При репликации возникла ошибка 8451

title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

Active Directory Replication Error 8451

provides a resolution for Active Directory Replication Error 8451 «The replication operation encountered a database error».

04/28/2023

Deland-Han

delhan

dcscontentpm

itpro

troubleshooting

windows-server

medium

kaushika, toddmax

sap:active-directory-replication, csstroubleshoot

windows-server-active-directory

Active Directory Replication Error 8451: «The replication operation encountered a database error»

This article provides a resolution for Active Directory Replication Error 8451: «The replication operation encountered a database error».

Applies to:   Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
Original KB number:   2645996

[!NOTE]
Home users: This article is intended only for technical support agents and IT professionals. If you’re looking for help to resolve a problem, please ask the Microsoft Community.

Symptoms

This article describes the symptoms and causes of situations in which Active Directory Domain Services (AD DS) operations fail and generate error 8451: «The replication operation encountered a database error.» This article also provides a resolution for this problem.
You might experience one of more of the following symptoms:

  • You see one or more on-screen error messages, logged events, or diagnostic output that identifies a database error. Possible formats for that error include the following.

    Decimal code Hexadecimal code Text code Error message
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error.
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size.
    -1075 0xfffffbc JET_errOutOfLongValueID Long-value ID counter has reached maximum value (do an offline defragmentation to reclaim free and unused LongValueIDs).
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non database file or corrupted db.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found.
    -1603 0xfffff9b JET_errNoCurrentRecord Currency not on a record.

  • Dcpromo.exe fails and generates error 8451.
    The user interface displays the following message:

    The operation failed because:

    Active Directory Domain Services could not replicate the directory partition
    <DN path of failing partition> from the remote Active Directory Domain Controller
    <helper DC>.<dns domain name>.<top level domain>.

    The replication operation encountered a database error.

    The Dcpromo.log file contains the following information:

    <date> <time> [INFO] NstdInstall for contoso.com returned 8451
    <date> <time> [INFO] DsRolepInstallDs returned 8451
    <date> <time> [ERROR] Failed to install to Directory Service (8451)
    <date> <time> [INFO] Starting service NETLOGON

  • Repadmin.exe reports that the replication attempt has failed with status 8451. Repadmin.exe commands that commonly cite the 8451 status include but are not limited to:

    • Repadmin /kcc

    • Repadmin /rehost

    • Repadmin /replicate

    • Repadmin /replsum

    • Repadmin /showrepl

    • Repadmin /showreps

    • Repadmin /showutdvec

    • Repadmin /syncall

      For detailed information about how to use Repadmin to troubleshoot replication problems, see Monitoring and Troubleshooting Active Directory Replication Using Repadmin.

      The following sample shows output from the repadmin /showreps command that indicates that inbound replication from CONTOSO-DC2 to CONTOSO-DC1 failed and generated the «replication access was denied» message.

      Default-First-Site-NameCONTOSO-DC1
      DSA Options: IS_GC
      Site Options: (none)
      DSA object GUID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      DSA invocationID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      ==== INBOUND NEIGHBORS ======================================
      DC=contoso,DC=com
      Default-First-Site-NameCONTOSO-DC2 via RPC
      DSA object GUID: 74fbe06c-932c-46b5-831b-af9e31f496b2
      Last attempt @ <date> <time> failed, result 8451 (0x2103):
      The replication operation encountered a database error.
      consecutive failure(s).
      Last success @ <date> <time>.

  • Event Viewer lists one or more events that cite the 8451 error. The following table lists the event sources and Event IDs of common events that cite the 8451 error (in event source + event ID order).

    Event source Event ID Event message
    Microsoft-Windows-ActiveDirectory_DomainService 1039 with extended error 8451 Internal event: Active Directory Domain Services could not process the following object.
    Microsoft-Windows-ActiveDirectory_DomainService 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    Microsoft-Windows-ActiveDirectory_DomainService 1308 with extended error 8451 The Knowledge Consistency Checker (KCC) has detected that successive attempt to replicate with the following directory service failed.
    Microsoft-Windows-ActiveDirectory_DomainService 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.
    NTDS Replication 2108 with extended error 8451 with secondary error value-1075 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1075
    NTDS Replication 2108 with extended error 8451 with secondary error value-1526 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1526
    NTDS Replication 2108 with extended error 8451 with secondary error value -1414 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1414
    NTDS General 1039 with extended error 8451. Internal event: Active Directory could not process the following object.
    NTDS KCC 1925 with extended error 8451 The attempt to establish a replication link for the following writable directory partition failed.
    NTDS Replication 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    NTDS Replication 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.

  • When you increase the NTDS diagnosing logging level on the domain controller, Event Viewer lists additional events that are related to the 8451 error. The following table lists the event sources and Event IDs of events that frequently accompany other events that contain the 8451 error.

    Event source Event ID Event message
    Internal Processing 1481 with error-1601 Internal error: The operation on the object failed. Additional Data: Error value: 2 000020EF: NameErr: DSID-032500E8, problem 2001 (NO_OBJECT), data -1601, best match of: «
    Internal Processing 1173 with error-1075 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1075 Internal ID: 205086d
    Internal Processing 1173 with error-1526 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1526 Internal ID: 205036b
    Internal Processing 1173 with error-1603 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1603 Internal ID: 2050344
    NTDS ISAM 474 with error-1018 The database page read from the file ‘E:NTDSDatantds.dit’ at offset 3846455296 (0x00000000e5444000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 323677604 (0x134aeda4) and the actual checksum was 2081515684 (0x7c1168a4). The read operation will fail with error -1018 (0xfffffc06). If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Contact your hardware vendor for further assistance diagnosing the problem.
    NTDS ISAM 488 NTDS (396) NTDSA: Data inconsistency detected in table datatable of database C:WINDOWSNTDSntds.dit (4621,7905).

  • When you run the Dcdiag.exe utility, it produces output that resembles as:

    Starting test: Replications

    * Replications Check
    [Replications Check,<DC Name>] A recent replication attempt
    failed:
    From <source DC> to <destination DC>
    Naming Context: <DN path of failing naming context>
    The replication generated an error (8451):
    The replication operation encountered a database error

  • In Active Directory Sites and Services, when you right-click the connection object of a source DC and select Replicate now, the command fails and generates a message that resembles as:

    The following error occurred during the attempt to synchronize naming context <%directory partition name%> from Domain Controller <Source DC> to Domain Controller <Destination DC>:
    «The replication operation encountered a database error.»
    The operation will not continue.

How to decode error codes

You can use Microsoft Exchange Server Error Code Lookup to decode the error codes that are described in this article. Decoding the error codes that relate to the 8451 error and accompanying errors produces the following information:

C:>err 8451
for decimal 8451 / hex 0x2103 :
ERROR_DS_DRA_DB_ERROR               winerror.h
The replication operation encountered a database error.
2 matches found for «8451»

C:>err -1414
for decimal -1414 / hex 0xfffffa7a :
JET_errSecondaryIndexCorrupted            esent98.h
/Secondary index is corrupt. The database must be
defragmented/
1 matches found for «-1414»

C:>err -1526
for decimal -1526 / hex 0xfffffa0a :
JET_errLVCorrupted                  esent98.h
/Corruption encountered in long-value tree/
1 matches found for «-1526»

C:>err -1603
for decimal -1603 / hex 0xfffff9bd :
JET_errNoCurrentRecord                esent98.h
/Currency not on a record/
1 matches found for «-1603»

C:>err -1075
for decimal -1075 / hex 0xfffffbcd :
JET_errOutOfLongValueIDs               esent98.h
/Long-value ID counter has reached maximum value.
(perform offline defrag to reclaim free/unused
LongValueIDs)/
1 matches found for «-1075»

C:>err -1601
for decimal -1601 / hex 0xfffff9bf :
JET_errRecordNotFound                 esent98.h
/The key was not found/
1 matches found for «-1601»

C:>err -1047
for decimal -1047 / hex 0xfffffbe9 :
JET_errInvalidBufferSize                  esent98.h
/Data buffer doesn’t match column size/
1 matches found for «-1047»

C:>err -1018
for decimal -1018 / hex 0xfffffc06 :
JET_errReadVerifyFailure                  ese.h
/Checksum error on a database page/
JET_errReadVerifyFailure                  esent98.h
/* Checksum error on a database page */
2 matches found for «-1018»

C:>err -1206
for decimal -1206 / hex 0xfffffb4a :
JET_errDatabaseCorrupted                  esent98.h
/Non database file or corrupted db/
1 matches found for «-1206»

Cause

The status 8451: «The replication operation encountered a database error» has multiple root causes, including the following ones:

  • The Active Directory database or Active Directory database index might be corrupted. It may be caused by the following reasons:
    • Failing hardware:
      • Disk
      • Controller
      • Controller cache
    • Outdated drivers:
      • Controller
    • Outdated firmware:
      • Computer BIOS
      • Controller
      • Disk
    • Sudden power loss.
    • Lingering objects.
    • The long-value ID counter has reached its maximum value:
      • The ESE column types JET_coltypLongTextand JET_coltypLongBinary are called long value column types. These columns are large string and large binary objects that may be stored in separate B+ trees away from the primary index. When long values are stored separately from the primary record, they are internally keyed on a long value ID (LID).
    • Invalid security descriptor in the msExchSecurityDescriptor attribute.

Resolution

[!Important]
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

How to resolve a single occurrence of the problem

If the error occurs on only one domain controller and appears to be an isolated problem, the best and quickest resolution is to do offline defragmentation of the database on the affected server. For information about how to do it, see How to perform offline defragmentation of the Active Directory database.

If offline defragmentation does not correct the issue, demote and then repromote the affected domain controller. For information about how to do it, see Demoting Domain Controllers and Domains.

How to resolve a recurring problem

If the problem recurs, collect some diagnostic data.

  1. Enable NTDS diagnostic logging for Replication Events and Internal Processing at a level of 5.

    To increase NTDS diagnostic logging, change the following REG_DWORD values in the registry of the destination domain controller under the following registry subkey:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics

    Set the value of the following entries to 5:

    • Replication Events
    • Internal Processing

    [!Note]
    Level-5 logging is extremely verbose. The values of both keys should be restored to the default of 0 after the problem is resolved. Filtering the Directory Services event log should be done to isolate and identify these events.

    For more information about the standard terminology that is used to describe Microsoft software updates, see the following Knowledge Base article:

  2. Review the event logs for the new events that were generated from the increased logging for error values that will give a definitive view of the original 8451 error. For example, an Internal Processing Event ID 1173 that has an error value of -1526 would indicate that we have a corruption in long-value tree.

  3. Based on the additional information from the increased logging, refer to the following table for a potential resolution.

    Decimal code Hex code Text code Error message Potential resolutions
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page Check hardware, firmware, and drivers. Restore from backup.Demote/promote.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size 832851 Inbound Replication Fails on Domain Controllers with Event ID: 1699, Error 8451 or jet error -1601 Note: This hotfix is no longer available.
    -1075 0xfffffbcd JET_errOutOfLongValueIDs Long-value ID counter has reached maximum value. (do offline defragmentation to reclaim free or unusedLongValueIDs) Do offline defragmentation.
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non-database file or corrupted db Check hardware, firmware, and drivers.Run the Esentutl/k command. Run the Ntdsutil file integrity and semantic database analysis (SDA) commands, and then do offline defragmentation.Otherwise restore from backup or demote/promote.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented. Do offline defragmentation.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil** file integrity and SDA commands, and then do offline defragmentation. Otherwise, restore from backup or demote and promote.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    -1603 0xfffff9bd JET_errNoCurrentRecord Currency not on a record Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation. Otherwise restore from backup or demote/promote.

  4. If all these methods fail, restore the domain controller from a backup, or demote it and then repromote.

More information

Verify the vertical jet database stack from the bottom up (proceeding up to the next layer only after the underlying layer is graded as «good»), the same as you do for TCP.

Layer Ntdsutil command Esentutl command
(1) Physical consistency no equivalent Esentutl /k
(2) Extensible Storage Engine (ESE) logical consistency Ntdsutil, files, integrity Esentutl /g
(3) Application logical consistency Ntdsutil, semantic database analysis + Ntdsutil, compact no equivalent for SDA + Esentutl /d

Data collection

If you need assistance from Microsoft support, we recommend you collect the information by following the steps mentioned in Gather information by using TSSv2 for Active Directory replication issues.

