Server 2008 DC rejecting replication requests
Your issue is almost definitely due to the USN Rollback. Reverting back to a snapshot is not a supported method for recovering a DC. To resolve the issue, follow the steps outlined in the KB article you referenced. This will include Demoting the DC, cleaning up the metadata, and then promoting it.
Related videos on Youtube
32 : 09
04 : 09
10 : 40
31 : 09
02 : 34
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
Have a DC that has recently been part of a business continuity test. From what I understand the server (which is virtual) was snapshotted, test carried out while the link between the two sites was down and then reverted to the snapshot. Now that the link is back up I am seeing notifications through Solar Winds that the AD service is in error. Looking at the server the NETLOGON service is paused. From what I can gather from the event logs this is due to repeated replication attempts failing. There is also a notification that AD was restored in an unsupported method (probably snapshot).
I have tried to force replication using the sites and services snapin but that fails, stating that the server is currently rejecting replication. I can ping the server though oddly it seems to respond from the 10.168.3 NIC and not the 10.168.50 NIC that I would have expected. Both IPs can be pinged though and the server can be connected to via RDP or console via vSphere.
Running a repadmin /show various failure but I am sure these are due to some underlying failure that is blocking the replication service from starting. Bit new to this level of troubleshooting but would be grateful of any help that could be thrown my way.
EDIT: Wondwering if it may be something to do with a USN Rollback (?)/. Link to KB here
-
azethoth over 12 yearsHow did you take a snapshot? And how did you restore it. Snapshots of DCs are not supported. Only in cases to retrieve object attributes or deleted objects usually.
-
-
HostBits over 12 yearsYou should also look in your domain DNS zone under the _msdcs, _sites, _tcp, _udp, DomainDnsZones, and ForestDnsZones (and any subfolders in those zones) for references to the demoted DC. Those references should be removed.
-
HostBits over 12 yearsAlso look in AD Sites & Services within the AD site for that DC, and verify the server object and the NTDS settings are gone after the demotion. If they are not, delete them (only after the removal has occurred).
-
Admin over 12 yearsWow, thanks for the detail. I will look in to enabling strict replication in our environment and have updated the procedures in place to make sure snapshots are not used on DCs. I have assigned the answer to Cheekaleak as it looks like that was the solution but have upmarked your post as it is definitely the way to prevent it in future! Thanks again
