Solved

Domain controller SYSVOL not shared

Posted on 2009-04-14
21
6,216 Views
Last Modified: 2012-05-06
We are facing some serious issues with our second Win2k3 server R2 based DC.
It looks like that it is not working properly. We really need some help to get it back working.

ERROR 1:
net share  command does not show SYSVOL as shared!

ERROR 2:
dcidag shows this (only errors shown, all other dcdiag test passed OK):
Unable to connect to the NETLOGON share! (\\SRV02\netlogon)
[SRV02] An net use or LsaPolicy operation failed with error 1203, Win32
Error 1203.
......................... SRV02 failed test NetLogons
tarting test: Advertising
Warning: DsGetDcName returned information for \\Srv01.DOMAIN.local, w
hen we were trying to reach SRV02.
Server is not responding or is not considered suitable.
...................... SRV02 failed test Advertising

ERROR 3: dcdiag shows
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SRV02 failed test frsevent
      Starting test: systemlog
     An Error Event occured.  EventID: 0x00000457
...
...
       (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/15/2009   07:18:18
            (Event String could not be retrieved)
......................... SRV02 failed test systemlog


ERROR 4:
netdiag:
Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.
Allother netdiag tests pass OK.

Can you please help me to resolve the issue?
0
Comment
Question by:ivugrinec
  • 9
  • 6
  • 3
  • +2
21 Comments
 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
First you should check that your DNS is correct since AD is total dependent on it. Also check that Srv01.DOMAIN.local do point to itself as prefered DNS on the NIC (not loop back address)

Then you could try a "D2 Burflag" to reinitialize File Replication Service replica sets: http://support.microsoft.com/kb/290762/en-us


SG

0
 
LVL 3

Expert Comment

by:chrishudson123
Comment Utility
Before looking into SYSVOL,first make sure that AD replication i s fine.IF AD replication is working fine then you can look at FRS events which will guide you to the right area.You can try D2,that is just puling the SYSVOL contents from partners if the configuration correct.If you can attach frsdiag output I can point out exact issue.You can refer following articles
1)http://support.microsoft.com/kb/312862
You can try D2 (http://support.microsoft.com/kb/290762/en-us) and deletion of NTFRS jet folder ,it is just a shoot in dark troubleshooting :)
0
 

Author Comment

by:ivugrinec
Comment Utility
snusgubben, I just tryed "D2 Burnflag but FRS service has not been able to reinitialize File Replication Service!
I think DNS is working fine.

chrishudson123,
I just tryed "D2 Burnflag but FRS service has not been able to reinitialize File Replication Service!
I have run frsdiag. I have multiple files of logs. Which one do you need?

ONE IMPORTANT THING I HAVE FORGOT TO MENTION: ntfrs service was disabled for long time (weeks) on both servers. DFSR service (windows server 2003 R2)  was enabled and active all the time.
0
 

Author Comment

by:ivugrinec
Comment Utility
I have folowing event ids on my log: (notice that Event ID:      13554 has srv01.DOMAIN.local two times):
Event Type:	Information

Event Source:	NtFrs

Event Category:	None

Event ID:	13554

Date:		15.4.2009

Time:		9:46:24

User:		N/A

Computer:	SRV02

Description:

The File Replication Service successfully added the connections shown below to the replica set: 

    "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" 

 

      "Srv01.DOMAIN.local" 

      "Srv01.DOMAIN.local" 

      

      
 

Event Type:	Warning

Event Source:	NtFrs

Event Category:	None

Event ID:	13508

Date:		15.4.2009

Time:		9:48:04

User:		N/A

Computer:	SRV02

Description:

The File Replication Service is having trouble enabling replication from SRV01 to SRV02 for c:\windows\sysvol\domain using the DNS name Srv01.DOMAIN.local. FRS will keep retrying. 

 Following are some of the reasons you would see this warning. 

 

 [1] FRS can not correctly resolve the DNS name Srv01.DOMAIN.local from this computer. 

