Ошибка выдачи репликации 8451 0x2103

title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

Active Directory Replication Error 8451

provides a resolution for Active Directory Replication Error 8451 «The replication operation encountered a database error».









kaushika, toddmax

sap:active-directory-replication, csstroubleshoot


Active Directory Replication Error 8451: «The replication operation encountered a database error»

This article provides a resolution for Active Directory Replication Error 8451: «The replication operation encountered a database error».

Applies to:   Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
Original KB number:   2645996

Home users: This article is intended only for technical support agents and IT professionals. If you’re looking for help to resolve a problem, please ask the Microsoft Community.


This article describes the symptoms and causes of situations in which Active Directory Domain Services (AD DS) operations fail and generate error 8451: «The replication operation encountered a database error.» This article also provides a resolution for this problem.
You might experience one of more of the following symptoms:

  • You see one or more on-screen error messages, logged events, or diagnostic output that identifies a database error. Possible formats for that error include the following.

    Decimal code Hexadecimal code Text code Error message
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error.
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size.
    -1075 0xfffffbc JET_errOutOfLongValueID Long-value ID counter has reached maximum value (do an offline defragmentation to reclaim free and unused LongValueIDs).
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non database file or corrupted db.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found.
    -1603 0xfffff9b JET_errNoCurrentRecord Currency not on a record.
  • Dcpromo.exe fails and generates error 8451.
    The user interface displays the following message:

    The operation failed because:

    Active Directory Domain Services could not replicate the directory partition
    <DN path of failing partition> from the remote Active Directory Domain Controller
    <helper DC>.<dns domain name>.<top level domain>.

    The replication operation encountered a database error.

    The Dcpromo.log file contains the following information:

    <date> <time> [INFO] NstdInstall for contoso.com returned 8451
    <date> <time> [INFO] DsRolepInstallDs returned 8451
    <date> <time> [ERROR] Failed to install to Directory Service (8451)
    <date> <time> [INFO] Starting service NETLOGON

  • Repadmin.exe reports that the replication attempt has failed with status 8451. Repadmin.exe commands that commonly cite the 8451 status include but are not limited to:

    • Repadmin /kcc

    • Repadmin /rehost

    • Repadmin /replicate

    • Repadmin /replsum

    • Repadmin /showrepl

    • Repadmin /showreps

    • Repadmin /showutdvec

    • Repadmin /syncall

      For detailed information about how to use Repadmin to troubleshoot replication problems, see Monitoring and Troubleshooting Active Directory Replication Using Repadmin.

      The following sample shows output from the repadmin /showreps command that indicates that inbound replication from CONTOSO-DC2 to CONTOSO-DC1 failed and generated the «replication access was denied» message.

      DSA Options: IS_GC
      Site Options: (none)
      DSA object GUID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      DSA invocationID: b6dc8589-7e00-4a5d-b688-045aef63ec01
      ==== INBOUND NEIGHBORS ======================================
      Default-First-Site-NameCONTOSO-DC2 via RPC
      DSA object GUID: 74fbe06c-932c-46b5-831b-af9e31f496b2
      Last attempt @ <date> <time> failed, result 8451 (0x2103):
      The replication operation encountered a database error.
      consecutive failure(s).
      Last success @ <date> <time>.

  • Event Viewer lists one or more events that cite the 8451 error. The following table lists the event sources and Event IDs of common events that cite the 8451 error (in event source + event ID order).

    Event source Event ID Event message
    Microsoft-Windows-ActiveDirectory_DomainService 1039 with extended error 8451 Internal event: Active Directory Domain Services could not process the following object.
    Microsoft-Windows-ActiveDirectory_DomainService 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    Microsoft-Windows-ActiveDirectory_DomainService 1308 with extended error 8451 The Knowledge Consistency Checker (KCC) has detected that successive attempt to replicate with the following directory service failed.
    Microsoft-Windows-ActiveDirectory_DomainService 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.
    NTDS Replication 2108 with extended error 8451 with secondary error value-1075 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1075
    NTDS Replication 2108 with extended error 8451 with secondary error value-1526 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1526
    NTDS Replication 2108 with extended error 8451 with secondary error value -1414 This event contains REPAIR PROCEDURES for the 1084 event that has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made. Object: CN=justintu@contoso.com,OU=marketing,OU=5thWard,OU=Houston,DC=Contoso,DC=com Object GUID: 2843919c-345c-4f57-bc1a-4ed5acbcf9e2 Source domain controller: 173ee10f-4c28-4acd-a2d7-61af8d4d3010._msdcs.Contoso.com User Action If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again. Additional Data Primary Error value: 8451 The replication operation encountered a database error. Secondary Error value: -1414
    NTDS General 1039 with extended error 8451. Internal event: Active Directory could not process the following object.
    NTDS KCC 1925 with extended error 8451 The attempt to establish a replication link for the following writable directory partition failed.
    NTDS Replication 1084 with extended error 8451 Internal event: Active Directory could not update the following object with changes received from the following source domain controller. It is because an error occurred during the application of the changes to Active Directory on the domain controller.
    NTDS Replication 1699 with extended error 8451 The local domain controller failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send the change requests to the domain controller at the following network address.
  • When you increase the NTDS diagnosing logging level on the domain controller, Event Viewer lists additional events that are related to the 8451 error. The following table lists the event sources and Event IDs of events that frequently accompany other events that contain the 8451 error.

