При репликации возникла ошибка 8456

Здравствуйте! Вот dcdiag проблемного сервера. Хотелось бы найти самый безболезненный способ решения проблемы:

Здравствуйте! Вот dcdiag проблемного сервера. Хотелось бы найти самый безболезненный способ решения
проблемы: 

Диагностика сервера каталогов

Выполнение начальной настройки:
   Выполняется попытка поиска основного сервера…
   Основной сервер = GK1-EX
   * Определен лес AD.
   Сбор начальных данных завершен.

Выполнение обязательных начальных проверок

   Сервер проверки: Default-First-Site-NameGK1-EX
      Запуск проверки: Connectivity
         ……………………. GK1-EX — пройдена проверка Connectivity

Выполнение основных проверок

   Сервер проверки: Default-First-Site-NameGK1-EX
      Запуск проверки: Advertising
         Внимание: DsGetDcName вернул сведения для \GK1-AD.gimnasium.com.ua
         при попытке получения доступа к GK1-EX.
         СЕРВЕР НЕ ОТВЕЧАЕТ или НЕ СЧИТАЕТСЯ ПРИЕМЛЕМЫМ.
         ……………………. GK1-EX — не пройдена проверка Advertising
      Запуск проверки: FrsEvent
         ……………………. GK1-EX — пройдена проверка FrsEvent
      Запуск проверки: DFSREvent
         ……………………. GK1-EX — пройдена проверка DFSREvent
      Запуск проверки: SysVolCheck
         ……………………. GK1-EX — пройдена проверка SysVolCheck
      Запуск проверки: KccEvent
         ……………………. GK1-EX — пройдена проверка KccEvent
      Запуск проверки: KnowsOfRoleHolders
         ……………………. GK1-EX — пройдена проверка
         KnowsOfRoleHolders
      Запуск проверки: MachineAccount
         ……………………. GK1-EX — пройдена проверка MachineAccount
      Запуск проверки: NCSecDesc
         ……………………. GK1-EX — пройдена проверка NCSecDesc
      Запуск проверки: NetLogons
         ……………………. GK1-EX — пройдена проверка NetLogons
      Запуск проверки: ObjectsReplicated
         ……………………. GK1-EX — пройдена проверка ObjectsReplicated
      Запуск проверки: Replications
         [Проверка репликации,Replications Check] Входящая репликация
         отключена.
         Для исправления выполните «repadmin /options GK1-EX
         -DISABLE_INBOUND_REPL»
         [Проверка репликации,GK1-EX] Исходящая репликация отключена.
         Для исправления выполните «repadmin /options GK1-EX
         -DISABLE_OUTBOUND_REPL»
         ……………………. GK1-EX — не пройдена проверка Replications
      Запуск проверки: RidManager
         ……………………. GK1-EX — пройдена проверка RidManager
      Запуск проверки: Services
            Служба w32time в [GK1-EX] остановлена
            Служба NETLOGON в [GK1-EX] приостановлена
         ……………………. GK1-EX — не пройдена проверка Services
      Запуск проверки: SystemLog
         Возникло предупреждение. Код события (EventID): 0x80001412
            Время создания: 08/05/2014   09:51:34
            Строка события:
            Рабочий процесс «68672», обслуживающий пул приложений «MSExchangeRpc
ProxyAppPool», не смог остановить канал прослушивателя для протокола «http» в от
веденный интервал времени.  Поле данных содержит номер ошибки.
         Возникло предупреждение. Код события (EventID): 0x80001395
            Время создания: 08/05/2014   09:51:34
            Строка события:
            Процесс, обслуживающий пул приложений «MSExchangeRpcProxyAppPool», п
ревысил лимиты времени для завершения работы. Идентификатор процесса «68672».
         Возникло предупреждение. Код события (EventID): 0x80001412
            Время создания: 08/05/2014   10:19:02
            Строка события:
            Рабочий процесс «68832», обслуживающий пул приложений «MSExchangeRpc
ProxyAppPool», не смог остановить канал прослушивателя для протокола «http» в от
веденный интервал времени.  Поле данных содержит номер ошибки.
         Возникло предупреждение. Код события (EventID): 0x80001395
            Время создания: 08/05/2014   10:19:02
            Строка события:
            Процесс, обслуживающий пул приложений «MSExchangeRpcProxyAppPool», п
ревысил лимиты времени для завершения работы. Идентификатор процесса «68832».
         Возникла ошибка. Код события (EventID): 0xC0001B77
            Время создания: 08/05/2014   10:22:16
            Строка события:
            Служба Клиентский доступ к Microsoft Exchange RPC была неожиданно за
вершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпри
нято через 5000 мсек: Перезапуск службы.
         ……………………. GK1-EX — не пройдена проверка SystemLog
      Запуск проверки: VerifyReferences
         ……………………. GK1-EX — пройдена проверка VerifyReferences

   Выполнение проверок разделов на: ForestDnsZones
      Запуск проверки: CheckSDRefDom
         ……………………. ForestDnsZones — пройдена проверка
         CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. ForestDnsZones — пройдена проверка
         CrossRefValidation

   Выполнение проверок разделов на: DomainDnsZones
      Запуск проверки: CheckSDRefDom
         ……………………. DomainDnsZones — пройдена проверка
         CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. DomainDnsZones — пройдена проверка
         CrossRefValidation

   Выполнение проверок разделов на: Schema
      Запуск проверки: CheckSDRefDom
         ……………………. Schema — пройдена проверка CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. Schema — пройдена проверка
         CrossRefValidation

   Выполнение проверок разделов на: Configuration
      Запуск проверки: CheckSDRefDom
         ……………………. Configuration — пройдена проверка
         CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. Configuration — пройдена проверка
         CrossRefValidation

   Выполнение проверок разделов на: gimnasium
      Запуск проверки: CheckSDRefDom
         ……………………. gimnasium — пройдена проверка CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. gimnasium — пройдена проверка
         CrossRefValidation

   Выполнение проверок предприятия на: gimnasium.com.ua
      Запуск проверки: LocatorCheck
         ……………………. gimnasium.com.ua — пройдена проверка
         LocatorCheck
      Запуск проверки: Intersite
         ……………………. gimnasium.com.ua — пройдена проверка
         Intersite

Источник
  • Remove From My Forums

  • Question

  • I got this error when i run the repadmin /showreplsummay.

    Source and destination server is currently rejecting replication requests. error code 8456 and 8457.

    Appreciate if any resolution that could help me out on this.

    i have been to this link below

    https://support.microsoft.com/en-us/help/2023007/troubleshooting-ad-replication-error-8456-or-8457-the-source-destinati

    and

    https://support.microsoft.com/en-us/help/875495/how-to-detect-and-recover-from-a-usn-rollback-in-windows-server-2003,but none for 2008 Server R2.

    Registry path : HKLMSystemCurrentControlSetServicesNTDSParameters with «DSA not writable and value of 4»

    Thanks for assistant.