 [2] FRS is not running on Srv01.DOMAIN.local. 

 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. 

 

 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Open in new window

0
 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
Can you reach the SYSVOL? \\servername\SYSVOL

Do you know for how many weeks the ntfrs service was disabled? (not more then 60 days I hope)

Run this command from cmd: repadmin /showreps

Please post the output of: dcdiag /v /e /c


SG

0
 

Author Comment

by:ivugrinec
Comment Utility
ntfrs service was disabled more than 60 days...

repadmin /showreps

C:\Documents and Settings\Administrator.DOMAIN>repadmin /showreps
Default-First-Site\SRV02
DC Options: IS_GC
Site Options: (none)
DC object GUID: c71b4468-ea36-4029-9540-aa39d1c83df3
DC invocationID: 20afd837-7c19-4d4c-b9a2-d27c4d6b9703

==== INBOUND NEIGHBORS ======================================

DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:51:19 was successful.

CN=Configuration,DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:48:44 was successful.

CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:48:44 was successful.

DC=DomainDnsZones,DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:48:44 was successful.

DC=ForestDnsZones,DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:48:44 was successful.

C:\Documents and Settings\Administrator.DOMAIN>







Domain Controller Diagnosis
 

Performing initial setup:

   * Verifying that the local machine Srv02, is a DC. 

   * Connecting to directory service on server Srv02.

   * Collecting site info.

   * Identifying all servers.

   * Identifying all NC cross-refs.

   * Found 2 DC(s). Testing 2 of them.

   Done gathering initial info.
 

Doing initial required tests

   

   Testing server: Default-First-Site\SRV01

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... SRV01 passed test Connectivity

   

   Testing server: Default-First-Site\SRV02

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... SRV02 passed test Connectivity
 

Doing primary tests

   

   Testing server: Default-First-Site\SRV01

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... SRV01 passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=TAPI3Directory,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... SRV01 passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=TAPI3Directory,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... SRV01 passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC SRV01.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=DOMAIN,DC=local

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=DOMAIN,DC=local

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=TAPI3Directory,DC=DOMAIN,DC=local

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=DOMAIN,DC=local

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=DOMAIN,DC=local

            (Domain,Version 2)

         ......................... SRV01 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\SRV01\netlogon

         Verified share \\SRV01\sysvol

         ......................... SRV01 passed test NetLogons

      Starting test: Advertising

         The DC SRV01 is advertising itself as a DC and having a DS.

         The DC SRV01 is advertising as an LDAP server

         The DC SRV01 is advertising as having a writeable directory

         The DC SRV01 is advertising as a Key Distribution Center

         The DC SRV01 is advertising as a time server

         The DS SRV01 is advertising as a GC.

         ......................... SRV01 passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         Role Domain Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         Role PDC Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         Role Rid Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         ......................... SRV01 passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 3610 to 1073741823

         * Srv01.DOMAIN.local is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 2110 to 2609

         * rIDPreviousAllocationPool is 1110 to 1609

         * rIDNextRID: 1383

         ......................... SRV01 passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC SRV01 on DC SRV01.

         * SPN found :LDAP/Srv01.DOMAIN.local/DOMAIN.local

         * SPN found :LDAP/Srv01.DOMAIN.local

         * SPN found :LDAP/SRV01

         * SPN found :LDAP/Srv01.DOMAIN.local/DOMAIN

         * SPN found :LDAP/a847d961-166f-4c51-953f-51f5190cb19f._msdcs.DOMAIN.local

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a847d961-166f-4c51-953f-51f5190cb19f/DOMAIN.local

         * SPN found :HOST/Srv01.DOMAIN.local/DOMAIN.local

         * SPN found :HOST/Srv01.DOMAIN.local

         * SPN found :HOST/SRV01

         * SPN found :HOST/Srv01.DOMAIN.local/DOMAIN

         * SPN found :GC/Srv01.DOMAIN.local/DOMAIN.local

         ......................... SRV01 passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... SRV01 passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... SRV01 passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         SRV01 is in domain DC=DOMAIN,DC=local

         Checking for CN=SRV01,OU=Domain Controllers,DC=DOMAIN,DC=local in domain DC=DOMAIN,DC=local on 2 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 2 servers

            Object is up-to-date on all servers.

