Replication After Tombstone Life Expired
As I was preparing for Exchange migration from 2010 to 2013 I had two DCs, one of those two DCs was off for about 8 months and has already passed the default tomb stone life so it was not authorized for replication in the forest.
Whenever I try to replicate the server I get the following error
Active Directory Sites and Services Error
“The following error occurred during the attempt to syncronize naming context CN=Configuration,DC=Domain,DC=Local from Domain Controller AD to Domain Controller AD2; The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime. This operation will not continue.”
My FSMO roles holder and PDC is the demotesas.local domain so on this DC I will run the following command
W32tm /config /manualpeerlist:time.windows.com,0x1 /syncfromflags:manual /reliable:yes /update
And this
w32time & net start w32time & W32tm /resync /rediscover
On the additional DC
w32tm /config /syncfromflags:domhier /update
w32time & net start w32time & W32tm /resync /rediscover
Force Replication
If the above doesn’t work then I will go ahead and force replication to the tomb stoned DC by using the following command.
repadmin /regkey * +allowDivergent
Now we’ll replicate and see what happens
Problem solved
REF:
Thank you for taking the time to post this information. This quickly and easily resolved our replication issues without having to demote a server!
Glad it helped you Tad.
for two days I had the problem of replication and they did not have a single solution …….. you saved my life, thank you very much
Glad it worked for you 🙂 I usually have these kind of issues and prefer to troubleshoot than demote or delete.
Thanks so much for the post worked great cheers! 🙂
Glad it helped you 🙂 cheers
When you force replication using repadmin /regkey * +allowDivergent do you do this on the domain controller that cannot be replicated to or the one you are trying to replicate from?
Hi Michael, doesn’t really matter which server because the wildcard will push the replication to all the DCs and will force it on the tombstone DC.
Please check the construction of the command here
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/active-directory-replication-event-id-2042#use-repadmin-to-restart-replication-following-event-id-2042
Thank you moh10ly,
This saves my butt rebuilding.
Glad it helped you 🙂
You’re the bomb! Thank you! After days of reading through other sites that seemed to over-complicate everything, your AWESOME article came into my life! 🙂
Hi Key, I am very glad this has helped you! If you in anytime had any difficulties please don’t hesitate to contact me directly.
Regards
VERY useful! Thank you so much! Best, Raphael.
You’re very welcome, I am glad it helped
dear expert, im very newbie for this. any posibility this step will interupt the other DS? coz my system use for DCS System it should not be interupt the DCS (Digital Control System)
I can’t thank you enough. That did the trick. Happy that I don’t need to go demoting route. !
Glad it helped 🙂 .
Thank you this fixed my DCs in my home lab that was powered off for many months.
Super helpful, one of the best documents on the problem, you won’t believe how much time i spent looking for this solution and you managed to help me fix it in like 3 minutes!
Just letting you know you saved my life as well.
Thank you
I dont no who you are.. anyway you save my life
i was struggle with this almost three weeks
Thank you very very much for sharing your knowledge with us.
God bless you..
Hello,
Facing DFS replication on additional domain controller after it was turned off for 2 weeks. It has not exceeded tombstone period.
Tried demoting and promoting ADC but yet we are not seeing shared netlogon sysvol on ADC.
In event viewer we see messages DFS will not replicate till on ADC stale data is cleared-reason it is not replicated for more than 60days.
Also tried to install windows freshly and joined to existing domain still it is same problem for DFS replication for netlogon and sysvol shared folders.
Other replication between both domains is success. Please advise how to fix this issue.
Hi Mohammed Hamada,
Wherever you are in the world, I pray that God will bless you with increase in any aspect of your life.
You are truly a lifesaver.
Thank You very much!
f*ck me!
thanks dude, just as with the other folks here, you saved me a ton of time with a simple and elegant solution that no-one else seems to have come up with!