E15 CU3–Update Failed–AD replicated Exceeded the tombstone lifetime.

 

Exchange 2013 CU3

1. 
   
   
   
   
2. 
   
   
   
   
3. The naming context is in the process of being removed or is not replicated
   
   
   
   
4. 
   
   http://technet.microsoft.com/en-us/library/replication-error-8452-the-naming-context-is-in-the-process-of-being-removed-or-is-not-replicated-from-the-specified-server(v=ws.10).aspx 
   
5. 
   

   C:\>REPADMIN /SHOWREPS Root\RDC01 DSA Options: IS_GC Site Options: (none) DSA object GUID: f1694974-47c4-4555-a214-db3c86854aeb DSA invocationID: f1694974-47c4-4555-a214-db3c86854aeb ==== INBOUND NEIGHBORS ====================================== CN=Schema,CN=Configuration,DC=lab7,DC=root     TW\AD02 via RPC         DSA object GUID: bfcc1053-e1da-46fd-8b9d-179c79921331         Last attempt @ 2013-12-19 17:04:52 failed, result 8524 (0x214c):             The DSA operation is unable to proceed because of a DNS lookup failure.         2 consecutive failure(s).         Last success @ 2013-12-18 22:49:19.     TW\AD01 via RPC         DSA object GUID: 4e5476da-9c30-439b-867f-70fe502aff1e         Last attempt @ (never) was successful. Source: TW\AD02 ******* 1 CONSECUTIVE FAILURES since 2013-12-19 17:08:12 Last error: 8418 (0x20e2):             The replication operation failed because of a schema mismatch between the servers involved. Naming Context: DC=ForestDnsZones,DC=lab7,DC=root Source: TW\AD02 ******* WARNING: KCC could not add this REPLICA LINK due to error. Naming Context: DC=TW,DC=lab7,DC=root Source: TW\AD02 ******* WARNING: KCC could not add this REPLICA LINK due to error. Naming Context: CN=Configuration,DC=lab7,DC=root Source: TW\AD02 ******* WARNING: KCC could not add this REPLICA LINK due to error. Source: TW\AD01 ******* 1 CONSECUTIVE FAILURES since 2013-12-19 17:08:12 Last error: 8418 (0x20e2):             The replication operation failed because of a schema mismatch between the servers involved. Naming Context: DC=ForestDnsZones,DC=lab7,DC=root Source: TW\AD01 ******* WARNING: KCC could not add this REPLICA LINK due to error. Naming Context: DC=TW,DC=lab7,DC=root Source: TW\AD01 ******* WARNING: KCC could not add this REPLICA LINK due to error. Naming Context: CN=Configuration,DC=lab7,DC=root Source: TW\AD01 ******* WARNING: KCC could not add this REPLICA LINK due to error.

   
   
   
   
6. 
   
   

   C:\>REPADMIN /REPLSUM Replication Summary Start Time: 2013-12-19 17:14:07 Beginning data collection for replication summary, this may take awhile:   ...... Source DSA          largest delta    fails/total %%   error AD01                      09m:02s    0 /   7    0 AD02                  18h:24m:48s    3 /   7   42  (8524) The DSA operation is unable to proceed because of a DNS lookup failure. RDC01            >60 days            4 /   4  100  (8614) The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime. Destination DSA     largest delta    fails/total %%   error AD01             >60 days            6 /  10   60  (8614) The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime. AD02                      09m:02s    0 /   6    0 RDC01               (unknown)        1 /   2   50  (8524) The DSA operation is unable to proceed because of a DNS lookup failure.

   
   
   
7. 
   

   C:\>REPADMIN /SYNCALL CALLBACK MESSAGE: SyncAll Finished. SyncAll terminated with no errors.

   
   
   
   
   
8. 
   
   
   
Replication error 8614 The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime

http://technet.microsoft.com/en-us/library/replication-error-8614-the-active-directory-cannot-replicate-with-this-server-because-the-time-since-the-last-replication-with-this-server-has-exceeded-the-tombstone-lifetime(v=ws.10).aspx



9. 
   
   Resolution

1. Check for nondefault values of tombstone lifetime.
By default, tombstone lifetime uses either 60 or 180 days, depending on the version of Windows that is deployed in your forest. Microsoft Support regularly sees DCs that have failed inbound replication for those periods of time. It is also possible that the tombstone lifetime has been configured to a very short period such as 2 days. If this is the case, DCs that did not inbound-replicate for, say, 5 days will fail the "all DCs must replicate with a rolling TSL number of days" test.

Use repadmin /showattr to see whether a nondefault value for the TombstoneLifetime attribute has been configured.

repadmin /showattr . "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<forest root domain>,DC=<top level domain>"

If the attribute is not present in the showattr output, an internal default value is being used.






C:\>repadmin /showattr Repadmin: running command /showattr against full DC localhost Must specify a Naming Context. C:\>repadmin /showattr "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=lab7,DC=root" Repadmin experienced the following error trying to resolve the DSA_NAME: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=lab7,DC=root If you are trying to connect to an AD LDS instance, you must use <server>:<port> If you are trying to connect to an AD LDS instance with wildcarding support, you must use the /homes erver option. Error: An error occurred:     Win32 Error 8419(0x20e3): The DSA object could not be found.




10. 
    
    
    

2. Check for DCs that failed inbound replication for TSL number of days.

Run "repadmin /showrepl * /csv" parsed by using Microsoft Office Excel as specified in Verify successful replication to a domain controllCheck for DCs that failed inbound replication for TSL number of days.

Run "repadmin /showrepl * /csv" parsed by using Microsoft Office Excel as specified in Verify successful replication to a domain controller. Sort the replsum output in Excel on the last replication success column from least current to the most current date and time order.er. Sort the replsum output in Excel on the last replication success column from least current to the most current date and time order.





11. 
    
    
12.