25,130 questions
Do you have multiple DCs? So you can move the PDC role to another server.
For that error from the doc above:
Azure AD sync fails delta import with status stopped-connectivity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 3%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUS%3C/text%3E%3C/svg%3E)
Ulrik Sieverts
20
Reputation points
Just migrated our ADsync to new 2016 server following this guide: https://blog.expta.com/2021/07/how-to-migrate-aad-connect-to-new-server.html
Now with every new synccycle on the new server Im getting this Event ID 6050:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="ADSync" />
<EventID Qualifiers="49152">6050</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2023-01-24T16:27:34.519869300Z" />
<EventRecordID>8651</EventRecordID>
<Channel>Application</Channel>
<Computer>AzureAdSync.xxxxxxxxxxx.xx</Computer>
<Security />
</System>
- <EventData>
<Data>mydomain.xxx</Data>
<Data>Delta Import</Data>
<Data>0</Data>
<Data>0</Data>
<Data>0</Data>
<Data>0</Data>
<Data>0</Data>
</EventData>
</Event>
Synchronization Service Manager shows that is is the Delta Import for our-domain that fails with the error 'The replication operation encountered a database error', error code 8451. The delta import for our-domain.onmicrosoft.com ends with succes, as do all the other synchronization tasks:
Any ideas to what the cause of this might be? I'm a little stumped :(
Regards
/Ulrik
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2023-01-25T12:25:35.3433333+00:00
5 additional answers
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2023-01-24T16:58:29.6833333+00:00 Are the Domain controllers healthy?
[https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/active-directory-replication-error-8451https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/active-directory-replication-error-8451
-
Ulrik Sieverts 20 Reputation points
2023-01-25T10:35:18.6533333+00:00 Repadmin /kcc
Repadmin /replsum
Repadmin /showreps
All show no errors.
Dcdiag passes all test - except systemlog:
An error event occurred. EventID: 0x0000272C Time Generated: 01/25/2023 10:09:05 Event String: DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols; requested by PID 1250 (C:\Windows\system32\dcdiag.exe). An error event occurred. EventID: 0x0000272C Time Generated: 01/25/2023 10:09:26 Event String: DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1250 (C:\Windows\system32\dcdiag.exe).We use 8.8.8.8 and 8.8.4.4 as forwarders. I'm noting that the PID throwing the error is dcdiag.exe.
Dcdiag /test:DNS shows two broken delegations:
TEST: Delegations (Del) Error: DNS server: fileserver.mydomain.xxx. IP:192.168.255.19 [Broken delegated domain _msdcs.mydomain.xxx.] Error: DNS server: pc-mobility-print-host.mydomain.xxx. IP:192.168.255.59 [Broken delegated domain pc-printer-discovery.mydomain.xxx.]I don't know when and how those delegation was made. There are not running any DNS services on on the two servers. (I'm guessing it is safe to remove them using remove-dnsserverzonedelegation?)
I do however get this error on my PDC with every synchronization attempt:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Database" /> <EventID Qualifiers="49152">1168</EventID> <Version>0</Version> <Level>2</Level> <Task>9</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2023-01-25T10:08:57.839237900Z" /> <EventRecordID>30786</EventRecordID> <Correlation /> <Execution ProcessID="636" ThreadID="3504" /> <Channel>Directory Service</Channel> <Computer>PDC.mydomain.xxx</Computer> <Security UserID="S-1-5-21-3135561391-2215252232-3658666570-29115" /> </System> - <EventData> <Data>-1601</Data> <Data>fffff9bf</Data> <Data>2070ab5</Data> <Binary>0A07000000000000A8340000A7000000</Binary> </EventData> </Event>So it seems something is wrong with our ntds database :(
-
Ulrik Sieverts 20 Reputation points
2023-01-25T10:39:36.8366667+00:00 Repadmin /kcc
Repadmin /replsum
Repadmin /showreps
All show no errors.
Dcdiag passes all test - except systemlog:
An error event occurred. EventID: 0x0000272C Time Generated: 01/25/2023 10:09:05 Event String: DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols; requested by PID 1250 (C:\Windows\system32\dcdiag.exe). An error event occurred. EventID: 0x0000272C Time Generated: 01/25/2023 10:09:26 Event String: DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1250 (C:\Windows\system32\dcdiag.exe).We use 8.8.8.8 and 8.8.4.4 as forwarders. I'm noting that the PID throwing the error is dcdiag.exe.
