File Replication Service not working on new 2003 DC in a 2000 domain. Missing SYSVOL folder!
I'm trying to install a new 2003 server in a 2000 domain with one existing DC. After i installed the new DC, I notice that I dont have the SYSVOL folder shared. I checked the event logs and its says the following.
--------------------------
Source: NtFrs
Event ID: 13565
User: N/A
File Replication Service is initializing the system volume with data from another domain controller. Computer SERVER1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.
--------------------------
because of this problem, the AD can't replicate and I cant access the DNS manager on the new DC (even though the service starts fine).
I am also getting the following errors every 5-10 minutes on the event log
--------------------------
Source: Userenv
Event ID: 1030
User: NT AUTHORITY\SYSTEM
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
Source: Userenv
Event ID: 1097
User: NT AUTHORITY\SYSTEM
Windows cannot find the machine account, The Local Security Authority cannot be contacted .
--------------------------
--------------------------
Source: NtFrs
Event ID: 13565
User: N/A
File Replication Service is initializing the system volume with data from another domain controller. Computer SERVER1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.
--------------------------
because of this problem, the AD can't replicate and I cant access the DNS manager on the new DC (even though the service starts fine).
I am also getting the following errors every 5-10 minutes on the event log
--------------------------
Source: Userenv
Event ID: 1030
User: NT AUTHORITY\SYSTEM
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
Source: Userenv
Event ID: 1097
User: NT AUTHORITY\SYSTEM
Windows cannot find the machine account, The Local Security Authority cannot be contacted .
--------------------------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
JamesDNS - the DNS is not running properly on the new 2k3 machine. "The DSA operation is unable to proceed because of a DNS lookup failure". I have both servers pointed to the first one for its DNS and blank for the secondary DNS.
harleyjd - I followed what they did in both links, but I still get the same problems.
harleyjd - I followed what they did in both links, but I still get the same problems.
tipg
Use the DCDIAG /FIX command (also from the support tools pack) to put back the missing DNS entries for your new DC
Also at the new machine run these commands:
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
You can also stop and restart the netlogon service.
Cheers
JamesDS
Use the DCDIAG /FIX command (also from the support tools pack) to put back the missing DNS entries for your new DC
Also at the new machine run these commands:
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
You can also stop and restart the netlogon service.
Cheers
JamesDS
ASKER
DCDiag still doesnt work.
--------------------------
Performing initial setup:
The directory service on nexus2 has not finished initializing.
In order for the directory service to consider itself synchronized, it must
attempt an initial synchronization with at least one replica of this
server's writeable domain. It must also obtain Rid information from the Rid
FSMO holder.
The directory service has not signalled the event which lets other services
know that it is ready to accept requests. Services such as the Key
Distribution Center, Intersite Messaging Service, and NetLogon will not
consider this system as an eligible domain controller.
The directory service on NEXUS2 has not finished initializing.
In order for the directory service to consider itself synchronized, it must
attempt an initial synchronization with at least one replica of this
server's writeable domain. It must also obtain Rid information from the Rid
FSMO holder.
The directory service has not signalled the event which lets other services
know that it is ready to accept requests. Services such as the Key
Distribution Center, Intersite Messaging Service, and NetLogon will not
consider this system as an eligible domain controller.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\NE
Starting test: Connectivity
The host 811d92fb-59a7-445a-868e-f6
resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(811d92fb-59a7-445a-868e-f
resolved, the server name (nexus2.tipg) resolved to the IP address
(10.100.10.45) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... NEXUS2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NE
Skipping all tests, because server NEXUS2 is
not responding to directory service requests
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : tipg
Starting test: CrossRefValidation
......................... tipg passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... tipg passed test CheckSDRefDom
Running enterprise tests on : tipg
Starting test: Intersite
......................... tipg passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
......................... tipg failed test FsmoCheck
--------------------------
Performing initial setup:
The directory service on nexus2 has not finished initializing.
In order for the directory service to consider itself synchronized, it must
attempt an initial synchronization with at least one replica of this
server's writeable domain. It must also obtain Rid information from the Rid
FSMO holder.
The directory service has not signalled the event which lets other services
know that it is ready to accept requests. Services such as the Key
Distribution Center, Intersite Messaging Service, and NetLogon will not
consider this system as an eligible domain controller.
The directory service on NEXUS2 has not finished initializing.
In order for the directory service to consider itself synchronized, it must
attempt an initial synchronization with at least one replica of this
server's writeable domain. It must also obtain Rid information from the Rid
FSMO holder.
