Tombstonelifetime error makes me think this might be an issues with lingering objects. Were any of the domain controllers migrated from physical to virtual recently? Or restored from a backup?
Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From: "Dan Bartley" <bartl...@corp.netcarrier.com> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Date: 11/19/2012 09:51 PM Subject: RE: AD Washout No. However, I just discovered that when I try to do a manual replication on one 2003 DC from the PDCe 2003 DC, I get an error that it can’t replicate due to tombstone lifetime being exceeded. It does replicate the other direction. I am not getting any Event errors in the Directory Service event log of either DC when I try the manual replication (such as 2042-which I did find references on). Best Regards, Dan Bartley Director - Security, IT, Billing, A-R NetCarrier Telecom Phone: (877) 255-7733; Fax: (267) 638-0317; Direct: (215) 966-3310 From: Jon Harris [mailto:jk.har...@live.com] Sent: Monday, November 19, 2012 21:37 To: NT System Admin Issues Subject: RE: AD Washout Any new patches added just prior to this. Jon Subject: AD Washout Date: Mon, 19 Nov 2012 21:31:10 -0500 From: bartl...@corp.netcarrier.com To: ntsysadmin@lyris.sunbelt-software.com I mostly watch and learn, but today a question. Today I had an issue I can’t find any reason for. Mixed 2000-2003 domain. 2 of each. All the roles have been moved to the 2003 DCs, except time server. Fully patched. Out of nowhere I started getting SCOM alerts from 2 of the DCs that various DC functions were failing when contacting one of the 2003 DCs. The 2 2000 servers could be RDP, but not accessed via MMC for services, etc. from a Win7 workstation. I saw various KCC NTDS Replication related errors on one of the 2003 DCs. I could attach to them via RPC (MMC) though. One of the 2000 DCs is still the time server. Neither of the 2003 DCs could update time with it having a server error 5, access denied error. The other 2000 DC could update time fine. Logins to various internal systems and DFS links started to fail with access denied errors. Eventually I rebooted the 2003 DC with the PDCe role and everything started to come back. There were no Directory Service errors or warnings in the event log at or before this happened. At the time this started this DC had system errors that the other 2003 DC had a time in the future, however it did not. In the application log there were errors when it started for ID 1058, Windows cannot access the file gpt.ini for GPO”” and ending with “(There is a time and/or date difference between the client and server. ). Group Policy processing aborted.” All of the other DCs showed nothing other than the breakdown between them and this server. After the reboot all was well again. No performance issues for CPU, HDD or memory while it was going on. No services stopped. Anybody have any thoughts on what might have caused this? Best Regards, Dan Bartley ________________________________ CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image/jpeg>>
