Link to home
Start Free TrialLog in
Avatar of Shamil Mohamed
Shamil Mohamed

asked on

Dfs Namespace is coming back again and again. And i could make a namespace on the exact name which i deleted before?

DEar EE's

I deleted my namespace "hgpt.my\dfs" even after deleting it remians poping up after restarting DFS console.

after that i followed this technet thread. still same thing

http://social.technet.microsoft.com/Forums/windowsserver/en-US/2463ce92-7767-4135-b8c7-31c736bdabc2/orphaned-dfs-namespace-how-to-remove?forum=winserverfiles

please help me.

Shamil
dfs-error.jpg
Avatar of Mahesh
Mahesh
Flag of India image

Check ADUC for system partition
CN=Dfs-Configuration,CN=System,DC=<domain DN>
if you found your dfs root here , just delete that and force ad replication across domain

Then Check below registry keys on all DFS hosts and you will found DFS root object under domainv2 or domain or standalone, you need to delete that object

Domain-based DFSN in "Windows Server 2008 mode"
HKEY_LOCAL_MACHINE \Software\Microsoft\Dfs\Roots\domainV2

Stand-alone DFSN
HKEY_LOCAL_MACHINE \Software\Microsoft\Dfs\Roots\Standalone

Domain-based DFSN in "Windows 2000 Server mode"
HKEY_LOCAL_MACHINE\Software\Microsoft\Dfs\Roots\Domain

Also check compmgmt.msc on all DFS hosts and try to locate DFS root share, if found one unshare that and delete that
If here you get error, just locate below registry key on all DFS hosts

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Shares]

Under shares you will find one share pointing to your DFS root share
Delete that particular key and reboot the Host servers

After that try to open  DFS console and verify that its not poping up again

Check below article for more information
http://support.microsoft.com/kb/977511

Mahesh.
Avatar of Shamil Mohamed
Shamil Mohamed

ASKER

Bro i done all this .. but that namespace still stays.

anything can do ahh ??

i attached a pic for ur reference
dfs-error2.jpg
Dear Mahesh

I tried to install DFS in domain controller and I added a namespace again to its came up with a warning. after i replicate AD forcefull it worked.

The next issue what i am facing now is I tried to add a namespace server for the namespace and failing on comminting chages.

Please refer the attached pic..

Thank you.
Shamil
dfs-error3.jpg
Check if your AD replication is working properly

run repadmin /showrepl
dcdiag /q

I suspect that under hgpt.my dns zone, there must be some blank host(A) records
For ex: (same as parent Folder) and they must be pointint to some wrong nonexistent DNS server IP causing you are getting errors
if you found such records, just delete thenm from all dns servers , flushd dns cache, restart affected Domain controller once and check if it works

Also check all domain controlers CNAME records are able to ping and resolve to correct IP address
Check NS records, Host(A) records for domain controllers are correct

Mahesh
Dear Mahesh,

I think u pointed me correct issue.

I here attached output of the 2 commands


C:\Users\Administrator.HGPT>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
HGHQ\PDCSVR
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 460e8a65-70a6-4b64-b7c9-bf24144793be
DSA invocationID: 5a460f0c-c6a4-469a-b03b-28e6515cdcd5

==== INBOUND NEIGHBORS ======================================

DC=hgpt,DC=my
    HGHQ\SDCSVR via RPC
        DSA object GUID: 0cfe7ad4-b440-4205-9ea2-8051ca41ea14
        Last attempt @ 2014-04-18 09:43:13 was successful.
    HGHQ\MAINDC via RPC
        DSA object GUID: b05b6161-6217-43be-8627-9dab134f93f2
        Last attempt @ 2014-04-18 09:44:30 was successful.

CN=Configuration,DC=hgpt,DC=my
    HGHQ\MAINDC via RPC
        DSA object GUID: b05b6161-6217-43be-8627-9dab134f93f2
        Last attempt @ 2014-04-18 08:47:06 was successful.
    HGHQ\SDCSVR via RPC
        DSA object GUID: 0cfe7ad4-b440-4205-9ea2-8051ca41ea14
        Last attempt @ 2014-04-18 08:47:07 was successful.

