bpopola
asked on
Added a 2003 DC from which a 2000 server was the only dc now 2003 dc did not get the sysvol info.
I built the 2003 server R2. Ran adprep from disk 2 of the R2 cd on the 2000 box. All updated ok. Went over to the 2003 server. All Ad objects are there. DNS I left replicate overnight. DNS is fully operational(tested). Still no info in sysvol and no Netlogon share. Is there an easy way to fix this?
Did you wait for a while after preping the 2000 server? You should leave that overnight before adding the 2003 server.
Have you got the 2003 pointing to the 2000 for dns? You should be, only point the 2003 at its self once the dcpromo is complete. Make sure you have dns zones on the 2003 server which are AD integrated. Check you have made delegation zone on the 2000 server within the forward look up zone.
James
Have you got the 2003 pointing to the 2000 for dns? You should be, only point the 2003 at its self once the dcpromo is complete. Make sure you have dns zones on the 2003 server which are AD integrated. Check you have made delegation zone on the 2000 server within the forward look up zone.
James
ASKER
I only waited a few minutes to run the dcpromo. Then left it overnight.I check the Dns and that all replicated ok. I then changed the dns to itself this morning.
In your initial setup, did you do it like this? (assuming you already did the ADPREP)
Remote DC/DNS setup
1) Add new Windows 2003 member server to the remote site (make sure DNS is pointed to your main site Windows 2003 DNS server in this servers TCP/IP properties)
2) Run DCPROMO on the new Windows 2003 member server. Choose Additional domain controller for an already existing domain in the DCPROMO wizard.
3) Your Windows 2003 server in the remote site is now a domain controller.
At this point, we are just using the Windows 2000 server for DNS. We only have one DNS in the environment. We now should wait for sysvol and netlogon to appear.... After it does, go onto next steps. You may want to try to point both DC's to a central DNS server before moving onto the next steps:
4) After the the new DC looks Ok, install the DNS service. Add/Remove programs, Add/REmove Windows components --> Networking Services --> Chceck DNS
5) Wait a while....DNS will automatically replicated to this server. This is because the DNS database is automatically stored in Active Directory (by default). So, every DC will have a copy of the DNs database. Adding the DNS serive to a DC will enable clients to use the DNS database through the server.
6) Point DNS properly. Microsoft recommends these settings: http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
Question: Why do I have to point my domain controller to itself for DNS?
Answer: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.
So, adjust the TCP/IP settings of your new Windows 2003 DC so that TCP/IP DNS setting points to itself primarily and to your remote Windows 2003 DNS server as secondary. No other DNS servers should be listed. And remember to add the new Windows 2003 DNS server IP to your main site DNS server...as secondary.
Remote DC/DNS setup
1) Add new Windows 2003 member server to the remote site (make sure DNS is pointed to your main site Windows 2003 DNS server in this servers TCP/IP properties)
2) Run DCPROMO on the new Windows 2003 member server. Choose Additional domain controller for an already existing domain in the DCPROMO wizard.
3) Your Windows 2003 server in the remote site is now a domain controller.
At this point, we are just using the Windows 2000 server for DNS. We only have one DNS in the environment. We now should wait for sysvol and netlogon to appear.... After it does, go onto next steps. You may want to try to point both DC's to a central DNS server before moving onto the next steps:
4) After the the new DC looks Ok, install the DNS service. Add/Remove programs, Add/REmove Windows components --> Networking Services --> Chceck DNS
5) Wait a while....DNS will automatically replicated to this server. This is because the DNS database is automatically stored in Active Directory (by default). So, every DC will have a copy of the DNs database. Adding the DNS serive to a DC will enable clients to use the DNS database through the server.
6) Point DNS properly. Microsoft recommends these settings: http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
Question: Why do I have to point my domain controller to itself for DNS?
Answer: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.
So, adjust the TCP/IP settings of your new Windows 2003 DC so that TCP/IP DNS setting points to itself primarily and to your remote Windows 2003 DNS server as secondary. No other DNS servers should be listed. And remember to add the new Windows 2003 DNS server IP to your main site DNS server...as secondary.
ASKER
Ok. I did all of the above except after the dcpromo finishied. I only waited about 5 minutes and then installed DNS. I did not change the ip setting on the 2003 box until this morning,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just changed back to pointing to the 2000 bvox for dns.
Here are the event log errors.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13565
Date: 3/28/2006
Time: 8:19:22 AM
User: N/A
Computer: ITDS2
Description:
File Replication Service is initializing the system volume with data from another domain controller. Computer ITDS2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 3/28/2006
Time: 8:21:05 AM
User: N/A
Computer: ITDS2
Description:
The File Replication Service is having trouble enabling replication from \\itds1.xxx.com to ITDS2 for c:\windows\sysvol\domain using the DNS name \\itds1.xxx.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name \\itds1.xxx.com from this computer.