         ......................... SRV01 passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... SRV01 passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         There are warning or error events within the last 24 hours after the
 

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
 

         Group Policy problems. 

         An Error Event occured.  EventID: 0xC0003500

            Time Generated: 04/14/2009   20:13:29

            (Event String could not be retrieved)

         ......................... SRV01 failed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... SRV01 passed test kccevent

      Starting test: systemlog

         * The System Event log test

         Found no errors in System Event log in the last 60 minutes.

         ......................... SRV01 passed test systemlog

      Starting test: VerifyReplicas

         ......................... SRV01 passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=SRV01,OU=Domain Controllers,DC=DOMAIN,DC=local and backlink on
 

         CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN={92c2ebd0-63e8-49d1-9f53-aec552fd63d8},CN=silos,CN=silos,CN=DFS Volumes,CN=File Replication Service,CN=System,DC=DOMAIN,DC=local
 

         and backlink on CN=SRV01,OU=Domain Controllers,DC=DOMAIN,DC=local
 

         are correct. 

         The system object reference (serverReferenceBL)
 

         CN=SRV01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAIN,DC=local
 

         and backlink on
 

         CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
 

         are correct. 

         ......................... SRV01 passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... SRV01 passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC SRV01 for domain DOMAIN.local in site Default-First-Site

         Checking machine account for DC SRV01 on DC SRV01.

         * SPN found :LDAP/Srv01.DOMAIN.local/DOMAIN.local

         * SPN found :LDAP/Srv01.DOMAIN.local

         * SPN found :LDAP/SRV01

         * SPN found :LDAP/Srv01.DOMAIN.local/DOMAIN

         * SPN found :LDAP/a847d961-166f-4c51-953f-51f5190cb19f._msdcs.DOMAIN.local

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a847d961-166f-4c51-953f-51f5190cb19f/DOMAIN.local

         * SPN found :HOST/Srv01.DOMAIN.local/DOMAIN.local

         * SPN found :HOST/Srv01.DOMAIN.local

         * SPN found :HOST/SRV01

         * SPN found :HOST/Srv01.DOMAIN.local/DOMAIN

         * SPN found :GC/Srv01.DOMAIN.local/DOMAIN.local

         [SRV01] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... SRV01 passed test CheckSecurityError

   

   Testing server: Default-First-Site\SRV02

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DOMAIN,DC=local

               Latency information for 2 entries in the vector were ignored.

                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... SRV02 passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... SRV02 passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DOMAIN,DC=local.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... SRV02 passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC SRV02.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=DOMAIN,DC=local

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=DOMAIN,DC=local

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=DOMAIN,DC=local

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=DOMAIN,DC=local

            (Domain,Version 2)

         ......................... SRV02 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Unable to connect to the NETLOGON share! (\\SRV02\netlogon)

         [SRV02] An net use or LsaPolicy operation failed with error 1203, Win32 Error 1203.

         ......................... SRV02 failed test NetLogons

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\Srv01.DOMAIN.local, when we were trying to reach SRV02.

         Server is not responding or is not considered suitable.

         The DC SRV02 is advertising itself as a DC and having a DS.

         The DC SRV02 is advertising as an LDAP server

         The DC SRV02 is advertising as having a writeable directory

         The DC SRV02 is advertising as a Key Distribution Center

         The DC SRV02 is advertising as a time server

         The DS SRV02 is advertising as a GC.

         ......................... SRV02 failed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         Role Domain Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         Role PDC Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         Role Rid Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         ......................... SRV02 passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 3610 to 1073741823

         * Srv01.DOMAIN.local is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 3110 to 3609

         * rIDPreviousAllocationPool is 3110 to 3609

         * rIDNextRID: 3115

         ......................... SRV02 passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC SRV02 on DC SRV02.