CN=Schema,CN=Configuration,DC=hgpt,DC=my
    HGHQ\MAINDC via RPC
        DSA object GUID: b05b6161-6217-43be-8627-9dab134f93f2
        Last attempt @ 2014-04-18 08:47:07 was successful.
    HGHQ\SDCSVR via RPC
        DSA object GUID: 0cfe7ad4-b440-4205-9ea2-8051ca41ea14
        Last attempt @ 2014-04-18 08:47:07 was successful.

DC=ForestDnsZones,DC=hgpt,DC=my
    HGHQ\MAINDC via RPC
        DSA object GUID: b05b6161-6217-43be-8627-9dab134f93f2
        Last attempt @ 2014-04-18 08:47:07 was successful.
    HGHQ\SDCSVR via RPC
        DSA object GUID: 0cfe7ad4-b440-4205-9ea2-8051ca41ea14
        Last attempt @ 2014-04-18 08:47:07 was successful.

DC=DomainDnsZones,DC=hgpt,DC=my
    HGHQ\SDCSVR via RPC
        DSA object GUID: 0cfe7ad4-b440-4205-9ea2-8051ca41ea14
        Last attempt @ 2014-04-18 09:12:01 was successful.
    HGHQ\MAINDC via RPC
        DSA object GUID: b05b6161-6217-43be-8627-9dab134f93f2
        Last attempt @ 2014-04-18 09:12:04 was successful.


C:\Users\Administrator.HGPT>dcdiag /q
         Warning: DsGetDcName returned information for \\maindc.hgpt.my, when
         we were trying to reach PDCSVR.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... PDCSVR failed test Advertising
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... PDCSVR failed test DFSREvent
         Unable to connect to the NETLOGON share! (\\PDCSVR\netlogon)
         [PDCSVR] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... PDCSVR failed test NetLogons
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/18/2014   09:44:47
            Event String:
            Driver Send to Microsoft OneNote 15 Driver required for printer Send
 To OneNote 2013 is unknown. Contact the administrator to install the driver bef
ore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/18/2014   09:44:48
            Event String:
            Driver Foxit Reader PDF Printer Driver required for printer Foxit Re
ader PDF Printer is unknown. Contact the administrator to install the driver bef
ore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/18/2014   09:44:48
            Event String:
            Driver Foxit PhantomPDF Printer Driver required for printer Foxit Ph
antomPDF Printer is unknown. Contact the administrator to install the driver bef
ore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/18/2014   09:44:49
            Event String:
            Driver CutePDF Writer required for printer CutePDF Writer is unknown
. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/18/2014   09:44:52
            Event String:
            Driver Print to Evernote Driver required for printer Print to Everno
te is unknown. Contact the administrator to install the driver before you log in
 again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/18/2014   09:44:52
            Event String:
            Driver RICOH Aficio MP C3502 PCL 6 required for printer RICOH Aficio
 MP C3502 PCL 6 is unknown. Contact the administrator to install the driver befo
re you log in again.
         ......................... PDCSVR failed test SystemLog
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         1355
         A Good Time Server could not be located.
         ......................... hgpt.my failed test LocatorCheck



C:\Users\Administrator.HGPT>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
dfs          C:\DFSRoots\dfs
The command completed successfully.



Please help me to rectify this issue.

Thank you
can u please advice me how can i rectify this issue..
No single answer to your question, need more info

I believe you are installed DFS on DC

I don't see sysvol and netlogon shares on domain controller

How many domain controllers do you have ?

Is this affected server is PDC server OR PDC is located some else where ?

Are you able to find netlogon and sysvol share on another DCs ?

How your sysvol is replicated, through FRS or DFSR ?

Do you have any 2003 and 2008 Dcs in network ?

mahesh.
first of all i really wanna thank you mr. mahesh..

Affected DFS is on a member server, not in DC.

I also wonder why sysvol and netlogon shares on dc

i got 1 baremetal dc and 2 virtual server as dc.

pdc server is hosted in a virtual server ( dfs in pdc is working fine, but i cant add dfs namespace service in pdc to the affected member server, please refer the attached image)

Among the 3 domian controller, only one DC can find Sysvol and Netlogon shares. (Please advice how can i rectify this issue., right now i off firewall of all the existing Domain controllers.)

