Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Replication Failing due to Schema Mismatch
« on: October 03, 2019, 08:50:38 pm »
Hi All,
I had a prior replication issue I was unable to resolve: https://forum.zentyal.org/index.php/topic,33655.0.html
I ended up demoting that instance of Zentyal and installing a fresh version. Things worked well for a few weeks but now I have encountered a new issue.
I joined a server in a Branch Office to AD, and it looks like the Zentyal server handled the request. If I connect to that DC and check, I see the computer object. But it does not seem to be replicating to other DC's.
Event viewer now complains about a schema mismatch.
If I force replication from Windows servers to Windows servers all is fine. If I force replication from a Windows Server To the Zen server all is fine. If I try to replicate FROM the Zen server I get the issue above.
I'm not having much luck tracking this one down. Any help appreciated.
Thanks!
----Update
I tried running
I had a prior replication issue I was unable to resolve: https://forum.zentyal.org/index.php/topic,33655.0.html
I ended up demoting that instance of Zentyal and installing a fresh version. Things worked well for a few weeks but now I have encountered a new issue.
I joined a server in a Branch Office to AD, and it looks like the Zentyal server handled the request. If I connect to that DC and check, I see the computer object. But it does not seem to be replicating to other DC's.
Event viewer now complains about a schema mismatch.
Quote
Replication of application directory partition DC=gardien,DC=com from source 40502013-4ca6-435c-b40b-cf265a649a10 (zenserver.domain.com) has been aborted. Replication requires consistent schema but last attempt to synchronize the schema had failed. It is crucial that schema replication functions properly. See previous errors for more diagnostics. If this issue persists, please contact Microsoft Product Support Services for assistance. Error 8418: The replication operation failed because of a schema mismatch between the servers involved..
If I force replication from Windows servers to Windows servers all is fine. If I force replication from a Windows Server To the Zen server all is fine. If I try to replicate FROM the Zen server I get the issue above.
I'm not having much luck tracking this one down. Any help appreciated.
Thanks!
----Update
I tried running
Code: [Select]
samba-tool drs replicate --full-sync to force the Zentayal DC to start a fresh replication but the issue persists.
2
Directory and Authentication / Lingering Object errors reported on Zentyal member Domain Controller
« on: June 26, 2019, 09:23:54 pm »
Hi All,
We have a Zentyal 6 Server acting as an additional DC in our Windows AD domain.
Recently Windows has started to report an error that some objects contained in within the Zen DC are now Lingering Objects. So far my attempts to remove these objects have been thwarted at every pass.
"Active Directory Domain Services Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory Domain Services database. Not all direct or transitive replication partners replicated in the deletion before the tombstone lifetime number of days passed. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".
I was initially able to connect to the Zentyal server using ADSIedit and remove the objects. However, that has just moved the objects to a Deleted Items container, except no matter how hard I try I cannot find that container on the Zen server using ldp.exe or ADSIEdit.
I have tried the command "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>". but cannot seem to make it work.
Any other advice for how I might remove the lingering object shown below?
"Source domain controller:
4e851e84-f1a2-4f88-a252-ce2fc2dc40f5._msdcs.domain.com <---this is the guid for the Zentyal DC)
Object:
DC=SGADMIN\0ACNF:7fd5fd14-2a31-4335-94f4-be8f5c1c667e\0ADEL:7fd5fd14-2a31-4335-94f4-be8f5c1c667e,CN=Deleted Objects,DC=DomainDnsZones,DC=domain,DC=com
Object GUID:
7fd5fd14-2a31-4335-94f4-be8f5c1c667e This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory Domain Services database. This replication attempt has been blocked.
The best solution to this problem is to identify and remove all lingering objects in the forest."
Thank you
We have a Zentyal 6 Server acting as an additional DC in our Windows AD domain.
Recently Windows has started to report an error that some objects contained in within the Zen DC are now Lingering Objects. So far my attempts to remove these objects have been thwarted at every pass.
"Active Directory Domain Services Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory Domain Services database. Not all direct or transitive replication partners replicated in the deletion before the tombstone lifetime number of days passed. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".
I was initially able to connect to the Zentyal server using ADSIedit and remove the objects. However, that has just moved the objects to a Deleted Items container, except no matter how hard I try I cannot find that container on the Zen server using ldp.exe or ADSIEdit.
I have tried the command "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>". but cannot seem to make it work.
Any other advice for how I might remove the lingering object shown below?
"Source domain controller:
4e851e84-f1a2-4f88-a252-ce2fc2dc40f5._msdcs.domain.com <---this is the guid for the Zentyal DC)
Object:
DC=SGADMIN\0ACNF:7fd5fd14-2a31-4335-94f4-be8f5c1c667e\0ADEL:7fd5fd14-2a31-4335-94f4-be8f5c1c667e,CN=Deleted Objects,DC=DomainDnsZones,DC=domain,DC=com
Object GUID:
7fd5fd14-2a31-4335-94f4-be8f5c1c667e This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory Domain Services database. This replication attempt has been blocked.
The best solution to this problem is to identify and remove all lingering objects in the forest."
Thank you
Pages: [1]