    Event source Event ID Event message
    Internal Processing 1481 with error-1601 Internal error: The operation on the object failed. Additional Data: Error value: 2 000020EF: NameErr: DSID-032500E8, problem 2001 (NO_OBJECT), data -1601, best match of: «
    Internal Processing 1173 with error-1075 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1075 Internal ID: 205086d
    Internal Processing 1173 with error-1526 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1526 Internal ID: 205036b
    Internal Processing 1173 with error-1603 Internal event: Active Directory has encountered the following exception and associated parameters. Exception: e0010004 Parameter: 0 Additional Data Error value: -1603 Internal ID: 2050344
    NTDS ISAM 474 with error-1018 The database page read from the file ‘E:NTDSDatantds.dit’ at offset 3846455296 (0x00000000e5444000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 323677604 (0x134aeda4) and the actual checksum was 2081515684 (0x7c1168a4). The read operation will fail with error -1018 (0xfffffc06). If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Contact your hardware vendor for further assistance diagnosing the problem.
    NTDS ISAM 488 NTDS (396) NTDSA: Data inconsistency detected in table datatable of database C:WINDOWSNTDSntds.dit (4621,7905).
  • When you run the Dcdiag.exe utility, it produces output that resembles as:

    Starting test: Replications

    * Replications Check
    [Replications Check,<DC Name>] A recent replication attempt
    From <source DC> to <destination DC>
    Naming Context: <DN path of failing naming context>
    The replication generated an error (8451):
    The replication operation encountered a database error

  • In Active Directory Sites and Services, when you right-click the connection object of a source DC and select Replicate now, the command fails and generates a message that resembles as:

    The following error occurred during the attempt to synchronize naming context <%directory partition name%> from Domain Controller <Source DC> to Domain Controller <Destination DC>:
    «The replication operation encountered a database error.»
    The operation will not continue.

How to decode error codes

You can use Microsoft Exchange Server Error Code Lookup to decode the error codes that are described in this article. Decoding the error codes that relate to the 8451 error and accompanying errors produces the following information:

C:>err 8451
for decimal 8451 / hex 0x2103 :
ERROR_DS_DRA_DB_ERROR               winerror.h
The replication operation encountered a database error.
2 matches found for «8451»

C:>err -1414
for decimal -1414 / hex 0xfffffa7a :
JET_errSecondaryIndexCorrupted            esent98.h
/Secondary index is corrupt. The database must be
1 matches found for «-1414»

C:>err -1526
for decimal -1526 / hex 0xfffffa0a :
JET_errLVCorrupted                  esent98.h
/Corruption encountered in long-value tree/
1 matches found for «-1526»

C:>err -1603
for decimal -1603 / hex 0xfffff9bd :
JET_errNoCurrentRecord                esent98.h
/Currency not on a record/
1 matches found for «-1603»

C:>err -1075
for decimal -1075 / hex 0xfffffbcd :
JET_errOutOfLongValueIDs               esent98.h
/Long-value ID counter has reached maximum value.
(perform offline defrag to reclaim free/unused
1 matches found for «-1075»

C:>err -1601
for decimal -1601 / hex 0xfffff9bf :
JET_errRecordNotFound                 esent98.h
/The key was not found/
1 matches found for «-1601»

C:>err -1047
for decimal -1047 / hex 0xfffffbe9 :
JET_errInvalidBufferSize                  esent98.h
/Data buffer doesn’t match column size/
1 matches found for «-1047»

C:>err -1018
for decimal -1018 / hex 0xfffffc06 :
JET_errReadVerifyFailure                  ese.h
/Checksum error on a database page/
JET_errReadVerifyFailure                  esent98.h
/* Checksum error on a database page */
2 matches found for «-1018»

C:>err -1206
for decimal -1206 / hex 0xfffffb4a :
JET_errDatabaseCorrupted                  esent98.h
/Non database file or corrupted db/
1 matches found for «-1206»


The status 8451: «The replication operation encountered a database error» has multiple root causes, including the following ones:

  • The Active Directory database or Active Directory database index might be corrupted. It may be caused by the following reasons:
    • Failing hardware:
      • Disk
      • Controller
      • Controller cache
    • Outdated drivers:
      • Controller
    • Outdated firmware:
      • Computer BIOS
      • Controller
      • Disk
    • Sudden power loss.
    • Lingering objects.
    • The long-value ID counter has reached its maximum value:
      • The ESE column types JET_coltypLongTextand JET_coltypLongBinary are called long value column types. These columns are large string and large binary objects that may be stored in separate B+ trees away from the primary index. When long values are stored separately from the primary record, they are internally keyed on a long value ID (LID).
    • Invalid security descriptor in the msExchSecurityDescriptor attribute.


Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

How to resolve a single occurrence of the problem

If the error occurs on only one domain controller and appears to be an isolated problem, the best and quickest resolution is to do offline defragmentation of the database on the affected server. For information about how to do it, see How to perform offline defragmentation of the Active Directory database.

If offline defragmentation does not correct the issue, demote and then repromote the affected domain controller. For information about how to do it, see Demoting Domain Controllers and Domains.

How to resolve a recurring problem

If the problem recurs, collect some diagnostic data.

  1. Enable NTDS diagnostic logging for Replication Events and Internal Processing at a level of 5.

    To increase NTDS diagnostic logging, change the following REG_DWORD values in the registry of the destination domain controller under the following registry subkey:

    Set the value of the following entries to 5:

    • Replication Events
    • Internal Processing

    Level-5 logging is extremely verbose. The values of both keys should be restored to the default of 0 after the problem is resolved. Filtering the Directory Services event log should be done to isolate and identify these events.

    For more information about the standard terminology that is used to describe Microsoft software updates, see the following Knowledge Base article:

  2. Review the event logs for the new events that were generated from the increased logging for error values that will give a definitive view of the original 8451 error. For example, an Internal Processing Event ID 1173 that has an error value of -1526 would indicate that we have a corruption in long-value tree.

  3. Based on the additional information from the increased logging, refer to the following table for a potential resolution.

    Decimal code Hex code Text code Error message Potential resolutions
    -1018 0xfffffc06 JET_errReadVerifyFailure Checksum error on a database page Check hardware, firmware, and drivers. Restore from backup.Demote/promote.
    -1047 0xfffffbe9 JET_errInvalidBufferSize Data buffer doesn’t match column size 832851 Inbound Replication Fails on Domain Controllers with Event ID: 1699, Error 8451 or jet error -1601 Note: This hotfix is no longer available.
    -1075 0xfffffbcd JET_errOutOfLongValueIDs Long-value ID counter has reached maximum value. (do offline defragmentation to reclaim free or unusedLongValueIDs) Do offline defragmentation.
    -1206 0xfffffb4a JET_errDatabaseCorrupted Non-database file or corrupted db Check hardware, firmware, and drivers.Run the Esentutl/k command. Run the Ntdsutil file integrity and semantic database analysis (SDA) commands, and then do offline defragmentation.Otherwise restore from backup or demote/promote.
    -1414 0xfffffa7a JET_errSecondaryIndexCorrupted Secondary index is corrupt. The database must be defragmented. Do offline defragmentation.
    -1526 0xfffffa0a JET_errLVCorrupted Corruption encountered in long-value tree Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil** file integrity and SDA commands, and then do offline defragmentation. Otherwise, restore from backup or demote and promote.
    -1601 0xfffff9bf JET_errRecordNotFound The key was not found Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    -1603 0xfffff9bd JET_errNoCurrentRecord Currency not on a record Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation​​​​​​​.​​​​​​​Otherwise restore from backup or demote and promote.
    8451 0x2103 ERROR_DS_DRA_DB_ERROR The replication operation encountered a database error Check hardware, firmware, and drivers.Run the Esentutl /k command. Run the Ntdsutil file integrity and SDA commands, and then do offline defragmentation. Otherwise restore from backup or demote/promote.
  4. If all these methods fail, restore the domain controller from a backup, or demote it and then repromote.

More information

Verify the vertical jet database stack from the bottom up (proceeding up to the next layer only after the underlying layer is graded as «good»), the same as you do for TCP.