    —— bsl

    • Edited by

      Sunday, July 9, 2017 5:51 AM

Answers

  • Hi,
    Are you able to ping between the DCs with ip address, computer name and FQDN? And you could run dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt on each DC to reveal the exact problem on DC.
    In addition, please try to run «repadmin /options» on all DCs. If DISABLE_OUTBOUND_REPL or DISABLE_INBOUND_REPL appears, try to run the command below to reset these options:
    repadmin /options <DC NAME> +DISABLE_OUTBOUND_REPL

     
    repadmin /options <DC NAME> -DISABLE_OUTBOUND_REPL
    repadmin /options <DC NAME> +DISABLE_INBOUND_REPL
    repadmin /options <DC NAME> -DISABLE_INBOUND_REPL
    Note: Replace <DC NAME> with your problematic DC name.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact
    tnmff@microsoft.com. 

    • Proposed as answer by
      Wendy Jiang
      Monday, July 17, 2017 6:09 AM
    • Marked as answer by
      12BSL
      Thursday, July 27, 2017 8:34 PM

Источник
  • Remove From My Forums

  • Question

  • I got this error when i run the repadmin /showreplsummay.

    Source and destination server is currently rejecting replication requests. error code 8456 and 8457.

    Appreciate if any resolution that could help me out on this.

    i have been to this link below

    https://support.microsoft.com/en-us/help/2023007/troubleshooting-ad-replication-error-8456-or-8457-the-source-destinati

    and

    https://support.microsoft.com/en-us/help/875495/how-to-detect-and-recover-from-a-usn-rollback-in-windows-server-2003,but none for 2008 Server R2.

    Registry path : HKLMSystemCurrentControlSetServicesNTDSParameters with «DSA not writable and value of 4»

    Thanks for assistant.

    —— bsl

    • Edited by

      Sunday, July 9, 2017 5:51 AM

Answers

  • Hi,
    Are you able to ping between the DCs with ip address, computer name and FQDN? And you could run dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt on each DC to reveal the exact problem on DC.
    In addition, please try to run «repadmin /options» on all DCs. If DISABLE_OUTBOUND_REPL or DISABLE_INBOUND_REPL appears, try to run the command below to reset these options:
    repadmin /options <DC NAME> +DISABLE_OUTBOUND_REPL

     
    repadmin /options <DC NAME> -DISABLE_OUTBOUND_REPL
    repadmin /options <DC NAME> +DISABLE_INBOUND_REPL
    repadmin /options <DC NAME> -DISABLE_INBOUND_REPL
    Note: Replace <DC NAME> with your problematic DC name.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact
    tnmff@microsoft.com. 

    • Proposed as answer by
      Wendy Jiang
      Monday, July 17, 2017 6:09 AM
    • Marked as answer by
      12BSL
      Thursday, July 27, 2017 8:34 PM

Источник

Здравствуйте! Вот dcdiag проблемного сервера. Хотелось бы найти самый безболезненный способ решения
проблемы: 

Диагностика сервера каталогов

Выполнение начальной настройки:
   Выполняется попытка поиска основного сервера…
   Основной сервер = GK1-EX
   * Определен лес AD.
   Сбор начальных данных завершен.

Выполнение обязательных начальных проверок

   Сервер проверки: Default-First-Site-NameGK1-EX
      Запуск проверки: Connectivity
         ……………………. GK1-EX — пройдена проверка Connectivity

Выполнение основных проверок

   Сервер проверки: Default-First-Site-NameGK1-EX
      Запуск проверки: Advertising
         Внимание: DsGetDcName вернул сведения для GK1-AD.gimnasium.com.ua
         при попытке получения доступа к GK1-EX.
         СЕРВЕР НЕ ОТВЕЧАЕТ или НЕ СЧИТАЕТСЯ ПРИЕМЛЕМЫМ.
         ……………………. GK1-EX — не пройдена проверка Advertising
      Запуск проверки: FrsEvent
         ……………………. GK1-EX — пройдена проверка FrsEvent
      Запуск проверки: DFSREvent
         ……………………. GK1-EX — пройдена проверка DFSREvent
      Запуск проверки: SysVolCheck
         ……………………. GK1-EX — пройдена проверка SysVolCheck
      Запуск проверки: KccEvent
         ……………………. GK1-EX — пройдена проверка KccEvent
      Запуск проверки: KnowsOfRoleHolders
         ……………………. GK1-EX — пройдена проверка
         KnowsOfRoleHolders
      Запуск проверки: MachineAccount
         ……………………. GK1-EX — пройдена проверка MachineAccount
      Запуск проверки: NCSecDesc
         ……………………. GK1-EX — пройдена проверка NCSecDesc
      Запуск проверки: NetLogons
         ……………………. GK1-EX — пройдена проверка NetLogons
      Запуск проверки: ObjectsReplicated
         ……………………. GK1-EX — пройдена проверка ObjectsReplicated
      Запуск проверки: Replications
         [Проверка репликации,Replications Check] Входящая репликация
         отключена.
         Для исправления выполните «repadmin /options GK1-EX
         -DISABLE_INBOUND_REPL»
         [Проверка репликации,GK1-EX] Исходящая репликация отключена.
         Для исправления выполните «repadmin /options GK1-EX
         -DISABLE_OUTBOUND_REPL»
         ……………………. GK1-EX — не пройдена проверка Replications
      Запуск проверки: RidManager
         ……………………. GK1-EX — пройдена проверка RidManager
      Запуск проверки: Services
            Служба w32time в [GK1-EX] остановлена
            Служба NETLOGON в [GK1-EX] приостановлена
         ……………………. GK1-EX — не пройдена проверка Services
      Запуск проверки: SystemLog
         Возникло предупреждение. Код события (EventID): 0x80001412
            Время создания: 08/05/2014   09:51:34
            Строка события:
            Рабочий процесс «68672», обслуживающий пул приложений «MSExchangeRpc
ProxyAppPool», не смог остановить канал прослушивателя для протокола «http» в от
веденный интервал времени.  Поле данных содержит номер ошибки.
         Возникло предупреждение. Код события (EventID): 0x80001395
            Время создания: 08/05/2014   09:51:34
            Строка события:
            Процесс, обслуживающий пул приложений «MSExchangeRpcProxyAppPool», п
ревысил лимиты времени для завершения работы. Идентификатор процесса «68672».
         Возникло предупреждение. Код события (EventID): 0x80001412
            Время создания: 08/05/2014   10:19:02
            Строка события:
            Рабочий процесс «68832», обслуживающий пул приложений «MSExchangeRpc
ProxyAppPool», не смог остановить канал прослушивателя для протокола «http» в от
веденный интервал времени.  Поле данных содержит номер ошибки.
         Возникло предупреждение. Код события (EventID): 0x80001395
            Время создания: 08/05/2014   10:19:02
            Строка события:
            Процесс, обслуживающий пул приложений «MSExchangeRpcProxyAppPool», п
ревысил лимиты времени для завершения работы. Идентификатор процесса «68832».
         Возникла ошибка. Код события (EventID): 0xC0001B77
            Время создания: 08/05/2014   10:22:16
            Строка события:
            Служба Клиентский доступ к Microsoft Exchange RPC была неожиданно за
вершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпри
нято через 5000 мсек: Перезапуск службы.
         ……………………. GK1-EX — не пройдена проверка SystemLog
      Запуск проверки: VerifyReferences
         ……………………. GK1-EX — пройдена проверка VerifyReferences

