General discussion

Locked

How to cure "Exceeded Tombstone life"

By tekkydave ·
I had a piece of freeware that updated one of my servers time from a NIST time server. For some reason, after months of use, the NIST server told my server that it was the year 2150 ! Then when the server tried to replicate, it said that the server had been out of use for more that 6months, and that the tombstone life had been exceeded. i switched the time back, and downed the server, and I'm still having the same replication issues. Here is the even log from Directory service:

"It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. "

Does anyone know of a way to remedy this? I know the data on the servers should be accurate, since they were replicating fine until this debacle. I'm trying to avoid forcibly demoting the servers.

Thanks in advance,

Dave

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to How to cure "Exceeded Tom ...

There is no way to fix that. An object cannot be restored when the tombstone lifetime for the object has expired because when the tombstone lifetime has expired, the object is permanently deleted.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/restoring_deleted_objects.asp

Collapse -

by tekkydave In reply to How to cure "Exceeded Tom ...

I actually found an answer to my problem. Since I knew the tombstone lifetime had expired by accident, on a fluke, an that the serers were really ok, I made a registry entry which removed the servers error protection. I then replicated to a good server, and removed the registry entry. I did this on both servers and they're both working fine.

In the registry, add an entry.
Go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

And add the dword:
Allow Replication With Divergent and Corrupt Partner

Set the value to 1

That's all there was to it.

Collapse -

Awesome Post

by rfbos In reply to

I was searching for this fix everywhere and this helped in a lab I was doing in class. I realize this is an old fix but one that was only found here...

Thank teccydave

Collapse -

Brilliant a life Saver

by alkern In reply to Awesome Post

Wow...Thanks a million. Don't know what happened, but this saves the day.

Collapse -

by dbachelor In reply to

Many thanks for this fix. I foolishly clicked on the calander on my 2003 box, to find a day 60 days prior, and clicked "OK", instead of cancel. This set all the clients on my domain back 2 months, and then they couldnt login due to the tombstone policy. I ran your fix and in 5 minutes everyone was up again. Thanks again!

Collapse -

by dbachelor In reply to

Many thanks for this fix. I foolishly clicked on the calander on my 2003 box, to find a day 60 days prior, and clicked "OK", instead of cancel. This set all the clients on my domain back 2 months, and then they couldnt login due to the tombstone policy. I ran your fix and in 5 minutes everyone was up again. Thanks again!

Collapse -

Still works!!!!

by dcarlton74 In reply to

Nearly 5 years later and helped solve a domain issue. Had to restore to image more than 60 days old on both DC's...and was able to restore replication. Excellent!!

Collapse -

Works great!

by CNE In reply to

Thanks for the fix. I worked great for me

Collapse -

by JeMend In reply to How to cure "Exceeded Tom ...

Not to contradict anyone, but just because someone else might find this useful.
The answer posted by Dave, about editing the registry to allow the domain controllers (DCs) to replicate again, does work. I had a similar problem with a Windows 2003 server. Editing the registry allowed the DCs to replicate again.
Two more comments on this:
1.- The registry entry can be removed after one succesful replication.
2.- The comment by BFilmFan is also correct in some ways. You can't do anything to recover an item with a tombstone stamp. That is if the item has been marked for deletion. In the case of DCs, the tombstone timestamp, which is actually 60 days, only relates to the replication part. So only replication stops but the DC is not mark for deletion. That's is why the registry hack works.

I hope this helps someone elso out there.
Thanks Dave for sharing this solution.

Jesus

Back to Networks Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums