If a domain controller has not replicated with its partner for longer than a tombstone lifetime, it is possible that a lingering object problem exists on one or both domain controllers and an event ID 2042 is created.
When the condition that causes Event ID 2042 to be logged occurs, inbound replication with the source partner is stopped on the destination domain controller and Event ID 2042 is logged in the Directory Service event log. Event ID similar mentioned here.
Troubleshooting Event ID 2042:
Please follow the steps below to rectify the issue:
1. Run below command from SRV-01 (problematic server)
C:\>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\SRV-01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: faf7771d-2541-44d0-b605-95701cb6aaa1
DSA invocationID: faf7771d-2541-44d0-b605-95701cb6aaa1
==== INBOUND NEIGHBORS ======================================
DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 10:25:37 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
155228 consecutive failure(s).
Last success @ 2014-04-19 10:04:41.
CN=Configuration,DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 09:48:55 was successful.
CN=Schema,CN=Configuration,DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 09:48:55 was successful.
DC=DomainDnsZones,DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 09:48:55 was successful.
DC=ForestDnsZones,DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 09:48:55 was successful.
Source: Default-First-Site-Name\SRV-02
******* 155223 CONSECUTIVE FAILURES since 2014-04-19 10:04:41
Last error: 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
C:\>
2. On a domain controller that you expect to have the latest changes (in my case it is SRV-02), open an elevated Command Prompt window. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
3. Type the following command from SRV-02 server. 'repadmin /removelingeringobjects <DestDCName> <SourceDCGUID> <LDAPPartition> /advisory_mode'. To get SourceDCGUID see Step1 DSA object GUID under INBOUND NEIGHBORS.
repadmin /removelingeringobjects SRV-01 4a8717eb-8e58-456c-995a-c92e4add7e8e dc=hpv, dc=local /advisory_mode
4. Now on the problematic server (directory service error is happening in first server SRV-01) check for the following event log in Directory service.
Event ID 2014 start with 'Duplicate event log entries were suppressed.'
Event ID 1937 start with 'Active Directory Domain Services has begun the removal of lingering objects on the local domain controller. All objects on this domain controller will have their existence verified on the following source domain controller.'
5. After verifying the event log type the following command from SRV-02 without advisory_mode to permanently delete the lingering object.
repadmin /removelingeringobjects SRV-01 4a8717eb-8e58-456c-995a-c92e4add7e8e dc=hpv, dc=local
6. Now on the problematic server following event id will be generated in Directory service if the lingering object are deleted permanently .
Event ID 1939 start with Active Directory Domain Services has completed the removal of lingering objects on the local domain controller. All objects on this domain controller have had their existence verified on the following source domain controller.
7. Now on the SRV-01 type the following command to restart replication.
repadmin /regkey SRV-01 +allowDivergent
Eg:
C:\>repadmin /regkey SRV-01 +allowDivergent
HKLM\System\CurrentControlSet\Services\NTDS\Parameters: "Allow Replication With Divergent and Corrupt Partner" value does not exist
New HKLM\System\CurrentControlSet\Services\NTDS\Parameters: "Allow Replication With Divergent and Corrupt Partner" REG_DWORD 0x00000001 (1)
8. Confirm replication is sucess with repladmin /showrepl or use the AD Replication Status tool (http://www.microsoft.com/en-us/download/details.aspx?id=30005)
For testing copy a simple .txt file in first sever's sysvol folders script directory and check if it is listed in second server's sysvol, if listed then delete from there and check in first server if it is deleted. If both are success then we can confirm the replication is success.
9. After confirming the above step delete the replication registry added in step 7 by typing the following command..
C:\>repadmin /regkey SRV-01 -allowDivergent
HKLM\System\CurrentControlSet\Services\NTDS\Parameters: "Allow Replication With Divergent and Corrupt Partner" REG_DWORD 0x00000001 (1)
New HKLM\System\CurrentControlSet\Services\NTDS\Parameters: "Allow Replication With Divergent and Corrupt Partner" value does not exist
10. For details follow the microsoft article.
http://technet.microsoft.com/en-us/library/cc949136(v=ws.10).aspx
When the condition that causes Event ID 2042 to be logged occurs, inbound replication with the source partner is stopped on the destination domain controller and Event ID 2042 is logged in the Directory Service event log. Event ID similar mentioned here.