   Выполнение проверок разделов на: ForestDnsZones
      Запуск проверки: CheckSDRefDom
         ……………………. ForestDnsZones — пройдена проверка
         CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. ForestDnsZones — пройдена проверка
         CrossRefValidation

   Выполнение проверок разделов на: DomainDnsZones
      Запуск проверки: CheckSDRefDom
         ……………………. DomainDnsZones — пройдена проверка
         CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. DomainDnsZones — пройдена проверка
         CrossRefValidation

   Выполнение проверок разделов на: Schema
      Запуск проверки: CheckSDRefDom
         ……………………. Schema — пройдена проверка CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. Schema — пройдена проверка
         CrossRefValidation

   Выполнение проверок разделов на: Configuration
      Запуск проверки: CheckSDRefDom
         ……………………. Configuration — пройдена проверка
         CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. Configuration — пройдена проверка
         CrossRefValidation

   Выполнение проверок разделов на: gimnasium
      Запуск проверки: CheckSDRefDom
         ……………………. gimnasium — пройдена проверка CheckSDRefDom
      Запуск проверки: CrossRefValidation
         ……………………. gimnasium — пройдена проверка
         CrossRefValidation

   Выполнение проверок предприятия на: gimnasium.com.ua
      Запуск проверки: LocatorCheck
         ……………………. gimnasium.com.ua — пройдена проверка
         LocatorCheck
      Запуск проверки: Intersite
         ……………………. gimnasium.com.ua — пройдена проверка
         Intersite

  • Remove From My Forums

  • Question

  • I got this error when i run the repadmin /showreplsummay.

    Source and destination server is currently rejecting replication requests. error code 8456 and 8457.

    Appreciate if any resolution that could help me out on this.

    i have been to this link below

    https://support.microsoft.com/en-us/help/2023007/troubleshooting-ad-replication-error-8456-or-8457-the-source-destinati

    and

    https://support.microsoft.com/en-us/help/875495/how-to-detect-and-recover-from-a-usn-rollback-in-windows-server-2003,but none for 2008 Server R2.

    Registry path : HKLMSystemCurrentControlSetServicesNTDSParameters with «DSA not writable and value of 4»

    Thanks for assistant.

    —— bsl

    • Edited by

      Sunday, July 9, 2017 5:51 AM

Answers

  • Hi,
    Are you able to ping between the DCs with ip address, computer name and FQDN? And you could run dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt on each DC to reveal the exact problem on DC.
    In addition, please try to run «repadmin /options» on all DCs. If DISABLE_OUTBOUND_REPL or DISABLE_INBOUND_REPL appears, try to run the command below to reset these options:
    repadmin /options <DC NAME> +DISABLE_OUTBOUND_REPL

     
    repadmin /options <DC NAME> -DISABLE_OUTBOUND_REPL
    repadmin /options <DC NAME> +DISABLE_INBOUND_REPL
    repadmin /options <DC NAME> -DISABLE_INBOUND_REPL
    Note: Replace <DC NAME> with your problematic DC name.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact
    tnmff@microsoft.com. 

    • Proposed as answer by
      Wendy Jiang
      Monday, July 17, 2017 6:09 AM
    • Marked as answer by
      12BSL
      Thursday, July 27, 2017 8:34 PM
  • Remove From My Forums

  • Question

  • I got this error when i run the repadmin /showreplsummay.

    Source and destination server is currently rejecting replication requests. error code 8456 and 8457.

    Appreciate if any resolution that could help me out on this.

    i have been to this link below

    https://support.microsoft.com/en-us/help/2023007/troubleshooting-ad-replication-error-8456-or-8457-the-source-destinati

    and

    https://support.microsoft.com/en-us/help/875495/how-to-detect-and-recover-from-a-usn-rollback-in-windows-server-2003,but none for 2008 Server R2.

    Registry path : HKLMSystemCurrentControlSetServicesNTDSParameters with «DSA not writable and value of 4»

    Thanks for assistant.

    —— bsl

    • Edited by

      Sunday, July 9, 2017 5:51 AM

Answers

  • Hi,
    Are you able to ping between the DCs with ip address, computer name and FQDN? And you could run dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt on each DC to reveal the exact problem on DC.
    In addition, please try to run «repadmin /options» on all DCs. If DISABLE_OUTBOUND_REPL or DISABLE_INBOUND_REPL appears, try to run the command below to reset these options:
    repadmin /options <DC NAME> +DISABLE_OUTBOUND_REPL

     
    repadmin /options <DC NAME> -DISABLE_OUTBOUND_REPL
    repadmin /options <DC NAME> +DISABLE_INBOUND_REPL
    repadmin /options <DC NAME> -DISABLE_INBOUND_REPL
    Note: Replace <DC NAME> with your problematic DC name.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact
    tnmff@microsoft.com. 

    • Proposed as answer by
      Wendy Jiang
      Monday, July 17, 2017 6:09 AM
    • Marked as answer by
      12BSL
      Thursday, July 27, 2017 8:34 PM

Как правило, ошибки 8456[1] вызваны повреждением или отсутствием файла связанного Microsoft Windows, а иногда — заражением вредоносным ПО. Как правило, решить проблему можно заменой файла WINDOWS. Мы также рекомендуем выполнить сканирование реестра, чтобы очистить все недействительные ссылки на 8456[1], которые могут являться причиной ошибки.

Если вам нужно заменить файл 8456[1], вы можете найти версию %%os%% в нашей базе данных, перечисленной в таблице ниже. В текущем каталоге файлов могут отсутствовать редкие или очень старые версии 8456[1], но вы можете запросить необходимую версию, нажав на кнопку Request (Запрос) рядом с необходимой версией файла. Если ниже отсутствует необходимая версия файла, мы рекомендуем вам связаться непосредственно с Microsoft Corporation.

Если вы успешно заменили соответствующий файл в соответствующем месте, у вас больше не должно возникать проблем, связанных с 8456[1]. Однако мы рекомендуем выполнить быструю проверку, чтобы окончательно в этом убедиться. Проверьте результат замены файла, запустив Microsoft Windows и проверив выводится ли возникающая ранее ошибка.

