AI Adsense

Friday, March 10, 2017

[SOLVED] How to Resolve Error 8614

I ran into this issue with two Domain Controllers that would not replicate.  DC2 was getting this error: "The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime"

Below are the steps I went through in order to remedy this situation and worked like a charm.

1. Verify which Domain Controller raised the 8614 error by using:

> repadmin /showrepl
> repadmin /showreps

* Run this command line in any DC not DC-A.

* In addition, open Event Viewer, in Applications and Services LogsDirectory Service, you will see an error with event ID 2042

According to Mirosoft knowledge base, it's maybe because the domain controller contains what so called lingering objects: This is the most possible reason for the error, because everything else are OK (time, default tombstone lifetime).

2. So, I have to remove those lingering objects from all DCs:

> repadmin /removelingeringobjects DC-A.MYDOMAIN.COM 5b0b944e-de7b-4f96-942b-1e040169db36 "CN=Configuration,DC=MYDOMAIN,DC=COM"


+ 5b0b944e-de7b-4f96-942b-1e040169db36 : the GUID of DC-A. You can get it from the command repadmin /showrepl DC-A.

+ "CN=Configuration,DC=MYDOMAIN,DC=COM": NC in which DC-A raise the error (from the output of the command repadmin /showrepl)

* Repeat in all other DCs in forest.

3. Evaluate setting strict replication on all DCs in forest:

> repadmin /regkey * +strict

4. Set "Allow replication with divergent and corrupt partner = 1" on all DCs:

> repadmin /regkey * +allowDivergent

5. Flush DNS Cache and restart netlogon service in DC-A:

> ipconfig /flushdns

> net stop netlogon

+ rename netlogon.dns and netlogon.dnb file which locate in C:\Windows\System32\

> ipconfig /flushdns

+ > net start netlogon (this command will re-create netlogon.dns and netlogon.dnb files)

> ipconfig /registerdns

6. Check the replication of all DCs again using repadmin and Event Viewer

> repadmin /showrepl

7. Delete "Allow replication with divergent and corrupt partner" or set "Allow replication with divergent and corrupt partner = 0" in the registry of all DCs.

> repadmin /regkey * -allowDivergent

8. Check the replication of all DCs again using repadmin and Event Viewer

If you performed everything correctly, the Domain Controllers will now replicate successfully.

1 comment:

Anonymous said...

worked like a charm