Tombstone abgelaufen

Problem:

Replikation zwischen DCs wurde beendet aufgrund der abgelaufenen Tombstone-Zeit

Lösung:

Zur Replizierung ist es nötig einen Registry-Eintrag einzufügen/ändern, damit der DC wieder die Replizierung von einem abgelaufenen DC annimmt.

Click Start, click Run, type regedit, and then click OK.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

In the details pane, create or edit the registry entry as follows:

If the registry entry exists in the details pane, modify the entry as follows:

In the details pane, right-click Allow Replication With Divergent and Corrupt Partner, and then click Modify.

In the Value data box, type 1, and then click OK.

If the registry entry does not exist, create the entry as follows:

Right-click Parameters, click New, and then click DWORD Value.

Type the name Allow Replication With Divergent and Corrupt Partner, and then press ENTER.

Double-click the entry. In the Value data box, type 1, and then click OK.

Reset the Registry to Protect Against Outdated Replication

When you are satisfied that lingering objects have been removed and replication has occurred successfully from the source domain controller, edit the registry to return the value in Allow Replication With Divergent and Corrupt Partner to 0.

Technet-Link: Event ID 2042 - If a domain controller has not replicated with its partner for longer than a tombstone lifetime
“Das einzig sichere System müsste ausgeschaltet, in einem versiegelten und von Stahlbeton ummantelten Raum und von bewaffneten Schutztruppen umstellt sein.”
Gene Spafford (Sicherheitsexperte)