Broken replication, lingering objects, server a unable to browse shares on S2

Scott Gray 96 Reputation points
2020-10-01T05:28:07.32+00:00

I'm hoping you can assist with troubleshooting and resolving replication issues between 2 servers. S1 is 2016 Standard, S2 is 2008 R2. I can successfully ping each server from the other. I can not browse to S2 shares, sysvol etc which I think may be the problem. I've run the AD Replication Status Tool and found the following (see image).

I have little experience trouble shooting AD replication issues and can't find any reason why S2 can't been browsed to. Both servers running DNS and DHCP servers.
There is no FW enabled on S2. File Print Services is enabled. RPC, DFS and FRS services are all running on S2. Only thing I have found on S2 is that AD Web Services service won't start - Not sure if that's required or cause of shares being unavailable.

replsummary on S2

---------------------

C:\Windows\system32>repadmin /replsummary
Replication Summary Start Time: 2020-10-01 15:18:00

Beginning data collection for replication summary, this may take awhile:
.....

Source DSA largest delta fails/total %% error
SERVER 10d.07h:27m:30s 1 / 5 20 (8606) Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.
SERVER02 >60 days 5 / 5 100 (1722) The RPC server is unavailable.

replsummary on S1

---------------------

Destination DSA largest delta fails/total %% error
SERVER >60 days 5 / 5 100 (1722) The RPC server is unavailable.
SERVER02 10d.07h:27m:30s 1 / 5 20 (8606) Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

C:\Windows\system32>repadmin /replsummary
Replication Summary Start Time: 2020-10-01 15:21:42

Beginning data collection for replication summary, this may take awhile:
.....

Source DSA largest delta fails/total %% error
SERVER02 >60 days 5 / 5 100 (1722) The RPC server is unavailable.

Destination DSA largest delta fails/total %% error
SERVER >60 days 5 / 5 100 (1722) The RPC server is unavailable.

Experienced the following operational errors trying to retrieve replication information:
1722 - SERVER02

This an existing environment that wasn't configured by me and I'm attempting to make work. Any assistance would be greatly appreciated. If unable to resolve the issues could you please advise best course of action to clean up/blow away S2 and begin again?

Thanks in advance.

29601-image.png

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,947 questions
0 comments
Accepted answer
  1. Scott Gray 96 Reputation points
    2020-10-08T05:03:44.59+00:00

    Hi guys, I was unable to determine why I was unable to why S2 shares couldn't be seen despite many tests so I ended up decommissioning the server (taking offline) and building a new 2008R2 server to replace it with new name, IP etc. Once the S2 server was off the network I deleted it from AD and metadata cleanup was performed automatically (as per link below). On new server I installed Domain Services and DNS, configured and re-ran previous tests which reported both servers okay.

    ad-ds-metadata-cleanup

    Frustrating that I couldn't fix it but I didn't have any more time to waste.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Parvez Qureshi 1 Reputation point
    2020-10-01T07:38:50.193+00:00

    This error is caused by a lingering object based on replication failures, and it is related to your other post at this link:
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/591bed27-acb1-4425-a3b0-7afa512ce86e

    More information please refer to the following article:
    1.Active Directory Replication Error 8606: "Insufficient attributes were given to create an object"

    2.Use Repadmin to remove lingering objects

    3.Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)

    0 comments
  2. Daisy Zhou 18,871 Reputation points Microsoft Vendor
    2020-10-01T10:28:16.82+00:00

    Hello @Scott Gray ,

    Thank you for posting here.

    For the error message 8606: "Insufficient attributes were given to create an object", there are lingering object on DC.

    We can troubleshoot as below:

    1.Please download the Lingering Object Liquidator (LoL) tool on one DC in the following link.

    Lingering Object Liquidator (LoL)
    https://www.microsoft.com/en-us/download/details.aspx?id=56051

    2.Click the Detect AD topology button.

    3.Select Naming Context, Reference DC ,target DC and click Detect Lingering Objects button.

    29540-linger.png

    4.If it detects Lingering Objects, we can remove all the lingering objects.

    5.After removing all lingering objects, we can check whether there is still AD replication error 8606 or not.

    6.If error message 8606 disappears, we can troubleshoot RPC error based on the links below.

    Windows Server Troubleshooting: "The RPC server is unavailable"
    https://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx#DNS_Name_Resolution

    Active Directory Replication Error 1722: The RPC server is unavailable
    https://support.microsoft.com/en-us/help/2102154/active-directory-replication-error-1722-the-rpc-server-is-unavailable

    Hope the information above is helpful. If anything is unclear, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments
  3. Scott Gray 96 Reputation points
    2020-10-02T00:18:41.033+00:00

    Hi guys, thanks for the replies. I ran LoL on both servers but found no lingering objects presumably because of connectivity issues. See results from S1 below. I will run through RPC troubleshooting steps again and post results in the hope you can advise further.

    [10/02 10:03:07] Forest contains 1 domains.
    [10/02 10:03:07] Domain domain.local contains 2 domain controllers.
    [10/02 10:03:07] SERVER.domain.local is a writable global catalog for the domain.local domain. Using it to acquire a list of naming contexts...
    [10/02 10:03:07] 4 naming contexts found. (Omitting schema partition.)
    [10/02 10:03:07] AD Topology Detection finished in 0.68 seconds. Success.
    [10/02 10:03:10] Detecting Lingering Objects using SERVER.domain.local as the Reference DC; Please wait...
    [10/02 10:03:10] DSA GUID of the Reference DC SERVER.domain.local is 44be93a7-c2b6-4337-bf77-59adf38c92e3.
    [10/02 10:03:31] WARNING: Failed to create event log subscription to Target DC Server02.domain.local. Verify network connectivity, firewall settings, permissions, etc. Continuing on to next DC if applicable... (The RPC server is unavailable)
    [10/02 10:03:31] Lingering Object Detection finished in 21.29 seconds.
    [10/02 10:03:31] 0 lingering objects were detected.
    [10/02 10:04:03] Detecting Lingering Objects using Server02.domain.local as the Reference DC; Please wait...
    [10/02 10:04:25] ERROR: Unable to retrieve the DSA GUID of the Reference DC Server02.domain.local. (Domain controller "Server02.domain.local" does not exist or cannot be contacted.)
    [10/02 10:04:25] Lingering Object Detection finished in 22.21 seconds.
    [10/02 10:04:25] 0 lingering objects were detected.