Layer Ntdsutil command Esentutl command
(1) Physical consistency no equivalent Esentutl /k
(2) Extensible Storage Engine (ESE) logical consistency Ntdsutil, files, integrity Esentutl /g
(3) Application logical consistency Ntdsutil, semantic database analysis + Ntdsutil, compact no equivalent for SDA + Esentutl /d

Hello everyone, I am having some replication issues on my domain that I would like to verify before I take the appropriate steps listed in the Microsoft Tech articles. I am running in a 2 DC network both running 2008 R2 both are Global Catalog Servers.  I
am having a tough time deciding on which DC I should take down and make the appropriate fixes / changes to. For the purpose of this question I will name my DC’s DC-01 and DC-02.  On DC-01 Checking the error logs I am receiving 3 separate Event ID error
467 — Database Corruption.  On DC-02 I am receiving the Event ID 1084 Error Value: 8451 indication database error, it does keep showing one specific object that for some reason I cannot seem to remove manually. I have attempted to perform a remove lingering
objects which receives an error.  Below is the logs from my attempt to remove the lingering object and my repadmin /showrepl logs. Replication from DC-01 to DC-02 is not working, but replication from DC-02 to DC-01 is. My questions is should I take down
DC-01 and perform the database integrity  / fixes or DC-02? Also any other steps anyone can suggest where I may not need to take down the service on my DC’s would be appreciated, the staff around here is VERY weary when it comes to any of our machines
having any downtime. Thank you!

When I attempt to run a repadmin /removelingeringobjects I receive a : (this don’t work if i change these around either)

repadmin /removelingeringobjects af01e71d-2516-42ca-8560-6c4f643c5b51 64af9410-df22-4b7e-8da3-942cdfce5a92 CN=Deleted Objects,DC=contoso,DC=com

DsBindWithCred to af01e71d-2516-42ca-8560-6c4f643c5b51 failed with status 1722 (0x6ba):
    The RPC server is unavailable.

Here are the repadmin /showrepl errors I am receiving. 

PS C:Windowssystem32> repadmin /showrepl contoso-dc02


DSA Options: IS_GC

Site Options: (none)

DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

DSA invocationID: 37ea7e96-ac79-4c52-8578-22c0a9fe5d48

==== INBOUND NEIGHBORS ======================================


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:24:12 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        49006 consecutive failure(s).

        Last success @ 2014-09-05 13:27:52.


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:20:52 was successful.


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:10:32 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        22848 consecutive failure(s).

        Last success @ 2014-03-10 06:08:45.


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

Source: Default-First-SiteCONTOSO-DC01

******* 48974 CONSECUTIVE FAILURES since 2014-09-05 13:27:52

Last error: 8451 (0x2103):

            The replication operation encountered a database error.


PS C:Windowssystem32> repadmin /showrepl contoso-dc01


DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

DSA invocationID: 4700c518-bbe6-46d3-8245-aa7c23798241

==== INBOUND NEIGHBORS ======================================


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:24:46 was successful.


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:19:14 was successful.


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        1887 consecutive failure(s).

        Last success @ 2014-07-11 07:58:30.


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

Source: Default-First-SiteCONTOSO-DC02

******* 1887 CONSECUTIVE FAILURES since 2014-07-11 07:58:30

Last error: 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

Hello everyone, I am having some replication issues on my domain that I would like to verify before I take the appropriate steps listed in the Microsoft Tech articles. I am running in a 2 DC network both running 2008 R2 both are Global Catalog Servers.  I
am having a tough time deciding on which DC I should take down and make the appropriate fixes / changes to. For the purpose of this question I will name my DC’s DC-01 and DC-02.  On DC-01 Checking the error logs I am receiving 3 separate Event ID error
467 — Database Corruption.  On DC-02 I am receiving the Event ID 1084 Error Value: 8451 indication database error, it does keep showing one specific object that for some reason I cannot seem to remove manually. I have attempted to perform a remove lingering
objects which receives an error.  Below is the logs from my attempt to remove the lingering object and my repadmin /showrepl logs. Replication from DC-01 to DC-02 is not working, but replication from DC-02 to DC-01 is. My questions is should I take down
DC-01 and perform the database integrity  / fixes or DC-02? Also any other steps anyone can suggest where I may not need to take down the service on my DC’s would be appreciated, the staff around here is VERY weary when it comes to any of our machines
having any downtime. Thank you!

When I attempt to run a repadmin /removelingeringobjects I receive a : (this don’t work if i change these around either)

repadmin /removelingeringobjects af01e71d-2516-42ca-8560-6c4f643c5b51 64af9410-df22-4b7e-8da3-942cdfce5a92 CN=Deleted Objects,DC=contoso,DC=com

DsBindWithCred to af01e71d-2516-42ca-8560-6c4f643c5b51 failed with status 1722 (0x6ba):
    The RPC server is unavailable.

Here are the repadmin /showrepl errors I am receiving. 

PS C:Windowssystem32> repadmin /showrepl contoso-dc02


DSA Options: IS_GC

Site Options: (none)

DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

DSA invocationID: 37ea7e96-ac79-4c52-8578-22c0a9fe5d48

==== INBOUND NEIGHBORS ======================================


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:24:12 failed, result 8451 (0x2103):

            The replication operation encountered a database error.

        49006 consecutive failure(s).

        Last success @ 2014-09-05 13:27:52.


