Event ID 2042: It has been too long since this machine replicated

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

If a domain controller has not replicated with its partner for longer than a tombstone lifetime, it is possible that a lingering object problem exists on one or both domain controllers. When this condition occurs, inbound replication with the source partner is stopped on the destination domain controller and event ID 2042 is logged in the Directory Services event log. The event identifies the source domain controller and the appropriate steps to take to either remove the outdated domain controller or remove lingering objects and restore replication from the source domain controller.

An example of the event text is as follows:

Event Type:Error
Event Source:NTDS Replication
Event Category:Replication
Event ID:2042
Date:3/22/2005
Time:7:28:49 AM
User:NT AUTHORITY\ANONYMOUS LOGON
Computer:DC3
Description:
It has been too long since this machine last replicated with the
named source machine. The time between replications with this source
has exceeded the tombstone lifetime. Replication has been stopped
with this source.
The reason that replication is not allowed to continue is that
the two machine's views of deleted objects may now be different.
The source machine may still have copies of objects that have
been deleted (and garbage collected) on this machine. If they
were allowed to replicate, the source machine might return
objects which have already been deleted.
Time of last successful replication:
2005-01-21 07:16:03
Invocation ID of source:
0397f6c8-f6b8-0397-0100-000000000000
Name of source:
4a8717eb-8e58-456c-995a-c92e4add7e8e._msdcs.contoso.com
Tombstone lifetime (days):
60

The replication operation has failed.

User Action:

Determine which of the two machines was disconnected from the
forest and is now out of date. You have three options:

1. Demote or reinstall the machine(s) that were disconnected.
2. Use the "repadmin /removelingeringobjects" tool to remove
inconsistent deleted objects and then resume replication.
3. Resume replication. Inconsistent deleted objects may be introduced.
You can continue replication by using the following registry key.
Once the systems replicate once, it is recommended that you remove
the key to reinstate the protection.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner

The repadmin /showrepl command also reports error 8614:

Source: Default-First-Site-Name\DC1
******* 1502 CONSECUTIVE FAILURES since 2005-01-21 07:16:00
Last error: 8614 (0x21a6):
            The Active Directory cannot replicate with this server
because the time since the last replication with this server has
exceeded the tombstone lifetime.

Solution

Treat this occurrence as a lingering object condition, and do the following:

  • Run the repadmin /showrepl command on the domain controller that received the error to determine which domain controller has been disconnected for longer than a tombstone lifetime.

  • Check the system time on both the source and destination domain controllers. If there is a time difference, ensure that you correct the time issue before proceeding. You may have to wait a couple of hours to see ensure that a time skew does not occur. If a time skew does occur, you must diagnose why and solve the issue. For example, there could be hardware issues, like system battery failure, or a firmware update might be required, or the forest root PDC might not be configured to use an external time source (as described in Configure the Time Source for the Forest).

  • Remove lingering objects. Follow the instructions for removing lingering objects from the source and destination domain controllers as described in Event ID 1388 or 1988: A lingering object is detected.

  • Restart replication on the destination domain controller. After you remove lingering objects, you must restart replication on the domain controller that logged the event by editing the registry setting that allows replication with a potentially out-of-date domain controller. You can also perform this procedure if you do not want to wait to remove lingering objects and you want to start replication immediately.

  • Reset the registry to protect the domain controller against outdated replication. After replication has resumed on the domain controller that logged the event, reset the registry so that this domain controller continues to log events if replication is attempted with a domain controller where the last successful replication occurred longer than a tombstone lifetime ago.

Restart Replication Following Event ID 2042

To restart inbound replication on the destination domain controller following event ID 2042, you must edit the Allow Replication With Divergent and Corrupt Partner registry entry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.

Use the following procedure to change the registry entry value. This procedure does not require a restart of the domain controller to take effect.

Warning

It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Admins group in the domain of the domain controller.

  • Tool: Regedit.exe

To restart replication following event ID 2042

  1. Click Start, click Run, type regedit, and then click OK.

  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

  3. In the details pane, create or edit the registry entry as follows:

    If the registry entry exists in the details pane, modify the entry as follows:

    1. In the details pane, right-click Allow Replication With Divergent and Corrupt Partner, and then click Modify.

    2. In the Value data box, type 1, and then click OK.

    If the registry entry does not exist, create the entry as follows:

    1. Right-click Parameters, click New, and then click DWORD Value.

    2. Type the name Allow Replication With Divergent and Corrupt Partner, and then press ENTER.

    3. Double-click the entry. In the Value data box, type 1, and then click OK.

Reset the Registry to Protect Against Outdated Replication

When you are satisfied that lingering objects have been removed and replication has occurred successfully from the source domain controller, edit the registry to return the value in Allow Replication With Divergent and Corrupt Partner to 0.

Note

If you did not remove the lingering objects, attempting replication might result in replication of a lingering object. If strict replication consistency is enabled on the destination domain controller, replication with the source domain controller will be blocked again.