How can i check my sysvol is replicated through FRS or DFSR?

No there is not 2003 or 2008 Domain controllers in the Network, All domain controllers are hosted in 2012 only.

thank you.
dfs-error4.jpg
I am attaching a pic from DFS console. is this means sysvol is replicated through DFS.??
dfs5.jpg
OK
From DFS screen shot its confirmed that you have DFSR Sysvol

I hope you have only 3 domain controllers in domain controllers OU and your member server should not list there and also in AD sites and services
You need to confirm availability of Sysvol and netlogon shares by running net share command on all domain controllers in command prompt

From screen shot its look like that Sysvol and netlogon are already shared out on all Three 3 DCs
If you don't find netlogon and Sysvol share on all 3 domain controllers let me know
There are separate steps need to be taken for that and will check that if required
I believe there is DNS issue

Are you able to ping hgpt.my from all domain controllers ?
This should resolve to domain controllers IP address
Also check if all domain controllers CNAME record exists in _msdcs.domain.com zone
on all domain controllers and If found, please try to ping all CNAME records and check if they are resolving to correct DC ip address
If here you found any errors during ping,
Logon to PDC and open Ad sites and services and navigate to Site\Servers\PDC\NTDS Settings, right click and select properties and on general tab copy GUID of DC and try to ping, if it pings successfully, then delete existing CNAME from _msdcs.domain.com and create new CNAME from copied above
Same steps need to be done for rest of the DCs
On PDC server, rename netlogon.dns file under C:\windows \system32 to netlogon.dnsold and then restart netlogon service, this will automatically recreate new netlogon.dns file with correct record
Same step can be done on rest of domain controllers
Also ensure that NS records, and Host(A) records are as appropriate for all domain controllers on all domain controllers

Now check your member server and all domain controllers network card properties
please open Advanced Tcp/IP settings and check DNS Tab.
In DNS tab, check below settings.
ensure that "Append Primary and connection specific dns suffixes" radio button is selected
Ensure that "Append parent suffixes of primary dns suffix" checkbox is selected
Ensure that "register this connection addresses in Dns" checkbox is selected
If there is any deviation in the above settings, its probably you will face name resolution issues

Also run below command in run menu on affected member server
%logonserver%
This should resolve to NetBIOS name of local authenticating DC

Its looks like that name resolution to PDC server is failing causing all issues
Also check if how much time skew is there between all domain controllers and affected member server
Consider setting up authoritative time server in domain
http://support.microsoft.com/kb/816042
Also you need to ensure that Hypervisor where virtual DCs are located is correctly configured for time or you need to remove time synchronization between virtual DC and physical hypervisor (ESX \ Hyper-V)
If time difference is much, it can cause failure as well

Once every thing is above all set, then you can try adding member server to DFS name space

Mahesh.
Dear Mahesh,

I did all steps what u mentioned above.

please refer the attached pics.
dc01.jpg
dc02.jpg
dc03.jpg
Dear Mahesh still i am receiving error while adding member server as Namespace server.

Even when i am trying as "Add namespace to Display" also facing error still.

Please chck the attachment

Thank you

Shamil
dfserror.jpg
dfserror2.jpg
dfserror3.jpg
OK follow below article
http://blogs.technet.com/b/thbouche/archive/2013/08/28/dfsr-sysvol-authoritative-non-authoritative-restore-powershell-functions.aspx

Note that you should only run steps mentioned under Set-nonauthDFSRsysvol: header on your domain controllers other than PDC as i guess PDC has Sysvol and netlogon shared already, correct me if wrong.
Other wise it will create mess

This will restore your Sysvol and netlogon shares hopefully

Then try to add DFS namespace server

Mahesh.
recently i transfer the pdc rolls to a virtual server, so right now pdc dont shares sysvol and netlogon.

Previous pdc (now as a secondary dc is which only shares sysvol and netlogon.

so i can execute what u mentioned in above comment in pdc as well ??

thank u & look forward to ur reply soon.
So currently which DC is PDC and are you able to locate Sysvol and netlogon on that DC ?

