Fix Active Directory Replication

Problem/Symptom

1- dsa not writable 4

2- (8456) the source server is currently rejecting replication requests

3- Tried to run a Domain Controller (out of 3 in my environmnet) from its snapshot or previously backed up VHDs results this replication issue. The root cause could be because of a dirty/bad USN rollback.

4- Run and get below result

C:\Users\administrator> repadmin /showreps
.
.
.
Last error: 8456 (0x2108):
The source server is currently rejecting replication requests.

5- Verified the USN on all DCs and they were identical. So the replication was not a total failure.

6- Verified the inbound and outbound replication were working and that the global catalog was still working.

Cause

Run and get below results

C:\Users\administrator>REPADMIN /OPTIONS *

Repadmin: running command /OPTIONS against full DC virtual
Current DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
Repadmin: running command /OPTIONS against full DC pyhsical
Current DSA Options: IS_GC

Inbound and outbound replication were disabled on the recovered virtual domain controller. So enabling those two parameters did the trick!

Resolution

Run below 2 commands

C:\Users\administrator>repadmin /options localhost -DISABLE_OUTBOUND_REPL
C:\Users\administrator>repadmin /options localhost -DISABLE_INBOUND_REPL

Verify

After waiting for a minute I double checked repadmin:

Run and get below results

C:\Users\administrator>REPADMIN /OPTIONS *

Repadmin: running command /OPTIONS against full DC virtual
Current DSA Options: IS_GC
Repadmin: running command /OPTIONS against full DC physical
Current DSA Options: IS_GC

Sync was back to normal, and having a look into active directory revealed that all objects were synced again. Make sure to configure sync directions in AD sites and services before you enable the sync again to sync in the right direction.

If somehow you have to revert a domain controller from a backup or a snapshot make sure to read the technet articles on how to do it. Also consider reading into technical manual of your backup software to make sure to restore by best practice to avoid failures like these.


References

https://guylabs.ch/2013/11/06/vmware-snapshot-and-recovery-fix-active-directory-replication/

http://support.microsoft.com/default.aspx?scid=kb;EN-US;875495 

https://windorks.wordpress.com/2014/07/25/ad-replication-issues-usn-rollback-and-the-invocation-id/

https://serverfault.com/questions/568431/one-of-the-single-dc-per-domain-dcs-has-suffered-usn-rollback

https://support.microsoft.com/en-us/help/875495/how-to-detect-and-recover-from-a-usn-rollback-in-windows-server-2003

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s