Which DC should I reset machine account?
I have a single domain called something like abc.xyz.com. There is one DC/DNS/GC running on a slow old PC, I tried to set up a new pc and transfered all 5 role of FSMO to the new PC. It went successfully. I just checked the role on each DC, the roles changed there. But the problem here is when I run DCDIAG /FIX on new DC, I got one of the fail message: Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC....
Also when I tried to do replication from site and service (Both DC are GCs), I got "The following error occurred during the attempt to synchronize the domain controllers: Access is denied"....
*both the DCs running windows 2000 sp4. They are poingting theirself for DNS and they are AD-Intergrated. DNS is also working well, I didn't see any DNS errors.
I didn't see any problem wit AD replication. I tried to create a user one DC and it replicates to the other DC.
I think maybe the password is out of sync, that's why I got access denied... But for the part of SYSVOL not been completely replicated..... Does this one has anything to do with resetting the password? If so which DC should I reset password?
I have read a post and the person successfully solved the problem. But his way looks wired to me... The person reset the password on the DC running PDC though....
http://www.tek-tips.com/viewthread.cfm?qid=756697
His solution is at the last post.
Also when I tried to do replication from site and service (Both DC are GCs), I got "The following error occurred during the attempt to synchronize the domain controllers: Access is denied"....
*both the DCs running windows 2000 sp4. They are poingting theirself for DNS and they are AD-Intergrated. DNS is also working well, I didn't see any DNS errors.
I didn't see any problem wit AD replication. I tried to create a user one DC and it replicates to the other DC.
I think maybe the password is out of sync, that's why I got access denied... But for the part of SYSVOL not been completely replicated..... Does this one has anything to do with resetting the password? If so which DC should I reset password?
I have read a post and the person successfully solved the problem. But his way looks wired to me... The person reset the password on the DC running PDC though....
http://www.tek-tips.com/viewthread.cfm?qid=756697
His solution is at the last post.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No.
ASKER
why? can you explain to me?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok. I wil try it. Do you know how to reproduce the problem? I mea to make one of my DC to have this errormessage "Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC...."
I want to test it on my lab as well..
I want to test it on my lab as well..
This happens. I have never really had a trend or knowing exactly when it would happen. You can try to dcpromo with only itself as DNS because this had cause an issue with me.
ASKER
you mean to make a new DC? and point itself as DNS? if so, this will fail at the beginning.
Sorry left a sentence out. Start the Dc promo process then remove the other DCs IP address. Then have it by itself.
ASKER
just to confirm.. you mean I start a dcpromo dns:old dc
right after dcpromo success, I change its DNS to point to itself?
right after dcpromo success, I change its DNS to point to itself?
Correct. Try this out. I can't for sure tell you that it will fail with this error because this error doesn't seem to happen in the same Scenario everytime it happens.
ASKER
unfortunately... it didn't work ... cannot produce the problem...
I read the article http://support.microsoft.com/kb/290762
There are 3 bold title there: Nonauthoritative restore, Authoritative FRS restore and Global vs. replica set specific reinitialization.
Nonauthoritative restore and Authoritative FRS restore are simillar, either D2 or D4.
But what's the difference between above and Global vs. replica set specific reinitialization?
I read the article, but still don't understand well....
I read the article http://support.microsoft.com/kb/290762
There are 3 bold title there: Nonauthoritative restore, Authoritative FRS restore and Global vs. replica set specific reinitialization.
Nonauthoritative restore and Authoritative FRS restore are simillar, either D2 or D4.
But what's the difference between above and Global vs. replica set specific reinitialization?
I read the article, but still don't understand well....
ASKER
I guess the first one "Nonauthoritative restore and Authoritative FRS restore" is just to restore...
and the second one "Global vs. replica set specific reinitialization" is to rebuild?
So I think I should always try restore first, if that didn't work, I rebuild?
and the second one "Global vs. replica set specific reinitialization" is to rebuild?
So I think I should always try restore first, if that didn't work, I rebuild?
Try the Nonauthoritative restore first.
ASKER
ok. I was trying to reproduce the problem. So I just deleted the sub folder under domain name in SYSVOL on first DC.
I tried to do this:
1) Stop the FRS service on both DCs.
2) On the primary DC (the one with the GOOD sysvol), open Regedit and find this key: HKEY_LOCAL_MACHINE\SYSTEM\
(where GUID is the domain GUID)
3) Change the value of this entry to D4
4) On the other server, open Regedit and go to the same key but set the value to D2.
5) Start the FRS service on the server you made D4 *FIRST*
6) Wait a few minutes.
7) Start the FRS service on the server you made D2.
But it didn't fix the problem. I see 2 error message in event log. (in screenshot).
Netdiag /fix, everthing passed on both DCs.
Dcdiag /fix - one error:
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
Do you think the way I run burflag not correct?
gp1.JPG
gp2.JPG
I tried to do this:
1) Stop the FRS service on both DCs.
2) On the primary DC (the one with the GOOD sysvol), open Regedit and find this key: HKEY_LOCAL_MACHINE\SYSTEM\
(where GUID is the domain GUID)
3) Change the value of this entry to D4
4) On the other server, open Regedit and go to the same key but set the value to D2.
5) Start the FRS service on the server you made D4 *FIRST*
6) Wait a few minutes.
7) Start the FRS service on the server you made D2.
But it didn't fix the problem. I see 2 error message in event log. (in screenshot).
Netdiag /fix, everthing passed on both DCs.
Dcdiag /fix - one error:
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
Do you think the way I run burflag not correct?
gp1.JPG
gp2.JPG
Do you have the SYSVOL folder?
ASKER
yes, I still have sysvol folder. I just deleted the sub folder under domain name folder in SYSVOL share.
ASKER
I deleted those folder under domain name folder. But after I run burflag, it got the 2 folders back as shown here. So I really don't know why I am still have the error message since it's already replicated from other DC which has a good copy.
sysvol.JPG
sysvol.JPG
Have your restarted the DC yet?
ASKER
i did on both
You can try copying the sysvol from the other working DC to see if that fixes the problem
ASKER
And it's rebuilding SYSVOL....
I don't need to reset machine account password first??
http://support.microsoft.com/kb/260575/en-us