8456[1] Описание файла
Тип: WINDOWS
Группа:
Application: Microsoft Windows
Версия программного обеспечения: 6.3.9600.16384
Создано: Microsoft Corporation
 
Имя файла: 8456[1]  
Байт: 1259690
SHA-1: 8013a054056fbe47ee4c6f6e8cacb0c9be2ef8c8
MD5: f11e5a56144ba82dc99c417638661d2d
CRC32:

Продукт Solvusoft

Загрузка
WinThruster 2023 — Сканировать ваш компьютер на наличие ошибок реестра в 8456[1]

Windows
11/10/8/7/Vista/XP

Установить необязательные продукты — WinThruster (Solvusoft) | Лицензия | Политика защиты личных сведений | Условия | Удаление

WINDOWS
8456[1]

Идентификатор статьи:   1358835

8456[1]

File Идентификатор файла (контрольная сумма MD5) Байт Загрузить
+ 8456[1] f11e5a56144ba82dc99c417638661d2d 1.20 MB
App Microsoft Windows 6.3.9600.16384
Создано Microsoft Corporation
Версия ОС Windows 8.1
Тип 64-разрядная (x64)
Размер файла 1259690
MD5 f11e5a56144ba82dc99c417638661d2d
ША1 8013a054056fbe47ee4c6f6e8cacb0c9be2ef8c8
Контрольная сумма SHA256: f6fc5eab9bfd0c2977e0fa2872ac83306f721d587f8ac098863bb7c76d76e0e8
CRC32:
Расположение каталога файлов C:UsersUserAppDataLocalMicrosoftWindows …

Осложнения с Microsoft Windows и 8456[1] включают в себя:

  • «Ошибка: 8456[1]. «
  • «8456[1] удален, отсутствует или перемещен. «
  • «Отсутствует файл: 8456[1]»
  • «Не удалось загрузить файл 8456[1]. «
  • «Отсутствует модуль: не удалось зарегистрировать 8456[1]»
  • «Ошибка времени выполнения — 8456[1]. «
  • «Ошибка загрузки: 8456[1]. «

Как правило, ошибки 8456[1] возникают во время процесса установки оборудования или программного обеспечения, связанного с Microsoft Windowss, во время загрузки драйвера, связанного с Microsoft Corporation, или во время завершения работы или запуска Windows. Важно не учитывать, когда возникают проблемы с 8456[1], так как это помогает устранять ошибки, связанные с Microsoft Windowss, и сообщать о них в Microsoft Corporation.

Источники проблем 8456[1]

Эти проблемы 8456[1] создаются отсутствующими или поврежденными файлами 8456[1], недопустимыми записями реестра Microsoft Windows или вредоносным программным обеспечением.

В основном, осложнения 8456[1] из-за:

  • Недопустимая (поврежденная) запись реестра 8456[1].
  • Вирус или вредоносное ПО, которые повредили файл 8456[1] или связанные с Microsoft Windows программные файлы.
  • 8456[1] ошибочно удален или злонамеренно программным обеспечением, не связанным с приложением Microsoft Windows.
  • Другая программа, конфликтующая с 8456[1] или другой общей ссылкой Microsoft Windows.
  • Загрузите повреждение или неполную установку программы, связанной с 8456[1].

title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

Troubleshoot replication error 8456 or 8457

Describes how to troubleshoot replication error 8456 or 8457.

10/10/2020

Deland-Han

delhan

dcscontentpm

itpro

troubleshooting

windows-server

medium

kaushika

sap:active-directory-replication, csstroubleshoot

windows-server-active-directory

Active Directory replication error 8456 or 8457: The source | destination server is currently rejecting replication requests

This article describes the symptoms, cause, and resolution steps for situations where Active Directory operations fail with error 8456 or 8457.

Applies to:   Windows Server 2012 R2
Original KB number:   2023007

[!NOTE]
Home users: This article is only intended for technical support agents and IT professionals. If you’re looking for help with a problem, ask the Microsoft Community.

Symptoms

Active Directory operations fail with error 8456 or 8457: The source | destination server is currently rejecting replication requests.

  1. The DCPROMO promotion of a new domain controller in an existing forest fails with the error: The source server is currently rejecting replication requests.

    Dialog title text: Active Directory Installation Wizard
    Dialog message text:

    The operation failed because: Active Directory could not transfer the remaining data in directory partition <directory partition DN path> to domain controller <destination DC>. «The source server is currently rejecting replication requests.»

  2. DCDIAG reports the error: The source server is currently rejecting replication requests or The destination server is currently rejecting replication requests.

    Testing server: Default-First-Site-Name<DC NAME>
    Starting test: Replications
    * Replications Check
    [Replications Check,<DC NAME>] A recent replication attempt failed:
    From IADOMINO to <DC NAME>
    Naming Context: DC=<DN path of partition>
    The replication generated an error (8456):
    The source server is currently rejecting replication requests.
    The failure occurred at <Date> <Time>.
    The last success occurred at <Date> <time>.
    957 failures have occurred since the last success.
    Replication has been explicitly disabled through the server options

    Testing server: Default-First-Site-Name<DC NAME>
    Starting test: Replications
    * Replications Check
    [Replications Check,<DC NAME>] A recent replication attempt failed:
    From IADOMINO to <DC NAME>
    Naming Context: DC=<DN path of partition>
    The replication generated an error (8457):
    The destination server is currently rejecting replication requests.
    The failure occurred at <Date> <Time>.
    The last success occurred at <Date> <time>.
    957 failures have occurred since the last success.
    Replication has been explicitly disabled through the server options

  3. REPADMIN indicates that incoming and outgoing Active Directory replication may be failing with the error: The source | destination server is currently rejecting replication.

    DC=Contoso,DC=COM
    <site name><dc name> via RPC
    DC object GUID: <objectguid of source DCs NTDS settings object>
    Last attempt @ <date> <time> failed, result 8457 (0x2109):
    The destination server is currently rejecting replication requests.

    DC=Contoso,DC=COM
    <site name><dc name> via RPC
    DC object GUID: <objectguid of source DCs NTDS settings object>
    Last attempt @ <date> <time> failed, result 8456 (0x2108):
    The source server is currently rejecting replication requests.

    [!NOTE]
    REPADMIN commands may display both the hexadecimal and the decimal equivalent for the currently rejecting replication error.

  4. Event sources and event IDs that indicate that a USN rollback has occurred include but are not limited to the following.

    Event source Event ID Event string
    NTDS KCC 1308 The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
    NTDS KCC 1925 The attempt to establish a replication link for the following writable directory partition failed.
    NTDS KCC 1926 The attempt to establish a replication link to a read-only directory partition with the following parameters failed
    NTDS Replication 1586 The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful. A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might occur if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint. The checkpoint process will be tried again in four hours.
    NTDS Replication 2023 The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition.
    Microsoft-Windows-ActiveDirectory_DomainService 2095 During an Active Directory Domain Services replication request, the local domain controller (DC) identified a remote DC which has received replication data from the local DC by using already acknowledged USN tracking numbers.
    Microsoft-Windows-ActiveDirectory_DomainService 2103 The Active Directory Domain Services database was restored by using an unsupported restoration procedure. Active Directory Domain Services will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused.

    Where embedded status codes 8456 and 8457 map to the following.

    Decimal error Hexadecimal error Error string
    8456 2108 The source server is currently rejecting replication
    8457 2109 The destination server is currently rejecting replication

  5. NTDS General Event 2013 may be logged in the Directory Services event log. This indicates that a USN rollback occurred because of an unsupported rollback or restore of the Active Directory Database.

    Event Type: Error
    Event Source: NTDS General
    Event Category: Service Control
    Event ID: 2103
    Date: <date>
    Time: <time>
    User: <user name>
    Computer: <computer name>
    Description: The Active Directory database has been restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused. User Action See previous event logs for details. For more information, visit the Help and Support Center at https://support.microsoft.com.

  6. NTDS General Event 1393 may be logged in the Directory Services event log. This indicates that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space:

    Event Type: Error
    Event Source: NTDS General
    Event Category: Service Control
    Event ID: 1393
    Date: <date>
    Time: <time>
    User: <user name>
    Computer: <computer name>
    Description:
    Attempts to update the Directory Service database are failing with error 112. Since Windows will be unable to log on users while this condition persists, the NetLogon service is being paused. M ake sure that sufficient free disk space is available on the drives where the directory database and log files reside.

Cause

Incoming or outgoing replication was automatically disabled by the operating system because of multiple root causes.

Three events that disable inbound or outbound replication include:

  • A USN rollback occurred (NTDS General Event 2103).
  • The hard disk is full (NTDS General Event 1393).
  • A corrupt UTD vector is present (Event 2881).

The operating system automatically makes four configuration changes when one of three conditions occurs. The four configuration changes are as follows:

  1. Incoming Active Directory replication is disabled.
  2. Outgoing Active Directory replication is disabled.
  3. DSA not writable is set to a nonzero value in the registry.
  4. The NETLOGON service status is changed from running to paused.

The dominant root cause for this error condition is a USN rollback discussed in A Windows Server domain controller logs Directory Services event 2095 when it encounters a USN rollback.

Do not assume that any nonzero value for DSA not writable or that a source or destination server is currently rejecting replication requests during DCPROMO / AD Replication definitively means that a USN rollback has occurred and that such domain controllers implicitly have to be force-demoted or force-repromoted. Demotionmaybe the correct option. However, it may be excessive when the error is caused by insufficient free disk space.

Resolution

  1. Check the value for DSA not writable.

    For each domain controller that is logging the 8456 or 8457 error, determine whether one of the three triggering events automatically disabled incoming or outgoing Active Directory Replication by reading the value for » DSA not writable» from the local registry.

    When replication is automatically disabled, the operating system writes one of four possible values to DSA not writable:

    • Path: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTDSParameters
    • Setting: DSA not writable
    • Type: Reg_dword
    • Values:
      • #define DSA_WRITABLE_GEN 1
      • #define DSA_WRITABLE_NO_SPACE 2
      • #define DSA_WRITABLE_USNROLLBCK 4
      • #define DSA_WRITABLE_CORRUPT_UTDV 8

    A value of 1 can be written only when the forest version is incompatible with the OS (for example, the W2K DC is promoted into a Windows Server 2003 forest functional level forest or the like).

    A value of 2 means that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space.

    A value of 4 means that a USN rollback occurred because the Active Directory database was incorrectly rolled back in time. Operations that are known to cause a USN rollback include the following:

    • The booting from previously saved virtual machine snapshots of domain controller role computers on Hyper-V or VMWARE hosts.
    • Incorrect physical-to-virtual (P2V) conversions in forests that contain more than one domain controller.
    • Restoring DC role computers by using imaging products such as Ghost.
    • Rolling the contents of a partition that is hosting the active directory database back in time by using an advanced disk subsystem.

    A value of 8 indicates that the up-to-dateness-vector is corrupted on the local DC.

    Technically, DSA not writable could consist of multiple values. For example, a registry value of 10 would indicate insufficient disk space and a corrupted UTD. Typically, a single value is written to DSA not writable.

    [!NOTE]
    It is common for support professionals and administrators to partly disable the replication quarantine by enabling outgoing replication, by enabling incoming replication, by changing the startup value for the NETLOGON service from disabled to automatic, and by starting the NETLOGON service. Therefore, the full quarantine configuration may not be in place when it is examined.

  2. Check the Directory Service event log for quarantine events.

    Assuming the Directory Service event log has not wrapped, you may find one or more related events logged in the Directory Service event log of a domain controller that is logging the 8456 or 8457 error.

    Event Details
    NTDS General 2103 The Active Directory database was restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused. User Action See previous event logs for more information.
    NTDS General Event 1393 There is insufficient space on the disk.
    Event 2881 Not applicable

  3. Perform the recovery based on the value of DSA not writable or on events that are logged on the system:

    • If DSA not writable equals 4 or if NTDS General Event 2103 is logged, perform the recovery steps for a USN Rollback. For more information, see A Windows Server domain controller logs Directory Services event 2095 when it encounters a USN rollback.

    • If DSA not writable equals 2 or if NTDS General event 1393 is logged, check for sufficient free disk space on the physical and virtual partitions that are hosting the Active Directory database and log files. Free up space as required.

    • If DSA not writable equals 8, demote and then repromote the domain controller before it can replicate its bad value to other domain controllers in the forest.

title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

Troubleshoot replication error 8456 or 8457

Describes how to troubleshoot replication error 8456 or 8457.

10/10/2020

Deland-Han

delhan

dcscontentpm

itpro

troubleshooting

windows-server

medium

kaushika

sap:active-directory-replication, csstroubleshoot

windows-server-active-directory

Active Directory replication error 8456 or 8457: The source | destination server is currently rejecting replication requests

This article describes the symptoms, cause, and resolution steps for situations where Active Directory operations fail with error 8456 or 8457.

Applies to:   Windows Server 2012 R2
Original KB number:   2023007

[!NOTE]
Home users: This article is only intended for technical support agents and IT professionals. If you’re looking for help with a problem, ask the Microsoft Community.

Symptoms

Active Directory operations fail with error 8456 or 8457: The source | destination server is currently rejecting replication requests.

  1. The DCPROMO promotion of a new domain controller in an existing forest fails with the error: The source server is currently rejecting replication requests.

    Dialog title text: Active Directory Installation Wizard
    Dialog message text:

    The operation failed because: Active Directory could not transfer the remaining data in directory partition <directory partition DN path> to domain controller <destination DC>. «The source server is currently rejecting replication requests.»

  2. DCDIAG reports the error: The source server is currently rejecting replication requests or The destination server is currently rejecting replication requests.

    Testing server: Default-First-Site-Name<DC NAME>
    Starting test: Replications
    * Replications Check
    [Replications Check,<DC NAME>] A recent replication attempt failed:
    From IADOMINO to <DC NAME>
    Naming Context: DC=<DN path of partition>
    The replication generated an error (8456):
    The source server is currently rejecting replication requests.
    The failure occurred at <Date> <Time>.
    The last success occurred at <Date> <time>.
    957 failures have occurred since the last success.
    Replication has been explicitly disabled through the server options

    Testing server: Default-First-Site-Name<DC NAME>
    Starting test: Replications
    * Replications Check
    [Replications Check,<DC NAME>] A recent replication attempt failed:
    From IADOMINO to <DC NAME>
    Naming Context: DC=<DN path of partition>
    The replication generated an error (8457):
    The destination server is currently rejecting replication requests.
    The failure occurred at <Date> <Time>.
    The last success occurred at <Date> <time>.
    957 failures have occurred since the last success.
    Replication has been explicitly disabled through the server options

  3. REPADMIN indicates that incoming and outgoing Active Directory replication may be failing with the error: The source | destination server is currently rejecting replication.

