- Remove From My Forums
-
Question
-
hi there,
need help please.
in one network, we have 2 servers:
SERVER-1: domain server. first created.
SERVER-2: work as terminal server.
and 1 NAS (synology old version), connect Domain and copy AD using LDAP.
on SERVER-2 joined domain on SERVER-1, and copy Active directory.
everything was going well until I applied Fix356729.
now server-2 need 8-10 minutes to log on, and NAS can’t reach AD on SERVER-1. so users can’t access NAS with AD logon information, must use internal logon information (provided by that NAS).
on Server-1, has event log:
[CODE]
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 07/08/2017 8:05:13
Event ID: 2092
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: SERVER.mydomain.id
Description:This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are
preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=mydomain,DC=id
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity,
DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server.
This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS Replication» />
<EventID Qualifiers=»32768″>2092</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime=»2017-08-07T01:05:13.571822600Z» />
<EventRecordID>23807</EventRecordID>
<Correlation />
<Execution ProcessID=»712″ ThreadID=»872″ />
<Channel>Directory Service</Channel>
<Computer>SERVER.mydomain.id</Computer>
<Security UserID=»S-1-5-7″ />
</System>
<EventData>
<Data>DC=mydomain,DC=id</Data>
</EventData>
</Event>[/CODE]
need help please.
July 27, 2019 by Peter Bursky
As part of my lab setup, I used to run an older physical server which was my Primary Domain Controller and file server. This server also owned all the FSMO roles. In addition to this DC, I also had another virtual DC. All was going well until the hardware finally gave up, and I couldn’t boot the server any more. I said OK, nothing to worry about, I’ll just move all FSMO roles to the virtual DC, and clean up the Active Directory. Only to find out that the AD on the virtual DC was unable to start properly, and I had no access to AD or DNS.
There were 2 events in the Active Directory Domain Services log that seemed to be most relevant to the issue. The first event was a warning Event with ID 2092:
This Server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. Operations which require contacting a FSMO operation master will fail until this condition is corrected.
The second event was an error event with ID 1126:
Active Directory Domain Services was unable to establish a connection with the global catalog.Additional Data
Error Value:
1355 The specified domain either does not exist or could not be contacted
Initially I tried all the usual tricks, even doing a full system state restore, but every time the result was the same. At the time, I had other priorities and left the thing to sit for a while. As I had no investment in the existing AD, I even considered to just scrap the whole AD, and deployed a fresh one. But that didn’t feel quite right. Eventually, I returned to it and after a lot of searching around I came across a response to a fairly obscure post that suggested to make a registry change:
HKLMSYSTEMCurrentControlSetServicesNetlogonParameters
Set SysvolReady from 0 to 1, restart Active Directory Domain Services, and voila, all is back to normal.
And as life happens, shortly after I managed to find the solution to my problem, i was asked to assist with an exact same scenario, but this time it was a production system. This time it was easy just to check the Registry for the SysvolReady key, and have the system back operational in no time.
What can we do about this error?
It was the only good DC in the domain as the other one is broken.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 10/03/2021 09:51:23
Event ID: 2092
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: dc01.domain.local
Description:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=domain,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
http://support.microsoft.com .
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Event Xml:
2092
0
3
5
0
0x8080000000000000
16180
Directory Service
dc01.domain.local
DC=domain,DC=local
hope some one can help me with the subject mentioned error.
My current set is that I have physical Win2k8R2 Box and a Virtual server with the same configuration.
recently I am having replication error with Event ID 1864 and Warning Event ID 2092. When I do «repadmin /showrepl» I get the Following errors.
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-NameMIRACLEDC02
DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
Site Options: (none)
DSA object GUID: fbd8fb1d-1020-465c-8528-3b55af490202
DSA invocationID: 5b746b00-424e-4243-82bc-a35fd38ec672
==== INBOUND NEIGHBORS ======================================
DC=Miracle-Adventure,DC=Com
Default-First-Site-NameMIRACLEDC03 via RPC
DSA object GUID: 0c073222-6d5a-4389-bc07-32b3f4069ac4
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
125 consecutive failure(s).
