If a domain controller has not replicated with its partner for longer than a tombstone lifetime, it is possible that a lingering object problem exists on one or both domain controllers. When this condition occurs, inbound replication with the source partner is stopped on the destination domain controller and event ID 2042 is logged in the Directory Services event log. The event identifies the source domain controller and the appropriate steps to take to either remove the outdated domain controller or remove lingering objects and restore replication from the source domain controller.
An example of the event text is as follows:
Event Type:Error Event Source:NTDS Replication Event Category:Replication Event ID:2042 Date:3/22/2005 Time:7:28:49 AM User:NT AUTHORITY\ANONYMOUS LOGON Computer:DC3 Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. The reason that replication is not allowed to continue is that the two machine's views of deleted objects may now be different. The source machine may still have copies of objects that have been deleted (and garbage collected) on this machine. If they were allowed to replicate, the source machine might return objects which have already been deleted. Time of last successful replication: 2005-01-21 07:16:03 Invocation ID of source: 0397f6c8-f6b8-0397-0100-000000000000 Name of source: 4a8717eb-8e58-456c-995a-c92e4add7e8e._msdcs.contoso.com Tombstone lifetime (days): 60 The replication operation has failed. User Action: Determine which of the two machines was disconnected from the forest and is now out of date. You have three options: 1. Demote or reinstall the machine(s) that were disconnected. 2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent deleted objects and then resume replication. 3. Resume replication. Inconsistent deleted objects may be introduced. You can continue replication by using the following registry key. Once the systems replicate once, it is recommended that you remove the key to reinstate the protection. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
The repadmin /showrepl command also reports error 8416:
Source: Default-First-Site-Name\DC1 ******* 1502 CONSECUTIVE FAILURES since 2005-01-21 07:16:00 Last error: 8614 (0x21a6): The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
Treat this occurrence as a lingering object condition, and do the following:
To restart inbound replication on the destination domain controller following event ID 2042, you must edit the Allow Replication With Divergent and Corrupt Partner registry entry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
Use the following procedure to change the registry entry value. This procedure does not require a restart of the domain controller to take effect.
Requirements
Click Start, click Run, type regedit, and then click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
In the details pane, create or edit the registry entry as follows:
If the registry entry exists in the details pane, modify the entry as follows:
If the registry entry does not exist, create the entry as follows:
When you are satisfied that lingering objects have been removed and replication has occurred successfully from the source domain controller, edit the registry to return the value in Allow Replication With Divergent and Corrupt Partner to 0.