity". If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the "ntdsutil files compact" function.
8. The "ntdsutil semantic database analysis" should also be performed. If errors are found, they may be corrected using the "go fixup" function. Note that this should not be confused with the database maintenance function called "ESE repair", which should not be used, since it causes data loss for Active Directory Databases.
If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.
Additional Data
Primary Error value:
8409 A database error has occurred.
Secondary Error value:
1 Incorrect function.
For more information, see Help and Support Center at
Now, I have read up and I think the most straight forward thing to do is to untick the box so it no longer holds a Global Catalogue and demote it, as it does not hold any FSMO roles, then promote it again.
My questions are, if people logged on this morning and got authenticated by this DC, will they be thrown off the network?
Has anybody else had this? Did it work?
Thank you loads for any help given. All DC's are totally up to date and I do not see an replication errors on the other DC's.
Regards,
D.
I plug you in, dim the lights,
Electric Barbarella !