         * SPN found :LDAP/Srv02.DOMAIN.local/DOMAIN.local

         * SPN found :LDAP/Srv02.DOMAIN.local

         * SPN found :LDAP/SRV02

         * SPN found :LDAP/Srv02.DOMAIN.local/DOMAIN

         * SPN found :LDAP/c71b4468-ea36-4029-9540-aa39d1c83df3._msdcs.DOMAIN.local

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c71b4468-ea36-4029-9540-aa39d1c83df3/DOMAIN.local

         * SPN found :HOST/Srv02.DOMAIN.local/DOMAIN.local

         * SPN found :HOST/Srv02.DOMAIN.local

         * SPN found :HOST/SRV02

         * SPN found :HOST/Srv02.DOMAIN.local/DOMAIN

         * SPN found :GC/Srv02.DOMAIN.local/DOMAIN.local

         ......................... SRV02 passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... SRV02 passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... SRV02 passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         SRV02 is in domain DC=DOMAIN,DC=local

         Checking for CN=SRV02,OU=Domain Controllers,DC=DOMAIN,DC=local in domain DC=DOMAIN,DC=local on 2 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=SRV02,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 2 servers

            Object is up-to-date on all servers.

         ......................... SRV02 passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         The registry lookup failed to determine the state of the SYSVOL.  The
 

         error returned  was 0 (Win32 Error 0).  Check the FRS event log to see
 

         if the SYSVOL has successfully been shared. 

         ......................... SRV02 passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         There are warning or error events within the last 24 hours after the
 

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
 

         Group Policy problems. 

         An Warning Event occured.  EventID: 0x800034FD

            Time Generated: 04/15/2009   09:46:22

            (Event String could not be retrieved)

         An Warning Event occured.  EventID: 0x800034D0

            Time Generated: 04/15/2009   09:46:24

            (Event String could not be retrieved)

         An Warning Event occured.  EventID: 0x800034C4

            Time Generated: 04/15/2009   09:48:04

            (Event String could not be retrieved)

         ......................... SRV02 failed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... SRV02 passed test kccevent

      Starting test: systemlog

         * The System Event log test

         An Error Event occured.  EventID: 0xC0002719

            Time Generated: 04/15/2009   10:53:42

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0xC0002719

            Time Generated: 04/15/2009   10:53:43

            (Event String could not be retrieved)

         ......................... SRV02 failed test systemlog

      Starting test: VerifyReplicas

         ......................... SRV02 passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=SRV02,OU=Domain Controllers,DC=DOMAIN,DC=local and backlink on
 

         CN=SRV02,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN={3c93c6b4-70d0-4860-8b88-d6cd9c87c9aa},CN=silos,CN=silos,CN=DFS Volumes,CN=File Replication Service,CN=System,DC=DOMAIN,DC=local
 

         and backlink on CN=SRV02,OU=Domain Controllers,DC=DOMAIN,DC=local
 

         are correct. 

         The system object reference (serverReferenceBL)
 

         CN=SRV02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAIN,DC=local
 

         and backlink on
 

         CN=NTDS Settings,CN=SRV02,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
 

         are correct. 

         ......................... SRV02 passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... SRV02 passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC SRV01 for domain DOMAIN.local in site Default-First-Site

         Checking machine account for DC SRV02 on DC SRV01.

         * SPN found :LDAP/Srv02.DOMAIN.local/DOMAIN.local

         * SPN found :LDAP/Srv02.DOMAIN.local

         * SPN found :LDAP/SRV02

         * SPN found :LDAP/Srv02.DOMAIN.local/DOMAIN

         * SPN found :LDAP/c71b4468-ea36-4029-9540-aa39d1c83df3._msdcs.DOMAIN.local

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c71b4468-ea36-4029-9540-aa39d1c83df3/DOMAIN.local

         * SPN found :HOST/Srv02.DOMAIN.local/DOMAIN.local

         * SPN found :HOST/Srv02.DOMAIN.local

         * SPN found :HOST/SRV02

         * SPN found :HOST/Srv02.DOMAIN.local/DOMAIN

         * SPN found :GC/Srv02.DOMAIN.local/DOMAIN.local

         Checking for CN=SRV02,OU=Domain Controllers,DC=DOMAIN,DC=local in domain DC=DOMAIN,DC=local on 2 servers

            Object is up-to-date on all servers.

