As I was preparing for Exchange migration from 2010 to 2013 I had two DCs, one of those two DCs was off for about 8 months and has already passed the default tomb stone life so it was not authorized for replication in the forest.
Whenever I try to replicate the server I get the following error
“The following error occurred during the attempt to syncronize naming context CN=Configuration,DC=Domain,DC=Local from Domain Controller AD to Domain Controller AD2; The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime. This operation will not continue.”
My FSMO roles holder and PDC is the demotesas.local domain so on this DC I will run the following command
W32tm /config /manualpeerlist:time.windows.com,0x1 /syncfromflags:manual /reliable:yes /update
And this
w32time & net start w32time & W32tm /resync /rediscover
On the additional DC
w32tm /config /syncfromflags:domhier /update
w32time & net start w32time & W32tm /resync /rediscover
If the above doesn’t work then I will go ahead and force replication to the tomb stoned DC by using the following command.
repadmin /regkey * +allowDivergent
Now we’ll replicate and see what happens
REF:
Reset and manage your Active Directory users' Passwords Active Directory is one of the most…
Finding Exchange Database hidden mailboxes. Story:Maybe you have been in this situation before, trying to…
If you're using a Proxy server in your firewall or in your network and have…
Story:I got some clients that have reported some of their users being locked out and…
Delegate Permissions This is a code that I have wrote recently to check if an…
Story: I got a request from a client who constantly gets CVs and have to…
View Comments
Thank you for taking the time to post this information. This quickly and easily resolved our replication issues without having to demote a server!
Glad it helped you Tad.
for two days I had the problem of replication and they did not have a single solution ........ you saved my life, thank you very much
Glad it worked for you :) I usually have these kind of issues and prefer to troubleshoot than demote or delete.
Thanks so much for the post worked great cheers! :)
Glad it helped you :) cheers
When you force replication using repadmin /regkey * +allowDivergent do you do this on the domain controller that cannot be replicated to or the one you are trying to replicate from?
Hi Michael, doesn't really matter which server because the wildcard will push the replication to all the DCs and will force it on the tombstone DC.
Please check the construction of the command here
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/active-directory-replication-event-id-2042#use-repadmin-to-restart-replication-following-event-id-2042
Thank you moh10ly,
This saves my butt rebuilding.
Glad it helped you :)
You're the bomb! Thank you! After days of reading through other sites that seemed to over-complicate everything, your AWESOME article came into my life! :-)
Hi Key, I am very glad this has helped you! If you in anytime had any difficulties please don't hesitate to contact me directly.
Regards
VERY useful! Thank you so much! Best, Raphael.
You're very welcome, I am glad it helped
dear expert, im very newbie for this. any posibility this step will interupt the other DS? coz my system use for DCS System it should not be interupt the DCS (Digital Control System)
I can't thank you enough. That did the trick. Happy that I don't need to go demoting route. !
Glad it helped :) .
Thank you this fixed my DCs in my home lab that was powered off for many months.