Dcdiag /test:DNS shows two broken delegations:
TEST: Delegations (Del) Error: DNS server: fileserver.mydomain.xxx. IP:192.168.255.19 [Broken delegated domain _msdcs.mydomain.xxx.] Error: DNS server: pc-mobility-print-host.mydomain.xxx. IP:192.168.255.59 [Broken delegated domain pc-printer-discovery.mydomain.xxx.]I don't know when and how those delegation was made. There are not running any DNS services on on the two servers. (I'm guessing it is safe to remove them using remove-dnsserverzonedelegation?)
do however get this error on my PDC with every synchronization attempt:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Database" /> <EventID Qualifiers="49152">1168</EventID> <Version>0</Version> <Level>2</Level> <Task>9</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2023-01-25T10:08:57.839237900Z" /> <EventRecordID>30786</EventRecordID> <Correlation /> <Execution ProcessID="636" ThreadID="3504" /> <Channel>Directory Service</Channel> <Computer>PDC.mydomain.xxx</Computer> <Security UserID="S-1-5-21-3135561391-2215252232-3658666570-29115" /> </System> - <EventData> <Data>-1601</Data> <Data>fffff9bf</Data> <Data>2070ab5</Data> <Binary>0A07000000000000A8340000A7000000</Binary> </EventData> </Event>So it seems something is wrong with our ntds database :(
-
Ulrik Sieverts 20 Reputation points
2023-01-25T12:16:48.31+00:00 It appears so. Repadmin and dcdiag doesn't show any errors.
I have however discovered that I get this error on my PDC with every synchronization attempt:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Database" /> <EventID Qualifiers="49152">1168</EventID> <Version>0</Version> <Level>2</Level> <Task>9</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2023-01-25T10:08:57.839237900Z" /> <EventRecordID>30786</EventRecordID> <Correlation /> <Execution ProcessID="636" ThreadID="3504" /> <Channel>Directory Service</Channel> <Computer>pdc.mydomain.xxx</Computer> <Security UserID="S-1-5-21-3135561391-2215252232-3658666570-29115" /> </System> - <EventData> <Data>-1601</Data> <Data>fffff9bf</Data> <Data>2070ab5</Data> <Binary>0A07000000000000A8340000A7000000</Binary> </EventData> </Event>So it seems there is something wrong with my NTDS database :(
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Thameur-BOURBITA 36,261 Reputation points Moderator2023-01-25T11:55:56.1633333+00:00 Check if adconnect server still able to contact the DC mentioned in the adconnect sync console on LDAP port 389:
Test-NetConnection -Port 389 -ComputerName DC.domainName.lanPlease don't forget to mark helpful answer as accepted
-
Ulrik Sieverts 20 Reputation points
2023-01-25T12:24:35.73+00:00 Seems my comments are dissapearing? I'll try again:
Thank you for the answers!
LDAP connection from the adsyncserver and my pdc is working:
ComputerName : DC.mydomain.xxx RemoteAddress : 192.168.255.18 RemotePort : 389 InterfaceAlias : Ethernet SourceAddress : 192.168.8.227 TcpTestSucceeded : TrueAD seems healthy. Repadmin and dcdiag shows no errors.
I have however noticed that I get this error on my PDC with every synchronization attempt:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Database" /> <EventID Qualifiers="49152">1168</EventID> <Version>0</Version> <Level>2</Level> <Task>9</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2023-01-25T10:08:57.839237900Z" /> <EventRecordID>30786</EventRecordID> <Correlation /> <Execution ProcessID="636" ThreadID="3504" /> <Channel>Directory Service</Channel> <Computer>pdc.mydomain.xxx</Computer> <Security UserID="S-1-5-21-3135561391-2215252232-3658666570-29115" /> </System> - <EventData> <Data>-1601</Data> <Data>fffff9bf</Data> <Data>2070ab5</Data> <Binary>0A07000000000000A8340000A7000000</Binary> </EventData> </Event>So it seems there is something wrong/corrupt in my NTDS database :-(
-
Thameur-BOURBITA 36,261 Reputation points Moderator
2023-01-25T12:55:57.8433333+00:00 Hi @Ulrik Sieverts ,
Did you try to specify another DC from connector settings ?
Please don't forget to mark helpful answer as accepted