Источник
  • Remove From My Forums

  • Вопрос

  • После расширения и установки sccm2012 r2 перестала работать репликация.  При репликации возникла ошибка (8418):Произошла ошибка операции репликации из-за несоответствия схемы задействованных серверов.

Ответы

  • Повреждена физическая структура база данных AD на BDC2012.

    Рекомендуемые в вашем случае действия:  понизить BDC2012 до рядового сервера, затем повысить опять до контроллера домена.

    Надеюсь, BDC2012 никаких ролей, кроме AD DS и сопуствующих (DNS и пр.) не несёт и никакие программы на нём не установлены.

    Возможно также восстановление AD на BDC2012  из резервной копии состояния системы. Только, боюсь, это может ничего не дать — резервная копия уже может содержать ошибку.

    Пытаться «чинить» базу в вашем случае не советую: вероятность починки без потери данных маленькая, а ещё одна, хорошая копия базы есть на PDC2012.

    PS А ещё появление такого рода ошибок — нехороший признак, говорящий о возможном наличии аппаратных ошибок в оперативной памяти или дисковой подсистеме.

    Слава России!

    • Помечено в качестве ответа

      20 мая 2015 г. 10:04

Hello everyone, I am having some replication issues on my domain that I would like to verify before I take the appropriate steps listed in the Microsoft Tech articles. I am running in a 2 DC network both running 2008 R2 both are Global Catalog Servers.  I
am having a tough time deciding on which DC I should take down and make the appropriate fixes / changes to. For the purpose of this question I will name my DC’s DC-01 and DC-02.  On DC-01 Checking the error logs I am receiving 3 separate Event ID error
467 — Database Corruption.  On DC-02 I am receiving the Event ID 1084 Error Value: 8451 indication database error, it does keep showing one specific object that for some reason I cannot seem to remove manually. I have attempted to perform a remove lingering
objects which receives an error.  Below is the logs from my attempt to remove the lingering object and my repadmin /showrepl logs. Replication from DC-01 to DC-02 is not working, but replication from DC-02 to DC-01 is. My questions is should I take down
DC-01 and perform the database integrity  / fixes or DC-02? Also any other steps anyone can suggest where I may not need to take down the service on my DC’s would be appreciated, the staff around here is VERY weary when it comes to any of our machines
having any downtime. Thank you!

When I attempt to run a repadmin /removelingeringobjects I receive a : (this don’t work if i change these around either)

repadmin /removelingeringobjects af01e71d-2516-42ca-8560-6c4f643c5b51 64af9410-df22-4b7e-8da3-942cdfce5a92 CN=Deleted Objects,DC=contoso,DC=com

DsBindWithCred to af01e71d-2516-42ca-8560-6c4f643c5b51 failed with status 1722 (0x6ba):
    The RPC server is unavailable.

Here are the repadmin /showrepl errors I am receiving. 

PS C:Windowssystem32> repadmin /showrepl contoso-dc02

Default-First-SiteCONTOSO-DC02

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

DSA invocationID: 37ea7e96-ac79-4c52-8578-22c0a9fe5d48

==== INBOUND NEIGHBORS ======================================

DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:24:12 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        49006 consecutive failure(s).

        Last success @ 2014-09-05 13:27:52.

CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:20:52 was successful.

CN=Schema,CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

DC=DomainDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:10:32 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        22848 consecutive failure(s).

        Last success @ 2014-03-10 06:08:45.

DC=ForestDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

Source: Default-First-SiteCONTOSO-DC01

******* 48974 CONSECUTIVE FAILURES since 2014-09-05 13:27:52

Last error: 8451 (0x2103):

            The replication operation encountered a database error.

_____________________________________________________________________________________________________

PS C:Windowssystem32> repadmin /showrepl contoso-dc01

Default-First-SiteCONTOSO-DC01

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

DSA invocationID: 4700c518-bbe6-46d3-8245-aa7c23798241

==== INBOUND NEIGHBORS ======================================

DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:24:46 was successful.

CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:19:14 was successful.

CN=Schema,CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

DC=DomainDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        1887 consecutive failure(s).

        Last success @ 2014-07-11 07:58:30.

DC=ForestDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

Source: Default-First-SiteCONTOSO-DC02

******* 1887 CONSECUTIVE FAILURES since 2014-07-11 07:58:30

Last error: 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

Hello everyone, I am having some replication issues on my domain that I would like to verify before I take the appropriate steps listed in the Microsoft Tech articles. I am running in a 2 DC network both running 2008 R2 both are Global Catalog Servers.  I
am having a tough time deciding on which DC I should take down and make the appropriate fixes / changes to. For the purpose of this question I will name my DC’s DC-01 and DC-02.  On DC-01 Checking the error logs I am receiving 3 separate Event ID error
467 — Database Corruption.  On DC-02 I am receiving the Event ID 1084 Error Value: 8451 indication database error, it does keep showing one specific object that for some reason I cannot seem to remove manually. I have attempted to perform a remove lingering
objects which receives an error.  Below is the logs from my attempt to remove the lingering object and my repadmin /showrepl logs. Replication from DC-01 to DC-02 is not working, but replication from DC-02 to DC-01 is. My questions is should I take down
DC-01 and perform the database integrity  / fixes or DC-02? Also any other steps anyone can suggest where I may not need to take down the service on my DC’s would be appreciated, the staff around here is VERY weary when it comes to any of our machines
having any downtime. Thank you!

When I attempt to run a repadmin /removelingeringobjects I receive a : (this don’t work if i change these around either)

repadmin /removelingeringobjects af01e71d-2516-42ca-8560-6c4f643c5b51 64af9410-df22-4b7e-8da3-942cdfce5a92 CN=Deleted Objects,DC=contoso,DC=com

DsBindWithCred to af01e71d-2516-42ca-8560-6c4f643c5b51 failed with status 1722 (0x6ba):
    The RPC server is unavailable.

Here are the repadmin /showrepl errors I am receiving. 

PS C:Windowssystem32> repadmin /showrepl contoso-dc02

Default-First-SiteCONTOSO-DC02

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

DSA invocationID: 37ea7e96-ac79-4c52-8578-22c0a9fe5d48

==== INBOUND NEIGHBORS ======================================

DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:24:12 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        49006 consecutive failure(s).

        Last success @ 2014-09-05 13:27:52.

CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:20:52 was successful.

CN=Schema,CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

DC=DomainDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:10:32 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        22848 consecutive failure(s).

        Last success @ 2014-03-10 06:08:45.

DC=ForestDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

Source: Default-First-SiteCONTOSO-DC01

******* 48974 CONSECUTIVE FAILURES since 2014-09-05 13:27:52

Last error: 8451 (0x2103):

            The replication operation encountered a database error.

_____________________________________________________________________________________________________

PS C:Windowssystem32> repadmin /showrepl contoso-dc01

Default-First-SiteCONTOSO-DC01

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

DSA invocationID: 4700c518-bbe6-46d3-8245-aa7c23798241

==== INBOUND NEIGHBORS ======================================

DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:24:46 was successful.

CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:19:14 was successful.

CN=Schema,CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

DC=DomainDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        1887 consecutive failure(s).

        Last success @ 2014-07-11 07:58:30.

DC=ForestDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

Source: Default-First-SiteCONTOSO-DC02

******* 1887 CONSECUTIVE FAILURES since 2014-07-11 07:58:30

Last error: 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

Active Directory Replication Error 8451

provides a resolution for Active Directory Replication Error 8451 «The replication operation encountered a database error».

10/19/2020

Deland-Han

delhan

dcscontentpm

itpro

troubleshooting

windows-server

medium

kaushika, toddmax

sap:active-directory-replication, csstroubleshoot

windows-server-active-directory

Active Directory Replication Error 8451: «The replication operation encountered a database error»

This article provides a resolution for Active Directory Replication Error 8451: «The replication operation encountered a database error».

Applies to:   Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
Original KB number:   2645996

[!NOTE]
Home users: This article is intended only for technical support agents and IT professionals. If you’re looking for help to resolve a problem, please ask the Microsoft Community.

Symptoms

This article describes the symptoms and causes of situations in which Active Directory Domain Services (AD DS) operations fail and generate error 8451: «The replication operation encountered a database error.» This article also provides a resolution for this problem.
You might experience one of more of the following symptoms:

  • You see one or more on-screen error messages, logged events, or diagnostic output that identifies a database error. Possible formats for that error include the following.

    Decimal code Hexadecimal code Text code Error message
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error.
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size.
    -1075 0xfffffbc JET_errOutOfLongValueID Long-value ID counter has reached maximum value (do an offline defragmentation to reclaim free and unused LongValueIDs).
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non database file or corrupted db.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found.
    -1603 0xfffff9b JET_errNoCurrentRecord Currency not on a record.

  • Dcpromo.exe fails and generates error 8451.
    The user interface displays the following message:

    The operation failed because:

    Active Directory Domain Services could not replicate the directory partition
    <DN path of failing partition> from the remote Active Directory Domain Controller
    <helper DC>.<dns domain name>.<top level domain>.

    The replication operation encountered a database error.

    The Dcpromo.log file contains the following information:

    <date> <time> [INFO] NstdInstall for contoso.com returned 8451
    <date> <time> [INFO] DsRolepInstallDs returned 8451
    <date> <time> [ERROR] Failed to install to Directory Service (8451)
    <date> <time> [INFO] Starting service NETLOGON

  • Repadmin.exe reports that the replication attempt has failed with status 8451. Repadmin.exe commands that commonly cite the 8451 status include but are not limited to:

    • Repadmin /kcc

    • Repadmin /rehost

    • Repadmin /replicate

    • Repadmin /replsum

    • Repadmin /showrepl

    • Repadmin /showreps

    • Repadmin /showutdvec

    • Repadmin /syncall

      For detailed information about how to use Repadmin to troubleshoot replication problems, see Monitoring and Troubleshooting Active Directory Replication Using Repadmin.

      The following sample shows output from the repadmin /showreps command that indicates that inbound replication from CONTOSO-DC2 to CONTOSO-DC1 failed and generated the «replication access was denied» message.

      Default-First-Site-NameCONTOSO-DC1
      DSA Options: IS_GC
      Site Options: (none)
      DSA object GUID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      DSA invocationID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      ==== INBOUND NEIGHBORS ======================================
      DC=contoso,DC=com
      Default-First-Site-NameCONTOSO-DC2 via RPC
      DSA object GUID: 74fbe06c-932c-46b5-831b-af9e31f496b2
      Last attempt @ <date> <time> failed, result 8451 (0x2103):
      The replication operation encountered a database error.
      consecutive failure(s).
      Last success @ <date> <time>.

  • Event Viewer lists one or more events that cite the 8451 error. The following table lists the event sources and Event IDs of common events that cite the 8451 error (in event source + event ID order).

    Event source Event ID Event message
    Microsoft-Windows-ActiveDirectory_DomainService 1039 with extended error 8451 Internal event: Active Directory Domain Services could not process the following object.
    Microsoft-Windows-ActiveDirectory_DomainService 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    Microsoft-Windows-ActiveDirectory_DomainService 1308 with extended error 8451 The Knowledge Consistency Checker (KCC) has detected that successive attempt to replicate with the following directory service failed.
    Microsoft-Windows-ActiveDirectory_DomainService 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.
    NTDS Replication 2108 with extended error 8451 with secondary error value-1075 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1075
    NTDS Replication 2108 with extended error 8451 with secondary error value-1526 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1526
    NTDS Replication 2108 with extended error 8451 with secondary error value -1414 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1414
    NTDS General 1039 with extended error 8451. Internal event: Active Directory could not process the following object.
    NTDS KCC 1925 with extended error 8451 The attempt to establish a replication link for the following writable directory partition failed.
    NTDS Replication 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    NTDS Replication 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.

  • When you increase the NTDS diagnosing logging level on the domain controller, Event Viewer lists additional events that are related to the 8451 error. The following table lists the event sources and Event IDs of events that frequently accompany other events that contain the 8451 error.

