This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi everyone, i have problem in my environment, we are using 4 domain controllers and in 2 domain controller in event day, every 24 hours give error EventID 1864.
CN=Schema,CN=Configuration,DC=AGH,DC=com
CN=Configuration,DC=AGH,DC=com
DC=AGH,DC=com
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
0
Tombstone lifetime (days):
372
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
also i tried to check with this commands:
repadmin /kcc
repadmin /replsummary
repadmin /syncall
always received "passed test"
i cannot understand where is problem?
If a domain controller has tombstoned the recommended (and only) solution is to demote, reboot, promo it again.
--please don't forget to Accept as answer if the reply is helpful--
Hello,
tombstoned is 372 days
Default is generally 60 or possibly 180 days. The the recommended / simplest (and only) solution is to move any roles off, demote, reboot, promo it again.
--please don't forget to Accept as answer if the reply is helpful--
I already demote problem AD, fresh install OS and again promote AD, but not fixed
tombstoned changed to = 180 days
Are you saying you now have a problem with the new one? If so what problem?
I'd also check the required ports are flowing between sites.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009
--please don't forget to Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Try the methods for Troubleshoot Active Directory replication error 8614:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/replication-error-8614
Best Regards,
thanks, but not find any solution because
REPADMIN /REPLSUM
REPADMIN /SHOWREPL
REPADMIN /SHOWREPS
REPADMIN /SYNCALL
and also dcdiag give me message about passed test
Have you tried moving roles off, demote, reboot, promo it again?
--please don't forget to Accept as answer if the reply is helpful--
YES!!!!! of course
Then I'd check the required ports are flowing between them.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009
--please don't forget to Accept as answer if the reply is helpful--