After installing an update to a DC that happens to be in VMware vSphere the update failed. So, I had to rollback to the snapshot I just took.
after rolling back Replication to other DCs failed. In the Event viewer I found:
NTDS General Errors 1113, 1115, and 2103
NTDS KCC Errors 1308
The problem seems to be that AD replication gets disabled after the VMware rollback and the Netlogon service has been Paused.
So after much searching and reading and a server reboot I discovered that replication had been disabled by the USER!
I am sure I didn’t disable anything!
So here is the fix:
- Install Server 2003 Support Tools:
- Start the Netlogon service as it is probably paused
- Make sure that the DNS serial number under properties is the same as your functioning DCs. You can do this by opening the DNS Admin Tool (msc) under Start>Programs>Administrative Tools>DNS on the DC
- Open your Forward Lookup Zone
- R-Click on your Domain (should be something like MyDomain.com –or– MyDomain.local)
- L-Click on Properties
- The “Serial Number” is located on the SOA Tab (Make sure they are the same number between DCs Hint: Never roll back numbers always go to a higher number if needed.)
- Restart DNS Service
- Restart the Netlogon Service (Not sure if you need this, but I did it.)
- Open a Command Prompt
- Go to where the support tools are installed (usually c:\program files\support tools)
- Type in: repadmin /options -DISABLE_OUTBOUND_REPL
- Hit Enter
- Type in: repadmin /options -DISABLE_INBOUND_REPL
- Hit Enter then close the cmd prompt
After this replication should be working again!
- Lastly, check the Registry value "HKLM\System\CurrentControlSet\Services\NTDS\Parameters, "DSA Not Writable" (REG_DWORD) and its value is 0x4.
- Delete "DSA Not Writable" (REG_DWORD) from registry and reboot the server.
- Reboot your server! DONE!!!