    DC=Contoso,DC=COM
    <site name><dc name> via RPC
    DC object GUID: <objectguid of source DCs NTDS settings object>
    Last attempt @ <date> <time> failed, result 8457 (0x2109):
    The destination server is currently rejecting replication requests.

    DC=Contoso,DC=COM
    <site name><dc name> via RPC
    DC object GUID: <objectguid of source DCs NTDS settings object>
    Last attempt @ <date> <time> failed, result 8456 (0x2108):
    The source server is currently rejecting replication requests.

    [!NOTE]
    REPADMIN commands may display both the hexadecimal and the decimal equivalent for the currently rejecting replication error.

  4. Event sources and event IDs that indicate that a USN rollback has occurred include but are not limited to the following.

    Event source Event ID Event string
    NTDS KCC 1308 The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
    NTDS KCC 1925 The attempt to establish a replication link for the following writable directory partition failed.
    NTDS KCC 1926 The attempt to establish a replication link to a read-only directory partition with the following parameters failed
    NTDS Replication 1586 The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful. A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might occur if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint. The checkpoint process will be tried again in four hours.
    NTDS Replication 2023 The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition.
    Microsoft-Windows-ActiveDirectory_DomainService 2095 During an Active Directory Domain Services replication request, the local domain controller (DC) identified a remote DC which has received replication data from the local DC by using already acknowledged USN tracking numbers.
    Microsoft-Windows-ActiveDirectory_DomainService 2103 The Active Directory Domain Services database was restored by using an unsupported restoration procedure. Active Directory Domain Services will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused.

    Where embedded status codes 8456 and 8457 map to the following.

    Decimal error Hexadecimal error Error string
    8456 2108 The source server is currently rejecting replication
    8457 2109 The destination server is currently rejecting replication

  5. NTDS General Event 2013 may be logged in the Directory Services event log. This indicates that a USN rollback occurred because of an unsupported rollback or restore of the Active Directory Database.

    Event Type: Error
    Event Source: NTDS General
    Event Category: Service Control
    Event ID: 2103
    Date: <date>
    Time: <time>
    User: <user name>
    Computer: <computer name>
    Description: The Active Directory database has been restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused. User Action See previous event logs for details. For more information, visit the Help and Support Center at https://support.microsoft.com.

  6. NTDS General Event 1393 may be logged in the Directory Services event log. This indicates that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space:

    Event Type: Error
    Event Source: NTDS General
    Event Category: Service Control
    Event ID: 1393
    Date: <date>
    Time: <time>
    User: <user name>
    Computer: <computer name>
    Description:
    Attempts to update the Directory Service database are failing with error 112. Since Windows will be unable to log on users while this condition persists, the NetLogon service is being paused. M ake sure that sufficient free disk space is available on the drives where the directory database and log files reside.

Cause

Incoming or outgoing replication was automatically disabled by the operating system because of multiple root causes.

Three events that disable inbound or outbound replication include:

  • A USN rollback occurred (NTDS General Event 2103).
  • The hard disk is full (NTDS General Event 1393).
  • A corrupt UTD vector is present (Event 2881).

The operating system automatically makes four configuration changes when one of three conditions occurs. The four configuration changes are as follows:

  1. Incoming Active Directory replication is disabled.
  2. Outgoing Active Directory replication is disabled.
  3. DSA not writable is set to a nonzero value in the registry.
  4. The NETLOGON service status is changed from running to paused.

The dominant root cause for this error condition is a USN rollback discussed in A Windows Server domain controller logs Directory Services event 2095 when it encounters a USN rollback.

Do not assume that any nonzero value for DSA not writable or that a source or destination server is currently rejecting replication requests during DCPROMO / AD Replication definitively means that a USN rollback has occurred and that such domain controllers implicitly have to be force-demoted or force-repromoted. Demotionmaybe the correct option. However, it may be excessive when the error is caused by insufficient free disk space.

Resolution

  1. Check the value for DSA not writable.

    For each domain controller that is logging the 8456 or 8457 error, determine whether one of the three triggering events automatically disabled incoming or outgoing Active Directory Replication by reading the value for » DSA not writable» from the local registry.

    When replication is automatically disabled, the operating system writes one of four possible values to DSA not writable:

    • Path: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTDSParameters
    • Setting: DSA not writable
    • Type: Reg_dword
    • Values:
      • #define DSA_WRITABLE_GEN 1
      • #define DSA_WRITABLE_NO_SPACE 2
      • #define DSA_WRITABLE_USNROLLBCK 4
      • #define DSA_WRITABLE_CORRUPT_UTDV 8

    A value of 1 can be written only when the forest version is incompatible with the OS (for example, the W2K DC is promoted into a Windows Server 2003 forest functional level forest or the like).

    A value of 2 means that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space.

    A value of 4 means that a USN rollback occurred because the Active Directory database was incorrectly rolled back in time. Operations that are known to cause a USN rollback include the following:

    • The booting from previously saved virtual machine snapshots of domain controller role computers on Hyper-V or VMWARE hosts.
    • Incorrect physical-to-virtual (P2V) conversions in forests that contain more than one domain controller.
    • Restoring DC role computers by using imaging products such as Ghost.
    • Rolling the contents of a partition that is hosting the active directory database back in time by using an advanced disk subsystem.

    A value of 8 indicates that the up-to-dateness-vector is corrupted on the local DC.

    Technically, DSA not writable could consist of multiple values. For example, a registry value of 10 would indicate insufficient disk space and a corrupted UTD. Typically, a single value is written to DSA not writable.

    [!NOTE]
    It is common for support professionals and administrators to partly disable the replication quarantine by enabling outgoing replication, by enabling incoming replication, by changing the startup value for the NETLOGON service from disabled to automatic, and by starting the NETLOGON service. Therefore, the full quarantine configuration may not be in place when it is examined.

  2. Check the Directory Service event log for quarantine events.

    Assuming the Directory Service event log has not wrapped, you may find one or more related events logged in the Directory Service event log of a domain controller that is logging the 8456 or 8457 error.

    Event Details
    NTDS General 2103 The Active Directory database was restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused. User Action See previous event logs for more information.
    NTDS General Event 1393 There is insufficient space on the disk.
    Event 2881 Not applicable

  3. Perform the recovery based on the value of DSA not writable or on events that are logged on the system:

    • If DSA not writable equals 4 or if NTDS General Event 2103 is logged, perform the recovery steps for a USN Rollback. For more information, see A Windows Server domain controller logs Directory Services event 2095 when it encounters a USN rollback.

    • If DSA not writable equals 2 or if NTDS General event 1393 is logged, check for sufficient free disk space on the physical and virtual partitions that are hosting the Active Directory database and log files. Free up space as required.

    • If DSA not writable equals 8, demote and then repromote the domain controller before it can replicate its bad value to other domain controllers in the forest.

