event ID 1864

Hello,

I have 3 DC: DC-1, DC-2, and DC-3 (window server 2008R2) with domain and forest functional level 2008R2. There is only one domain MyDomain.local and all 3 DC are in one site. All three DC are global catalog and DNS servers.

On all three DC I receive at every 24 hours the following error in Event Viewer, Directory Service log:
--------------------------------------------------------------
 Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          3/22/2010 4:14:07 PM
Event ID:      1864
Task Category: Replication
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      DC-1.MyDomain.local
Description:
This is the replication status for the following directory partition on this directory server.
 Directory partition:
CN=Schema,CN=Configuration,DC=MyDomain,DC=local
 This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals.
 More than 24 hours:
1
More than a week:
1
More than one month:
0
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
180
 Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
 To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".
--------------------------------------------------------------
 

This error repeats three times for the following directory partitions:CN=Schema,CN=Configuration,DC=MyDomain,DC=local    CN=Configuration,DC=MyDomain,DC=local  and DC=MyDomain,DC=local

The only place where I found a reference to an removed DC was in registry HKLM\System\CurrentControlSet\Services\NTDS\Parameters where the key “Src Root Domain Srv” have the value of “CCTI-DC2.mydomain.local”. CCTI-DC2 was an DC that was removed from the network with dcpromo. Please advise me what should I do with this key: delete or rename and put the name of actual PDC here?

 

To identify the source of event ID 1864 and eliminate the cause in the last week I’ve done the following:

1. Checked to see if there is a reference to a removed domain controller in:

-           Active Directory site and services -> My_site -> Servers

-          Active Directory users and computers -> Domain Controllers

Everything is OK, there are listed only 3 DC that are functional.


2. With ADSI Edit looked at CN=LostAnd Found that is empty .  Also checked CN=Topology,CN=Domain System Volume,CN=DFSR-Globalsettings,CN=System,DC=MyDomain,DC=local  where are listed only the 3 functional DC.


3. Checked DNS and deleted any reference to an removed DC


4. Checked NTDS with NTDSUTIL . As you can see from the output there are only 3 DC:
--------------------------------------------------------------
metadata cleanup: select operation target
select operation target: list domains
Found 1 domain(s)
0 - DC= MyDomain,DC=local
select operation target: select domain 0
No current site
Domain - DC=MyDomain,DC=local
No current server
No current Naming Context
select operation target: list sites
Found 1 site(s)
0 - CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local
select operation target: select site 0
Site - CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local
Domain - DC=MyDomain,DC=local
No current server
No current Naming Context
select operation target: list servers in site
Found 3 server(s)
0 - CN=DC-3,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local

1 - CN=DC-1,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local

2 - CN=DC-2,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=local
 --------------------------------------------------------------


5.  Used repadmin/showreps on all 3 DC and everything is OK . Here is the output from the DC-1:
--------------------------------------------------------------
MySite\DC-1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 9f02251e-a27c-4c4f-864b-e2242fff6437
DSA invocationID: a24a837b-2655-4c9b-94bb-cf6a235a4351

==== INBOUND NEIGHBORS ======================================

DC=MyDomain,DC=local
    MySite\DC-3 via RPC
        DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
        Last attempt @ 2010-03-23 11:44:04 was successful.
    MySite\DC-2 via RPC
        DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
        Last attempt @ 2010-03-23 11:45:22 was successful.

CN=Configuration,DC=MyDomain,DC=local
    MySite\DC-3 via RPC
        DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
        Last attempt @ 2010-03-23 10:59:01 was successful.
    MySite\DC-2 via RPC
        DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
        Last attempt @ 2010-03-23 10:59:01 was successful.

CN=Schema,CN=Configuration,DC=MyDomain,DC=local
    MySite\DC-2 via RPC
        DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
        Last attempt @ 2010-03-23 10:59:02 was successful.
    MySite\DC-3 via RPC
        DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
        Last attempt @ 2010-03-23 10:59:02 was successful.

DC=ForestDnsZones,DC=MyDomain,DC=local
    MySite\DC-2 via RPC
        DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
        Last attempt @ 2010-03-23 10:59:02 was successful.
    MySite\DC-3 via RPC
        DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
        Last attempt @ 2010-03-23 10:59:02 was successful.

