Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2042 Source: NTDSReplication

Level
Description
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
The reason that replication is not allowed to continue is that the two machine's views of deleted objects may now be different. The source machine may still have copies of objects that have been deleted (and garbage collected) on this machine. If they were allowed to replicate, the source machine might return objects which have already been deleted.
Time of last successful replication:
<date> <time>
Invocation ID of source:
<ID>
Name of source:
<source name>
Tombstone lifetime (days):
<number>

The replication operation has failed.

User Action:
Determine which of the two machines was disconnected from the forest and is now out of date. You have three options:

1. Demote or reinstall the machine(s) that were disconnected.
2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent deleted objects and then resume replication.
3. Resume replication. Inconsistent deleted objects may be introduced. You can continue replication by using the following registry key. Once the systems replicate once, it is recommended that you remove the key to reinstate the protection.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
Comments
 
As per Microsoft: "If a domain controller has not replicated with its partner for longer than a tombstone lifetime, it is possible that a lingering object problem exists on one or both domain controllers. When this condition occurs, inbound replication with the source partner is stopped on the destination domain controller and event ID 2042 is logged in the Directory Services event log". See the link to "Fixing Replication Lingering Object Problems" to solve this problem.

See ME888794 and the link to "Event ID 2042 - It has been too long since this machine replicated" for additional information about this event.
Install the Windows server 2003 support tools. Go to the command prompt and type replmon. Ad all DCs and select a DC. Then right-click and select “Synchronize Each Directory Partition with All Servers”. Repeat this procedure on each DC. This will resolve the error.

See ME892777 to download the Windows Server 2003 Service Pack 1 Support Tools.
See ME899148 if you have installed Service Pack 1 for Windows Server 2003.
Our domain controller experienced a bad CMOS battery problem, which in turn caused the dates to be scrambled causing replication errors. Make sure whatever you have as your primary time server source that the time is accurate.
To solve this error the lingering objects have to be removed. Read ME870695 for information on how to remove lingering objects.


From a newsgroup post: "This error can occur if the DC has been offline for more than 60 days, has not replicated with another DC for more than 60 days or if the time on your servers is not set correctly. This server has therefore passed the tombstone lifetime of 60 days and will need to be reinstalled. You should try running dcpromo with the /forceremoval switch and then do a metadata cleanup on AD to remove all traces of that DC. Once this is done, it can be re-promoted if desired. See ME216993 for tombstone lifetime details, ME332199 for help on running “dcpromo /forceremoval”, and ME216498 for details on how to remove data in Active Directory after an unsuccessful Domain Controller demotion".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...