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:20:52 was successful.


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 13:10:32 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        22848 consecutive failure(s).

        Last success @ 2014-03-10 06:08:45.


    Default-First-SiteCONTOSO-DC01 via RPC

        DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

        Last attempt @ 2014-09-16 12:49:02 was successful.

Source: Default-First-SiteCONTOSO-DC01

******* 48974 CONSECUTIVE FAILURES since 2014-09-05 13:27:52

Last error: 8451 (0x2103):

            The replication operation encountered a database error.


PS C:Windowssystem32> repadmin /showrepl contoso-dc01


DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 64af9410-df22-4b7e-8da3-942cdfce5a92

DSA invocationID: 4700c518-bbe6-46d3-8245-aa7c23798241

==== INBOUND NEIGHBORS ======================================


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:24:46 was successful.


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 13:19:14 was successful.


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 failed, result 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.

        1887 consecutive failure(s).

        Last success @ 2014-07-11 07:58:30.


    Default-First-SiteCONTOSO-DC02 via RPC

        DSA object GUID: af01e71d-2516-42ca-8560-6c4f643c5b51

        Last attempt @ 2014-09-16 12:45:26 was successful.

Source: Default-First-SiteCONTOSO-DC02

******* 1887 CONSECUTIVE FAILURES since 2014-07-11 07:58:30

Last error: 8614 (0x21a6):

            The directory service cannot replicate with this server because the time since the last replication with thi

s server has exceeded the tombstone lifetime.


DC1 and DC2 are two domain controllers for the domain Domain.com.

DC1 -> DC2 replication working fine but the reverse DC2 -> DC1 doesn’t seem to work. Below are the commands and event ids which generated for the replication.

C:Windowsntds>repadmin /replicate DC2 DC1 DC=Domain,DC=com
Sync from DC1 to DC2 completed successfully.

C:Windowsntds>repadmin /replicate DC1 DC2 DC=Domain,DC=om
DsReplicaSync() failed with status 8451 (0x2103):
The replication operation encountered a database error.

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 2108
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory Domain Services database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.

Object GUID:
Source domain controller:

User Action

Please consult KB article 837932, http://support.microsoft.com/?id=837932. A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory Domain Services database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object’s parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run “ntdsutil files integrity”. If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the “ntdsutil files compact” function.
8. The “ntdsutil semantic database analysis” should also be performed. If errors are found, they may be corrected using the “go fixup” function. Note that this should not be confused with the database maintenance function called “ESE repair”, which should not be used, since it causes data loss for Active Directory Domain Services Databases.

If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.

Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented


Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 1084
Task Category: Replication
Level: Error
Computer: DC1.Domain.com
Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service.

Object GUID:
Source directory service:

Synchronization of the directory service with the source directory service is blocked until this update problem is corrected.

This operation will be tried again at the next scheduled replication.

User Action
Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).

Additional Data
Error value:
8451 The replication operation encountered a database error.



Additional Data
Primary Error value:
8451 The replication operation encountered a database error.
Secondary Error value:
-1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented

Above details indicate that the database should be defragemented on DC1..


Take a backup of ntds.dit file under c:windowsntds if anything goes wrong. If ntds.dit file is not available under default location, you should take backup from where you published the NTDS Database.

Open command prompt and navigate to c:windowsntds and perform below sequence of commands.

  1. net stop ntds
  2. Physical consistency check by using below command and it is passed. Go to Step 4 if its failed.
    esentutl /K ntds.dit
  3. Logical consistency check by using below command and it failed.
    ntds>esentutl /G ntds.dit

    Checking database integrity.
    Scanning Status (% complete)

    0 10 20 30 40 50 60 70 80 90 100
    Integrity check completed.
    Database is CORRUPTED, the last full backup of this database was on 10/25/2014 14:00:22

    Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non database file or corrupted db) after 13.712 seconds.

  4. Performed offline Defrag by using below command. Contact Microsoft if in case it is failed.
    esentutl /D ntds.dit
  5. Again performed Logical consistency check by using below command and it was successful..
    ntds>esentutl /G ntds.dit
  6. net start ntds

Replication start working again. Thats it.



  • Remove From My Forums
  • Question

  • Hi folks,

    I’ve 6 DCs in my environment, two of them aren’t replicating since 31102016.

    We’ve 3 DCs in one site, DC1,DC2,DC3.

    Every time I try to replicate DC2 with DC3 and DC1 I got the following error message

    «8451 The replication encountered a database error»

    But the case is different for DC3 as when I try to replicate, I got the following error message

    «The target principal is incorrect».

    Any recommendations?

    Thanks in Advance,

    Mohamed Waly

All replies

  • Hi

     Check this for «Troubleshooting AD Replication error 8451: The replication operation encountered a database error»


    The target principal is incorrect>>>means broken secure channel on the DC3,you should check the article;


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  • Already tried and none of them works.