DC=DomainDnsZones,DC=MyDomain,DC=local
    MySite\DC-3 via RPC
        DSA object GUID: f5a575b9-a7f8-4d75-96d1-390861f1afc2
        Last attempt @ 2010-03-23 10:59:02 was successful.
    MySite\DC-2 via RPC
        DSA object GUID: c72d27b2-87f5-4291-b72d-ccf5e421ce39
        Last attempt @ 2010-03-23 10:59:02 was successful.
--------------------------------------------------------------

6. Run dcdiag an all 3 DC. All test are OK here are the output from DC1:
--------------------------------------------------------------
 Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = DC-1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: MySite\DC-1
      Starting test: Connectivity
         ......................... DC-1 passed test Connectivity

Doing primary tests

   Testing server: MySite\DC-1
      Starting test: Advertising
         ......................... DC-1 passed test Advertising
      Starting test: FrsEvent
         ......................... DC-1 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC-1 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC-1 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC-1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC-1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC-1 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC-1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC-1 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC-1 passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC-1 passed test Replications
      Starting test: RidManager
         ......................... DC-1 passed test RidManager
      Starting test: Services
         ......................... DC-1 passed test Services
      Starting test: SystemLog
         ......................... DC-1 passed test SystemLog
      Starting test: VerifyReferences
         ......................... DC-1 passed test VerifyReferences

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
        ......................... Schema passed test CrossRefValidation
 
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
 
   Running partition tests on : MyDomain
      Starting test: CheckSDRefDom
         ......................... MyDomain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... MyDomain passed test CrossRefValidation

   Running enterprise tests on : mydomain.local
      Starting test: LocatorCheck
         ......................... MyDomain.local passed test LocatorCheck
      Starting test: Intersite
         ......................... MyDomain.local passed test Intersite
--------------------------------------------------------------

7. Checked with repadmin /showvector /latency… even here everything seems to be OK:
--------------------------------------------------------------
repadmin /showvector /latency CN=Schema,CN=Configuration,DC=MyDomain,DC=local
Caching GUIDs.
MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN  417853 @ Time 2010-02-27 15:49:00
MySite\CCTI-DC1\0ADEL:7679d269-19c2-4440-9b6e-da597ae133b1 (deleted DSA) @ USN 503710 @ Time 2010-03-12 17:59:21
MySite\CCTI-DC3\0ADEL:ed2133ee-8e57-4edf-8aff-c9635a1525c6 (deleted DSA) @ USN 110900 @ Time 2010-03-15 15:06:26
MySite\DC1\0ADEL:4de8a1cf-b8eb-4297-a480-6bf8ac34c343 (deleted DSA) @ USN 22892 @ Time 2010-03-15 19:09:06
MySite\DC3\0ADEL:1960fdc7-938e-4128-a0d4-ae152fe52284 (deleted DSA) @ USN 15079 @ Time 2010-03-17 12:37:27
MySite\DC1\0ADEL:4de8a1cf-b8eb-4297-a480-6bf8ac34c343 (deleted DSA) @ USN 18718 @ Time 2010-03-17 13:32:45
MySite\CCTI-DC2\0ADEL:fd33ee52-f05d-48a5-916b-49d5630c1357 (deleted DSA) @ USN 96683 @ Time 2010-03-17 19:20:50
MySite\DC-2                    @ USN     39243 @ Time 2010-03-23 08:59:02
MySite\DC-3                    @ USN     39370 @ Time 2010-03-23 08:59:02
MySite\DC-1                    @ USN     37164 @ Time 2010-03-23 09:36:27
--------------------------------------------------------------
 

8. Checked in this forum for similar problems but I haven’t find a solution that work in my situation:

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/af95a256-4aeb-4780-b1af-cce3b6c1bcdd/

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ccae98d9-75cb-4988-8a1a-535b3e1bfeac

http://social.technet.microsoft.com/Forums/fi-FI/winserverDS/thread/567922cd-9c0b-44db-bdbb-803fec000163

9. So finally here I am …. any new idea how to get rid of this error would be really appreciated  :)