Last success @ 2014-06-29 09:53:20.
Default-First-Site-NameMIRACLEDC01 via RPC
DSA object GUID: 0ff61eba-7e82-401c-b784-6478146122a3
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
126 consecutive failure(s).
Last success @ 2014-06-29 15:49:36.
CN=Configuration,DC=Miracle-Adventure,DC=Com
Default-First-Site-NameMIRACLEDC01 via RPC
DSA object GUID: 0ff61eba-7e82-401c-b784-6478146122a3
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
126 consecutive failure(s).
Last success @ 2014-06-29 09:49:53.
Default-First-Site-NameMIRACLEDC03 via RPC
DSA object GUID: 0c073222-6d5a-4389-bc07-32b3f4069ac4
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
127 consecutive failure(s).
Last success @ 2014-06-29 09:49:53.
CN=Schema,CN=Configuration,DC=Miracle-Adventure,DC=Com
Default-First-Site-NameMIRACLEDC03 via RPC
DSA object GUID: 0c073222-6d5a-4389-bc07-32b3f4069ac4
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
127 consecutive failure(s).
Last success @ 2014-06-29 09:49:53.
Default-First-Site-NameMIRACLEDC01 via RPC
DSA object GUID: 0ff61eba-7e82-401c-b784-6478146122a3
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
127 consecutive failure(s).
Last success @ 2014-06-29 09:49:53.
DC=DomainDnsZones,DC=Miracle-Adventure,DC=Com
Default-First-Site-NameMIRACLEDC03 via RPC
DSA object GUID: 0c073222-6d5a-4389-bc07-32b3f4069ac4
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
127 consecutive failure(s).
Last success @ 2014-06-29 10:03:19.
Default-First-Site-NameMIRACLEDC01 via RPC
DSA object GUID: 0ff61eba-7e82-401c-b784-6478146122a3
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
126 consecutive failure(s).
Last success @ 2014-06-29 15:48:03.
DC=ForestDnsZones,DC=Miracle-Adventure,DC=Com
Default-First-Site-NameMIRACLEDC03 via RPC
DSA object GUID: 0c073222-6d5a-4389-bc07-32b3f4069ac4
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
127 consecutive failure(s).
Last success @ 2014-06-29 09:49:53.
Default-First-Site-NameMIRACLEDC01 via RPC
DSA object GUID: 0ff61eba-7e82-401c-b784-6478146122a3
Last attempt @ 2014-08-04 11:48:51 failed, result 8457 (0x2109):
The destination server is currently rejecting replication requests.
126 consecutive failure(s).
Last success @ 2014-06-29 15:52:04.
Source: Default-First-Site-NameMIRACLEDC03
******* 127 CONSECUTIVE FAILURES since 2014-06-29 10:03:19
Last error: 8457 (0x2109):
The destination server is currently rejecting replication requests.
Source: Default-First-Site-NameMIRACLEDC01
******* 127 CONSECUTIVE FAILURES since 2014-06-29 15:52:04
Last error: 8457 (0x2109):
The destination server is currently rejecting replication requests.
when I run DCDIAG /test:DNS I ahve no error
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
Home Server = MIRACLEDC02
- Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-NameMIRACLEDC02
Starting test: Connectivity
......................... MIRACLEDC02 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-NameMIRACLEDC02
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... MIRACLEDC02 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : Miracle-Adventure
Running enterprise tests on : Miracle-Adventure.Com
Starting test: DNS
......................... Miracle-Adventure.Com passed test DNS
I have already run the following but it did not solve the problem
repadmin / options miracledc02 -disable_inbound_repl
repadmin / options miracledc02 -disable_outbound_repl
Thank you for your valuable inputs in this regards…..