    Event source Event ID Event message
    Internal Processing 1481 with error-1601 Internal error: The operation on the object failed. Additional Data: Error value: 2 000020EF: NameErr: DSID-032500E8, problem 2001 (NO_OBJECT), data -1601, best match of: «
    Internal Processing 1173 with error-1075 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1075 Internal ID: 205086d
    Internal Processing 1173 with error-1526 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1526 Internal ID: 205036b
    Internal Processing 1173 with error-1603 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1603 Internal ID: 2050344
    NTDS ISAM 474 with error-1018 The database page read from the file ‘E:NTDSDatantds.dit’ at offset 3846455296 (0x00000000e5444000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 323677604 (0x134aeda4) and the actual checksum was 2081515684 (0x7c1168a4). The read operation will fail with error -1018 (0xfffffc06). If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Contact your hardware vendor for further assistance diagnosing the problem.
    NTDS ISAM 488 NTDS (396) NTDSA: Data inconsistency detected in table datatable of database C:WINDOWSNTDSntds.dit (4621,7905).

  • When you run the Dcdiag.exe utility, it produces output that resembles as:

    Starting test: Replications

    * Replications Check
    [Replications Check,<DC Name>] A recent replication attempt
    failed:
    From <source DC> to <destination DC>
    Naming Context: <DN path of failing naming context>
    The replication generated an error (8451):
    The replication operation encountered a database error

  • In Active Directory Sites and Services, when you right-click the connection object of a source DC and select Replicate now, the command fails and generates a message that resembles as:

    The following error occurred during the attempt to synchronize naming context <%directory partition name%> from Domain Controller <Source DC> to Domain Controller <Destination DC>:
    «The replication operation encountered a database error.»
    The operation will not continue.

How to decode error codes

You can use Microsoft Exchange Server Error Code Lookup to decode the error codes that are described in this article. Decoding the error codes that relate to the 8451 error and accompanying errors produces the following information:

C:>err 8451
for decimal 8451 / hex 0x2103 :
ERROR_DS_DRA_DB_ERROR               winerror.h
The replication operation encountered a database error.
2 matches found for «8451»

C:>err -1414
for decimal -1414 / hex 0xfffffa7a :
JET_errSecondaryIndexCorrupted            esent98.h
/Secondary index is corrupt. The database must be
defragmented/
1 matches found for «-1414»

C:>err -1526
for decimal -1526 / hex 0xfffffa0a :
JET_errLVCorrupted                  esent98.h
/Corruption encountered in long-value tree/
1 matches found for «-1526»

C:>err -1603
for decimal -1603 / hex 0xfffff9bd :
JET_errNoCurrentRecord                esent98.h
/Currency not on a record/
1 matches found for «-1603»

C:>err -1075
for decimal -1075 / hex 0xfffffbcd :
JET_errOutOfLongValueIDs               esent98.h
/Long-value ID counter has reached maximum value.
(perform offline defrag to reclaim free/unused
LongValueIDs)/
1 matches found for «-1075»

C:>err -1601
for decimal -1601 / hex 0xfffff9bf :
JET_errRecordNotFound                 esent98.h
/The key was not found/
1 matches found for «-1601»

C:>err -1047
for decimal -1047 / hex 0xfffffbe9 :
JET_errInvalidBufferSize                  esent98.h
/Data buffer doesn’t match column size/
1 matches found for «-1047»

C:>err -1018
for decimal -1018 / hex 0xfffffc06 :
JET_errReadVerifyFailure                  ese.h
/Checksum error on a database page/
JET_errReadVerifyFailure                  esent98.h
/* Checksum error on a database page */
2 matches found for «-1018»

C:>err -1206
for decimal -1206 / hex 0xfffffb4a :
JET_errDatabaseCorrupted                  esent98.h
/Non database file or corrupted db/
1 matches found for «-1206»

Cause

The status 8451: «The replication operation encountered a database error» has multiple root causes, including the following ones:

  • The Active Directory database or Active Directory database index might be corrupted. It may be caused by the following reasons:
    • Failing hardware:
      • Disk
      • Controller
      • Controller cache
    • Outdated drivers:
      • Controller
    • Outdated firmware:
      • Computer BIOS
      • Controller
      • Disk
    • Sudden power loss.
    • Lingering objects.
    • The long-value ID counter has reached its maximum value:
      • The ESE column types JET_coltypLongTextand JET_coltypLongBinary are called long value column types. These columns are large string and large binary objects that may be stored in separate B+ trees away from the primary index. When long values are stored separately from the primary record, they are internally keyed on a long value ID (LID).
    • Invalid security descriptor in the msExchSecurityDescriptor attribute.

Resolution

[!Important]
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

How to resolve a single occurrence of the problem

If the error occurs on only one domain controller and appears to be an isolated problem, the best and quickest resolution is to do offline defragmentation of the database on the affected server. For information about how to do it, see How to perform offline defragmentation of the Active Directory database.

If offline defragmentation does not correct the issue, demote and then repromote the affected domain controller. For information about how to do it, see Demoting Domain Controllers and Domains.

How to resolve a recurring problem

If the problem recurs, collect some diagnostic data.

  1. Enable NTDS diagnostic logging for Replication Events and Internal Processing at a level of 5.

    To increase NTDS diagnostic logging, change the following REG_DWORD values in the registry of the destination domain controller under the following registry subkey:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics

    Set the value of the following entries to 5:

    • Replication Events
    • Internal Processing

    [!Note]
    Level-5 logging is extremely verbose. The values of both keys should be restored to the default of 0 after the problem is resolved. Filtering the Directory Services event log should be done to isolate and identify these events.

    For more information about the standard terminology that is used to describe Microsoft software updates, see the following Knowledge Base article:

  2. Review the event logs for the new events that were generated from the increased logging for error values that will give a definitive view of the original 8451 error. For example, an Internal Processing Event ID 1173 that has an error value of -1526 would indicate that we have a corruption in long-value tree.

  3. Based on the additional information from the increased logging, refer to the following table for a potential resolution.

    Decimal code Hex code Text code Error message Potential resolutions
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page Check hardware, firmware, and drivers. Restore from backup.Demote/promote.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size 832851 Inbound Replication Fails on Domain Controllers with Event ID: 1699, Error 8451 or jet error -1601 Note: This hotfix is no longer available.
    -1075 0xfffffbcd JET_errOutOfLongValueIDs Long-value ID counter has reached maximum value. (do offline defragmentation to reclaim free or unusedLongValueIDs) Do offline defragmentation.
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non-database file or corrupted db Check hardware, firmware, and drivers.Run the Esentutl/k command. Run the Ntdsutil file integrity and semantic database analysis (SDA) commands, and then do offline defragmentation.Otherwise restore from backup or demote/promote.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented. Do offline defragmentation.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil** file integrity and SDA commands, and then do offline defragmentation. Otherwise, restore from backup or demote and promote.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    -1603 0xfffff9bd JET_errNoCurrentRecord Currency not on a record Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation. Otherwise restore from backup or demote/promote.

  4. If all these methods fail, restore the domain controller from a backup, or demote it and then repromote.

More information

Verify the vertical jet database stack from the bottom up (proceeding up to the next layer only after the underlying layer is graded as «good»), the same as you do for TCP.

Layer Ntdsutil command Esentutl command
(1) Physical consistency no equivalent Esentutl /k
(2) Extensible Storage Engine (ESE) logical consistency Ntdsutil, files, integrity Esentutl /g
(3) Application logical consistency Ntdsutil, semantic database analysis + Ntdsutil, compact no equivalent for SDA + Esentutl /d
title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

Active Directory Replication Error 8451

provides a resolution for Active Directory Replication Error 8451 «The replication operation encountered a database error».

10/19/2020

Deland-Han

delhan

dcscontentpm

itpro

troubleshooting

windows-server

medium

kaushika, toddmax

sap:active-directory-replication, csstroubleshoot

windows-server-active-directory

Active Directory Replication Error 8451: «The replication operation encountered a database error»

This article provides a resolution for Active Directory Replication Error 8451: «The replication operation encountered a database error».

Applies to:   Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
Original KB number:   2645996

[!NOTE]
Home users: This article is intended only for technical support agents and IT professionals. If you’re looking for help to resolve a problem, please ask the Microsoft Community.

Symptoms

This article describes the symptoms and causes of situations in which Active Directory Domain Services (AD DS) operations fail and generate error 8451: «The replication operation encountered a database error.» This article also provides a resolution for this problem.
You might experience one of more of the following symptoms:

  • You see one or more on-screen error messages, logged events, or diagnostic output that identifies a database error. Possible formats for that error include the following.

    Decimal code Hexadecimal code Text code Error message
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error.
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size.
    -1075 0xfffffbc JET_errOutOfLongValueID Long-value ID counter has reached maximum value (do an offline defragmentation to reclaim free and unused LongValueIDs).
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non database file or corrupted db.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found.
    -1603 0xfffff9b JET_errNoCurrentRecord Currency not on a record.

  • Dcpromo.exe fails and generates error 8451.
    The user interface displays the following message:

    The operation failed because:

    Active Directory Domain Services could not replicate the directory partition
    <DN path of failing partition> from the remote Active Directory Domain Controller
    <helper DC>.<dns domain name>.<top level domain>.

    The replication operation encountered a database error.

    The Dcpromo.log file contains the following information:

    <date> <time> [INFO] NstdInstall for contoso.com returned 8451
    <date> <time> [INFO] DsRolepInstallDs returned 8451
    <date> <time> [ERROR] Failed to install to Directory Service (8451)
    <date> <time> [INFO] Starting service NETLOGON

  • Repadmin.exe reports that the replication attempt has failed with status 8451. Repadmin.exe commands that commonly cite the 8451 status include but are not limited to:

    • Repadmin /kcc

    • Repadmin /rehost

    • Repadmin /replicate

    • Repadmin /replsum

    • Repadmin /showrepl

    • Repadmin /showreps

    • Repadmin /showutdvec

    • Repadmin /syncall

      For detailed information about how to use Repadmin to troubleshoot replication problems, see Monitoring and Troubleshooting Active Directory Replication Using Repadmin.

      The following sample shows output from the repadmin /showreps command that indicates that inbound replication from CONTOSO-DC2 to CONTOSO-DC1 failed and generated the «replication access was denied» message.

      Default-First-Site-NameCONTOSO-DC1
      DSA Options: IS_GC
      Site Options: (none)
      DSA object GUID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      DSA invocationID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      ==== INBOUND NEIGHBORS ======================================
      DC=contoso,DC=com
      Default-First-Site-NameCONTOSO-DC2 via RPC
      DSA object GUID: 74fbe06c-932c-46b5-831b-af9e31f496b2
      Last attempt @ <date> <time> failed, result 8451 (0x2103):
      The replication operation encountered a database error.
      consecutive failure(s).
      Last success @ <date> <time>.

  • Event Viewer lists one or more events that cite the 8451 error. The following table lists the event sources and Event IDs of common events that cite the 8451 error (in event source + event ID order).

    Event source Event ID Event message
    Microsoft-Windows-ActiveDirectory_DomainService 1039 with extended error 8451 Internal event: Active Directory Domain Services could not process the following object.
    Microsoft-Windows-ActiveDirectory_DomainService 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    Microsoft-Windows-ActiveDirectory_DomainService 1308 with extended error 8451 The Knowledge Consistency Checker (KCC) has detected that successive attempt to replicate with the following directory service failed.
    Microsoft-Windows-ActiveDirectory_DomainService 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.
    NTDS Replication 2108 with extended error 8451 with secondary error value-1075 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1075
    NTDS Replication 2108 with extended error 8451 with secondary error value-1526 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1526
    NTDS Replication 2108 with extended error 8451 with secondary error value -1414 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1414
    NTDS General 1039 with extended error 8451. Internal event: Active Directory could not process the following object.
    NTDS KCC 1925 with extended error 8451 The attempt to establish a replication link for the following writable directory partition failed.
    NTDS Replication 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    NTDS Replication 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.

  • When you increase the NTDS diagnosing logging level on the domain controller, Event Viewer lists additional events that are related to the 8451 error. The following table lists the event sources and Event IDs of events that frequently accompany other events that contain the 8451 error.

