• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 721
  • Last Modified:

Replication problem

Hi,

I've migrated a domain controller to a new machine over the week-end.
I've dcpromoted the new machine to the domain and waited for things to replicate.
Then, I renamed the old server to ServerOld and ServerNew to Server and repointed swap the static IPs of the two servers.
I've not yet demoted the old server.

Now, my PDC, on another site, seems confused and replication between it doesn't work.
It just sees the old DC and the new one, but with their old computer names.

I think it is maybe confused by the fact that the servers were renamed before the PDC had a chance to be aware of it ?

Any idea of what I shall do ?

Thanks in advance.
0
Vorenus
Asked:
Vorenus
  • 2
  • 2
1 Solution
 
ocon827679Commented:
You can force replication with replmon (ensure you select to replicate across the sites.)  I think that maybe you just need to wait.  Changing a dc name is supported, so it should work itself out.
0
 
VorenusAuthor Commented:
Thanks ocon,

The two DC on the same site replicated themselves well, but the PDC didn't see the change for some reason and still think that the old server bears the name that is now on the new server.

The servers were called Bradford, which became BradfordOld and BradfordNew became Bradford
Thame is the Primary Domain Controller, located on another site as I said.

It has been several days now (did that on Friday evening) : I think it should have replicated already.
In addition, I keep seeing this entry in the event log of the new domain controller :

Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13508
Date:            06/08/2007
Time:            15:02:14
User:            N/A
Computer:      BRADFORD
Description:
The File Replication Service is having trouble enabling replication from THAME to BRADFORD for c:\windows\sysvol\domain using the DNS name THAME.company.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name THAME.company.local from this computer.
 [2] FRS is not running on THAME.company.local.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0d 00 00 00               ....    

which seems to indicate that an action is probably required.

Here is the result of a FRSDiag on BradfordOld :
------------------------------------------------------------
FRSDiag v1.7 on 06/08/2007 15:27:41
.\BRADFORDOLD on 2007-08-06 at 15.27.41
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....       
NtFrs      06/08/2007 14:55:40      Warning      13520      The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.        The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time.  Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying  the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist  on some other replicating partner.        In some cases, the File Replication Service may copy a file  from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other  replicating partner.        Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.      
NtFrs      06/08/2007 14:50:40      Error      13552      The File Replication Service is unable to add this computer to the following  replica set:        "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"        This could be caused by a number of problems such as:      --  an invalid root path,      --  a missing directory,      --  a missing disk volume,      --  a file system on the volume that does not support NTFS 5.0        The information below may help to resolve the problem:    Computer DNS name is "BradfordOld.company.local"    Replica set member name is "BRADFORDNEW"    Replica set root path is "c:\windows\sysvol\domain"    Replica staging directory path is "c:\windows\sysvol\staging\domain"    Replica working directory path is "c:\windows\ntfrs\jet"    Windows error status code is ERROR_BAD_COMMAND    FRS error status code is FrsErrorResourceInUse        Other event log messages may also help determine the problem.  Correct the  problem and the service will attempt to restart replication automatically at  a later time.      
NtFrs      06/08/2007 14:50:40      Error      13544      The File Replication Service cannot replicate c:\windows\sysvol\domain because it overlaps  the replicating directory c:\windows\sysvol\domain.      
NtFrs      05/08/2007 22:37:55      Warning      13508      The File Replication Service is having trouble enabling replication  from THAME to BRADFORDOLD for c:\windows\sysvol\domain using the DNS name THAME.company.local. FRS will keep retrying.     Following are some of the reasons you would see this warning.         [1] FRS can not correctly resolve the DNS name THAME.company.local from this computer.     [2] FRS is not running on THAME.company.local.     [3] The topology information in the Active Directory for this replica has not  yet replicated to all the Domain Controllers.         This event log message will appear once per connection, After the problem  is fixed you will see another event log message indicating that the connection  has been established.      
NtFrs      04/08/2007 21:52:55      Warning      13508      The File Replication Service is having trouble enabling replication  from THAME to BRADFORDOLD for c:\windows\sysvol\domain using the DNS name THAME.company.local. FRS will keep retrying.     Following are some of the reasons you would see this warning.         [1] FRS can not correctly resolve the DNS name THAME.company.local from this computer.     [2] FRS is not running on THAME.company.local.     [3] The topology information in the Active Directory for this replica has not  yet replicated to all the Domain Controllers.         This event log message will appear once per connection, After the problem  is fixed you will see another event log message indicating that the connection  has been established.
      WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!

 ......... failed 4
Checking for errors in Directory Service Event Log .... passed
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ...
      ERROR: This server's "Member Ref" property for the SYSVOL volume does NOT seem to be correct !!!
            To fix this, use ADSIEdit and edit the "fRSMemberReference" Property of the nTFRSSubscriber object named "CN=Domain System Volume (SYSVOL share)" located under this Server's Computer Object.
            This value should match the FQDN of this Server. Current Values are:
                  Current Value   = "CN=BRADFORDNEW,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=company,DC=local"
                  Suggested Value = "CN=BRADFORDOLD,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=company,DC=local"
                       Please note there is a small chance the above Suggested Value may not be correct - See below for more info on what the Proper Value should be!
            For more Info See KB Article : 312862 Recovering Missing FRS Objects and FRS Attributes in Active Directory - Search for the step about Updating the "fRSMemberReference" object (Step 8 on the "Recovering from Deleted FRS Objects" section
 ......... failed with 1 error(s)
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
      ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                     3432:   904: S0: 01:03:25> :SR: Cmd 013930f0, CxtG d6a7b7a6, WS ERROR_ACCESS_DENIED, To   BRADFORD.company.local Len:  (642) [SndFail - Send Penalty]
      ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                     5256:   877: S0: 01:03:25> :SR: Cmd 013a3e98, CxtG dcda0342, WS ERROR_ACCESS_DENIED, To   BRADFORD.company.local Len:  (372) [SndFail - rpc call]
      ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                     5256:   904: S0: 01:03:25> :SR: Cmd 013a3e98, CxtG dcda0342, WS ERROR_ACCESS_DENIED, To   BRADFORD.company.local Len:  (372) [SndFail - Send Penalty]
      ERROR on NtFrs_0004.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <FrsDsGetName:                  1892:  4580: S0: 20:15:25> :DS: ERROR - DsCrackNames(cn=bradfordnew,ou=domain controllers,dc=company,dc=local, 00000002);  WStatus: RPC_S_CALL_FAILED_DNE

      Found 4 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above
      Found 1 RPC_S_CALL_FAILED_DNE error(s)! Latest ones (up to 3) listed above

 ......... failed with 5 error entries
Checking NtFrs Service (and dependent services) state...
      ERROR : Cannot access NETLOGON share on BRADFORDOLD
 ......... failed 1
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...passed


Final Result = failed with 11 error(s)

Same for Bradford (previously BradfordNew)

------------------------------------------------------------
FRSDiag v1.7 on 06/08/2007 15:46:12
.\BRADFORD on 2007-08-06 at 15.46.12
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....       
NtFrs      06/08/2007 15:02:14      Warning      13508      The File Replication Service is having trouble enabling replication  from THAME to BRADFORD for c:\windows\sysvol\domain using the DNS name THAME.company.local. FRS will keep retrying.     Following are some of the reasons you would see this warning.         [1] FRS can not correctly resolve the DNS name THAME.company.local from this computer.     [2] FRS is not running on THAME.company.local.     [3] The topology information in the Active Directory for this replica has not  yet replicated to all the Domain Controllers.         This event log message will appear once per connection, After the problem  is fixed you will see another event log message indicating that the connection  has been established.      
NtFrs      06/08/2007 14:54:43      Warning      13520      The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.        The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time.  Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying  the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist  on some other replicating partner.        In some cases, the File Replication Service may copy a file  from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other  replicating partner.        Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.      
NtFrs      06/08/2007 14:49:42      Error      13552      The File Replication Service is unable to add this computer to the following  replica set:        "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"        This could be caused by a number of problems such as:      --  an invalid root path,      --  a missing directory,      --  a missing disk volume,      --  a file system on the volume that does not support NTFS 5.0        The information below may help to resolve the problem:    Computer DNS name is "BRADFORD.company.local"    Replica set member name is "BRADFORD"    Replica set root path is "c:\windows\sysvol\domain"    Replica staging directory path is "c:\windows\sysvol\staging\domain"    Replica working directory path is "c:\windows\ntfrs\jet"    Windows error status code is ERROR_BAD_COMMAND    FRS error status code is FrsErrorResourceInUse        Other event log messages may also help determine the problem.  Correct the  problem and the service will attempt to restart replication automatically at  a later time.      
NtFrs      06/08/2007 14:49:42      Error      13544      The File Replication Service cannot replicate c:\windows\sysvol\domain because it overlaps  the replicating directory c:\windows\sysvol\domain.
      WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!

 ......... failed 4
Checking for errors in Directory Service Event Log .... passed
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
      ERROR on NtFrs_0002.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                     2600:   904: S0: 13:16:35> :SR: Cmd 013a0130, CxtG dcda0342, WS ERROR_ACCESS_DENIED, To   Bradford.company.local Len:  (378) [SndFail - Send Penalty]
      ERROR on NtFrs_0002.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                     2600:   877: S0: 13:17:24> :SR: Cmd 01432dc0, CxtG d6a7b7a6, WS ERROR_ACCESS_DENIED, To   Bradford.company.local Len:  (378) [SndFail - rpc call]
      ERROR on NtFrs_0002.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                     2600:   904: S0: 13:17:24> :SR: Cmd 01432dc0, CxtG d6a7b7a6, WS ERROR_ACCESS_DENIED, To   Bradford.company.local Len:  (378) [SndFail - Send Penalty]
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <FrsDsGetName:                  1780:  4580: S0: 20:32:26> :DS: ERROR - DsCrackNames(cn=bradford,ou=domain controllers,dc=company,dc=local, 00000002);  WStatus: RPC_S_CALL_FAILED_DNE

      Found 27 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above
      Found 1 RPC_S_CALL_FAILED_DNE error(s)! Latest ones (up to 3) listed above

 ......... failed with 28 error entries
Checking NtFrs Service (and dependent services) state...
      ERROR : Cannot access NETLOGON share on BRADFORD
 ......... failed 1
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...passed


Final Result = failed with 33 error(s)

I've changed the fRSMemberReference property for BradfordNew with what it has suggested and ADSIEdit accepted the change, but it doesn't accept the suggestion for BradfordOld.

Please help : AD isn't really my field of expertise and I'm really confused now.
Thanks in advance.
0
 
ocon827679Commented:
Does replmon (run from the command line) show replication errors between these same computers?

If it does check your DNS settings on the servers to ensure that they are pointed to the proper dns server.  Ensure that the DNS server service is available and that the SRV records for all DC's is in place.  If there are issues with replmon, and /or your dns doesn't look right (improper "A" records or SRV records for the DC's, etc) then check for connectivity issues.
0
 
VorenusAuthor Commented:
I've added A records that were missing on the PDC and tweaked some things...
I'm not really sure what helped exactly, but I see the proper servers names on the PDC...

Now, I'm getting into another problem though : http://www.experts-exchange.com/Networking/Windows_Networking/Q_22744760.html in case you can help.
Thanks.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now