         [SRV02] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... SRV02 passed test CheckSecurityError
 

DNS Tests are running and not hung. Please wait a few minutes...

   

   Running partition tests on : ForestDnsZones

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

   

   Running partition tests on : DomainDnsZones

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

   

   Running partition tests on : TAPI3Directory

      Starting test: CrossRefValidation

         ......................... TAPI3Directory passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... TAPI3Directory passed test CheckSDRefDom

   

   Running partition tests on : Schema

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

   

   Running partition tests on : Configuration

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

   

   Running partition tests on : DOMAIN

      Starting test: CrossRefValidation

         ......................... DOMAIN passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... DOMAIN passed test CheckSDRefDom

   

   Running enterprise tests on : DOMAIN.local

      Starting test: Intersite

         Skipping site Default-First-Site, this site is outside the scope
 

         provided by the command line arguments provided. 

         ......................... DOMAIN.local passed test Intersite

      Starting test: FsmoCheck

         GC Name: \\Srv01.DOMAIN.local

         Locator Flags: 0xe00003fd

         PDC Name: \\Srv01.DOMAIN.local

         Locator Flags: 0xe00003fd

         Time Server Name: \\Srv01.DOMAIN.local

         Locator Flags: 0xe00003fd

         Preferred Time Server Name: \\Srv01.DOMAIN.local

         Locator Flags: 0xe00003fd

         KDC Name: \\Srv01.DOMAIN.local

         Locator Flags: 0xe00003fd

         ......................... DOMAIN.local passed test FsmoCheck

      Starting test: DNS

         Test results for domain controllers:

            

            DC: Srv01.DOMAIN.local

            Domain: DOMAIN.local
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:

                     MAC address is 00:15:17:30:17:78

                     IP address is static

                     IP address: 192.168.100.101

                     DNS servers:

                        192.168.100.101 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     213.147.96.3 (<name unavailable>) [Valid] 

                     213.147.96.4 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Warning: Dynamic update is enabled on the zone but not secure DOMAIN.local.

                  Test record _dcdiag_test_record added successfully in zone DOMAIN.local.

                  Test record _dcdiag_test_record deleted successfully in zone DOMAIN.local.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:

                     Matching A record found at DNS server 192.168.100.101:

                     Srv01.DOMAIN.local
 

                     Matching CNAME record found at DNS server 192.168.100.101:

                     a847d961-166f-4c51-953f-51f5190cb19f._msdcs.DOMAIN.local
 

                     Matching DC SRV record found at DNS server 192.168.100.101:

                     _ldap._tcp.dc._msdcs.DOMAIN.local
 

                     Matching GC SRV record found at DNS server 192.168.100.101:

                     _ldap._tcp.gc._msdcs.DOMAIN.local
 

                     Matching PDC SRV record found at DNS server 192.168.100.101:

                     _ldap._tcp.pdc._msdcs.DOMAIN.local
 

         

            

            DC: Srv02.DOMAIN.local

            Domain: DOMAIN.local
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:

                     MAC address is 00:15:17:30:19:A4

                     IP address is static

                     IP address: 192.168.100.102

                     DNS servers:

                        192.168.100.102 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     213.147.96.3 (<name unavailable>) [Valid] 

                     213.147.96.4 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Warning: Dynamic update is enabled on the zone but not secure DOMAIN.local.

                  Test record _dcdiag_test_record added successfully in zone DOMAIN.local.