    Event source Event ID Event message
    Internal Processing 1481 with error-1601 Internal error: The operation on the object failed. Additional Data: Error value: 2 000020EF: NameErr: DSID-032500E8, problem 2001 (NO_OBJECT), data -1601, best match of: «
    Internal Processing 1173 with error-1075 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1075 Internal ID: 205086d
    Internal Processing 1173 with error-1526 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1526 Internal ID: 205036b
    Internal Processing 1173 with error-1603 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1603 Internal ID: 2050344
    NTDS ISAM 474 with error-1018 The database page read from the file ‘E:NTDSDatantds.dit’ at offset 3846455296 (0x00000000e5444000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 323677604 (0x134aeda4) and the actual checksum was 2081515684 (0x7c1168a4). The read operation will fail with error -1018 (0xfffffc06). If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Contact your hardware vendor for further assistance diagnosing the problem.
    NTDS ISAM 488 NTDS (396) NTDSA: Data inconsistency detected in table datatable of database C:WINDOWSNTDSntds.dit (4621,7905).

  • When you run the Dcdiag.exe utility, it produces output that resembles as:

    Starting test: Replications

    * Replications Check
    [Replications Check,<DC Name>] A recent replication attempt
    failed:
    From <source DC> to <destination DC>
    Naming Context: <DN path of failing naming context>
    The replication generated an error (8451):
    The replication operation encountered a database error

  • In Active Directory Sites and Services, when you right-click the connection object of a source DC and select Replicate now, the command fails and generates a message that resembles as:

    The following error occurred during the attempt to synchronize naming context <%directory partition name%> from Domain Controller <Source DC> to Domain Controller <Destination DC>:
    «The replication operation encountered a database error.»
    The operation will not continue.

How to decode error codes

You can use Microsoft Exchange Server Error Code Lookup to decode the error codes that are described in this article. Decoding the error codes that relate to the 8451 error and accompanying errors produces the following information:

C:>err 8451
for decimal 8451 / hex 0x2103 :
ERROR_DS_DRA_DB_ERROR               winerror.h
The replication operation encountered a database error.
2 matches found for «8451»

C:>err -1414
for decimal -1414 / hex 0xfffffa7a :
JET_errSecondaryIndexCorrupted            esent98.h
/Secondary index is corrupt. The database must be
defragmented/
1 matches found for «-1414»

C:>err -1526
for decimal -1526 / hex 0xfffffa0a :
JET_errLVCorrupted                  esent98.h
/Corruption encountered in long-value tree/
1 matches found for «-1526»

C:>err -1603
for decimal -1603 / hex 0xfffff9bd :
JET_errNoCurrentRecord                esent98.h
/Currency not on a record/
1 matches found for «-1603»

C:>err -1075
for decimal -1075 / hex 0xfffffbcd :
JET_errOutOfLongValueIDs               esent98.h
/Long-value ID counter has reached maximum value.
(perform offline defrag to reclaim free/unused
LongValueIDs)/
1 matches found for «-1075»

C:>err -1601
for decimal -1601 / hex 0xfffff9bf :
JET_errRecordNotFound                 esent98.h
/The key was not found/
1 matches found for «-1601»

C:>err -1047
for decimal -1047 / hex 0xfffffbe9 :
JET_errInvalidBufferSize                  esent98.h
/Data buffer doesn’t match column size/
1 matches found for «-1047»

C:>err -1018
for decimal -1018 / hex 0xfffffc06 :
JET_errReadVerifyFailure                  ese.h
/Checksum error on a database page/
JET_errReadVerifyFailure                  esent98.h
/* Checksum error on a database page */
2 matches found for «-1018»

C:>err -1206
for decimal -1206 / hex 0xfffffb4a :
JET_errDatabaseCorrupted                  esent98.h
/Non database file or corrupted db/
1 matches found for «-1206»

Cause

The status 8451: «The replication operation encountered a database error» has multiple root causes, including the following ones:

  • The Active Directory database or Active Directory database index might be corrupted. It may be caused by the following reasons:
    • Failing hardware:
      • Disk
      • Controller
      • Controller cache
    • Outdated drivers:
      • Controller
    • Outdated firmware:
      • Computer BIOS
      • Controller
      • Disk
    • Sudden power loss.
    • Lingering objects.
    • The long-value ID counter has reached its maximum value:
      • The ESE column types JET_coltypLongTextand JET_coltypLongBinary are called long value column types. These columns are large string and large binary objects that may be stored in separate B+ trees away from the primary index. When long values are stored separately from the primary record, they are internally keyed on a long value ID (LID).
    • Invalid security descriptor in the msExchSecurityDescriptor attribute.

Resolution

[!Important]
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

How to resolve a single occurrence of the problem

If the error occurs on only one domain controller and appears to be an isolated problem, the best and quickest resolution is to do offline defragmentation of the database on the affected server. For information about how to do it, see How to perform offline defragmentation of the Active Directory database.

If offline defragmentation does not correct the issue, demote and then repromote the affected domain controller. For information about how to do it, see Demoting Domain Controllers and Domains.

How to resolve a recurring problem

If the problem recurs, collect some diagnostic data.

  1. Enable NTDS diagnostic logging for Replication Events and Internal Processing at a level of 5.

    To increase NTDS diagnostic logging, change the following REG_DWORD values in the registry of the destination domain controller under the following registry subkey:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics

    Set the value of the following entries to 5:

    • Replication Events
    • Internal Processing

    [!Note]
    Level-5 logging is extremely verbose. The values of both keys should be restored to the default of 0 after the problem is resolved. Filtering the Directory Services event log should be done to isolate and identify these events.

    For more information about the standard terminology that is used to describe Microsoft software updates, see the following Knowledge Base article:

  2. Review the event logs for the new events that were generated from the increased logging for error values that will give a definitive view of the original 8451 error. For example, an Internal Processing Event ID 1173 that has an error value of -1526 would indicate that we have a corruption in long-value tree.

  3. Based on the additional information from the increased logging, refer to the following table for a potential resolution.

    Decimal code Hex code Text code Error message Potential resolutions
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page Check hardware, firmware, and drivers. Restore from backup.Demote/promote.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size 832851 Inbound Replication Fails on Domain Controllers with Event ID: 1699, Error 8451 or jet error -1601 Note: This hotfix is no longer available.
    -1075 0xfffffbcd JET_errOutOfLongValueIDs Long-value ID counter has reached maximum value. (do offline defragmentation to reclaim free or unusedLongValueIDs) Do offline defragmentation.
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non-database file or corrupted db Check hardware, firmware, and drivers.Run the Esentutl/k command. Run the Ntdsutil file integrity and semantic database analysis (SDA) commands, and then do offline defragmentation.Otherwise restore from backup or demote/promote.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented. Do offline defragmentation.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil** file integrity and SDA commands, and then do offline defragmentation. Otherwise, restore from backup or demote and promote.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    -1603 0xfffff9bd JET_errNoCurrentRecord Currency not on a record Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation. Otherwise restore from backup or demote/promote.

  4. If all these methods fail, restore the domain controller from a backup, or demote it and then repromote.

More information

Verify the vertical jet database stack from the bottom up (proceeding up to the next layer only after the underlying layer is graded as «good»), the same as you do for TCP.

Layer Ntdsutil command Esentutl command
(1) Physical consistency no equivalent Esentutl /k
(2) Extensible Storage Engine (ESE) logical consistency Ntdsutil, files, integrity Esentutl /g
(3) Application logical consistency Ntdsutil, semantic database analysis + Ntdsutil, compact no equivalent for SDA + Esentutl /d
title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

Active Directory Replication Error 8451

provides a resolution for Active Directory Replication Error 8451 «The replication operation encountered a database error».

10/19/2020

Deland-Han

delhan

dcscontentpm

itpro

troubleshooting

windows-server

medium

kaushika, toddmax

sap:active-directory-replication, csstroubleshoot

windows-server-active-directory

Active Directory Replication Error 8451: «The replication operation encountered a database error»

This article provides a resolution for Active Directory Replication Error 8451: «The replication operation encountered a database error».

Applies to:   Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
Original KB number:   2645996

[!NOTE]
Home users: This article is intended only for technical support agents and IT professionals. If you’re looking for help to resolve a problem, please ask the Microsoft Community.

Symptoms

This article describes the symptoms and causes of situations in which Active Directory Domain Services (AD DS) operations fail and generate error 8451: «The replication operation encountered a database error.» This article also provides a resolution for this problem.
You might experience one of more of the following symptoms:

  • You see one or more on-screen error messages, logged events, or diagnostic output that identifies a database error. Possible formats for that error include the following.

    Decimal code Hexadecimal code Text code Error message
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error.
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size.
    -1075 0xfffffbc JET_errOutOfLongValueID Long-value ID counter has reached maximum value (do an offline defragmentation to reclaim free and unused LongValueIDs).
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non database file or corrupted db.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found.
    -1603 0xfffff9b JET_errNoCurrentRecord Currency not on a record.

  • Dcpromo.exe fails and generates error 8451.
    The user interface displays the following message:

    The operation failed because:

    Active Directory Domain Services could not replicate the directory partition
    <DN path of failing partition> from the remote Active Directory Domain Controller
    <helper DC>.<dns domain name>.<top level domain>.

    The replication operation encountered a database error.

    The Dcpromo.log file contains the following information:

    <date> <time> [INFO] NstdInstall for contoso.com returned 8451
    <date> <time> [INFO] DsRolepInstallDs returned 8451
    <date> <time> [ERROR] Failed to install to Directory Service (8451)
    <date> <time> [INFO] Starting service NETLOGON

  • Repadmin.exe reports that the replication attempt has failed with status 8451. Repadmin.exe commands that commonly cite the 8451 status include but are not limited to:

    • Repadmin /kcc

    • Repadmin /rehost

    • Repadmin /replicate

    • Repadmin /replsum

    • Repadmin /showrepl

    • Repadmin /showreps

    • Repadmin /showutdvec

    • Repadmin /syncall

      For detailed information about how to use Repadmin to troubleshoot replication problems, see Monitoring and Troubleshooting Active Directory Replication Using Repadmin.

      The following sample shows output from the repadmin /showreps command that indicates that inbound replication from CONTOSO-DC2 to CONTOSO-DC1 failed and generated the «replication access was denied» message.

      Default-First-Site-NameCONTOSO-DC1
      DSA Options: IS_GC
      Site Options: (none)
      DSA object GUID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      DSA invocationID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      ==== INBOUND NEIGHBORS ======================================
      DC=contoso,DC=com
      Default-First-Site-NameCONTOSO-DC2 via RPC
      DSA object GUID: 74fbe06c-932c-46b5-831b-af9e31f496b2
      Last attempt @ <date> <time> failed, result 8451 (0x2103):
      The replication operation encountered a database error.
      consecutive failure(s).
      Last success @ <date> <time>.

  • Event Viewer lists one or more events that cite the 8451 error. The following table lists the event sources and Event IDs of common events that cite the 8451 error (in event source + event ID order).

    Event source Event ID Event message
    Microsoft-Windows-ActiveDirectory_DomainService 1039 with extended error 8451 Internal event: Active Directory Domain Services could not process the following object.
    Microsoft-Windows-ActiveDirectory_DomainService 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    Microsoft-Windows-ActiveDirectory_DomainService 1308 with extended error 8451 The Knowledge Consistency Checker (KCC) has detected that successive attempt to replicate with the following directory service failed.
    Microsoft-Windows-ActiveDirectory_DomainService 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.
    NTDS Replication 2108 with extended error 8451 with secondary error value-1075 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1075
    NTDS Replication 2108 with extended error 8451 with secondary error value-1526 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1526
    NTDS Replication 2108 with extended error 8451 with secondary error value -1414 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1414
    NTDS General 1039 with extended error 8451. Internal event: Active Directory could not process the following object.
    NTDS KCC 1925 with extended error 8451 The attempt to establish a replication link for the following writable directory partition failed.
    NTDS Replication 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    NTDS Replication 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.

