Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS Replication|
The local domain controller has attempted to replicate the following object from the following source domain controller. This object is not present on the local domain controller because it may have been deleted and already garbage collected.
Source domain controller: <GUID>
Object: <object distinguished name>
Object GUID: <GUID>
Replication will not continue with the source domain controller until the situation has been resolved.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of ESENT?
From the error message, identify the name of the domain controller containing the lingering objects ("Source DC" in the error message). This can be done by pinging the FQDN mentioned in the error message to identify the IP address of the server, or by checking the _msdcs section in DNS.
Source DC (Transport-specific network address):
Identify the GUID of the domain controller on which you receive the event log message, by using 'repadmin /showrepl' on that domain controller. This would be the value for "DC object GUID" in the results of the repadmin command.
Within the error message, identify the naming context in which the lingering objects exist, e.g. the error message might mention (example only!):
DC=DomainDnsZones, DC=yourdomain, DC=local
Run the following command on the dc on which you receive the error message:
repadmin /removelingeringobjects name_of_server_containg_lingering_objects GUID_of_dc_on_which_error_appears DC=DomainDnsZones, DC=yourdomain, DC=local /advisory_mode
On the dc containing the lingering objects, check the Directory Service event log for information logged about lingering objects found.
Now run the same command as above, but omit '/advisory_mode'. Check the event log again, which should report that lingering objects have been removed.
Peter Van Gils
You can get these errors when one of your DCs is offline for too long (+60 days).
- Step 1: try removing lingering items according to ME870695. Use the syntax repadmin /removelingeringobjects BAD-DC-FQDN GOOD-DC-GUID PARTITION, and remove this for all DNS partitions (domain, configuration, schema, forestdnszones, domaindnszones, and others if applicable).
- Step 2: if after a while the lingering objects are back, use ReplDiag instead (see EV100261 (Cleaning lingering objects across the forest with ReplDiag.exe). Remember to run it using Enterprise Admin credentials.
- Step 3: if this still doesn't solve the problem, demote the faulty DC, remove it from the domain, delete all AD references to it (use ntdsutil and also check the _msdcs DNS zone), then add it to the domain again and promote it again.
- Step 4: if demoting/promoting the faulty DC is not an option, turn off Strict Replication (see ME317097)
This error for our DC revolved around deleted objects that had accumulated since the source DC was offline. The “repadmin /removelingeringobjects” command worked for all other containers but would not touch this.
In the end, I just turned off Strict Replication after a systemstate backup and now replication is working without error.
As per Microsoft: "This event indicates that a destination domain controller that has strict replication consistency enabled has received a request to update an object that does not exist in its local copy of the Active Directory database". See the link to "Fixing Replication Lingering Object Problems" to solve this problem.
See ME870695 to resolve this problem.
|Private comment: Subscribers only. See example of private comment|
|Links: Fixing Replication Lingering Object Problems|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated