Solved

Is there anyway to bring back a sysvol folder structure back to life?

Posted on 2004-04-12
12
1,778 Views
Last Modified: 2012-06-27
I have a network with 2 DC's that that are having all kinds of problems.  The directory structure for the sysvol folder  "policies" is missing  on both. There are backups available that go back a couple months but the problems have been around much longer than that.

Is there anyway to fix this without a good backup or wiping out the DC's?
0
Comment
Question by:zenportafino
12 Comments
 
LVL 2

Expert Comment

by:asylumsteve
ID: 10809180
What server OS are you using? I am assuming one is a PDC and the other a BDC?
0
 
LVL 1

Author Comment

by:zenportafino
ID: 10809185
Win 2000 SP4 One holds all master roles.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 10809486
Hi,

Take a look at this link which I think describes what you need to do,

Group Policy Error Message When Appropriate Sysvol Contents Are Missing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;253268

Deb :))
0
 
LVL 3

Expert Comment

by:haresh-nyc
ID: 10829387
hi,
The problem you mention may have been caused by the most common problem in AD. (DNS)

please run netdiag on your servers from a dos prompt and let me know what they say.
That will DEFINITELY point us in the direction needed.

By the way, netdiag is not installed into windows by itself.
you must extract it from the windows 2000 cdrom under the \support\tools\support.cab

you could run the setup.exe in that folder, but that would install ALL the support tools.
All we need at this time is the netdiag.exe

When you run netdiag (on any win2k pro or server) it will save a text file in the same folder from which you executed the netdiag command. the file will be called netdiag.log

please paste the content here for our review.

thanks,
haresh
0
 
LVL 1

Author Comment

by:zenportafino
ID: 10839550
Sorry that I have not posted the results of netdiag yet but I can tell you that DNS failed.  It was the only item that failed.
0
 
LVL 3

Expert Comment

by:haresh-nyc
ID: 10840360
welcome to windows 2000.

DNS is to windows 2000
like AIR is to humans.

make sure your machines have ONLY active directory machines listed for DNS.
Don't have ANY of your machines using a real DNS number anywhere !!!

the only one place in your entire organization where the REAL DNS should be entered,
is in the FORWARDING tab in the properties of your DNS SERVICE.
open up the mmc for DNS, and go to properties of the servername.
then go to forwarding. that's the only place a real DNS should ever be entered anywhere on the whole network!

I repeat this over and over in my advanced networking training,
because it's extremely important to get AD working properly.

Think of it like your network currently has Asthma.
fix the DNS entries in your TCP settings on all machines,
and reboot. and take a long deep breath of name resolution bliss.

haresh
sorry, it's too late for me, I must sleep now. 4:42 am ????
seeya
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:zenportafino
ID: 10840396
Only our ISP DNS is in the forwarders tab. All systems point to our main DNS server.  I've called microsoft and opened a case on it.  I'll be running ultrasound on the system to monitor sysvol and FRS activity for the next few days.  I'll let you know what happens. In the mean time, feel free to post.
0
 
LVL 3

Expert Comment

by:haresh-nyc
ID: 10844632
if you post the netdiag results, I can give you a more detailed answer.

haresh
0
 
LVL 1

Author Comment

by:zenportafino
ID: 10847774
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

U:\>netdiag

.....................................

    Computer Name: EXS1
    DNS Host Name: EXS1.ExsinOrange.com
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 6 Stepping 5, GenuineIntel
    List of installed hotfixes :
        KB329115
        KB823182
        KB823559
        KB824105
        KB824141
        KB824146
        KB825119
        KB826232
        KB828028
        KB828035
        KB828749
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : EXS1
        IP Address . . . . . . . . : 10.0.0.2
        Subnet Mask. . . . . . . . : 255.0.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 10.0.0.4


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

    [FATAL] NO GATEWAYS ARE REACHABLE.
    You have no connectivity to other network segments.
    If you configured the IP protocol manually then
    you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'EXS1.ExsinOrange.com.'. [RCODE_SERVER_FAILURE]
            The name 'EXS1.ExsinOrange.com.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.0.4'. Please wait for 30 minutes for DNS server
 replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


The command completed successfully

U:\>netdiag

.....................................

    Computer Name: EXS1
    DNS Host Name: EXS1.ExsinOrange.com
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 6 Stepping 5, GenuineIntel
    List of installed hotfixes :
        KB329115
        KB823182
        KB823559
        KB824105
        KB824141
        KB824146
        KB825119
        KB826232
        KB828028
        KB828035
        KB828749
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : EXS1
        IP Address . . . . . . . . : 10.0.0.2
        Subnet Mask. . . . . . . . : 255.0.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 10.0.0.4


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

    [FATAL] NO GATEWAYS ARE REACHABLE.
    You have no connectivity to other network segments.
    If you configured the IP protocol manually then
    you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'EXS1.ExsinOrange.com.'. [RCODE_SERVER_FAILURE]
            The name 'EXS1.ExsinOrange.com.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.0.4'. Please wait for 30 minutes for DNS server
 replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


The command completed successfully

U:\>
0
 
LVL 3

Accepted Solution

by:
haresh-nyc earned 500 total points
ID: 10847854
ok,
now we're talking.

As I said, DNS is SO important to AD it's not even funny.

read the message specifically this line:
[WARNING] The DNS entries for this DC are not registered . . . . .

let's understand what this is complaining about.
"The DNS entries..."
hmmmm.
"the DNS entries for this DC" are the SRV records you find in your DNS server which appear as folders under your zone and start with underscores.

why are they missing ?
that's because when the domain was setup, the correct entry for DNS was not entered,
OR,
in properties of the ZONE in your dns server, the ZONE has not been set to YES allow dynamic updates.

Your problem will be fixed as follows:
1. on your DNS server, open the DNS console,
2. open the Forward Zone for your domain name.
3. right click the ExsinOrange.com ZONE and check to see that the zone is indeed checked to YES for allow dynamic updates.
 NOTE: your zone may not say this. It may say ALLOW SECURE UPDATES.
that's fine too.

Phase II
there was another error:
[WARNING] Cannot find a primary authoritative DNS server for the name
            'EXS1.ExsinOrange.com.'. [RCODE_SERVER_FAILURE]

this means in your dns zone ExsinOrange.com the lines for SOA and NS do not correctly have the FQDN of  EXS1.ExsinOrange.com

step 4:
in the zone, open properties for the SOA record,
change the host by clicking BROWSE, and hunt down THE "A" record called     EXS1     as you browse.
You're better off always browsing instead of typing this here.

step 5.
repeat step 4 for the following:
SOA record in the Forward Zone
NS record in the Forward Zone

SOA record in the Reverse Zone (if it exists)
NS record in the Reverse Zone (if it exists)

once this is done,
go back and see if they are actually still there.
many times this info does not "stick" and goes away.

If it is there,
restart the DNS SERVICE (either from services, or right in the DNS console, by right clicking the top of the tree in the mmc, choose all tasks, and restart)

now go back again into the forward zone and hit F5 to refresh, and and make sure the new information is still there.
If it is NOT, please let me know.

If it is there, reboot the EXS1 machine,
and see if you have a sysvol back.

I think you will be pleasantly surprised.
if not, re-run netdiag, and see if the procedure worked.
you should NOT get a failure on the DNS section. You should not even get ANY* errors in the DNS section.

haresh
0
 
LVL 1

Author Comment

by:zenportafino
ID: 10847999
Thanks haresh.  Looks like your suggestion cleared up the DNS issue.  I re booted both DC's and the policies folder is still gone. Tommorow I will try re creating the sysvol structure, create some policies on DC1 and do an authoritative restore to see if that works.  Thanks again...
.....................................

    Computer Name: EXS1
    DNS Host Name: EXS1.ExsinOrange.com
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 6 Stepping 5, GenuineIntel
    List of installed hotfixes :
        KB329115
        KB823182
        KB823559
        KB824105
        KB824141
        KB824146
        KB825119
        KB826232
        KB828028
        KB828035
        KB828749
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : EXS1
        IP Address . . . . . . . . : 10.0.0.2
        Subnet Mask. . . . . . . . : 255.0.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 10.0.0.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

    [FATAL] NO GATEWAYS ARE REACHABLE.
    You have no connectivity to other network segments.
    If you configured the IP protocol manually then
    you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.2' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{9F1D17D3-4850-4335-AF48-A604833E55B9}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


The command completed successfully

U:\>
0
 
LVL 1

Expert Comment

by:Landho
ID: 13356515
haresh-nyc,

You are my hero.  Had a similar problem... One of our NICs failed on our DC, our hardware tech replaced the failed NIC - however he also enabled a fail-over NIC (which had been misconfigured with another IP address).  When he restarted the Server, which is a Windows 2000 DC, with the repaired NIC and the enabled fail-over NIC, the IP address for the fail-over NIC was entered in the DNS file as the IP address for the GC.  This caused a world of problems domain wide...  

Though your response doesn't exactly cover that scenario, it was your answer that put me on the right track to find the issue.

Thank you.  
Rich
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
MAC Needs 2 Domains 2 44
Windows 10 Direct Access and Home Folders 3 50
Network Config 9 57
RDP Sonicwall 8 29
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now