  • When you increase the NTDS diagnosing logging level on the domain controller, Event Viewer lists additional events that are related to the 8451 error. The following table lists the event sources and Event IDs of events that frequently accompany other events that contain the 8451 error.

    Event source Event ID Event message
    Internal Processing 1481 with error-1601 Internal error: The operation on the object failed. Additional Data: Error value: 2 000020EF: NameErr: DSID-032500E8, problem 2001 (NO_OBJECT), data -1601, best match of: «
    Internal Processing 1173 with error-1075 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1075 Internal ID: 205086d
    Internal Processing 1173 with error-1526 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1526 Internal ID: 205036b
    Internal Processing 1173 with error-1603 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1603 Internal ID: 2050344
    NTDS ISAM 474 with error-1018 The database page read from the file ‘E:NTDSDatantds.dit’ at offset 3846455296 (0x00000000e5444000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 323677604 (0x134aeda4) and the actual checksum was 2081515684 (0x7c1168a4). The read operation will fail with error -1018 (0xfffffc06). If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Contact your hardware vendor for further assistance diagnosing the problem.
    NTDS ISAM 488 NTDS (396) NTDSA: Data inconsistency detected in table datatable of database C:WINDOWSNTDSntds.dit (4621,7905).

  • When you run the Dcdiag.exe utility, it produces output that resembles as:

    Starting test: Replications

    * Replications Check
    [Replications Check,<DC Name>] A recent replication attempt
    failed:
    From <source DC> to <destination DC>
    Naming Context: <DN path of failing naming context>
    The replication generated an error (8451):
    The replication operation encountered a database error

  • In Active Directory Sites and Services, when you right-click the connection object of a source DC and select Replicate now, the command fails and generates a message that resembles as:

    The following error occurred during the attempt to synchronize naming context <%directory partition name%> from Domain Controller <Source DC> to Domain Controller <Destination DC>:
    «The replication operation encountered a database error.»
    The operation will not continue.

How to decode error codes

You can use Microsoft Exchange Server Error Code Lookup to decode the error codes that are described in this article. Decoding the error codes that relate to the 8451 error and accompanying errors produces the following information:

C:>err 8451
for decimal 8451 / hex 0x2103 :
ERROR_DS_DRA_DB_ERROR               winerror.h
The replication operation encountered a database error.
2 matches found for «8451»

C:>err -1414
for decimal -1414 / hex 0xfffffa7a :
JET_errSecondaryIndexCorrupted            esent98.h
/Secondary index is corrupt. The database must be
defragmented/
1 matches found for «-1414»

C:>err -1526
for decimal -1526 / hex 0xfffffa0a :
JET_errLVCorrupted                  esent98.h
/Corruption encountered in long-value tree/
1 matches found for «-1526»

C:>err -1603
for decimal -1603 / hex 0xfffff9bd :
JET_errNoCurrentRecord                esent98.h
/Currency not on a record/
1 matches found for «-1603»

C:>err -1075
for decimal -1075 / hex 0xfffffbcd :
JET_errOutOfLongValueIDs               esent98.h
/Long-value ID counter has reached maximum value.
(perform offline defrag to reclaim free/unused
LongValueIDs)/
1 matches found for «-1075»

C:>err -1601
for decimal -1601 / hex 0xfffff9bf :
JET_errRecordNotFound                 esent98.h
/The key was not found/
1 matches found for «-1601»

C:>err -1047
for decimal -1047 / hex 0xfffffbe9 :
JET_errInvalidBufferSize                  esent98.h
/Data buffer doesn’t match column size/
1 matches found for «-1047»

C:>err -1018
for decimal -1018 / hex 0xfffffc06 :
JET_errReadVerifyFailure                  ese.h
/Checksum error on a database page/
JET_errReadVerifyFailure                  esent98.h
/* Checksum error on a database page */
2 matches found for «-1018»

C:>err -1206
for decimal -1206 / hex 0xfffffb4a :
JET_errDatabaseCorrupted                  esent98.h
/Non database file or corrupted db/
1 matches found for «-1206»

Cause

The status 8451: «The replication operation encountered a database error» has multiple root causes, including the following ones:

  • The Active Directory database or Active Directory database index might be corrupted. It may be caused by the following reasons:
    • Failing hardware:
      • Disk
      • Controller
      • Controller cache
    • Outdated drivers:
      • Controller
    • Outdated firmware:
      • Computer BIOS
      • Controller
      • Disk
    • Sudden power loss.
    • Lingering objects.
    • The long-value ID counter has reached its maximum value:
      • The ESE column types JET_coltypLongTextand JET_coltypLongBinary are called long value column types. These columns are large string and large binary objects that may be stored in separate B+ trees away from the primary index. When long values are stored separately from the primary record, they are internally keyed on a long value ID (LID).
    • Invalid security descriptor in the msExchSecurityDescriptor attribute.

Resolution

[!Important]
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

How to resolve a single occurrence of the problem

If the error occurs on only one domain controller and appears to be an isolated problem, the best and quickest resolution is to do offline defragmentation of the database on the affected server. For information about how to do it, see How to perform offline defragmentation of the Active Directory database.

If offline defragmentation does not correct the issue, demote and then repromote the affected domain controller. For information about how to do it, see Demoting Domain Controllers and Domains.

How to resolve a recurring problem

If the problem recurs, collect some diagnostic data.

  1. Enable NTDS diagnostic logging for Replication Events and Internal Processing at a level of 5.

    To increase NTDS diagnostic logging, change the following REG_DWORD values in the registry of the destination domain controller under the following registry subkey:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics

    Set the value of the following entries to 5:

    • Replication Events
    • Internal Processing

    [!Note]
    Level-5 logging is extremely verbose. The values of both keys should be restored to the default of 0 after the problem is resolved. Filtering the Directory Services event log should be done to isolate and identify these events.

    For more information about the standard terminology that is used to describe Microsoft software updates, see the following Knowledge Base article:

  2. Review the event logs for the new events that were generated from the increased logging for error values that will give a definitive view of the original 8451 error. For example, an Internal Processing Event ID 1173 that has an error value of -1526 would indicate that we have a corruption in long-value tree.

  3. Based on the additional information from the increased logging, refer to the following table for a potential resolution.

    Decimal code Hex code Text code Error message Potential resolutions
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page Check hardware, firmware, and drivers. Restore from backup.Demote/promote.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size 832851 Inbound Replication Fails on Domain Controllers with Event ID: 1699, Error 8451 or jet error -1601 Note: This hotfix is no longer available.
    -1075 0xfffffbcd JET_errOutOfLongValueIDs Long-value ID counter has reached maximum value. (do offline defragmentation to reclaim free or unusedLongValueIDs) Do offline defragmentation.
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non-database file or corrupted db Check hardware, firmware, and drivers.Run the Esentutl/k command. Run the Ntdsutil file integrity and semantic database analysis (SDA) commands, and then do offline defragmentation.Otherwise restore from backup or demote/promote.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented. Do offline defragmentation.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil** file integrity and SDA commands, and then do offline defragmentation. Otherwise, restore from backup or demote and promote.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    -1603 0xfffff9bd JET_errNoCurrentRecord Currency not on a record Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation. Otherwise restore from backup or demote/promote.

  4. If all these methods fail, restore the domain controller from a backup, or demote it and then repromote.

More information

Verify the vertical jet database stack from the bottom up (proceeding up to the next layer only after the underlying layer is graded as «good»), the same as you do for TCP.

Layer Ntdsutil command Esentutl command
(1) Physical consistency no equivalent Esentutl /k
(2) Extensible Storage Engine (ESE) logical consistency Ntdsutil, files, integrity Esentutl /g
(3) Application logical consistency Ntdsutil, semantic database analysis + Ntdsutil, compact no equivalent for SDA + Esentutl /d

Hello everyone, I am having some replication issues on my domain that I would like to verify before I take the appropriate steps listed in the Microsoft Tech articles. I am running in a 2 DC network both running 2008 R2 both are Global Catalog Servers.  I
am having a tough time deciding on which DC I should take down and make the appropriate fixes / changes to. For the purpose of this question I will name my DC’s DC-01 and DC-02.  On DC-01 Checking the error logs I am receiving 3 separate Event ID error
467 — Database Corruption.  On DC-02 I am receiving the Event ID 1084 Error Value: 8451 indication database error, it does keep showing one specific object that for some reason I cannot seem to remove manually. I have attempted to perform a remove lingering
objects which receives an error.  Below is the logs from my attempt to remove the lingering object and my repadmin /showrepl logs. Replication from DC-01 to DC-02 is not working, but replication from DC-02 to DC-01 is. My questions is should I take down
DC-01 and perform the database integrity  / fixes or DC-02? Also any other steps anyone can suggest where I may not need to take down the service on my DC’s would be appreciated, the staff around here is VERY weary when it comes to any of our machines
having any downtime. Thank you!

When I attempt to run a repadmin /removelingeringobjects I receive a : (this don’t work if i change these around either)

repadmin /removelingeringobjects af01e71d-2516-42ca-8560-6c4f643c5b51 64af9410-df22-4b7e-8da3-942cdfce5a92 CN=Deleted Objects,DC=contoso,DC=com

DsBindWithCred to af01e71d-2516-42ca-8560-6c4f643c5b51 failed with status 1722 (0x6ba):
    The RPC server is unavailable.

Here are the repadmin /showrepl errors I am receiving. 

PS C:Windowssystem32> repadmin /showrepl contoso-dc02

Default-First-SiteCONTOSO-DC02

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

DSA invocationID: 37ea7e96-ac79-4c52-8578-22c0a9fe5d48

==== INBOUND NEIGHBORS ======================================

DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:24:12 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        49006 consecutive failure(s).

        Last success @ 2014-09-05 13:27:52.

CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:20:52 was successful.

CN=Schema,CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

DC=DomainDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:10:32 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        22848 consecutive failure(s).

        Last success @ 2014-03-10 06:08:45.

DC=ForestDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

Source: Default-First-SiteCONTOSO-DC01

******* 48974 CONSECUTIVE FAILURES since 2014-09-05 13:27:52

Last error: 8451 (0x2103):

            The replication operation encountered a database error.

_____________________________________________________________________________________________________

PS C:Windowssystem32> repadmin /showrepl contoso-dc01

Default-First-SiteCONTOSO-DC01

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

DSA invocationID: 4700c518-bbe6-46d3-8245-aa7c23798241

==== INBOUND NEIGHBORS ======================================

DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:24:46 was successful.

CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:19:14 was successful.

CN=Schema,CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

DC=DomainDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        1887 consecutive failure(s).

        Last success @ 2014-07-11 07:58:30.

DC=ForestDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

Source: Default-First-SiteCONTOSO-DC02

******* 1887 CONSECUTIVE FAILURES since 2014-07-11 07:58:30

Last error: 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

Hello everyone, I am having some replication issues on my domain that I would like to verify before I take the appropriate steps listed in the Microsoft Tech articles. I am running in a 2 DC network both running 2008 R2 both are Global Catalog Servers.  I
am having a tough time deciding on which DC I should take down and make the appropriate fixes / changes to. For the purpose of this question I will name my DC’s DC-01 and DC-02.  On DC-01 Checking the error logs I am receiving 3 separate Event ID error
467 — Database Corruption.  On DC-02 I am receiving the Event ID 1084 Error Value: 8451 indication database error, it does keep showing one specific object that for some reason I cannot seem to remove manually. I have attempted to perform a remove lingering
objects which receives an error.  Below is the logs from my attempt to remove the lingering object and my repadmin /showrepl logs. Replication from DC-01 to DC-02 is not working, but replication from DC-02 to DC-01 is. My questions is should I take down
DC-01 and perform the database integrity  / fixes or DC-02? Also any other steps anyone can suggest where I may not need to take down the service on my DC’s would be appreciated, the staff around here is VERY weary when it comes to any of our machines
having any downtime. Thank you!

When I attempt to run a repadmin /removelingeringobjects I receive a : (this don’t work if i change these around either)

repadmin /removelingeringobjects af01e71d-2516-42ca-8560-6c4f643c5b51 64af9410-df22-4b7e-8da3-942cdfce5a92 CN=Deleted Objects,DC=contoso,DC=com

DsBindWithCred to af01e71d-2516-42ca-8560-6c4f643c5b51 failed with status 1722 (0x6ba):
    The RPC server is unavailable.

Here are the repadmin /showrepl errors I am receiving. 

PS C:Windowssystem32> repadmin /showrepl contoso-dc02

Default-First-SiteCONTOSO-DC02

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

DSA invocationID: 37ea7e96-ac79-4c52-8578-22c0a9fe5d48

==== INBOUND NEIGHBORS ======================================

DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:24:12 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        49006 consecutive failure(s).

        Last success @ 2014-09-05 13:27:52.

CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:20:52 was successful.

CN=Schema,CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

DC=DomainDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:10:32 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        22848 consecutive failure(s).

        Last success @ 2014-03-10 06:08:45.

DC=ForestDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

Source: Default-First-SiteCONTOSO-DC01

******* 48974 CONSECUTIVE FAILURES since 2014-09-05 13:27:52

Last error: 8451 (0x2103):

            The replication operation encountered a database error.

_____________________________________________________________________________________________________

PS C:Windowssystem32> repadmin /showrepl contoso-dc01

Default-First-SiteCONTOSO-DC01

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

DSA invocationID: 4700c518-bbe6-46d3-8245-aa7c23798241

==== INBOUND NEIGHBORS ======================================

DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:24:46 was successful.

CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:19:14 was successful.

CN=Schema,CN=Configuration,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

DC=DomainDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        1887 consecutive failure(s).

        Last success @ 2014-07-11 07:58:30.

DC=ForestDnsZones,DC=contoso,DC=com

    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

Source: Default-First-SiteCONTOSO-DC02

******* 1887 CONSECUTIVE FAILURES since 2014-07-11 07:58:30

Last error: 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

Issue:
———

DC1 and DC2 are two domain controllers for the domain Domain.com.

DC1 -> DC2 replication working fine but the reverse DC2 -> DC1 doesn’t seem to work. Below are the commands and event ids which generated for the replication.

============================
C:Windowsntds>repadmin /replicate DC2 DC1 DC=Domain,DC=com
Sync from DC1 to DC2 completed successfully.

C:Windowsntds>repadmin /replicate DC1 DC2 DC=Domain,DC=om
DsReplicaSync() failed with status 8451 (0x2103):
The replication operation encountered a database error.
============================

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 2108
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Description:
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory Domain Services database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.

Object:
DC=DC1,DC=Domain.com,CN=MicrosoftDNS,CN=System,DC=barrylevin,DC=com
Object GUID:
27709216-a6eb-4e13-a614-36becd89756b
Source domain controller:
cfaf2018-03a3-441c-834e-4d86f8c8c7ba._msdcs.barrylevin.com

User Action

Please consult KB article 837932, http://support.microsoft.com/?id=837932. A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory Domain Services database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object’s parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run “ntdsutil files integrity”. If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the “ntdsutil files compact” function.
8. The “ntdsutil semantic database analysis” should also be performed. If errors are found, they may be corrected using the “go fixup” function. Note that this should not be confused with the database maintenance function called “ESE repair”, which should not be used, since it causes data loss for Active Directory Domain Services Databases.

If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

============================

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 1084
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Description:
Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service.

Object:
DC=DC1,DC=Domain.com,CN=MicrosoftDNS,CN=System,DC=barrylevin,DC=com
Object GUID:
27709216-a6eb-4e13-a614-36becd89756b
Source directory service:
cfaf2018-03a3-441c-834e-4d86f8c8c7ba._msdcs.barrylevin.com

Synchronization of the directory service with the source directory service is blocked until this update problem is corrected.

This operation will be tried again at the next scheduled replication.

User Action
Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).

Additional Data
Error value:
8451 The replication operation encountered a database error.

============================

Cause:
———

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

Above details indicate that the database should be defragemented on DC1..

Resolution:
—————-

Take a backup of ntds.dit file under c:windowsntds if anything goes wrong. If ntds.dit file is not available under default location, you should take backup from where you published the NTDS Database.

Open command prompt and navigate to c:windowsntds and perform below sequence of commands.

  1. net stop ntds
  2. Physical consistency check by using below command and it is passed. Go to Step 4 if its failed.
    esentutl /K ntds.dit
  3. Logical consistency check by using below command and it failed.
    ntds>esentutl /G ntds.dit

    ============================
    Checking database integrity.
    Scanning Status (% complete)

    0 10 20 30 40 50 60 70 80 90 100
    |—-|—-|—-|—-|—-|—-|—-|—-|—-|—-|
    …………………………………………
    Integrity check completed.
    Database is CORRUPTED, the last full backup of this database was on 10/25/2014 14:00:22

    Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non database file or corrupted db) after 13.712 seconds.
    ============================

  4. Performed offline Defrag by using below command. Contact Microsoft if in case it is failed.
    esentutl /D ntds.dit
  5. Again performed Logical consistency check by using below command and it was successful..
    ntds>esentutl /G ntds.dit
  6. net start ntds

Replication start working again. Thats it.

Reference:
—————

http://support2.microsoft.com/kb/837932
http://support2.microsoft.com/kb/2645996/en-gb

  • Remove From My Forums

  • Question

  • Hi folks,

    I’ve 6 DCs in my environment, two of them aren’t replicating since 31102016.

    We’ve 3 DCs in one site, DC1,DC2,DC3.

    Every time I try to replicate DC2 with DC3 and DC1 I got the following error message

    «8451 The replication encountered a database error»

    But the case is different for DC3 as when I try to replicate, I got the following error message

    «The target principal is incorrect».

    Any recommendations?

    Thanks in Advance,

    Mohamed Waly

All replies

  • Hi

     Check this for «Troubleshooting AD Replication error 8451: The replication operation encountered a database error»

    https://support.microsoft.com/en-us/kb/2645996

    The target principal is incorrect>>>means broken secure channel on the DC3,you should check the article;

    https://support.microsoft.com/en-us/kb/2090913

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  • Already tried and none of them works.

    • Proposed as answer by

      Monday, December 12, 2016 8:12 AM

  • Already tried and none of them works.

    Inadditon to wendy’s shared article after reset password on problematic dc,then you should verfiy port accesibilty between all DC’s.You can check this with PortQryUI;

    https://www.microsoft.com/en-us/download/details.aspx?id=24009

    And also if the 8451 error could not be fixed the easiest method just forcefully demote this DC from domain,will do a metadata cleanup and promote it as Domain Controller again.

    Metadata cleanup; https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx?f=255&mspperror=-2147217396

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by
      Wendy Jiang
      Monday, December 12, 2016 8:12 AM
  • Remove From My Forums

  • Question

  • Hi folks,

    I’ve 6 DCs in my environment, two of them aren’t replicating since 31102016.

    We’ve 3 DCs in one site, DC1,DC2,DC3.

    Every time I try to replicate DC2 with DC3 and DC1 I got the following error message

    «8451 The replication encountered a database error»

    But the case is different for DC3 as when I try to replicate, I got the following error message

    «The target principal is incorrect».

    Any recommendations?

    Thanks in Advance,

    Mohamed Waly

All replies

  • Hi

     Check this for «Troubleshooting AD Replication error 8451: The replication operation encountered a database error»

    https://support.microsoft.com/en-us/kb/2645996

    The target principal is incorrect>>>means broken secure channel on the DC3,you should check the article;

    https://support.microsoft.com/en-us/kb/2090913

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  • Already tried and none of them works.

    • Proposed as answer by

      Monday, December 12, 2016 8:12 AM

  • Already tried and none of them works.

    Inadditon to wendy’s shared article after reset password on problematic dc,then you should verfiy port accesibilty between all DC’s.You can check this with PortQryUI;

    https://www.microsoft.com/en-us/download/details.aspx?id=24009

    And also if the 8451 error could not be fixed the easiest method just forcefully demote this DC from domain,will do a metadata cleanup and promote it as Domain Controller again.

    Metadata cleanup; https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx?f=255&mspperror=-2147217396

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by
      Wendy Jiang
      Monday, December 12, 2016 8:12 AM

Issue:
———

DC1 and DC2 are two domain controllers for the domain Domain.com.

DC1 -> DC2 replication working fine but the reverse DC2 -> DC1 doesn’t seem to work. Below are the commands and event ids which generated for the replication.

============================
C:Windowsntds>repadmin /replicate DC2 DC1 DC=Domain,DC=com
Sync from DC1 to DC2 completed successfully.

C:Windowsntds>repadmin /replicate DC1 DC2 DC=Domain,DC=om
DsReplicaSync() failed with status 8451 (0x2103):
The replication operation encountered a database error.
============================

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 2108
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Description:
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory Domain Services database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.

Object:
DC=DC1,DC=Domain.com,CN=MicrosoftDNS,CN=System,DC=barrylevin,DC=com
Object GUID:
27709216-a6eb-4e13-a614-36becd89756b
Source domain controller:
cfaf2018-03a3-441c-834e-4d86f8c8c7ba._msdcs.barrylevin.com

User Action

Please consult KB article 837932, http://support.microsoft.com/?id=837932. A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory Domain Services database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object’s parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run “ntdsutil files integrity”. If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the “ntdsutil files compact” function.
8. The “ntdsutil semantic database analysis” should also be performed. If errors are found, they may be corrected using the “go fixup” function. Note that this should not be confused with the database maintenance function called “ESE repair”, which should not be used, since it causes data loss for Active Directory Domain Services Databases.

If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

============================

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 1084
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Description:
Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service.

Object:
DC=DC1,DC=Domain.com,CN=MicrosoftDNS,CN=System,DC=barrylevin,DC=com
Object GUID:
27709216-a6eb-4e13-a614-36becd89756b
Source directory service:
cfaf2018-03a3-441c-834e-4d86f8c8c7ba._msdcs.barrylevin.com

Synchronization of the directory service with the source directory service is blocked until this update problem is corrected.

This operation will be tried again at the next scheduled replication.

User Action
Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).

Additional Data
Error value:
8451 The replication operation encountered a database error.

============================

Cause:
———

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

Above details indicate that the database should be defragemented on DC1..

Resolution:
—————-

Take a backup of ntds.dit file under c:windowsntds if anything goes wrong. If ntds.dit file is not available under default location, you should take backup from where you published the NTDS Database.

Open command prompt and navigate to c:windowsntds and perform below sequence of commands.

  1. net stop ntds
  2. Physical consistency check by using below command and it is passed. Go to Step 4 if its failed.
    esentutl /K ntds.dit
  3. Logical consistency check by using below command and it failed.
    ntds>esentutl /G ntds.dit

    ============================
    Checking database integrity.
    Scanning Status (% complete)

    0 10 20 30 40 50 60 70 80 90 100
    |—-|—-|—-|—-|—-|—-|—-|—-|—-|—-|
    …………………………………………
    Integrity check completed.
    Database is CORRUPTED, the last full backup of this database was on 10/25/2014 14:00:22

    Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non database file or corrupted db) after 13.712 seconds.
    ============================

  4. Performed offline Defrag by using below command. Contact Microsoft if in case it is failed.
    esentutl /D ntds.dit
  5. Again performed Logical consistency check by using below command and it was successful..
    ntds>esentutl /G ntds.dit
  6. net start ntds

Replication start working again. Thats it.

Reference:
—————

http://support2.microsoft.com/kb/837932
http://support2.microsoft.com/kb/2645996/en-gb

Возможно данная информация кому нибудь поможет.

Описание проблемы:

Корневой доменный контроллер инфраструктуры развёрнут на Windows Server 2003 R2 SP2 x86, на нём размещаются все роли FSMO; При введении в домен доменного контроллера на базе Windows Server 2008 R2 оканчивается ошибкой репликации раздела CN=Configuration;

В журналах присутствуют следующие ошибки:

Имя журнала: Directory Service

Источник: Microsoft-Windows-ActiveDirectory_DomainService

Дата: 10.11.2011 13:06:15

Код события: 1084

Категория задачи:Репликация

Уровень: Ошибка

Ключевые слова:Классический

Пользователь: АНОНИМНЫЙ ВХОД

Компьютер: dc04.msft.local

Описание:

Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service.

