RSS

AD Replication Issue | Event ID 2108 and 1084 | 8451 The replication operation encountered a database error.

27 Oct

Issue:
———

DC1 and DC2 are two domain controllers for the domain Domain.com.

DC1 -> DC2 replication working fine but the reverse DC2 -> DC1 doesn’t seem to work. Below are the commands and event ids which generated for the replication.

============================
C:\Windows\ntds>repadmin /replicate DC2 DC1 DC=Domain,DC=com
Sync from DC1 to DC2 completed successfully.

C:\Windows\ntds>repadmin /replicate DC1 DC2 DC=Domain,DC=om
DsReplicaSync() failed with status 8451 (0x2103):
The replication operation encountered a database error.
============================

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 2108
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Description:
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory Domain Services database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.

Object:
DC=DC1,DC=Domain.com,CN=MicrosoftDNS,CN=System,DC=barrylevin,DC=com
Object GUID:
27709216-a6eb-4e13-a614-36becd89756b
Source domain controller:
cfaf2018-03a3-441c-834e-4d86f8c8c7ba._msdcs.barrylevin.com

User Action

Please consult KB article 837932, http://support.microsoft.com/?id=837932. A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory Domain Services database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object’s parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run “ntdsutil files integrity”. If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the “ntdsutil files compact” function.
8. The “ntdsutil semantic database analysis” should also be performed. If errors are found, they may be corrected using the “go fixup” function. Note that this should not be confused with the database maintenance function called “ESE repair”, which should not be used, since it causes data loss for Active Directory Domain Services Databases.

If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

============================

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 1084
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Description:
Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service.

Object:
DC=DC1,DC=Domain.com,CN=MicrosoftDNS,CN=System,DC=barrylevin,DC=com
Object GUID:
27709216-a6eb-4e13-a614-36becd89756b
Source directory service:
cfaf2018-03a3-441c-834e-4d86f8c8c7ba._msdcs.barrylevin.com

Synchronization of the directory service with the source directory service is blocked until this update problem is corrected.

This operation will be tried again at the next scheduled replication.

User Action
Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).

Additional Data
Error value:
8451 The replication operation encountered a database error.

============================

Cause:
———

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

Above details indicate that the database should be defragemented on DC1..

Resolution:
—————-

Take a backup of ntds.dit file under c:\windows\ntds if anything goes wrong. If ntds.dit file is not available under default location, you should take backup from where you published the NTDS Database.

Open command prompt and navigate to c:\windows\ntds and perform below sequence of commands.

  1. net stop ntds
  2. Physical consistency check by using below command and it is passed. Go to Step 4 if its failed.
    esentutl /K ntds.dit
  3. Logical consistency check by using below command and it failed.
    ntds>esentutl /G ntds.dit

    ============================
    Checking database integrity.
    Scanning Status (% complete)

    0 10 20 30 40 50 60 70 80 90 100
    |—-|—-|—-|—-|—-|—-|—-|—-|—-|—-|
    …………………………………………
    Integrity check completed.
    Database is CORRUPTED, the last full backup of this database was on 10/25/2014 14:00:22

    Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non database file or corrupted db) after 13.712 seconds.
    ============================

  4. Performed offline Defrag by using below command. Contact Microsoft if in case it is failed.
    esentutl /D ntds.dit
  5. Again performed Logical consistency check by using below command and it was successful..
    ntds>esentutl /G ntds.dit
  6. net start ntds

Replication start working again. Thats it.

Reference:
—————

http://support2.microsoft.com/kb/837932
http://support2.microsoft.com/kb/2645996/en-gb

 

 

Advertisements
 
Leave a comment

Posted by on October 27, 2014 in Uncategorized

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: