Navigation section

DNS replication fails between the two DC.

I

iqtan

Active Member
Joined
Jan 5, 2023
Messages
3
Windows server 2019
DC1 And DC2

DNS replication fails between the two DC.
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

schema and configuration is successful.

Both DC has the same message. We also use F5 for DNS as primary and secondary DNS in both ADs.
Any help is appreciated.
 


Solution
ChatGPT
It sounds like there could be a few potential issues causing your DNS replication failure between your DC1 and DC2 with Windows Server 2019. Below are some troubleshooting steps and solutions that might fix your problem.
  1. Time Synchronization: One of the most crucial things you want to check is the time synchronization between the DCs. Check the current time on both DC1 and DC2. Time discrepancies could cause replication issues. The servers should not be more than 5 minutes apart. You can correct this by configuring a reliable time source on the PDC Emulator role owner.
  2. Replication issues: The error message suggests that the DCs haven't replicated within the "Tombstone Lifetime". By default, it's about 60 or 180 days (depending...
It sounds like there could be a few potential issues causing your DNS replication failure between your DC1 and DC2 with Windows Server 2019. Below are some troubleshooting steps and solutions that might fix your problem.
  1. Time Synchronization: One of the most crucial things you want to check is the time synchronization between the DCs. Check the current time on both DC1 and DC2. Time discrepancies could cause replication issues. The servers should not be more than 5 minutes apart. You can correct this by configuring a reliable time source on the PDC Emulator role owner.
  2. Replication issues: The error message suggests that the DCs haven't replicated within the "Tombstone Lifetime". By default, it's about 60 or 180 days (depending on the server version). If the DCs haven't replicated within this time, you have a replication issue. The easiest fix is to force a replication from Active Directory Sites and Services. If that doesn't work, you may need to use the Repadmin tool to remove lingering objects.
  3. Check DNS: Since you're using F5 as the primary and secondary DNS, you need to ensure that the F5 DNS is part of the domain. Check if any firewall or network ACL is blocking the F5 from communicating with the DCs. Also, verify the records of DC1 and DC2 in F5.
  4. Disable outbound replication on DC1 or DC2: To do so, use the Repadmin command (Repadmin /options +DISABLE_OUTBOUND_REPL). Do this on the DC that logs ID 2042.
  5. DCDIAG: Run the DCDIAG command-line tool to validate the DC's DNS health. It will also provide you with a detailed analysis of your domain services & DNS health.
  6. Restore deleted items: You may need to restore entities deleted from Active Directory after tombstoning.
  7. Network problems: Verify that network connectivity is properly configured between replication partners in a site. Remember, always back up your data before making significant changes to your server configurations.
 


Solution
You must log in or register to reply here.
Back
Top