Object:

CN=Configuration,DC=msft,DC=local

Object GUID:

8686a414-5d23-407e-8061-a7d443382eef

Source directory service:

dc01.msft.local

Synchronization of the directory service with the source directory service is blocked until this update problem is corrected.

This operation will be tried again at the next scheduled replication.

User Action

Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).

Additional Data

Error value:

8451 Произошла ошибка базы данных при выполнении репликации.

Xml события:

<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>

<System>

<Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />

<EventID Qualifiers=»49152″>1084</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>5</Task>

<Opcode>0</Opcode>

<Keywords>0x8080000000000000</Keywords>

<TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />

<EventRecordID>2009</EventRecordID>

<Correlation />

<Execution ProcessID=»452″ ThreadID=»768″ />

<Channel>Directory Service</Channel>

<Computer>dc04.msft.local</Computer>

<Security UserID=»S-1-5-7″ />

</System>

<EventData>

<Data>CN=Configuration,DC=msft,DC=local</Data>

<Data>8686a414-5d23-407e-8061-a7d443382eef</Data>

<Data>dc01.msft.local</Data>

<Data>Произошла ошибка базы данных при выполнении репликации.</Data>

<Data>8451</Data>

</EventData>

< /Event>

Имя журнала: Directory Service

Источник: Microsoft-Windows-ActiveDirectory_DomainService

Дата: 10.11.2011 13:06:15

Код события: 2108

Категория задачи:Репликация

Уровень: Ошибка

Ключевые слова:Классический

Пользователь: АНОНИМНЫЙ ВХОД

Компьютер: dc04.msft.local

Описание:

В этом событии содержится описание ПРОЦЕДУР ВОССТАНОВЛЕНИЯ для события 1084, которое было записано в журнал событий ранее. Это сообщение указывает на конкретную проблему согласованности базы данных доменных служб Active Directory на этом направлении репликации. Ошибка обработки базы данных произошла при применении реплицированных изменений для следующего объекта. База данных находится в непредвиденном состоянии, не позволяющем внести эти изменения.

Объект:

CN=Configuration,DC=msft,DC=local

GUID объекта:

8686a414-5d23-407e-8061-a7d443382eef

Исходный контроллер домена:

dc01.msft.local

Действия пользователя

1. Убедитесь, что на дисках, несущих базу данных доменных служб Active Directory, достаточно свободного места, затем повторите операцию. Убедитесь, что на дисках, несущих NTDS.DIT и файлы журналов, не включено сжатие NTFS. Проверьте, не используется ли для этих дисков антивирусное программное обеспечение.

2. Может быть полезным выполнить принудительное построение родительской цепочки контейнеров этого объекта в базе данных с помощью Security Descriptor Propagator. Это можно сделать, следуя инструкциям из статьи базы знаний 251343, http://support.microsoft.com/?id=251343.

3. Проблема может быть связана с родительским объектом на этом контроллере домена. На исходном контроллере домена переместите этот объект так, чтобы он имел другого родителя.

4. Если этот компьютер является глобальным каталогом и ошибка возникает в одном из разделов, предназначенных только для чтения, то следует лишить этот компьютер роли глобального каталога, сняв флажок глобального каталога в пользовательском интерфейсе «Сайты и службы«. Если ошибка происходит в разделе каталога приложений, можно остановить несение раздела каталога приложений на этой реплике. Это можно сделать с помощью команды NTDSUTIL.EXE.

5. Получите самую последнюю версию NTDSUTIL.EXE, установив последний пакет обновления для данной операционной системы. Прежде чем выполнять загрузку в режиме восстановления службы каталогов (DSRM), убедитесь, что вам известен пароль режима DSRM. В противном случае следует сбросить пароль перед перезагрузкой системы.

6. В режиме DSRM запустите командную строку, затем выполните команду «ntdsutil files integrity». Если будет найдено повреждение и существуют другие реплики, лишите эту реплику ее роли и проверьте надежность работы оборудования. Если другие реплики отсутствуют, восстановите состояние системы с помощью архивной копии и повторите эту проверку.

7. Находясь в автономном режиме, выполните дефрагментацию с помощью функции «ntdsutil files compact».

8. Следует также выполнить команду «ntdsutil semantic database analysis». Если будут найдены ошибки, их можно исправить с помощью функции «go fixup». Не путайте эту команду с функцией «ESE repair», которую нельзя использовать в данном случае, поскольку она может привести к потере данных в базе данных Active Directory.

Если ни одно из этих действий не помогает и ошибки репликации продолжаются, следует лишить этот компьютер роли контроллера домена, а затем вновь выдвинуть его на эту роль.

Дополнительные данные

Основная ошибка:

8451 Произошла ошибка базы данных при выполнении репликации.

Вторичная ошибка:

-1507 JET_errColumnNotFound, No such column

Xml события:

<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>

<System>

<Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />

<EventID Qualifiers=»49152″>2108</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>5</Task>

<Opcode>0</Opcode>

<Keywords>0x8080000000000000</Keywords>

<TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />

<EventRecordID>2010</EventRecordID>

<Correlation />

<Execution ProcessID=»452″ ThreadID=»768″ />

<Channel>Directory Service</Channel>

<Computer>dc04.msft.local</Computer>

<Security UserID=»S-1-5-7″ />

</System>

<EventData>

<Data>CN=Configuration,DC=msft,DC=local</Data>

<Data>8686a414-5d23-407e-8061-a7d443382eef</Data>

<Data>dc01.msft.local</Data>

<Data>Произошла ошибка базы данных при выполнении репликации.</Data>

<Data>8451</Data>

<Data>JET_errColumnNotFound, No such column</Data>

<Data>-1507</Data>

</EventData>

< /Event>

Имя журнала: Directory Service

Источник: Microsoft-Windows-ActiveDirectory_DomainService

Дата: 10.11.2011 13:06:15

Код события: 1173

Категория задачи: Внутренняя обработка

Уровень: Предупреждение

Ключевые слова: Классический

Пользователь: АНОНИМНЫЙ ВХОД

Компьютер: dc04.msft.local

Описание:

Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.

Exception:

e0010002

Parameter:

0

Additional Data

Error value:

8451

Internal ID:

106027e

Xml события:

<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>

<System>

<Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />

<EventID Qualifiers=»32768″>1173</EventID>

<Version>0</Version>

<Level>3</Level>

<Task>9</Task>

<Opcode>0</Opcode>

<Keywords>0x8080000000000000</Keywords>

<TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />

<EventRecordID>2011</EventRecordID>

<Correlation />

<Execution ProcessID=»452″ ThreadID=»768″ />

<Channel>Directory Service</Channel>

<Computer>dc04.msft.local</Computer>

<Security UserID=»S-1-5-7″ />

</System>

<EventData>

<Data>e0010002</Data>

<Data>8451</Data>

<Data>0</Data>

<Data>106027e</Data>

</EventData>

< /Event>

Анамнез:

Уровень леса и домена Windows Server 2003;

Подготовка к введению в инфраструктуру доменного контроллера на базе Windows Server 2008 R2 SP1 прошла успешно:

Подготовка леса и домена с помощью adprep /forest prep и adprep /domainprep /gpprep выполнена без ошибок;

Значение ObjectVertion после выполнения adprep для контейнера Schema:

Значение Revision после выполнения adprep для контейнера ActiveDirecrotyUpdate:

DCdiag ошибок в функционировании доменного контроллера не выявляет;

Вероятная причина:

Доподлинно установить не удалось, но есть подозрение, что вызвано некорректной работой adprep x86;

Решение:

В ручную через ADSI были изменены значения:

CN=Schema, CN=Configuration, DC=MSFT, DC=LOCAL равно 44

CN=ActiveDirectoryUpdate, CN=ForestUpdates, CN=Configuration, DC=MSFT, DC=LOCAL равно 2

После этого было проведено повторное расширение схемы и подготовка домена для Windows Server 2008 R2.

Доменные контроллеры успешно ввелись в домен, репликация прошла успешно.

Благодарности:

Спасибо Smirnov_Nik за возможность совместно найти решение данного вопроса.

Коллеги, если у кого была похожая проблема поделитесь опытом!

Источник

Уважаемые коллеги, данная тему уже поднималась на форуме но ответ полученный там мне не помог, прошу помощи.

Ситуация следующая, есть коневой DC01 с WS2003sp2x32 (железка), есть вторичный DC02 с WS2008R2x64 (виртуальная машина), был вторичный DC03 с WS2003sp2x32 (железка).

Действия:

После удачного добавления DC02 к существующей инфраструктуре, понизил до рядового DC03, все прошло удачно информация из БД AD была удалена, поле еще прошелся утилитами и проверил ntdsutil.

Уровень леса пока ws2003, все FSMO роли живут на DC01.

DC03 это hp dl 320 g3

Далее на DC03 развернул WS2008r2x64, пост вил все обновления, запустил утилиту dcpromo, прошелся по шагам, началось действо, и уже под самый конец мне этот «товарищ» заявил, вот что в логах:

Имя журнала:   Directory Service
Источник:      Microsoft-Windows-ActiveDirectory_DomainService
Дата:          10.11.2011 13:06:15
Код события:   1084
Категория задачи:Репликация
Уровень:       Ошибка
Ключевые слова:Классический
Пользователь:  АНОНИМНЫЙ ВХОД
Компьютер:     dc04.server.local
Описание:
Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services
on the directory service.

 
Object:
CN=Configuration,DC=server,DC=local
Object GUID:
8686a414-5d23-407e-8061-a7d443382eef
Source directory service:
dc01.server.local

 
Synchronization of the directory service with the source directory service is blocked until this update problem is corrected.

 
This operation will be tried again at the next scheduled replication.

 
User Action
Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).

 
Additional Data
Error value:
8451 Произошла ошибка базы данных при выполнении репликации.
Xml события:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
  <System>
    <Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />
    <EventID Qualifiers=»49152″>1084</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>5</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />
    <EventRecordID>2009</EventRecordID>
    <Correlation />
    <Execution ProcessID=»452″ ThreadID=»768″ />
    <Channel>Directory Service</Channel>
    <Computer>dc04.server.local</Computer>
    <Security UserID=»S-1-5-7″ />
  </System>
  <EventData>
    <Data>CN=Configuration,DC=server,DC=local</Data>
    <Data>8686a414-5d23-407e-8061-a7d443382eef</Data>
    <Data>dc01.server.local</Data>
    <Data>Произошла ошибка базы данных при выполнении репликации.</Data>
    <Data>8451</Data>
  </EventData>
</Event>

Имя журнала:   Directory Service
Источник:      Microsoft-Windows-ActiveDirectory_DomainService
Дата:          10.11.2011 13:06:15
Код события:   2108
Категория задачи:Репликация
Уровень:       Ошибка
Ключевые слова:Классический
Пользователь:  АНОНИМНЫЙ ВХОД
Компьютер:     dc04.server.local
Описание:
В этом событии содержится описание ПРОЦЕДУР ВОССТАНОВЛЕНИЯ для события 1084, которое было записано в журнал событий ранее. Это сообщение указывает на конкретную проблему согласованности базы данных доменных служб Active Directory на этом направлении репликации.
Ошибка обработки базы данных произошла при применении реплицированных изменений для следующего объекта. База данных находится в непредвиденном состоянии, не позволяющем внести эти изменения.