    • Proposed as answer by

      Monday, December 12, 2016 8:12 AM

  • Already tried and none of them works.

    Inadditon to wendy’s shared article after reset password on problematic dc,then you should verfiy port accesibilty between all DC’s.You can check this with PortQryUI;


    And also if the 8451 error could not be fixed the easiest method just forcefully demote this DC from domain,will do a metadata cleanup and promote it as Domain Controller again.

    Metadata cleanup; https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx?f=255&mspperror=-2147217396

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by
      Wendy Jiang
      Monday, December 12, 2016 8:12 AM
  • Remove From My Forums
  • Question

  • Hi folks,

    I’ve 6 DCs in my environment, two of them aren’t replicating since 31102016.

    We’ve 3 DCs in one site, DC1,DC2,DC3.

    Every time I try to replicate DC2 with DC3 and DC1 I got the following error message

    «8451 The replication encountered a database error»

    But the case is different for DC3 as when I try to replicate, I got the following error message

    «The target principal is incorrect».

    Any recommendations?

    Thanks in Advance,

    Mohamed Waly

All replies

  • Hi

     Check this for «Troubleshooting AD Replication error 8451: The replication operation encountered a database error»


    The target principal is incorrect>>>means broken secure channel on the DC3,you should check the article;


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  • Already tried and none of them works.

    • Proposed as answer by

      Monday, December 12, 2016 8:12 AM

  • Already tried and none of them works.

    Inadditon to wendy’s shared article after reset password on problematic dc,then you should verfiy port accesibilty between all DC’s.You can check this with PortQryUI;


    And also if the 8451 error could not be fixed the easiest method just forcefully demote this DC from domain,will do a metadata cleanup and promote it as Domain Controller again.

    Metadata cleanup; https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx?f=255&mspperror=-2147217396

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by
      Wendy Jiang
      Monday, December 12, 2016 8:12 AM

Возможно данная информация кому нибудь поможет.

Описание проблемы:

Корневой доменный контроллер инфраструктуры развёрнут на Windows Server 2003 R2 SP2 x86, на нём размещаются все роли FSMO; При введении в домен доменного контроллера на базе Windows Server 2008 R2 оканчивается ошибкой репликации раздела CN=Configuration;

В журналах присутствуют следующие ошибки:

Имя журнала: Directory Service

Источник: Microsoft-Windows-ActiveDirectory_DomainService

Дата: 10.11.2011 13:06:15

Код события: 1084

Категория задачи:Репликация

Уровень: Ошибка

Ключевые слова:Классический

Пользователь: АНОНИМНЫЙ ВХОД

Компьютер: dc04.msft.local


Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service.



Object GUID:


Source directory service:


Synchronization of the directory service with the source directory service is blocked until this update problem is corrected.

This operation will be tried again at the next scheduled replication.

User Action

Restart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).

Additional Data

Error value:

8451 Произошла ошибка базы данных при выполнении репликации.

Xml события:

<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>


<Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />

<EventID Qualifiers=»49152″>1084</EventID>






<TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />


<Correlation />

<Execution ProcessID=»452″ ThreadID=»768″ />

<Channel>Directory Service</Channel>


<Security UserID=»S-1-5-7″ />






<Data>Произошла ошибка базы данных при выполнении репликации.</Data>



< /Event>

Имя журнала: Directory Service

Источник: Microsoft-Windows-ActiveDirectory_DomainService

Дата: 10.11.2011 13:06:15

Код события: 2108

Категория задачи:Репликация

Уровень: Ошибка

Ключевые слова:Классический

Пользователь: АНОНИМНЫЙ ВХОД

Компьютер: dc04.msft.local


В этом событии содержится описание ПРОЦЕДУР ВОССТАНОВЛЕНИЯ для события 1084, которое было записано в журнал событий ранее. Это сообщение указывает на конкретную проблему согласованности базы данных доменных служб Active Directory на этом направлении репликации. Ошибка обработки базы данных произошла при применении реплицированных изменений для следующего объекта. База данных находится в непредвиденном состоянии, не позволяющем внести эти изменения.



GUID объекта:


Исходный контроллер домена:


Действия пользователя

1. Убедитесь, что на дисках, несущих базу данных доменных служб Active Directory, достаточно свободного места, затем повторите операцию. Убедитесь, что на дисках, несущих NTDS.DIT и файлы журналов, не включено сжатие NTFS. Проверьте, не используется ли для этих дисков антивирусное программное обеспечение.

2. Может быть полезным выполнить принудительное построение родительской цепочки контейнеров этого объекта в базе данных с помощью Security Descriptor Propagator. Это можно сделать, следуя инструкциям из статьи базы знаний 251343, http://support.microsoft.com/?id=251343.

