My domain controllers didn’t receive any replication updates from their partners. I checked Event Viewer and saw a lot of error messages and warnings.
The domain controller I was analyzing, run on Windows Server 2008 as a virtual machine.
EventID 1925, 1435 and 1663 warnings were showed in the Directory Services Event Log. I restarted “Active Directory Domain Services” service and reboot the server. I also reset the computer account password with netdom.exe.
As this problem was related to Active Directory I run the dcdiag.exe utility.
Saved the output to a text file and reviewed all events. At some point I saw my problem..
Starting test: Replications REPLICATION-RECEIVED LATENCY WARNING NET-DC-03: Current time is 2009-02-08 17:01:25. DC=ForestDnsZones,DC=Networknet,DC=nl Last replication received from LABN-MSX-01 at 2008-10-26 15:22:49 WARNING: This latency is over the Tombstone Lifetime of 60 days!
This latency is over the Tombstone Lifetime of 60 days!
If you find this “This latency is over the Tombstone Lifetime of 60” warning then there is no other way to resolve this problem without seizing the FSMO roles to another functioning domain controller, and force the dcpromo.exe to remove Active Directory from the system. After the server has been rebooted run meta cleanup of the obsolete records.
The root cause of the tombstone problem was that the server run as viritual machine and was shutdown for 3 months. This was lab environment where I was doing my development work. In production you may not see this except if a AD site is disconnected for longer time.