I first noticed this as I was trying to bring up our 4th DC (yeah, I know I should have checked the AD health first!). As expected, the forth DC is having problems joining the domain.
I also cannot use dcpromo to remove NPT-DC1 or NPT-DC4. So the domain is in a sort of limbo state.
The three original DCs are:
BU1 Win2K8 Ent
NPT-DC1 Win2K3 R2 Ent
NPT-DC3 Win2K8 Ent PDC
The forth DC is
NPT-DC4 Win2K8 R2 Ent
If I go to AD Sites & Services Servers and try to manually replicate I will get the following error when replicating BU1 to NPT-DC1 or NPT-DC3 to NPT-DC1. Replicating from NPT-DC1 to either BU1 or NPT-DC3 will not throw an error.
----------------------------------
The following error occurred during the attempt to synchronize naming context npt.loc from domain controller NPT-DC1 to domain controller BU!:
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
This operation will not continue.
-------------------------------------------The following is the error that I get when I try to manually replicate from BU1 to NPT-DC4 or NPT-DC3 to NPT-DC4.
NPT-DC4 doesn’t show up on NPT-DC1 and NPT-DC1 doesn’t show up on NPT-DC4
-----------------------------------------
The following error occorred during the attempt to synchronise naming context npt.loc from Domain Controller NPT-DC4 to Domain Controller BU1:The naming context is in the process of being removed or is not replicated from the specified server.
This operation will not continue.
----------------------------------------
From NPT-DC1s Event log
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1863
Date: 10/29/2009
Time: 1:08:57 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NPT-DC1
Description:
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
CN=Configuration,DC=npt,DC=loc
The local domain controller has not received replication information from a number of domain controllers within the configured latency interval.
Latency Interval (Hours):
24
Number of domain controllers in all sites:
1
Number of domain controllers in this site:
1
The latency interval can be modified with the following registry key.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .
Also this event
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2042
Date: 6/4/2026
Time: 3:18:37 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NPT-DC1
Description:
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
The reason that replication is not allowed to continue is that the two machine's views of deleted objects may now be different. The source machine may still have copies of objects that have been deleted (and garbage collected) on this machine. If they were allowed to replicate, the source machine might return objects which have already been deleted.
Time of last successful replication:
2009-10-12 08:51:51
Invocation ID of source:
03fef6c8-f6b8-03fe-0100-000000000000
Name of source:
6231afa3-c39d-410f-acdf-6da9346c78dd._msdcs.npt.loc
Tombstone lifetime (days):
60
The replication operation has failed.
User Action:
Determine which of the two machines was disconnected from the forest and is now out of date. You have three options:
1. Demote or reinstall the machine(s) that were disconnected.
2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent deleted objects and then resume replication.
3. Resume replication. Inconsistent deleted objects may be introduced. You can continue replication by using the following registry key. Once the systems replicate once, it is recommended that you remove the key to reinstate the protection.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
I can’t do #1.
I did both 2 using the incantation on NPT-DC1:
repadmin /removelingeringobjects npt-dc1 6231afa3-c39d-410f-acdf-6da9346c78dd dc=npt,dc=locWith the result:
RemoveLingeringObjects sucessfull on npt-dc1.
I also tried 3 by creating the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner.
No change in replication status after either change.
I sure could use a hand here.