Question : sysvol trying to replicate to non-existant Domain controllers

Good afternoon,

We've been recieving an event error on our domain controllers, so finally had time to research it (it's below but I've moved past the error).  Basically I believe our sysvol folder is having trouble replicating to at least one domain controllers.  

I then ran ntdsutil.exe and confirmed we only had the correct dcs listed and one old dc still listed, (it crashed, and it didn't make sense to restore).  So I manually removed the dc using the MS KB article.  Which is fine, it's not showing now.

I then ran dcdiag and we failed three of the tests: frsSysvol, frsEvent, sysstemlogtest.  Figured I would trouble shoot in order.  

I then ran FRSdiag tool and found out the sysvol folder is still trying to replicate to the non-existant DC.  So the question is how do i tell sysvol to stop trying to replicate with the non-existant DC.

Other things I did:

1.  ran dcdiag with the /Test:DNS and /Test:CheckSecurityError switches-- both passed
2.  Ran dcdiag /test:syslog switch and passed
3.  in FRSdiag, ran the propagation File tracer-- passed with sysvol syncing correctly between the active domain controllers

So I guess the question is how do i tell my sysvol folder to stop replicating to non-existant DCs?  Oh running Windows 2003 SP2.

Thank you very much in advance!



here's the error that started this all:
-------------------------------------------------------------------------------------------------------------------------------
Event Type:      ErrorEvent Source:      NTDS ReplicationEvent Category:      Replication Event ID:      1864Date:            6/24/2010Time:            10:17:42 PMUser:            NT AUTHORITY\ANONYMOUS LOGONComputer:      {{SERVER NAME}}Description:This is the replication status for the following directory partition on the local domain controller.  Directory partition:CN=Schema,CN=Configuration,DC={{DOMAIN NAME}},DC=com  

The local domain controller has not recently received replication information from a number of domain controllers.   The count of domain controllers is shown, divided into the following intervals.  More than 24 hours:1 More than a week:1 More than one month:1 More than two months:1 More than a tombstone lifetime:1 Tombstone lifetime (days):60  Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.  To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Answer : sysvol trying to replicate to non-existant Domain controllers

Hi,

The situation you are facing is not related to Sysvol/FRS replication, but a NTDS/AD replication failure.
I am not sure if you are aware of the term "Lingering objects/zombies" in Active Directory.

POA would be different if your DC's are Windows 2000 or 2003. You 'd hope you had the latter if you face this concern.

Reports like
Dcdiag /v
repadmin /showrepl *
 would be helpful!

However, you may refer to the followign links to understand what you radealing with:
Information about lingering objects in a Windows Server Active Directory forest
http://support.microsoft.com/kb/910205

Event ID 1388 or 1988: A lingering object is detected
http://technet.microsoft.com/en-us/library/cc780362(WS.10).aspx

In the latter article, the events do not match up, but the remedy is the same.
Just ensure you are running the repadmin /removelingeringobjects in advisroy mode to enable detection first.

Hope this helps!

Thanks
Saurabh