Rebuild W2K3 R2 Domain-Based DFS after the PDC Dead

Hi all,

My setting of the DFS is



DFS Folder:
Design Department

DFS Folder Target:
Point to
\\FS01\Design Department FS01
\\FS02\Design Department FS01

DFS Replication Setted copy the data from FS01

I have two W2K3 R2 Server, both install AD, and DNS, plus, the most important is Domain-Based DSF for us, and the first one AD machine named FS01, the second on is FS02 .. the domain are company.local

Now the First DC is dead (It hold the FULL five FSMO), then I post questions here to find the help to seize the second DC to be the first DC and seize the five FSMO to the second DC.

Please see the questions here can see what I do .

After the seize, then I remove the metabase clean up, then reinstall the W2K3 R2 on the first failed DC, and give it same computer name FS01 ... it is a total clean install, and then join it to the domain ... to become second DC here.... it all work ...

But now, the DFS and DFS replication not work, it is mean the FS02 (Now from second DC to be PDC hoid five FSMO) DFS Management interface can see something here, like the namespace etc. but the FS01 inform are all red "X" here. it is mean lose all FS01's setting,

And then I go to FS01 and open the DFS Management interface, it is nothing HERE, like I have not make the DFS before for the install, No Namespaces, no replication record etc, how to rebuild the full Domain-Based DFS like it working before the first DC dead?

On FS02, I check the Namespaces tab, where the RED "X" of the DESIGN DEPARTMENT and see the error, it show me
<Unknow> (Design Department)
The member
CN=bdxxxxxxxx, CN=Topology, CN=company.local\\egr\\design
department, CN=DFSR-GlobalSettings, CN=System, DC=company,DC=local does not refer to a valid computer object

On FS02, I check the Replication tab, where the RED "X" of the MEMBERSHIP and see the error, it show me
<Unknow> (Design Department)
The member
CN=bdxxxxxxxx, CN=Topology, CN=company.local\\egr\\design
department, CN=DFSR-GlobalSettings, CN=System, DC=company,DC=local does not refer to a valid computer object

On FS02, I check the Replication tab, where the RED "X" of the CONNECTIONS, it also show me two RED "X" here both FS02 and FS01 (Unknow)
DC=local object in Active Directory is invalid

How to rebuild the Domain-Based DFS on my case, or on my rebuild the first failed DC step is something miss or wrong?

Thank you.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

any specific errors in event viewer...

see if your sysvol folder is shared... and other replications are working
is others are replicating then it means FRS is working and problem with DFS...

have you opened the ports for replication??

DFS Replication uses the RPC Endpoint Mapper (port 135) and a randomly assigned ephemeral port above 1024. You can use the Dfsrdiag command line tool to specify a static port instead of the ephemeral port. For more information about how to specify the RPC Endpoint Mapper, see article 154596 in the Microsoft Knowledge Base
explorerjimmy1979Author Commented:

What is your mean of "is others are replicating ..."

And on the eVent viewer, I need find what type of error?

Yes have some error on FS01, anf FS02's event viewer, under "File Repliication Service"
DFS Replication, and DNS too...
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

explorerjimmy1979Author Commented:
DNS Log on FS02 (Now it is FSMO five role DC)
It IP is

And DNS setting is, and (FS01)

And I finded some special by Start --> Admin Tool --> DNS...

On the
Have a record called "gc" and it is a A record, point to (FS01) the old failed DC, but I have done the seize step before and make the FS02 to the GC, why DNS have this recrod point to the old DC?

Here are some error long I find in Event Viewer's DNS Log

Event ID: 6702
DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.


Event ID 4015
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at
explorerjimmy1979Author Commented:
Here are some "File Replication Service" Log on FS02

Event ID: 13509
The File Replication Service has enabled replication from FS01 to FS02 for c:\windows\sysvol\domain after repeated retries.

For more information, see Help and Support Center at

Event ID: 13508
The File Replication Service is having trouble enabling replication from FS01 to FS02 for c:\windows\sysvol\domain using the DNS name fs01.egr.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 [1] FRS can not correctly resolve the DNS name fs01.egr.local from this computer.
 [2] FRS is not running on fs01.egr.local.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at
explorerjimmy1979Author Commented:
Event Viewer of FS02's "Directory Service"

Event ID: 1126
Active Directory was unable to establish a connection with the global catalog.
Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller.  You may use the nltest utility to diagnose this problem.

