Domain Controller Replication issues

[mdfi13]

I have 3 W2K3 domain controllers, all on the same local LAN. Two of them replicate fine, but one of them does not. After looking in the event logs, I noticed errors 13508, 13509, and 13516 repeating over and over again. I tried a simple file replication test to the C:\WINDOWS\SYSVOL\sysvol\[domain]\scripts, and that replicated fine to all DC's.

Right now, when I add, update or delete AD info on DC 1 and DC 2, those changes do not push to DC 3. When I make a change on DC 3, it does not push to DC's 1 and 2.

Firewall's are disabled on all DC's, and like I said before, simple file replication seems to work fine.

Your help is much appreciated.

 

[mdfi13]

Also, I have restarted the File Replication Services on all DC's and confirmed DNS resolution to and from all DC's.

 

[tahoe2]

Make sure all your trusts are there. (I had a system 'glitch' once and lost all my trust relationships between servers)

 

[Roadki11]

Run DCDIAG and NETDIAG on the problem DC and see what it tells ya. you are looking for any errors.

RoadKi11

 

[mdfi13]

Here are the results of DCDIAG:

-------------------------------
Doing initial required tests

Testing server: Elgin\CCFS1
Starting test: Connectivity
......................... CCFS1 passed test Connectivity

Doing primary tests

Testing server: Elgin\CCFS1
Starting test: Replications
[Replications Check,CCFS1] A recent replication attempt failed:
From CCDC01 to CCFS1
Naming Context: DC=ForestDnsZones,DC=CrystalClean,DC=local
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the t
ime since the last replication with this server has exceeded the tombstone lifet
ime.
The failure occurred at 2007-01-12 12:54:32.
The last success occurred at 2006-08-10 10:48:53.
1019 failures have occurred since the last success.
[Replications Check,CCFS1] A recent replication attempt failed:
From CCDC01 to CCFS1
Naming Context: CN=Schema,CN=Configuration,DC=CrystalClean,DC=local
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the t
ime since the last replication with this server has exceeded the tombstone lifet
ime.
The failure occurred at 2007-01-12 12:54:32.
The last success occurred at 2006-08-10 10:48:53.
1012 failures have occurred since the last success.
[Replications Check,CCFS1] A recent replication attempt failed:
From CCEX01 to CCFS1
Naming Context: CN=Schema,CN=Configuration,DC=CrystalClean,DC=local
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the t
ime since the last replication with this server has exceeded the tombstone lifet
ime.
The failure occurred at 2007-01-12 12:54:32.
The last success occurred at 2006-08-10 10:48:53.
1012 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
CCFS1: Current time is 2007-01-12 13:14:45.
DC=ForestDnsZones,DC=CrystalClean,DC=local
Last replication recieved from CCDC01 at 2006-08-10 10:48:53.
WARNING: This latency is over the Tombstone Lifetime of 60 days!

CN=Schema,CN=Configuration,DC=CrystalClean,DC=local
Last replication recieved from CCEX01 at 2006-08-10 10:48:53.
WARNING: This latency is over the Tombstone Lifetime of 60 days!

Last replication recieved from CCDC01 at 2006-08-10 10:48:53.
WARNING: This latency is over the Tombstone Lifetime of 60 days!

......................... CCFS1 passed test Replications
Starting test: NCSecDesc
......................... CCFS1 passed test NCSecDesc
Starting test: NetLogons
......................... CCFS1 passed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\CCFS01.CrystalClean.loc
al, when we were trying to reach CCFS1.
Server is not responding or is not considered suitable.
......................... CCFS1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... CCFS1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... CCFS1 passed test RidManager
Starting test: MachineAccount
......................... CCFS1 passed test MachineAccount
Starting test: Services
......................... CCFS1 passed test Services
Starting test: ObjectsReplicated
......................... CCFS1 passed test ObjectsReplicated
Starting test: frssysvol
......................... CCFS1 passed test frssysvol
Starting test: frsevent
......................... CCFS1 passed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC00007D8
Time Generated: 01/12/2007 13:09:02
Event String: Internal error: The security descriptor
An Error Event occured. EventID: 0xC00007D8
Time Generated: 01/12/2007 13:09:02
Event String: Internal error: The security descriptor
An Error Event occured. EventID: 0xC00007D8
Time Generated: 01/12/2007 13:09:02
Event String: Internal error: The security descriptor
An Error Event occured. EventID: 0xC00007D8
Time Generated: 01/12/2007 13:09:02
Event String: Internal error: The security descriptor
An Error Event occured. EventID: 0xC00007D8
Time Generated: 01/12/2007 13:09:02
Event String: Internal error: The security descriptor
......................... CCFS1 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2007 13:11:00
Event String: Driver Dell Laser MFP 1815 required for printer
......................... CCFS1 failed test systemlog
Starting test: VerifyReferences
......................... CCFS1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : CrystalClean
Starting test: CrossRefValidation
......................... CrystalClean passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... CrystalClean passed test CheckSDRefDom

Running enterprise tests on : CrystalClean.local
Starting test: Intersite
......................... CrystalClean.local passed test Intersite
Starting test: FsmoCheck
......................... CrystalClean.local passed test FsmoCheck.


-------------------------------------


As you can see, there are several errors.

- The time since the last replication has exceeded the tombstone time. How do you correct that?




- DsGetDcName returned information for \\CCFS01.CrystalClean.local, when we were trying to reach CCFS1. Basiclly, CCFS01.CrystalClean.local and CCFS1.CrystalClean.Local are the same IP (192.168.21.13). There are 3 entries A Host record entries for that IP[(same as parent), CCFS01, ccfs1.]. When I ping each of those host names from that machine, they all come back with a reply.




-An Error Event occured. EventID: 0xC00007D8
Time Generated: 01/12/2007 13:09:02
Event String: Internal error: The security descriptor
(I am not sure what this error means, but I will research it. If anyone knows in the meantime, your help would be appreciated.)