 
Объект:
CN=Configuration,DC=server,DC=local
GUID объекта:
8686a414-5d23-407e-8061-a7d443382eef
Исходный контроллер домена:
dc01.server.local

Действия пользователя

 
 Ознакомьтесь со статьей базы знаний 837932, http://support.microsoft.com/?id=837932. Подмножество процедур восстановления приведено ниже.
 1. Убедитесь, что на дисках, несущих базу данных доменных служб Active Directory, достаточно свободного места, затем повторите операцию. Убедитесь, что на дисках, несущих NTDS.DIT и файлы журналов, не включено сжатие NTFS. Проверьте, не используется ли
для этих дисков антивирусное программное обеспечение.
 2. Может быть полезным выполнить принудительное построение родительской цепочки контейнеров этого объекта в базе данных с помощью Security Descriptor Propagator. Это можно сделать, следуя инструкциям из статьи базы знаний 251343, http://support.microsoft.com/?id=251343.
 3. Проблема может быть связана с родительским объектом на этом контроллере домена. На исходном контроллере домена переместите этот объект так, чтобы он имел другого родителя.
 4. Если этот компьютер является глобальным каталогом и ошибка возникает в одном из разделов, предназначенных только для чтения, то следует лишить этот компьютер роли глобального каталога, сняв флажок глобального каталога в пользовательском интерфейсе
«Сайты и службы».   Если ошибка происходит в разделе каталога приложений, можно остановить несение раздела каталога приложений на этой реплике. Это можно сделать с помощью команды NTDSUTIL.EXE.
 5. Получите самую последнюю версию NTDSUTIL.EXE, установив последний пакет обновления для данной операционной системы. Прежде чем выполнять загрузку в режиме восстановления службы каталогов (DSRM), убедитесь, что вам известен пароль режима DSRM. В противном
случае следует сбросить пароль перед перезагрузкой системы.
 6. В режиме DSRM запустите командную строку, затем выполните команду «ntdsutil files integrity». Если будет найдено повреждение и существуют другие реплики, лишите эту реплику ее роли и проверьте надежность работы оборудования. Если другие реплики отсутствуют,
восстановите состояние системы с помощью архивной копии и повторите эту проверку.
 7. Находясь в автономном режиме, выполните дефрагментацию с помощью функции «ntdsutil files compact».
 8. Следует также выполнить команду «ntdsutil semantic database analysis». Если будут найдены ошибки, их можно исправить с помощью функции «go fixup».  Не путайте эту команду с функцией «ESE repair», которую нельзя использовать в данном случае, поскольку
она может привести к потере данных в базе данных Active Directory.

 
 Если ни одно из этих действий не помогает и ошибки репликации продолжаются, следует лишить этот компьютер роли контроллера домена, а затем вновь выдвинуть его на эту роль.

 
Дополнительные данные
Основная ошибка:
8451 Произошла ошибка базы данных при выполнении репликации.
Вторичная ошибка:
-1507 JET_errColumnNotFound, No such column
Xml события:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
  <System>
    <Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />
    <EventID Qualifiers=»49152″>2108</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>5</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />
    <EventRecordID>2010</EventRecordID>
    <Correlation />
    <Execution ProcessID=»452″ ThreadID=»768″ />
    <Channel>Directory Service</Channel>
    <Computer>dc04.server.local</Computer>
    <Security UserID=»S-1-5-7″ />
  </System>
  <EventData>
    <Data>CN=Configuration,DC=server,DC=local</Data>
    <Data>8686a414-5d23-407e-8061-a7d443382eef</Data>
    <Data>dc01.server.local</Data>
    <Data>Произошла ошибка базы данных при выполнении репликации.</Data>
    <Data>8451</Data>
    <Data>JET_errColumnNotFound, No such column</Data>
    <Data>-1507</Data>
  </EventData>
</Event>

Имя журнала:   Directory Service
Источник:      Microsoft-Windows-ActiveDirectory_DomainService
Дата:          10.11.2011 13:06:15
Код события:   1173
Категория задачи:Внутренняя обработка
Уровень:       Предупреждение
Ключевые слова:Классический
Пользователь:  АНОНИМНЫЙ ВХОД
Компьютер:     dc04.server.local
Описание:
Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.

 
Exception:
e0010002
Parameter:
0

 
Additional Data
Error value:
8451
Internal ID:
106027e
Xml события:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
  <System>
    <Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />
    <EventID Qualifiers=»32768″>1173</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>9</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />
    <EventRecordID>2011</EventRecordID>
    <Correlation />
    <Execution ProcessID=»452″ ThreadID=»768″ />
    <Channel>Directory Service</Channel>
    <Computer>dc04.server.local</Computer>
    <Security UserID=»S-1-5-7″ />
  </System>
  <EventData>
    <Data>e0010002</Data>
    <Data>8451</Data>
    <Data>0</Data>
    <Data>106027e</Data>
  </EventData>
</Event>

Что делал в связи с вышеуказанными ошибками

1. Дефрагментация БД AD

2. С помощью repadmin зачищал базу

3. по GUID объекта указанного в ошибке нашел этот объект в БД AD с помощью ADSEdit, он лежит по следующему пути CN=8f86b825-c322-4101-adc4-579f12d445db,CN=Operations,CN=ForestUpdates,CN=Configuration,DC=server,DC=local сделать с ним ничего нельзя. Как я
понял он не привязан к объектам непосредственно в AD, так что его не куда передвигать.

4. Прверял конфигурацию DNS там все чисто

5. Пробовал в dpcromo снимать галку GC не помогло

Воспрос:

Что по Вашему еще можно сделать, проверить, посмотреть, что бы устранить ошибку и завести дополнительный DC03?

Источник

Issue:
———

DC1 and DC2 are two domain controllers for the domain Domain.com.

DC1 -> DC2 replication working fine but the reverse DC2 -> DC1 doesn’t seem to work. Below are the commands and event ids which generated for the replication.

============================
C:Windowsntds>repadmin /replicate DC2 DC1 DC=Domain,DC=com
Sync from DC1 to DC2 completed successfully.

C:Windowsntds>repadmin /replicate DC1 DC2 DC=Domain,DC=om
DsReplicaSync() failed with status 8451 (0x2103):
The replication operation encountered a database error.
============================

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 2108
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Description:
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory Domain Services database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.

Object:
DC=DC1,DC=Domain.com,CN=MicrosoftDNS,CN=System,DC=barrylevin,DC=com
Object GUID:
27709216-a6eb-4e13-a614-36becd89756b
Source domain controller:
cfaf2018-03a3-441c-834e-4d86f8c8c7ba._msdcs.barrylevin.com

User Action

Please consult KB article 837932, http://support.microsoft.com/?id=837932. A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory Domain Services database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object’s parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run “ntdsutil files integrity”. If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the “ntdsutil files compact” function.
8. The “ntdsutil semantic database analysis” should also be performed. If errors are found, they may be corrected using the “go fixup” function. Note that this should not be confused with the database maintenance function called “ESE repair”, which should not be used, since it causes data loss for Active Directory Domain Services Databases.

If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

============================

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 1084
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Description:
Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service.

Object:
DC=DC1,DC=Domain.com,CN=MicrosoftDNS,CN=System,DC=barrylevin,DC=com
Object GUID:
27709216-a6eb-4e13-a614-36becd89756b
Source directory service:
cfaf2018-03a3-441c-834e-4d86f8c8c7ba._msdcs.barrylevin.com

Synchronization of the directory service with the source directory service is blocked until this update problem is corrected.

This operation will be tried again at the next scheduled replication.

User Action
Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).

Additional Data
Error value:
8451 The replication operation encountered a database error.

============================

Cause:
———

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

Above details indicate that the database should be defragemented on DC1..

Resolution:
—————-

Take a backup of ntds.dit file under c:windowsntds if anything goes wrong. If ntds.dit file is not available under default location, you should take backup from where you published the NTDS Database.

Open command prompt and navigate to c:windowsntds and perform below sequence of commands.

  1. net stop ntds
  2. Physical consistency check by using below command and it is passed. Go to Step 4 if its failed.
    esentutl /K ntds.dit
  3. Logical consistency check by using below command and it failed.
    ntds>esentutl /G ntds.dit

    ============================
    Checking database integrity.
    Scanning Status (% complete)

    0 10 20 30 40 50 60 70 80 90 100
    |—-|—-|—-|—-|—-|—-|—-|—-|—-|—-|
    …………………………………………
    Integrity check completed.
    Database is CORRUPTED, the last full backup of this database was on 10/25/2014 14:00:22

    Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non database file or corrupted db) after 13.712 seconds.
    ============================

  4. Performed offline Defrag by using below command. Contact Microsoft if in case it is failed.
    esentutl /D ntds.dit
  5. Again performed Logical consistency check by using below command and it was successful..
    ntds>esentutl /G ntds.dit
  6. net start ntds

Replication start working again. Thats it.

Reference:
—————

http://support2.microsoft.com/kb/837932
http://support2.microsoft.com/kb/2645996/en-gb

Источник

Event ID 5722 is logged on your Windows Server-based domain controller

My Original error –

DC=DomainDnsZones,DC=<domain>,DC=co,DC=uk
Default-First-Site-Name<DC> via RPC
DSA object GUID: eecaebcb-34ce-4ea0-8966-65a6a6bd7699
Last attempt @ 2017-01-06 10:49:52 failed, result 8451 (0x2103):
The replication operation encountered a database error.
793 consecutive failure(s).
Last success @ 2016-12-30 19:48:26.

The following saved me from a demote and re promote on Windows Server 2016 Domain controllers

  • For Windows Server 2008 and later versions
    Take one of the following actions:

    • Stop the “Active Directory Domain Services” or LDS instance.
    • Start “msconfig,” and go to the boot pane. Select the OS installation that you want to configure. Select Safe Boot in the Boot options section, and also select the Active Directory repair item. After you click OK, the tool asks you to restart. Restart the computer.
  • Log on to the administrator account by using the password that is defined for the local administrator account in the Directory Service Restore Mode SAM. For more information about how to use the offline SAM database, click the following article number to view the article in the Microsoft Knowledge Base:

    223301 Protection of the administrator account in the offline SAM

  • Click Start, point to Programs, point to Accessories, and then click Command Prompt.
  • At the command prompt, type cmd, and then press Enter.
  • NTDSUTIL uses the TEMP and TMP environment variables to create a temporary database during defragmentation. If the free space on your standard volume used is less than the size of the compacted database, you receive the following error:

    file maintenance: compact to d:compactDB
    Initiating DEFRAGMENTATION mode…
    Source Database: D:windowsNTDSntds.dit
    Target Database: d:compactDBntds.ditDefragmentation  Status (% complete)0    10   20   30   40   50   60   70   80   90  100

    |—-|—-|—-|—-|—-|—-|—-|—-|—-|—-|

    ……………………..Operation terminated with error -1808( JET_errDiskFull, No space left on disk ).

    In the Application log, you see an event that resembles the following:

    Log Name:      Application
    Source:        ESENT
    Event ID:      482
    Task Category: General
    Level:         Error
    Keywords:      Classic
    Description:NTDS (12852) An attempt to write to the file “C:UsersadministratorAppDataLocalTemptmp.edb” at offset 49315536896 (0x0000000b7b6f6000) for 0 (0x00000000) bytes failed after 0.015 seconds with system error 112 (0x00000070): “There is not enough space on the disk. “.  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

    In this case, set the environment variables TMP and TEMP to a volume that has enough free space for the task. For example, use the following settings:

    Md d:temp

    Set tmp=d:temp

    Set temp=d:temp

    Note This problem can also occur during an integrity check of the database.

  • Run NTDSUTIL.

  • For Windows 2008 and later versions
    Type activate instance ntds to select the Active Directory database instance.  Use the LDS instance name if you want to compact an LDS database.
  • Type files, and then press Enter.
  • Type info, and then press Enter. This displays current information about the path and size of the Active Directory database and its log files. Note the path.
  • Establish a location that has sufficient drive space for the compacted database to be stored.
  • Type compact to drive:directory, and then press Enter. Note, in this command, the placeholders drive and directory represent the path of the location that you established in the previous step.Note You must specify a directory path. If the path contains any spaces, the whole path must be enclosed in quotation marks. For example, type:

    compact to “c:new folder”

  • A new database that is named Ntds.dit or AdamNtds.dit is created in the path that you specified.
  • Type quit, and then press Enter. Type quit again to return to the command prompt.
  • If defragmentation succeeds without errors, follow the Ntdsutil.exe on-screen instructions. Delete all the log files in the log directory by typing the following command:

    del drive : pathToLogFiles *.log

    Copy the new Ntds.dit or AdamNtds.dit file over the old database file in the current database path that you noted in step 5.

    Note You do not have delete the Edb.chk file.

Источник

  • При репликации возникла ошибка 1908
  • При репликации возникла ошибка 1256
  • При рендеринге вылетает ошибка
  • При резервном копировании 1с выдает ошибку
  • При редактировании элемента произошла ошибка элемент не был сохранен bitrix медиабиблиотека