                  Test record _dcdiag_test_record deleted successfully in zone DOMAIN.local.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:

                     Matching A record found at DNS server 192.168.100.102:

                     Srv02.DOMAIN.local
 

                     Matching CNAME record found at DNS server 192.168.100.102:

                     c71b4468-ea36-4029-9540-aa39d1c83df3._msdcs.DOMAIN.local
 

                     Matching DC SRV record found at DNS server 192.168.100.102:

                     _ldap._tcp.dc._msdcs.DOMAIN.local
 

                     Matching GC SRV record found at DNS server 192.168.100.102:

                     _ldap._tcp.gc._msdcs.DOMAIN.local
 

         

         Summary of test results for DNS servers used by the above domain controllers:
 

            DNS server: 192.168.100.101 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 192.168.100.102 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 213.147.96.3 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server 

               

            DNS server: 213.147.96.4 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server 

               

         Summary of DNS test results:

         

                                            Auth Basc Forw Del  Dyn  RReg Ext  

               ________________________________________________________________

            Domain: DOMAIN.local

               Srv01                        PASS PASS PASS PASS WARN PASS n/a  

               Srv02                        PASS PASS PASS PASS WARN PASS n/a  

         

         ......................... DOMAIN.local passed test DNS

Open in new window

0
 

Author Comment

by:ivugrinec
Comment Utility
Can you reach the SYSVOL? \\servername\SYSVOL
No!
As stated in orginal question in ERROR 1:
net share  command does not show SYSVOL as shared!
0
 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
It don't look like you got a tombstoned DC. Normally it gets tombstone after 60 days without replication. If your domain was build on 2003 SP1 the tombstone lifetime is 90 days.

On SRV02:
-------------------------
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         The registry lookup failed to determine the state of the SYSVOL.  The
 
         error returned  was 0 (Win32 Error 0).
-------------------------

When the file replication service is successfully initialized to replicate the contents of the SYSVOL and replication is healthy, the service sets the registry key SysvolReady' to 1:

HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\Sysvol

If the value is '0', change it to '1'.

When the Netlogon service running on SRV02 notices this registry key has been set to 1, it should share out the SYSVOL folder.


SG


0
 

Author Comment

by:ivugrinec
Comment Utility
hmmm about HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady registry entry:

FRSDiag Log explicitly say:
.....
Checking NtFrs related Registry Keys for possible problems...
      SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady = 0 :: ERROR: SysvolReady is not set to 1 :: SYSVOL is likely not Sharing! This key should NOT be changed manually but this should be addressed! See article KB.327781 (How to Troubleshoot Missing SYSVOL and NETLOGON Shares on Windows Server) for further information!
failed with 1 error(s) and 0 warning(s)
...



0
 

Author Comment

by:ivugrinec
Comment Utility
OK some direct questions:
What does this error mean?

dcdiag on SRV02:
-------------------------
Warning: DsGetDcName returned information for \\Srv01.DOMAIN.local, w
hen we were trying to reach SRV02.
-------------------------

It looks like some kind of DNS issue but, dcdiag /v /e /c shows:


 DC: Srv02.DOMAIN.local

            Domain: DOMAIN.local

 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:

                     MAC address is 00:15:17:30:19:A4

                     IP address is static

                     IP address: 192.168.100.102

                     DNS servers:

                        192.168.100.102 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     213.147.96.3 (<name unavailable>) [Valid] 

                     213.147.96.4 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Warning: Dynamic update is enabled on the zone but not secure DOMAIN.local.

                  Test record _dcdiag_test_record added successfully in zone DOMAIN.local.

