Ok, this was it. I simply created the Allow Replication With Divergent and Corrupt Partner registry key set to 1, did a forced replication and it worked. Then returned the key to 0. Lots of posts about this appearing now. It was a USNO server reboot that reset itself to year 2000 after the reboot. Guess nobody bothered to check it for accuracy before putting it back online. Our government at work. After resetting the key to not allow, tried another forced replication and it worked. SCOM is now reporting AD functions and replication as ok.
Thank you very much for finding that in the first 24 hours. Best Regards, Dan Bartley From: Dan Bartley [mailto:bartl...@corp.netcarrier.com] Sent: Tuesday, November 20, 2012 17:15 To: NT System Admin Issues Subject: RE: AD Washout Wow, thanks. This sounds like exactly what happened to us. I'll follow the guides and see what happens. I'll update back when done. Best Regards, Dan Bartley From: Coleman, Hunter [mailto:hcole...@mt.gov] Sent: Tuesday, November 20, 2012 16:41 To: NT System Admin Issues Subject: RE: AD Washout Maybe a long shot, but check http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active -directory-domain-time-just-jump-to-the-year-2000.aspx From: Dan Bartley [mailto:bartl...@corp.netcarrier.com] Sent: Tuesday, November 20, 2012 9:04 AM To: NT System Admin Issues Subject: RE: AD Washout No to these questions. Actually it all seems centered around time sync problem that I have no idea the cause of. It seems the 2003 PDCe server developed a problem with access denied issues and that cascaded time sync errors to everything else. The 2 2000 DCs show the correct amount of uptime based on them being rebooted yesterday. The 2003 DCs however show correct time and date, but say uptime 4300+ days after their reboot. They are syncing with time server now, but clearly still have an issue. That is probably what is causing the one way replicate problem between just the 2 2003 DCs. I can actually replicate either one to a 2000 DC and then replicate that to the server that won?t replicate from the PDCe and changes show up. Still haven?t figured the best way to rectify the issue. I definitely do not favor a transfer of roles and dcpromo to demote and then promote again. Best Regards, Dan Bartley From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, November 20, 2012 07:54 To: NT System Admin Issues Subject: RE: AD Washout Tombstonelifetime error makes me think this might be an issues with lingering objects. Were any of the domain controllers migrated from physical to virtual recently? Or restored from a backup? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com <mailto:> The Guardian Life Insurance Company of America www.guardianlife.com <http://www.guardianlife.com/> From: "Dan Bartley" <bartl...@corp.netcarrier.com> To: "NT System Admin Issues" < ntsysadmin@lyris.sunbelt-software.com> Date: 11/19/2012 09:51 PM Subject: RE: AD Washout ________________________________ No. However, I just discovered that when I try to do a manual replication on one 2003 DC from the PDCe 2003 DC, I get an error that it can?t replicate due to tombstone lifetime being exceeded. It does replicate the other direction. I am not getting any Event errors in the Directory Service event log of either DC when I try the manual replication (such as 2042-which I did find references on). Best Regards, Dan Bartley Director - Security, IT, Billing, A-R NetCarrier Telecom Phone: (877) 255-7733; Fax: (267) 638-0317; Direct: (215) 966-3310 From: Jon Harris [mailto:jk.har...@live.com <mailto:jk.har...@live.com> ] Sent: Monday, November 19, 2012 21:37 To: NT System Admin Issues Subject: RE: AD Washout Any new patches added just prior to this. Jon ________________________________ Subject: AD Washout Date: Mon, 19 Nov 2012 21:31:10 -0500 From: bartl...@corp.netcarrier.com <mailto:bartl...@corp.netcarrier.com> To: ntsysadmin@lyris.sunbelt-software.com <mailto:ntsysadmin@lyris.sunbelt-software.com> I mostly watch and learn, but today a question. Today I had an issue I can?t find any reason for. Mixed 2000-2003 domain. 2 of each. All the roles have been moved to the 2003 DCs, except time server. Fully patched. Out of nowhere I started getting SCOM alerts from 2 of the DCs that various DC functions were failing when contacting one of the 2003 DCs. The 2 2000 servers could be RDP, but not accessed via MMC for services, etc. from a Win7 workstation. I saw various KCC NTDS Replication related errors on one of the 2003 DCs. I could attach to them via RPC (MMC) though. One of the 2000 DCs is still the time server. Neither of the 2003 DCs could update time with it having a server error 5, access denied error. The other 2000 DC could update time fine. Logins to various internal systems and DFS links started to fail with access denied errors. Eventually I rebooted the 2003 DC with the PDCe role and everything started to come back. There were no Directory Service errors or warnings in the event log at or before this happened. At the time this started this DC had system errors that the other 2003 DC had a time in the future, however it did not. In the application log there were errors when it started for ID 1058, Windows cannot access the file gpt.ini for GPO?? and ending with ?(There is a time and/or date difference between the client and server. ). Group Policy processing aborted.? All of the other DCs showed nothing other than the breakdown between them and this server. After the reboot all was well again. No performance issues for CPU, HDD or memory while it was going on. No services stopped. Anybody have any thoughts on what might have caused this? Best Regards, Dan Bartley ________________________________ CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ <http://lyris.sunbelt-software.com/read/my_forums/> or send an email to listmana...@lyris.sunbeltsoftware.com <mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ <http://lyris.sunbelt-software.com/read/my_forums/> or send an email to listmana...@lyris.sunbeltsoftware.com <mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image001.jpg>>