[2] FRS is not running on \\itds1.xxx.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 3/28/2006
Time: 8:29:05 AM
User: N/A
Computer: ITDS2
Description:
The File Replication Service is having trouble enabling replication from ITDS1 to ITDS2 for c:\windows\sysvol\domain using the DNS name itds1.itadv.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name itds1.itadv.com from this computer.
[2] FRS is not running on itds1.itadv.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
Here are the event log errors.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13565
Date: 3/28/2006
Time: 8:19:22 AM
User: N/A
Computer: ITDS2
Description:
File Replication Service is initializing the system volume with data from another domain controller. Computer ITDS2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 3/28/2006
Time: 8:21:05 AM
User: N/A
Computer: ITDS2
Description:
The File Replication Service is having trouble enabling replication from \\itds1.xxx.com to ITDS2 for c:\windows\sysvol\domain using the DNS name \\itds1.xxx.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name \\itds1.xxx.com from this computer.
[2] FRS is not running on \\itds1.xxx.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 3/28/2006
Time: 8:29:05 AM
User: N/A
Computer: ITDS2
Description:
The File Replication Service is having trouble enabling replication from ITDS1 to ITDS2 for c:\windows\sysvol\domain using the DNS name itds1.itadv.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name itds1.itadv.com from this computer.
[2] FRS is not running on itds1.itadv.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
I am assuming that you have done this already: http://www.windowsitpro.com/windowsnt20002003faq/Article/ArticleID/48807/windowsnt20002003faq_48807.html
Did you get any errors?
Can you reboot the Windows 2000 DC? After it comes back online, reboot the Windows 2003 server.
I think you have this setup up right now...with regards to TCP/IP settings of DC's:
Server Windows 2000 Name: ITDS1
IP: 10.10.10.5
Subnet: 255.255.255.0
DNS: 10.10.10.5 <-- pointing only to itself
Server Windows 2003 Name: ITDS2
IP: 10.10.10.6
Subnet: 255.255.255.0
DNS: 10.10.10.5 <-- pointing only to ITDS1
Did you get any errors?
Can you reboot the Windows 2000 DC? After it comes back online, reboot the Windows 2003 server.
I think you have this setup up right now...with regards to TCP/IP settings of DC's:
Server Windows 2000 Name: ITDS1
IP: 10.10.10.5
Subnet: 255.255.255.0
DNS: 10.10.10.5 <-- pointing only to itself
Server Windows 2003 Name: ITDS2
IP: 10.10.10.6
Subnet: 255.255.255.0
DNS: 10.10.10.5 <-- pointing only to ITDS1
ASKER
I built the 2003r2 server from clean disk. I used the server2003r2 cds to install so I never needed to upgrade.
I cannot reboot the 2000 dc at this time.
I also took a snapshotof the 2003 server before the dcpromo. Would it make sense to demote(make memeber server) then revert back. Run adprep on the 2000 box wait overnight. Run dcpromo on the 2003 box. Wait overnight then install dns.
I cannot reboot the 2000 dc at this time.
I also took a snapshotof the 2003 server before the dcpromo. Would it make sense to demote(make memeber server) then revert back. Run adprep on the 2000 box wait overnight. Run dcpromo on the 2003 box. Wait overnight then install dns.
ASKER
it appears the problem is with the 2000 box. from its event log
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13568
Date: 3/28/2006
Time: 10:40:43 AM
User: N/A
Computer: ITDS1
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\winnt\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13568
Date: 3/28/2006
Time: 10:40:43 AM
User: N/A
Computer: ITDS1
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\winnt\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
ASKER
I fixed it. On the 2000 box I did the following
To change this registry parameter, run regedit. Click on Start, Run and
> type regedit. Expand HKEY_LOCAL_MACHINE.
> Click down the key path:
> "System\CurrentControlSet\
> Double click on the value name
> "Enable Journal Wrap Automatic Restore" and update to 1.
If not create new dword. value 1
Restart the file rep service. When done. Change value back.
Went to the 2003 box and restarted the replication service.
Now I get:
"The File Replication Service is no longer preventing the computer ITDS2 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL."
All is well. Thanks for the help.
To change this registry parameter, run regedit. Click on Start, Run and
> type regedit. Expand HKEY_LOCAL_MACHINE.
> Click down the key path:
> "System\CurrentControlSet\
> Double click on the value name
> "Enable Journal Wrap Automatic Restore" and update to 1.
If not create new dword. value 1
Restart the file rep service. When done. Change value back.
Went to the 2003 box and restarted the replication service.
Now I get:
"The File Replication Service is no longer preventing the computer ITDS2 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL."
All is well. Thanks for the help.
ASKER