                  Test record _dcdiag_test_record deleted successfully in zone DOMAIN.local.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:

                     Matching A record found at DNS server 192.168.100.102:

                     Srv02.DOMAIN.local

 

                     Matching CNAME record found at DNS server 192.168.100.102:

                     c71b4468-ea36-4029-9540-aa39d1c83df3._msdcs.DOMAIN.local

 

                     Matching DC SRV record found at DNS server 192.168.100.102:

                     _ldap._tcp.dc._msdcs.DOMAIN.local

 

                     Matching GC SRV record found at DNS server 192.168.100.102:

                     _ldap._tcp.gc._msdcs.DOMAIN.local

 

         

         Summary of test results for DNS servers used by the above domain controllers:

 

            DNS server: 192.168.100.101 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 192.168.100.102 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 213.147.96.3 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server 

               

            DNS server: 213.147.96.4 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server 

               

         Summary of DNS test results:

         

                                            Auth Basc Forw Del  Dyn  RReg Ext  

               ________________________________________________________________

            Domain: DOMAIN.local

               Srv01                        PASS PASS PASS PASS WARN PASS n/a  

               Srv02                        PASS PASS PASS PASS WARN PASS n/a  

         

         ......................... DOMAIN.local passed test DNS

Open in new window

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
Your DNS looks fine according to the dcdiag log.

The "DSGetDCname" checks if the DC is advertising itself and having the capabilities of a DC. If SRV02 do not share the SYSVOL it will not advertise as a DC.

I would it your case take a system state backup of both DCs and set the "sysvolready" key to '1', and set 'D2' on the burflag key.

KB327781 do not excist anymore, but many have done the Burflag method to correct what was one time written in KB327781.


SG

0
 

Author Comment

by:ivugrinec
Comment Utility
As we do not know when the issue begin to show restore from backup is going to be absolutely last resort.  I need a solution that would lead to manually fix the error and get the srv02 back to DC functionality. Can you please give me some more advices what to try? What about net id events i have stated in my previous posts? Do you have any idea why do they show?
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 300 total points
Comment Utility
I gave you a possible solution. This has nothing to do with a restore of any sort!

The D2 burflag is a so called "non-authoritative restore" but infact it's not a restore. It's a gentle way to re-initialize the SYSVOL. Since the D2 method will replicate the SYSVOL from other DCs in the domain it's called a non-authoritative restore.

Same with the D4 method, but it's refered as an authoritative restore since SYSVOL will rebuild and replicate its SYSVOL to other DCs.

I recomended you to take a system state backup just to be 100 per cents sure that *if* something odd happend, you had a way back and you would feel safer. With the D2 flag set, things will not go wrong.

About the 'sysvolready' key, it will only enable SYSVOL to be shared. Since it's a long time since a sync happend I doubt it will come back on without  setting the reg.key to '1' on SRV02 so it can syncronize again.


SG
0
 
LVL 3

Assisted Solution

by:chrishudson123
chrishudson123 earned 200 total points
Comment Utility
Since FRS was disabled for long time there's a possibility of journal wrap error(Event ID 13568).Refer http://support.microsoft.com/kb/292438 for details. For journal wrap error conditions you have to follow D2(http://support.microsoft.com/kb/290762)
Steps in short
To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:
1)Click Start, and then click Run.
2)In the Open box, type cmd and then press ENTER.
3)In the Command box, type net stop ntfrs.
4)Click Start, and then click Run.
5)In the Open box, type regedit and then press ENTER.
6)Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
7)In the right pane, double-click BurFlags.
8)In the Edit DWORD Value dialog box, type D2 and then click OK.
9)Quit Registry Editor, and then switch to the Command box.
10)In the Command box, type net start ntfrs.
11)Quit the Command box.

Once You start NTFRs after following the above steps,the server will start the fresh copy of SYSVOL from it's partner.Once it copy complete contents,then it will share SYSVOL.The copy time will be based on the size of SYSVOL folder
0
 

Author Comment

by:ivugrinec
Comment Utility
chrishudson123,

I tryed done D2 Burnflag already! Now i have tryed it again! It never finishes. The last entry in EventLog is
Event Type:	Warning

Event Source:	NtFrs

Event Category:	None

Event ID:	13508

Date:		16.4.2009

Time:		7:25:16

User:		N/A

Computer:	SRV02

Description:

The File Replication Service is having trouble enabling replication from SRV01 to SRV02 for c:\windows\sysvol\domain using the DNS name Srv01.DOMAIN.local. FRS will keep retrying. 