Источник

Как правило, ошибки 8456[1] вызваны повреждением или отсутствием файла связанного Microsoft Windows, а иногда — заражением вредоносным ПО. Как правило, решить проблему можно заменой файла WINDOWS. Мы также рекомендуем выполнить сканирование реестра, чтобы очистить все недействительные ссылки на 8456[1], которые могут являться причиной ошибки.

Если вам нужно заменить файл 8456[1], вы можете найти версию %%os%% в нашей базе данных, перечисленной в таблице ниже. В текущем каталоге файлов могут отсутствовать редкие или очень старые версии 8456[1], но вы можете запросить необходимую версию, нажав на кнопку Request (Запрос) рядом с необходимой версией файла. Если ниже отсутствует необходимая версия файла, мы рекомендуем вам связаться непосредственно с Microsoft Corporation.

Если вы успешно заменили соответствующий файл в соответствующем месте, у вас больше не должно возникать проблем, связанных с 8456[1]. Однако мы рекомендуем выполнить быструю проверку, чтобы окончательно в этом убедиться. Проверьте результат замены файла, запустив Microsoft Windows и проверив выводится ли возникающая ранее ошибка.

8456[1] Описание файла
Тип: WINDOWS
Группа:
Application: Microsoft Windows
Версия программного обеспечения: 6.3.9600.16384
Создано: Microsoft Corporation
 
Имя файла: 8456[1]  
Байт: 1259690
SHA-1: 8013a054056fbe47ee4c6f6e8cacb0c9be2ef8c8
MD5: f11e5a56144ba82dc99c417638661d2d
CRC32:

Продукт Solvusoft

Загрузка
WinThruster 2023 — Сканировать ваш компьютер на наличие ошибок реестра в 8456[1]

Windows
11/10/8/7/Vista/XP

Установить необязательные продукты — WinThruster (Solvusoft) | Лицензия | Политика защиты личных сведений | Условия | Удаление

WINDOWS
8456[1]

Идентификатор статьи:   1358835

8456[1]

File Идентификатор файла (контрольная сумма MD5) Байт Загрузить
+ 8456[1] f11e5a56144ba82dc99c417638661d2d 1.20 MB
App Microsoft Windows 6.3.9600.16384
Создано Microsoft Corporation
Версия ОС Windows 8.1
Тип 64-разрядная (x64)
Размер файла 1259690
MD5 f11e5a56144ba82dc99c417638661d2d
ША1 8013a054056fbe47ee4c6f6e8cacb0c9be2ef8c8
Контрольная сумма SHA256: f6fc5eab9bfd0c2977e0fa2872ac83306f721d587f8ac098863bb7c76d76e0e8
CRC32:
Расположение каталога файлов C:UsersUserAppDataLocalMicrosoftWindows …

Распространенные сообщения об ошибках в 8456[1]

Осложнения с Microsoft Windows и 8456[1] включают в себя:

  • «Ошибка: 8456[1]. «
  • «8456[1] удален, отсутствует или перемещен. «
  • «Отсутствует файл: 8456[1]»
  • «Не удалось загрузить файл 8456[1]. «
  • «Отсутствует модуль: не удалось зарегистрировать 8456[1]»
  • «Ошибка времени выполнения — 8456[1]. «
  • «Ошибка загрузки: 8456[1]. «

Как правило, ошибки 8456[1] возникают во время процесса установки оборудования или программного обеспечения, связанного с Microsoft Windowss, во время загрузки драйвера, связанного с Microsoft Corporation, или во время завершения работы или запуска Windows. Важно не учитывать, когда возникают проблемы с 8456[1], так как это помогает устранять ошибки, связанные с Microsoft Windowss, и сообщать о них в Microsoft Corporation.

Источники проблем 8456[1]

Эти проблемы 8456[1] создаются отсутствующими или поврежденными файлами 8456[1], недопустимыми записями реестра Microsoft Windows или вредоносным программным обеспечением.

В основном, осложнения 8456[1] из-за:

  • Недопустимая (поврежденная) запись реестра 8456[1].
  • Вирус или вредоносное ПО, которые повредили файл 8456[1] или связанные с Microsoft Windows программные файлы.
  • 8456[1] ошибочно удален или злонамеренно программным обеспечением, не связанным с приложением Microsoft Windows.
  • Другая программа, конфликтующая с 8456[1] или другой общей ссылкой Microsoft Windows.
  • Загрузите повреждение или неполную установку программы, связанной с 8456[1].

Источник
title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

Troubleshoot replication error 8456 or 8457

Describes how to troubleshoot replication error 8456 or 8457.

10/10/2020

Deland-Han

delhan

dcscontentpm

itpro

troubleshooting

windows-server

medium

kaushika

sap:active-directory-replication, csstroubleshoot

windows-server-active-directory

Active Directory replication error 8456 or 8457: The source | destination server is currently rejecting replication requests

This article describes the symptoms, cause, and resolution steps for situations where Active Directory operations fail with error 8456 or 8457.

Applies to:   Windows Server 2012 R2
Original KB number:   2023007

[!NOTE]
Home users: This article is only intended for technical support agents and IT professionals. If you’re looking for help with a problem, ask the Microsoft Community.

Symptoms

Active Directory operations fail with error 8456 or 8457: The source | destination server is currently rejecting replication requests.

  1. The DCPROMO promotion of a new domain controller in an existing forest fails with the error: The source server is currently rejecting replication requests.

    Dialog title text: Active Directory Installation Wizard
    Dialog message text:

    The operation failed because: Active Directory could not transfer the remaining data in directory partition <directory partition DN path> to domain controller <destination DC>. «The source server is currently rejecting replication requests.»

  2. DCDIAG reports the error: The source server is currently rejecting replication requests or The destination server is currently rejecting replication requests.

    Testing server: Default-First-Site-Name<DC NAME>
    Starting test: Replications
    * Replications Check
    [Replications Check,<DC NAME>] A recent replication attempt failed:
    From IADOMINO to <DC NAME>
    Naming Context: DC=<DN path of partition>
    The replication generated an error (8456):
    The source server is currently rejecting replication requests.
    The failure occurred at <Date> <Time>.
    The last success occurred at <Date> <time>.
    957 failures have occurred since the last success.
    Replication has been explicitly disabled through the server options

    Testing server: Default-First-Site-Name<DC NAME>
    Starting test: Replications
    * Replications Check
    [Replications Check,<DC NAME>] A recent replication attempt failed:
    From IADOMINO to <DC NAME>
    Naming Context: DC=<DN path of partition>
    The replication generated an error (8457):
    The destination server is currently rejecting replication requests.
    The failure occurred at <Date> <Time>.
    The last success occurred at <Date> <time>.
    957 failures have occurred since the last success.
    Replication has been explicitly disabled through the server options

  3. REPADMIN indicates that incoming and outgoing Active Directory replication may be failing with the error: The source | destination server is currently rejecting replication.

    DC=Contoso,DC=COM
    <site name><dc name> via RPC
    DC object GUID: <objectguid of source DCs NTDS settings object>
    Last attempt @ <date> <time> failed, result 8457 (0x2109):
    The destination server is currently rejecting replication requests.