Troubleshooting Event ID 2042:
Please follow the steps below to rectify the issue:
1. Run below command from SRV-01 (problematic server)
C:\>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\SRV-01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: faf7771d-2541-44d0-b605-95701cb6aaa1
DSA invocationID: faf7771d-2541-44d0-b605-95701cb6aaa1
==== INBOUND NEIGHBORS ======================================
DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 10:25:37 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
155228 consecutive failure(s).
Last success @ 2014-04-19 10:04:41.
CN=Configuration,DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 09:48:55 was successful.
CN=Schema,CN=Configuration,DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 09:48:55 was successful.
DC=DomainDnsZones,DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 09:48:55 was successful.
DC=ForestDnsZones,DC=hpv,DC=local
Default-First-Site-Name\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e
Last attempt @ 2014-07-25 09:48:55 was successful.
Source: Default-First-Site-Name\SRV-02
******* 155223 CONSECUTIVE FAILURES since 2014-04-19 10:04:41
Last error: 8614 (0x21a6):
The directory service cannot replicate with this server because the
time since the last replication with this server has exceeded the tombstone life
time.
C:\>
2. On a domain controller that you expect to have the latest changes (in my case it is SRV-02), open an elevated Command Prompt window. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
3. Type the following command from SRV-02 server. 'repadmin /removelingeringobjects <DestDCName> <SourceDCGUID> <LDAPPartition> /advisory_mode'. To get SourceDCGUID see Step1 DSA object GUID under INBOUND NEIGHBORS.
repadmin /removelingeringobjects SRV-01 4a8717eb-8e58-456c-995a-c92e4add7e8e dc=hpv, dc=local /advisory_mode
4. Now on the problematic server (directory service error is happening in first server SRV-01) check for the following event log in Directory service.
Event ID 2014 start with 'Duplicate event log entries were suppressed.'
Event ID 1937 start with 'Active Directory Domain Services has begun the removal of lingering objects on the local domain controller. All objects on this domain controller will have their existence verified on the following source domain controller.'
5. After verifying the event log type the following command from SRV-02 without advisory_mode to permanently delete the lingering object.
repadmin /removelingeringobjects SRV-01 4a8717eb-8e58-456c-995a-c92e4add7e8e dc=hpv, dc=local
6. Now on the problematic server following event id will be generated in Directory service if the lingering object are deleted permanently .
Event ID 1939 start with Active Directory Domain Services has completed the removal of lingering objects on the local domain controller. All objects on this domain controller have had their existence verified on the following source domain controller.
7. Now on the SRV-01 type the following command to restart replication.
repadmin /regkey SRV-01 +allowDivergent
Eg:
C:\>repadmin /regkey SRV-01 +allowDivergent
HKLM\System\CurrentControlSet\Services\NTDS\Parameters: "Allow Replication With Divergent and Corrupt Partner" value does not exist
New HKLM\System\CurrentControlSet\Services\NTDS\Parameters: "Allow Replication With Divergent and Corrupt Partner" REG_DWORD 0x00000001 (1)
8. Confirm replication is sucess with repladmin /showrepl or use the AD Replication Status tool (http://www.microsoft.com/en-us/download/details.aspx?id=30005)
For testing copy a simple .txt file in first sever's sysvol folders script directory and check if it is listed in second server's sysvol, if listed then delete from there and check in first server if it is deleted. If both are success then we can confirm the replication is success.
9. After confirming the above step delete the replication registry added in step 7 by typing the following command..
C:\>repadmin /regkey SRV-01 -allowDivergent
HKLM\System\CurrentControlSet\Services\NTDS\Parameters: "Allow Replication With Divergent and Corrupt Partner" REG_DWORD 0x00000001 (1)
New HKLM\System\CurrentControlSet\Services\NTDS\Parameters: "Allow Replication With Divergent and Corrupt Partner" value does not exist
10. For details follow the microsoft article.
http://technet.microsoft.com/en-us/library/cc949136(v=ws.10).aspx