 Following are some of the reasons you would see this warning. 

 

 [1] FRS can not correctly resolve the DNS name Srv01.DOMAIN.local from this computer. 

 [2] FRS is not running on Srv01.DOMAIN.local. 

 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. 

 

 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Open in new window

0
 

Author Comment

by:ivugrinec
Comment Utility
OK guys, i think i have resolved the issue.  
Chrishudson123, your last comment helped me a lot.
Due to the fact that NTFRS was disabled for long time on both DC-s, on both PC-s there were journal wrap erroros.
I have selected one (SRV01) and made a "D4 Burnflags" registry entry method (Authoritative FRS restore) to recover from journal wrap error! After that i have performed  "D2 Burnflags" method  (non-authoritative FRS restore). DCDiag now shows (passed) on Srv02. Also "net share" shows that SYSVOL and NETLOGON shares are accessible on Srv02. I will monitor replication i perform additonal tests, but having A BIG HOPE that issue has ben resolved!
Thanks to both of you guys!
I will split the points as you were both on the right track!
0
 
LVL 1

Expert Comment

by:HadleyR
Comment Utility
Made sure DNS was working perfectly on all DC's.  Stopped FRS on all DC's.  Did a "D4 Burnflags" on the PDC.  Started FRS on the PDC.  Did a "D2 Burnflags" on the DC with the FRS errors. Started FRS on that server (and others).  Everything is now working.  I am not sure that it was clear from the above that an FRS Authoritative Restore must be done on the PDC to be sure all is OK there.  Doing just a "D2 Burnflags" on the affected server did not help things.
0
 

Expert Comment

by:raffie613
Comment Utility
guys,
I am having the same issue although I never had ntfrs disabled. I recently Upgraded an NT4 pdc to 2003 AD 32bit and everything works on the network. Now I added a second dc for redundancy, and getting the same frs replication error code 13508. I did all these steps you have mentioned. burflag on the main existing 2003 to D4 and then on the new one and still getting the replication error of the sysvol folder
0
 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
You should never, ever, set the Burflags to D4 on more then one DC. You set it to D4 on the DC you want to be authoritative for the SYSVOL replica set.

See if this will help: http://adfordummiez.com/?p=61

If not, you should open up a new question.
0
 

Expert Comment

by:raffie613
Comment Utility
i did only set it to D4 on the main one. I have sysvol folders but no NETLOGON folder on the main Dc. how can I recreat the Netlogon folder?
0
 

Expert Comment

by:raffie613
Comment Utility
is this safe to do on my dc even though i already have a sysvol folder just not a netlogon folder?it is from a link someone here posted earlier.

FRS replication is dependent on the Active Directory to replicate the configuration information between domain controllers in the domain. If you think that replication is the problem, examine replication events in Event Viewer. Do so after you set the "replication events" entry in the following registry key to 5 on potential source computers (\\M1) and the destination computer (\\M2):
HKEY_LOCAL_MACHINE\System\CCS\Services\NTDS\Diagnostics\

After you set this entry, force replication from \\M1 to \\M2 and \\M2 to \\M1 by using the replicate now command in Dssites.msc or its equivalent command in REPLMON.
The server that is used to source the Active Directory and SYSVOL folder should have created NETLOGON and SYSVOL shares itself.

After the Dcpromo.exe program has restarted the computer, FRS first tries to source the SYSVOL share from the computer that is identified in the following "Replica Set Parent" registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters\SysVol\ DomainName

NOTE: This key is temporary and is deleted after SYSVOL is sourced or the information under SYSVOL has been successfully replicated.

The 2195 release of Ntfrs.exe prevents replication from this initial source server. This delays SYSVOL replication until FRS can try replication from an inbound replication partner in the domain over an automatic or manual NTDS connection object.

All potential source domain controllers in the domain typically have already shared the NETLOGON and SYSVOL shares and applied default domain and domain controllers policy.

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now