In screen shots I can see MAINDC having Sysvol and netlogon shared, is this a PDC server ?

In that case you need to run above commands on another DCs except PDC

However if your PDC don't show up netlogon and Sysvol shares and if its showing on another ADC, just transfer FSMO roles on that DC and then run above commands on old PDC and another ADC where you don't see Sysvol and netlogon shares

Mahesh.
right now MAINDC is not PDC. ok will transfer back roles also will try on other dc's.

Brother, i tried to run powershell commands.

I still couldnt earn any share of sysvol and netlogon.

:(
SOLUTION
Avatar of Mahesh
Mahesh
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Dear Mahesh

I didnt get the point which mentioned below

"also go to properties of each DC object (CN=DC) and check if
msDFSR-ComputerReferenceBL attribute and ServerReferenceBL is populated and pointing to same DC "


please dont get irritated. I know i am asking and making fraction of each steps, apologizing as am take very keen safety because dont wanna face a downtime.

thank you.
Dear Bro,

" Add domain directory partition to adsiedit.msc" means

connecting Default naming context or configuration?

:(
Dear Bro,

I couldnt find msDFSR-ComputerReferenceBL attribute and ServerReferenceBL

in CN=<DC name>.

am i check the right location? can u please check the attached pic for reference.

Shamil
msDFSR-Missing-01.jpg
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Dear Mahesh

According to the Article link.

http://kpytko.pl/2013/12/13/authoritative-sysvol-restore-dfs-r/

In a certain position author asking to " Modify msDFSR-Enabled attribute back to TRUE state " - this action to be done only PDC only or to all existing DC.?

Thank you
This action needs to be done on all Dcs including PDC, look my earlier comment
Dear mahesh,

i done all this steps..

still when check in "net share", cant find sysvol and netlogon.

I even tried to create new vm and promote to dc.. that one also have the same problem cant find share of sysvol and netlogon.

please advice.

Thank you.
I already mentioned last sort in my previous comment

You need to simply migrate FSMO roles on to Domain controller where sysvol and netlogon shares are visible

Then you need to demote another two servers and again promote it to domain controllers

If you have MS Exchange is also deployed on those domain controllers, then you can't simply demote those domain controllers, otherwise it will Exchange
In that case you need to move exchange to another server 1st and then demote DCs

If still your issue is not resolved, then you may consider logging call with Microsoft PSS Support
In reality you  should have taken care when you deployed 1st 2012 ADC in network in past

Mahesh.
Dear mahesh thanks for ur kind support..

appreciates alot..

is there any way redo active directory without affecting my clusters which are currently running.??
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Mu cluster is not running in any dc.. its all in member server only.

Right now what i am thinking is it possible to demote all dc and wanna do newly redo domain and active directory.
If you redo entire domain, it will break every thing..including clusters

Instaed do demotion and promotion one by one
ok bro.. let me try.
Thank bro...

after re promoting back also its not sharing sysvol and netlogon shares...

I am now backing up all vm servers and planning to reploy domain controller..

I need ur expertise for the steps before i need to redo domain controller (pdc) and what are steps i need to do before i destry clusters..

thank you.
Don't redeploy active directory only for Sysvol and netlogon and start from ABCD

Just log a call with Microsoft and they will resolve your issue for sure

Microsoft has special tool set available with them and I believe that they can resolve your issue definitely

You can log priority B case with then so that they will charge you per call basis (Fixed rate)

Why you deploy multiple domain controllers ? to get redundancy \ to save from catastrophic failure etc and Sysvol and netlogon issue is not very big as compared to rebuilding entire active directory

According to MS (and every consultant) you should redeploy active directory only when you don't have working AD, your ad is corrupted, nobody can logon to domain, and you don't have any successful backup of working active directory

Choice is yours

Mahesh.
Thanks bro.

i will make a log on the MS. right its running fine with Single domain controller. I am just worried if anything happens to Domain controller (PDC), then it will be a problem.

Now my DFS is fine.. issue what am facing is i cant replicate my domain controllers. i shutdown existing other domain controllers which dont have sysvol and netlogon share for a meantime until MS support.

Thanks you bro, cheers