    DC=Contoso,DC=COM
    <site name><dc name> via RPC
    DC object GUID: <objectguid of source DCs NTDS settings object>
    Last attempt @ <date> <time> failed, result 8456 (0x2108):
    The source server is currently rejecting replication requests.

    [!NOTE]
    REPADMIN commands may display both the hexadecimal and the decimal equivalent for the currently rejecting replication error.

  4. Event sources and event IDs that indicate that a USN rollback has occurred include but are not limited to the following.

    Event source Event ID Event string
    NTDS KCC 1308 The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
    NTDS KCC 1925 The attempt to establish a replication link for the following writable directory partition failed.
    NTDS KCC 1926 The attempt to establish a replication link to a read-only directory partition with the following parameters failed
    NTDS Replication 1586 The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful. A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might occur if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint. The checkpoint process will be tried again in four hours.
    NTDS Replication 2023 The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition.
    Microsoft-Windows-ActiveDirectory_DomainService 2095 During an Active Directory Domain Services replication request, the local domain controller (DC) identified a remote DC which has received replication data from the local DC by using already acknowledged USN tracking numbers.
    Microsoft-Windows-ActiveDirectory_DomainService 2103 The Active Directory Domain Services database was restored by using an unsupported restoration procedure. Active Directory Domain Services will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused.

    Where embedded status codes 8456 and 8457 map to the following.

    Decimal error Hexadecimal error Error string
    8456 2108 The source server is currently rejecting replication
    8457 2109 The destination server is currently rejecting replication

  5. NTDS General Event 2013 may be logged in the Directory Services event log. This indicates that a USN rollback occurred because of an unsupported rollback or restore of the Active Directory Database.

    Event Type: Error
    Event Source: NTDS General
    Event Category: Service Control
    Event ID: 2103
    Date: <date>
    Time: <time>
    User: <user name>
    Computer: <computer name>
    Description: The Active Directory database has been restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused. User Action See previous event logs for details. For more information, visit the Help and Support Center at https://support.microsoft.com.

  6. NTDS General Event 1393 may be logged in the Directory Services event log. This indicates that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space:

    Event Type: Error
    Event Source: NTDS General
    Event Category: Service Control
    Event ID: 1393
    Date: <date>
    Time: <time>
    User: <user name>
    Computer: <computer name>
    Description:
    Attempts to update the Directory Service database are failing with error 112. Since Windows will be unable to log on users while this condition persists, the NetLogon service is being paused. M ake sure that sufficient free disk space is available on the drives where the directory database and log files reside.

Cause

Incoming or outgoing replication was automatically disabled by the operating system because of multiple root causes.

Three events that disable inbound or outbound replication include:

  • A USN rollback occurred (NTDS General Event 2103).
  • The hard disk is full (NTDS General Event 1393).
  • A corrupt UTD vector is present (Event 2881).

The operating system automatically makes four configuration changes when one of three conditions occurs. The four configuration changes are as follows:

  1. Incoming Active Directory replication is disabled.
  2. Outgoing Active Directory replication is disabled.
  3. DSA not writable is set to a nonzero value in the registry.
  4. The NETLOGON service status is changed from running to paused.

The dominant root cause for this error condition is a USN rollback discussed in A Windows Server domain controller logs Directory Services event 2095 when it encounters a USN rollback.

Do not assume that any nonzero value for DSA not writable or that a source or destination server is currently rejecting replication requests during DCPROMO / AD Replication definitively means that a USN rollback has occurred and that such domain controllers implicitly have to be force-demoted or force-repromoted. Demotionmaybe the correct option. However, it may be excessive when the error is caused by insufficient free disk space.

Resolution

  1. Check the value for DSA not writable.

    For each domain controller that is logging the 8456 or 8457 error, determine whether one of the three triggering events automatically disabled incoming or outgoing Active Directory Replication by reading the value for » DSA not writable» from the local registry.

    When replication is automatically disabled, the operating system writes one of four possible values to DSA not writable:

    • Path: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTDSParameters
    • Setting: DSA not writable
    • Type: Reg_dword
    • Values:
      • #define DSA_WRITABLE_GEN 1
      • #define DSA_WRITABLE_NO_SPACE 2
      • #define DSA_WRITABLE_USNROLLBCK 4
      • #define DSA_WRITABLE_CORRUPT_UTDV 8

    A value of 1 can be written only when the forest version is incompatible with the OS (for example, the W2K DC is promoted into a Windows Server 2003 forest functional level forest or the like).

    A value of 2 means that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space.

    A value of 4 means that a USN rollback occurred because the Active Directory database was incorrectly rolled back in time. Operations that are known to cause a USN rollback include the following:

    • The booting from previously saved virtual machine snapshots of domain controller role computers on Hyper-V or VMWARE hosts.
    • Incorrect physical-to-virtual (P2V) conversions in forests that contain more than one domain controller.
    • Restoring DC role computers by using imaging products such as Ghost.
    • Rolling the contents of a partition that is hosting the active directory database back in time by using an advanced disk subsystem.

    A value of 8 indicates that the up-to-dateness-vector is corrupted on the local DC.

    Technically, DSA not writable could consist of multiple values. For example, a registry value of 10 would indicate insufficient disk space and a corrupted UTD. Typically, a single value is written to DSA not writable.

    [!NOTE]
    It is common for support professionals and administrators to partly disable the replication quarantine by enabling outgoing replication, by enabling incoming replication, by changing the startup value for the NETLOGON service from disabled to automatic, and by starting the NETLOGON service. Therefore, the full quarantine configuration may not be in place when it is examined.

  2. Check the Directory Service event log for quarantine events.

    Assuming the Directory Service event log has not wrapped, you may find one or more related events logged in the Directory Service event log of a domain controller that is logging the 8456 or 8457 error.

    Event Details
    NTDS General 2103 The Active Directory database was restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused. User Action See previous event logs for more information.
    NTDS General Event 1393 There is insufficient space on the disk.
    Event 2881 Not applicable

  3. Perform the recovery based on the value of DSA not writable or on events that are logged on the system:

    • If DSA not writable equals 4 or if NTDS General Event 2103 is logged, perform the recovery steps for a USN Rollback. For more information, see A Windows Server domain controller logs Directory Services event 2095 when it encounters a USN rollback.

    • If DSA not writable equals 2 or if NTDS General event 1393 is logged, check for sufficient free disk space on the physical and virtual partitions that are hosting the Active Directory database and log files. Free up space as required.

    • If DSA not writable equals 8, demote and then repromote the domain controller before it can replicate its bad value to other domain controllers in the forest.

Источник

Понравилась статья? Поделить с друзьями:
  • При редактировании элемента произошла ошибка элемент не был сохранен
  • При регистрации на фейсит выдает ошибку
  • При попытке запуска группы сборщиков данных произошла следующая системная ошибка
  • При регистрации на авито пишет ошибка обработки запроса почему
  • При попытке добавления устройства произошла неизвестная ошибка 0x80004005