What'd I do?
On Wed, Nov 21, 2012 at 8:03 AM, David Lum david@nwea.org wrote:
agreed on the subj line change Don
** **
Kurt: After typing it, I almost clarified it but then decided to
deliberately leave that open to interpretation. J
** **
*From:* Kurt Buff [mailto:kurt.b...@gmail.com]
*Sent:* Wednesday, November 21, 2012 7:51 AM
*To:* NT System Admin Issues
*Subject:* Re: AD Washout
** **
Does that describe you or the spouse, and is it a good thing or a bad
thing? :)
On Wed, Nov 21, 2012 at 7:25 AM, David Lum david@nwea.org wrote:
*“*Allow Replication With Divergent and Corrupt Partner”
I think this is on my marriage certificate…
*From:* Dan Bartley [mailto:bartl...@corp.netcarrier.com]
*Sent:* Wednesday, November 21, 2012 7:18 AM
*To:* NT System Admin Issues
*Subject:* RE: AD Washout
Ok, this was it. I simply created the *Allow Replication With Divergent
and Corrupt Partner* registry key set to 1, did a forced replication and
it worked. Then returned the key to 0. Lots of posts about this appearing
now. It was a USNO server reboot that reset itself to year 2000 after the
reboot. Guess nobody bothered to check it for accuracy before putting it
back online. Our government at work. After resetting the key to not allow,
tried another forced replication and it worked. SCOM is now reporting AD
functions and replication as ok.
Thank you very much for finding that in the first 24 hours.
Best Regards,
Dan Bartley
*From:* Dan Bartley
[mailto:bartl...@corp.netcarrier.combartl...@corp.netcarrier.com]
*Sent:* Tuesday, November 20, 2012 17:15
*To:* NT System Admin Issues
*Subject:* RE: AD Washout
Wow, thanks. This sounds like exactly what happened to us. I’ll follow the
guides and see what happens. I’ll update back when done.
Best Regards,
Dan Bartley
*From:* Coleman, Hunter [mailto:hcole...@mt.gov hcole...@mt.gov]
*Sent:* Tuesday, November 20, 2012 16:41
*To:* NT System Admin Issues
*Subject:* RE: AD Washout
Maybe a long shot, but check
http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx
*From:* Dan Bartley
[mailto:bartl...@corp.netcarrier.combartl...@corp.netcarrier.com]
*Sent:* Tuesday, November 20, 2012 9:04 AM
*To:* NT System Admin Issues
*Subject:* RE: AD Washout
No to these questions.
Actually it all seems centered around time sync problem that I have no
idea the cause of. It seems the 2003 PDCe server developed a problem with
access denied issues and that cascaded time sync errors to everything else.
The 2 2000 DCs show the correct amount of uptime based on them being
rebooted yesterday. The 2003 DCs however show correct time and date, but
say uptime 4300+ days after their reboot. They are syncing with time server
now, but clearly still have an issue. That is probably what is causing the
one way replicate problem between just the 2 2003 DCs. I can actually
replicate either one to a 2000 DC and then replicate that to the server
that won?t replicate from the PDCe and changes show up. Still haven?t
figured the best way to rectify the issue. I definitely do not favor a
transfer of roles and dcpromo to demote and then promote again.
Best Regards,
Dan Bartley
*From:* Christopher Bodnar
[mailto:christopher_bod...@glic.comchristopher_bod...@glic.com]
*Sent:* Tuesday, November 20, 2012 07:54
*To:* NT System Admin Issues
*Subject:* RE: AD Washout
Tombstonelifetime error makes me think this might be an issues with
lingering objects. Were any of the domain controllers migrated from
physical to virtual recently? Or restored from a backup?
*Christopher Bodnar*
Enterprise Architect I, Corporate Office of Technology:Enterprise
Architecture and Engineering Services
Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com
*
The Guardian Life Insurance Company of America*
*
*www.guardianlife.com
From:Dan Bartley bartl...@corp.netcarrier.com
To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Date:11/19/2012 09:51 PM
Subject:RE: AD Washout
--
No.
However, I just discovered that when I try to do a manual replication on
one 2003 DC from the PDCe 2003 DC, I get an error that it can?t replicate
due to tombstone lifetime being exceeded. It does replicate the other
direction. I am not getting any Event errors in the Directory Service event
log of either DC when I try the manual replication (such as 2042-which I
did find references on).
Best Regards,
Dan Bartley
Director - Security, IT, Billing, A-R
NetCarrier Telecom
Phone: (877) 255-7733; Fax:
