How to troubleshoot common Active Directory replication errors

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 Standard

Notice


Home users: This article is only intended for technical support agents and IT professionals. If you're looking for help with a problem, please ask the Microsoft Community.

Summary


This article contains information and links to help you troubleshoot Active Directory Replication errors. It is intended to provide Active Directory administrators with a method to diagnose replication failures and to determine where those failures are occurring.
This article includes:

Error codes


To troubleshoot specific errors, refer to the following table.
 
Replication error code Cause Related Knowledge Base article
8464 This issue occurs because partial attribute set (PAS) synchronization is triggered when an attribute is added to the PAS. 3001248
8477 This code is informational and represents a regular Active Directory replication operation. It indicates that replication is currently in progress from the source and has not yet been applied to the destination domain controller's database replica. 2758780
8418 Attempts to replicate Active Directory when schema information is not consistent between the domain controller partners that are involved result in a "Schema Mismatch" error status. This symptom manifest itself in several ways. The underlying cause of the error may vary. 2734946
1908 This error has two primary causes:
  • The destination domain controller can't contact a key distribution center (KDC).
  • The computer is experiencing Kerberos-related errors.
2712026
8333 This error has multiple causes. They include the following:
  • Database corruption, with additional associated errors that are logged in the event log of the source domain controller
  • Lingering objects that have associated errors logged
  • Conflict objects
  • A third-party process
2703708
8589 This error most commonly occurs on a domain controller after a replication partner has Active Directory forcibly removed and then is re-promoted before end-to-end replication can complete. This error can also occur when you rename a domain controller and the serverReference attribute is not updated. 2703028
1818 The issue occurs when the destination domain controller that is performing incoming replication does not receive replication changes within the number of seconds that is specified in the RPC Replication Timeout registry key. 2694215
8446 This error can occur when the Active Directory replication engine cannot allocate memory to run Active Directory replication. 2693500
8240 This error indicates that the specific object could not be found in the directory. This error may be encountered in the following situations:
  • During AD replication
  • Reported 8240 in 1126 Event (NTDS)
2680976
8451 Status 8451: "The replication operation encountered a database error" has multiple causes. Refer to the related Knowledge Base article in the third column. 2645996
1256 This error is logged because of a connectivity failure.  2200187
1396 Known causes of this error include the following:
  • The service principal name (SPN) does not exist on the global catalog that is searched by the Kerberos Key Distribution Center (KDC) on behalf of the client that is trying to authenticate by using the Kerberos protocol.
  • The user or service account that should contain the SPN that is being looked up does not exist on the global catalog that is searched by the KDC on behalf of the destination domain controller that is trying to replicate.
  • The destination domain controller lacks a Local Security Authority (LSA) secret for the source domain controller's domain.
  • The SPN that is being looked up exists on the account of a different computer than the source domain controller.
2183411
1722 Remote Procedure Call (RPC) is an intermediate layer between the network transport and the application protocol. RPC itself has no special insight into failures. However, it tries to map lower-layer protocol failures into an error at the RPC layer.  2102154
-2146893022 This error code is not returned by Active Directory. However, it may be returned by lower-layer components. These include RPC, the Kerberos protocol, Secure Sockets Layer (SSL), LSA, and NT LAN Manager (NTLM). The code is returned for various reasons. 2090913
1753 Specific causes of this error include the following:
  • The server app never started.  
  • The server app started. However, there was a failure during initialization that prevented the server app from registering with the RPC Endpoint Mapper.
  • The server app started but later died.  
  • The server app manually unregistered its endpoints. (This resembled the previous cause, but its occurrence was intentional. You are unlikely to receive this error for this reason. However, we include it for completeness.)
  • The RPC client (that is, the destination domain controller) contacted a different RPC server than the intended one because of a name-to-IP mapping error in DNS, WINS, or the host / lmhosts file.
2089874
8606 Error 8606 is logged when the following conditions are true:
  • A source domain controller sends an update to an object (instead of sending an originating object create request) that was already created, deleted, and then reclaimed by garbage collection from a destination domain controller's copy of Active Directory.
  • The destination domain controller was configured to run in strict replication consistency.
2028495
1127 Error 8606 is logged when the following conditions are true:
  • A source domain controller sends an update to an object (instead of sending an originating object create request) that was already created, deleted, and then reclaimed by garbage collection from a destination domain controller's copy of Active Directory.
  • The destination domain controller was configured to run in strict replication consistency. duplication of above?
2025726
8452 This error most frequently occurs when the replication topology in a domain controller that is starting replication differs from the replication topology that is defined in the destination domain controller's copy of Active Directory. 2023704
8456 or 8457 Incoming or outgoing replication was automatically disabled by the operating system because of multiple root causes. 2023007
8453 This "Replication Access was denied" error has multiple causes. 2022387
8524 This is a catch-all error for all possible DNS failures that affect Active Directory on post-Windows Server 2003 SP1-based domain controllers. 2021446
8614 Causes of this error (and for NTDS Replication Event 2042) include the following:
  • The destination domain controller that is logging the 8614 error did not inbound-replicate a directory partition from one or more source domain controllers for Tombstone lifetime number of days.
  • System time on the destination domain controller moved, or "jumped," Tombstone lifetime one or more days into the future after the last successful replication.
2020053
8545 This Active Directory replication error is logged when the source domain controller tries to send changes for a recently migrated object when the destination domain controller has the object present in a different partition. 3110029
5 This Active Directory replication error has multiple causes. 2002013

Event IDs


To troubleshoot specific event IDs, refer to the following table

Event ID Cause Related Knowledge Base article
Event ID 1311 Fixing Replication Topology Problems 4469664
Event ID 1388 or 1988 A lingering object is detected 4469619
Event ID 2042 It has been too long since this machine replicated 4469622
Event ID 1925 Attempt to establish a replication link failed due to DNS lookup problem 4469659
Event ID 2087 DNS lookup failure caused replication to fail 4469661
Event ID 2088 DNS lookup failure occurred with replication success 4469662

More Information


Microsoft Developer Network (MSDN): Troubleshooting Active Directory Replication Problems

Microsoft TechNet: Troubleshooting Active Directory Replication Problems

Microsoft Knowledge Base: 2498185 How to diagnose Active Directory replication failures