For more information, see Help and Support Center at

Event ID:1308
The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
Domain controller:
CN=NTDS Settings,CN=FS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=egr,DC=local
Period of time (minutes):
The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.

For more information, see Help and Support Center at

Event ID: 2087
Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
Source domain controller:
Failing DNS host name:
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
User Action:
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on 
  dcdiag /test:dns
 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
  dcdiag /test:dns
 5) For further analysis of DNS error failures see KB 824449:
Additional Data
Error value:
 11004 The requested name is valid, but no data of the requested type was found.

For more information, see Help and Support Center at


explorerjimmy1979Author Commented:
Or anyone that can teach me how to total rebuild the AD with Domain-Based DFS like my case on the right step and way?

Thank you.
i meant that before deploying dfs first solve FRS issues looks like it cannot connect with GC server...

check this link this guy was having the same problem...

see if sysvol is shared on FS02 and it has all the correct permissions...

did you format FS01 before installation...
explorerjimmy1979Author Commented:
Yes, FS01 total format with NTFS with new install after I resize to FS02

And then point FS01's DNS to FS02 and then clean the metabase like what I said on the above link other experts give me.

Then join the Domain, later then find the problems ..

I had check the SYSVOL on FS02 and FS01 are both shared, and the permission look like same.

Can not connect to the GC is on the step, I had not give FS02 to be the GC, now I fixed the GC problems already, but the FRS and DFS look like still not working ...

I will try your link later. See what will happened ..
when you try to solve out replication. problem do give time cause replication will take on its own time..
explorerjimmy1979Author Commented:

Do I need manual recreat the DFS Root Directory and the Share Directory after reinstall the FS01 Server?

My E:\ are no folder here. (I total formated all HDD Partition while reinstall the FS01)

So, do it is because it?

If so, how to recreat? By DFS Management or other way?

Above inform just let you know more my environment after reinstall the FS01 ..

Hope above inform have some helpful.

Thank you so much too.
Do those file appear on any one of the server?? if its not any one of them then you have to create them manually... if it is on one server then try to replicate them manually... inital replication wil ltake some time though...

same goes with namespace root if its not on any one of them then manually create it...
follow instructions from following website to create namespace and replication..

If you plan to use DFS Replication, you must first update the Active Directory schema to install the Active Directory components of DFS Replication. To upgrade the schema, on the schema operations master, run adprep.exe /forestprep. The adprep.exe command-line tool is available in the Cmpnents\R2\Adprep folder on the second Windows Server 2003 R2 installation CD.

Also check the following link to install these servics..
to manually remove old server if it is showing on management console and doesnt allow you to remove it then you have to use the command prompt to forcably remove it... using dfsutil..

run dfsutil /root:\\\share /export:share.txt

Share.txt will look something like

<?xml version="1.0"?>
<Root Name="\\DOMAIN\Share" State="1" Timeout="300" >
 <Target Server="FAILEDSERVER" Folder="Share" State="2"/>
 <Target Server="GOODSERVER" Folder="Share" State="2"/>

To delete the failedserver,

dfsutil /unmapftroot /root:\\domain\share /server:failedserver /share:share

restart the File Server Management Console. However, once done, everything will be good again
Also... here is wht i read from microsoft website...

If you are performing a clean installation on a file server that contains a domain-based DFS root, remove the server as a DFS root before you begin the installation.
" If you are performing a clean installation on a member of an FRS replica set, use the Distributed File System snap-in (available in Windows Server 2003 or in the Windows Server 2003 Administration Tools Pack) to remove all inbound and outbound FRS connections to the server before beginning the clean installation.
look at dfsutil help as well from command prompt most of the time you can perofrm actions which are usually not available or doesnt work sometimes in mmc...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
To help you trouble shoot this issue please download the Microsoft Product Support Reporting tool from the link below: MPSRPT_DirSvc.EXE 
Microsoft Product Support's Reporting Tools - Download the following tool from the link above and execute.
Hope this report help you to find the problem, in addition I suggest to make sure AD replicatin, DNS and all networking requirement for DFS is in place before you trouble shoot DFS.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.