The directory service has not signalled the event which lets other services
know that it is ready to accept requests. Services such as the Key
Distribution Center, Intersite Messaging Service, and NetLogon will not
consider this system as an eligible domain controller.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\NE
Starting test: Connectivity
The host 811d92fb-59a7-445a-868e-f6
resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(811d92fb-59a7-445a-868e-f
resolved, the server name (nexus2.tipg) resolved to the IP address
(10.100.10.45) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... NEXUS2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NE
Skipping all tests, because server NEXUS2 is
not responding to directory service requests
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : tipg
Starting test: CrossRefValidation
......................... tipg passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... tipg passed test CheckSDRefDom
Running enterprise tests on : tipg
Starting test: Intersite
......................... tipg passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
......................... tipg failed test FsmoCheck
tipg
You have a single label domain name, IE a domain name with a "." in it.
Windows 2000/2003 does not support non-dns compliant domain names and while there are workarounds, they do not give you full functionality.
You have a few alternatives:
If you are running in Windows 2000 Mixed Mode you can attempt a rename:
http://support.microsoft.com/?kbid=292541
You can hack Windows 2000 to work with single label domain names:
http://support.microsoft.com/?kbid=300684
Upgrade your domain to Windows 2003 (see the readme on the CD) and use the domain rename tools:
http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx
You can build a new Windows DC in a new Domain and migrate to it using ADMT v2 off the CD or from here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6c&displaylang=en
Cheers
JamesDS
You have a single label domain name, IE a domain name with a "." in it.
Windows 2000/2003 does not support non-dns compliant domain names and while there are workarounds, they do not give you full functionality.
You have a few alternatives:
If you are running in Windows 2000 Mixed Mode you can attempt a rename:
http://support.microsoft.com/?kbid=292541
You can hack Windows 2000 to work with single label domain names:
http://support.microsoft.com/?kbid=300684
Upgrade your domain to Windows 2003 (see the readme on the CD) and use the domain rename tools:
http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx
You can build a new Windows DC in a new Domain and migrate to it using ADMT v2 off the CD or from here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6c&displaylang=en
Cheers
JamesDS
Jeez, I'm glad you picked that up, James. :)
harleyjd / tipg
There's a typo in my post, the first line should read:
You have a single label domain name, IE a domain name withOUT a "." in it
note the "without" !!
harleyjd, me too, we could go round in circles for weeks and never solve it otherwise!
Cheers
JamesDS
There's a typo in my post, the first line should read:
You have a single label domain name, IE a domain name withOUT a "." in it
note the "without" !!
harleyjd, me too, we could go round in circles for weeks and never solve it otherwise!
Cheers
JamesDS
ASKER
nothing worked.. so i think i might be better just building a new domain and migrating the users over. on a side note is there a quick way i can migrate all of the files over from the old server to the new one and still retain all of the access permissions?
tipg
You can do this with a migration tool that transfers the data accross for you. ADMT v2 might do it, but other tools I have used definitely do it: BindView bvMigrate and Quest Domain Migration Wizard.
Both BV and Quest offer free trials off their websites.
Look into the SIDHistory AD field.
Cheers
JamesDS
You can do this with a migration tool that transfers the data accross for you. ADMT v2 might do it, but other tools I have used definitely do it: BindView bvMigrate and Quest Domain Migration Wizard.
Both BV and Quest offer free trials off their websites.
Look into the SIDHistory AD field.
Cheers
JamesDS
ASKER
ok.. the problem is fixed! the problem all along wasn't on the win2k3 box, but rather in the original win2k DC. some entries (SRV records) were missing in the DNS which prevented replication and dcpromo from completing on the win2k3 box.
thanks to everyone for the help. its much appreciated. =)
thanks to everyone for the help. its much appreciated. =)
JamesDS first three comments were DNS related. This is at least a B grade, possibly an A. I mean his first three words are "This is DNS"
ASKER
here ya go.. you get B+.. only reason it wasn't an A was because the solution involved the first domain controller which nobody thought about (including me)
JamesDS - thanks for the help though.. didnt mean to jip you outta some points there.. hehe.. =)
JamesDS - thanks for the help though.. didnt mean to jip you outta some points there.. hehe.. =)
How to Troubleshoot Missing SYSVOL and NETLOGON Shares on Windows Server 2003 Domain Controllers
http://support.microsoft.com/default.aspx?scid=kb;en-us;327781&sd=tech
How To Troubleshoot the File Replication Service in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;327341
The first article is the most likely, as you've already said sysvol is missing...