3. Проблема может быть связана с родительским объектом на этом контроллере домена. На исходном контроллере домена переместите этот объект так, чтобы он имел другого родителя.

4. Если этот компьютер является глобальным каталогом и ошибка возникает в одном из разделов, предназначенных только для чтения, то следует лишить этот компьютер роли глобального каталога, сняв флажок глобального каталога в пользовательском интерфейсе «Сайты и службы«. Если ошибка происходит в разделе каталога приложений, можно остановить несение раздела каталога приложений на этой реплике. Это можно сделать с помощью команды NTDSUTIL.EXE.

5. Получите самую последнюю версию NTDSUTIL.EXE, установив последний пакет обновления для данной операционной системы. Прежде чем выполнять загрузку в режиме восстановления службы каталогов (DSRM), убедитесь, что вам известен пароль режима DSRM. В противном случае следует сбросить пароль перед перезагрузкой системы.

6. В режиме DSRM запустите командную строку, затем выполните команду «ntdsutil files integrity». Если будет найдено повреждение и существуют другие реплики, лишите эту реплику ее роли и проверьте надежность работы оборудования. Если другие реплики отсутствуют, восстановите состояние системы с помощью архивной копии и повторите эту проверку.

7. Находясь в автономном режиме, выполните дефрагментацию с помощью функции «ntdsutil files compact».

8. Следует также выполнить команду «ntdsutil semantic database analysis». Если будут найдены ошибки, их можно исправить с помощью функции «go fixup». Не путайте эту команду с функцией «ESE repair», которую нельзя использовать в данном случае, поскольку она может привести к потере данных в базе данных Active Directory.

Если ни одно из этих действий не помогает и ошибки репликации продолжаются, следует лишить этот компьютер роли контроллера домена, а затем вновь выдвинуть его на эту роль.

Дополнительные данные

Основная ошибка:

8451 Произошла ошибка базы данных при выполнении репликации.

Вторичная ошибка:

-1507 JET_errColumnNotFound, No such column

Xml события:

<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>


<Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />

<EventID Qualifiers=»49152″>2108</EventID>






<TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />


<Correlation />

<Execution ProcessID=»452″ ThreadID=»768″ />

<Channel>Directory Service</Channel>


<Security UserID=»S-1-5-7″ />






<Data>Произошла ошибка базы данных при выполнении репликации.</Data>


<Data>JET_errColumnNotFound, No such column</Data>



< /Event>

Имя журнала: Directory Service

Источник: Microsoft-Windows-ActiveDirectory_DomainService

Дата: 10.11.2011 13:06:15

Код события: 1173

Категория задачи: Внутренняя обработка

Уровень: Предупреждение

Ключевые слова: Классический

Пользователь: АНОНИМНЫЙ ВХОД

Компьютер: dc04.msft.local


Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.





Additional Data

Error value:


Internal ID:


Xml события:

<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>


<Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />

<EventID Qualifiers=»32768″>1173</EventID>






<TimeCreated SystemTime=»2011-11-10T09:06:15.429679800Z» />


<Correlation />

<Execution ProcessID=»452″ ThreadID=»768″ />

<Channel>Directory Service</Channel>


<Security UserID=»S-1-5-7″ />








< /Event>


Уровень леса и домена Windows Server 2003;

Подготовка к введению в инфраструктуру доменного контроллера на базе Windows Server 2008 R2 SP1 прошла успешно:

Подготовка леса и домена с помощью adprep /forest prep и adprep /domainprep /gpprep выполнена без ошибок;

Значение ObjectVertion после выполнения adprep для контейнера Schema:

Значение Revision после выполнения adprep для контейнера ActiveDirecrotyUpdate:

DCdiag ошибок в функционировании доменного контроллера не выявляет;

Вероятная причина:

Доподлинно установить не удалось, но есть подозрение, что вызвано некорректной работой adprep x86;


В ручную через ADSI были изменены значения:

CN=Schema, CN=Configuration, DC=MSFT, DC=LOCAL равно 44

CN=ActiveDirectoryUpdate, CN=ForestUpdates, CN=Configuration, DC=MSFT, DC=LOCAL равно 2

После этого было проведено повторное расширение схемы и подготовка домена для Windows Server 2008 R2.

Доменные контроллеры успешно ввелись в домен, репликация прошла успешно.


Спасибо Smirnov_Nik за возможность совместно найти решение данного вопроса.

Коллеги, если у кого была похожая проблема поделитесь опытом!

  • Remove From My Forums
  • Question

  • Hi

    I can see below error only for domain partition.

    Repadmin: running command /showrepl against full DC localhost


    DSA Options: IS_GC 

    Site Options: (none)

    DSA object GUID: b6044713-e4bb-4793-8b51-fe8346e69d70

    DSA invocationID: 0842ddde-d376-46a8-9042-75e3adc9a0b1

    ==== INBOUND NEIGHBORS ======================================


        EU07\EU07DC01 via RPC

            DSA object GUID: 053667ff-af7a-4868-bb41-b0b1d5a3d5ba

            Last attempt @ 2017-01-10 13:22:18 failed, result 8451 (0x2103):

                The replication operation encountered a database error.

            51 consecutive failure(s).

            Last success @ (never).

        CA151\CA151DC01 via RPC

            DSA object GUID: 23e863aa-0fac-45eb-a2db-964aee9b4284

            Last attempt @ 2017-01-10 13:22:47 failed, result 8451 (0x2103):

                The replication operation encountered a database error.

            109 consecutive failure(s).

            Last success @ (never).

        CA150\CA150DC01 via RPC

            DSA object GUID: 04416d8b-59c4-4f45-8abe-97d0b2db076b

            Last attempt @ 2017-01-10 13:22:49 failed, result 8451 (0x2103):

                The replication operation encountered a database error.

            116 consecutive failure(s).

            Last success @ (never).

        CA002\CA002DC02 via RPC

            DSA object GUID: 75544cac-83c7-4107-82d2-a333dbebae0d

            Last attempt @ 2017-01-10 13:22:53 failed, result 8451 (0x2103):

                The replication operation encountered a database error.

            238 consecutive failure(s).

            Last success @ (never).

  • Remove From My Forums
  • Вопрос

  • Hi

    I can see below error only for domain partition.

    Repadmin: running command /showrepl against full DC localhost


    DSA Options: IS_GC 

    Site Options: (none)

    DSA object GUID: b6044713-e4bb-4793-8b51-fe8346e69d70

    DSA invocationID: 0842ddde-d376-46a8-9042-75e3adc9a0b1

    ==== INBOUND NEIGHBORS ======================================


        EU07\EU07DC01 via RPC

            DSA object GUID: 053667ff-af7a-4868-bb41-b0b1d5a3d5ba

            Last attempt @ 2017-01-10 13:22:18 failed, result 8451 (0x2103):

                The replication operation encountered a database error.

            51 consecutive failure(s).

            Last success @ (never).

        CA151\CA151DC01 via RPC

            DSA object GUID: 23e863aa-0fac-45eb-a2db-964aee9b4284

            Last attempt @ 2017-01-10 13:22:47 failed, result 8451 (0x2103):

                The replication operation encountered a database error.

            109 consecutive failure(s).

            Last success @ (never).

        CA150\CA150DC01 via RPC

            DSA object GUID: 04416d8b-59c4-4f45-8abe-97d0b2db076b

            Last attempt @ 2017-01-10 13:22:49 failed, result 8451 (0x2103):

                The replication operation encountered a database error.

            116 consecutive failure(s).

            Last success @ (never).

        CA002\CA002DC02 via RPC

            DSA object GUID: 75544cac-83c7-4107-82d2-a333dbebae0d

            Last attempt @ 2017-01-10 13:22:53 failed, result 8451 (0x2103):

                The replication operation encountered a database error.

            238 consecutive failure(s).

            Last success @ (never).

TR Çoğaltma işlemi bir veritabanı hatasıyla karşılaştı.

HU A replikációs művelet adatbázishibát észlelt.

NB Det oppstod en databasefeil i replikeringen.

PT A operação de replicação encontrou um erro na base de dados.

IT Errore del database rilevato durante la replica.

FI Replikointitoiminnon tietokantavirhe.

ES La operación de replicación detectó un error en la base de datos.

CS Při operaci replikace byla zjištěna chyba databáze.

DA Replikeringshandlingen fandt en databasefejl.

KO 복제 연산에 데이터베이스 오류가 발생했습니다.

PL Operacja replikacji napotkała błąd bazy danych.

NL De replicatiebewerking heeft een databasefout aangetroffen.

EL Παρουσιάστηκε ένα σφάλμα βάσης δεδομένων στη λειτουργία αναπαραγωγής.

DE Der Replikationsvorgang ist auf einen Datenbankfehler gestoßen.

FR L’opération de réplication a rencontré une erreur dans la base de données.

JA レプリケーション操作中に、データベースのエラーが発生しました。

ZH 复制操作遇到一个数据库错误。

SV Replikeringsåtgärden påträffade ett databasfel.

Понравилась статья? Поделить с друзьями:
  • Ошибка во время исполнения java
  • Ошибка гидроусилителя руля опель астра
  • Ошибка геолокации на андроид как исправить
  • Ошибка выхлопных газов даф 105
  • Ошибка выгрузки таблицы номенклатура ошибка 500