Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain controller SYSVOL not shared

Posted on 2009-04-14
21
Medium Priority
?
6,493 Views
Last Modified: 2012-05-06
We are facing some serious issues with our second Win2k3 server R2 based DC.
It looks like that it is not working properly. We really need some help to get it back working.

ERROR 1:
net share  command does not show SYSVOL as shared!

ERROR 2:
dcidag shows this (only errors shown, all other dcdiag test passed OK):
Unable to connect to the NETLOGON share! (\\SRV02\netlogon)
[SRV02] An net use or LsaPolicy operation failed with error 1203, Win32
Error 1203.
......................... SRV02 failed test NetLogons
tarting test: Advertising
Warning: DsGetDcName returned information for \\Srv01.DOMAIN.local, w
hen we were trying to reach SRV02.
Server is not responding or is not considered suitable.
...................... SRV02 failed test Advertising

ERROR 3: dcdiag shows
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SRV02 failed test frsevent
      Starting test: systemlog
     An Error Event occured.  EventID: 0x00000457
...
...
       (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/15/2009   07:18:18
            (Event String could not be retrieved)
......................... SRV02 failed test systemlog


ERROR 4:
netdiag:
Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.
Allother netdiag tests pass OK.

Can you please help me to resolve the issue?
0
Comment
Question by:ivugrinec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 3
  • +2
21 Comments
 
LVL 21

Expert Comment

by:snusgubben
ID: 24145221
First you should check that your DNS is correct since AD is total dependent on it. Also check that Srv01.DOMAIN.local do point to itself as prefered DNS on the NIC (not loop back address)

Then you could try a "D2 Burflag" to reinitialize File Replication Service replica sets: http://support.microsoft.com/kb/290762/en-us


SG

0
 
LVL 3

Expert Comment

by:chrishudson123
ID: 24145327
Before looking into SYSVOL,first make sure that AD replication i s fine.IF AD replication is working fine then you can look at FRS events which will guide you to the right area.You can try D2,that is just puling the SYSVOL contents from partners if the configuration correct.If you can attach frsdiag output I can point out exact issue.You can refer following articles
1)http://support.microsoft.com/kb/312862
You can try D2 (http://support.microsoft.com/kb/290762/en-us) and deletion of NTFRS jet folder ,it is just a shoot in dark troubleshooting :)
0
 

Author Comment

by:ivugrinec
ID: 24145569
snusgubben, I just tryed "D2 Burnflag but FRS service has not been able to reinitialize File Replication Service!
I think DNS is working fine.

chrishudson123,
I just tryed "D2 Burnflag but FRS service has not been able to reinitialize File Replication Service!
I have run frsdiag. I have multiple files of logs. Which one do you need?

ONE IMPORTANT THING I HAVE FORGOT TO MENTION: ntfrs service was disabled for long time (weeks) on both servers. DFSR service (windows server 2003 R2)  was enabled and active all the time.
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 

Author Comment

by:ivugrinec
ID: 24145593
I have folowing event ids on my log: (notice that Event ID:      13554 has srv01.DOMAIN.local two times):
Event Type:	Information
Event Source:	NtFrs
Event Category:	None
Event ID:	13554
Date:		15.4.2009
Time:		9:46:24
User:		N/A
Computer:	SRV02
Description:
The File Replication Service successfully added the connections shown below to the replica set: 
    "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" 
 
      "Srv01.DOMAIN.local" 
      "Srv01.DOMAIN.local" 
      
      
 
Event Type:	Warning
Event Source:	NtFrs
Event Category:	None
Event ID:	13508
Date:		15.4.2009
Time:		9:48:04
User:		N/A
Computer:	SRV02
Description:
The File Replication Service is having trouble enabling replication from SRV01 to SRV02 for c:\windows\sysvol\domain using the DNS name Srv01.DOMAIN.local. FRS will keep retrying. 
 Following are some of the reasons you would see this warning. 
 
 [1] FRS can not correctly resolve the DNS name Srv01.DOMAIN.local from this computer. 
 [2] FRS is not running on Srv01.DOMAIN.local. 
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. 
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Open in new window

0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24145886
Can you reach the SYSVOL? \\servername\SYSVOL

Do you know for how many weeks the ntfrs service was disabled? (not more then 60 days I hope)

Run this command from cmd: repadmin /showreps

Please post the output of: dcdiag /v /e /c


SG

0
 

Author Comment

by:ivugrinec
ID: 24145931
ntfrs service was disabled more than 60 days...

repadmin /showreps

C:\Documents and Settings\Administrator.DOMAIN>repadmin /showreps
Default-First-Site\SRV02
DC Options: IS_GC
Site Options: (none)
DC object GUID: c71b4468-ea36-4029-9540-aa39d1c83df3
DC invocationID: 20afd837-7c19-4d4c-b9a2-d27c4d6b9703

==== INBOUND NEIGHBORS ======================================

DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:51:19 was successful.

CN=Configuration,DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:48:44 was successful.

CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:48:44 was successful.

DC=DomainDnsZones,DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:48:44 was successful.

DC=ForestDnsZones,DC=DOMAIN,DC=local
    Default-First-Site\SRV01 via RPC
        DC object GUID: a847d961-166f-4c51-953f-51f5190cb19f
        Last attempt @ 2009-04-15 10:48:44 was successful.

C:\Documents and Settings\Administrator.DOMAIN>






Domain Controller Diagnosis
 
Performing initial setup:
   * Verifying that the local machine Srv02, is a DC. 
   * Connecting to directory service on server Srv02.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 2 of them.
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: Default-First-Site\SRV01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... SRV01 passed test Connectivity
   
   Testing server: Default-First-Site\SRV02
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... SRV02 passed test Connectivity
 
Doing primary tests
   
   Testing server: Default-First-Site\SRV01
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... SRV01 passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=TAPI3Directory,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SRV01 passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=TAPI3Directory,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SRV01 passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SRV01.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=TAPI3Directory,DC=DOMAIN,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=DOMAIN,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=DOMAIN,DC=local
            (Domain,Version 2)
         ......................... SRV01 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SRV01\netlogon
         Verified share \\SRV01\sysvol
         ......................... SRV01 passed test NetLogons
      Starting test: Advertising
         The DC SRV01 is advertising itself as a DC and having a DS.
         The DC SRV01 is advertising as an LDAP server
         The DC SRV01 is advertising as having a writeable directory
         The DC SRV01 is advertising as a Key Distribution Center
         The DC SRV01 is advertising as a time server
         The DS SRV01 is advertising as a GC.
         ......................... SRV01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         ......................... SRV01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 3610 to 1073741823
         * Srv01.DOMAIN.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2110 to 2609
         * rIDPreviousAllocationPool is 1110 to 1609
         * rIDNextRID: 1383
         ......................... SRV01 passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SRV01 on DC SRV01.
         * SPN found :LDAP/Srv01.DOMAIN.local/DOMAIN.local
         * SPN found :LDAP/Srv01.DOMAIN.local
         * SPN found :LDAP/SRV01
         * SPN found :LDAP/Srv01.DOMAIN.local/DOMAIN
         * SPN found :LDAP/a847d961-166f-4c51-953f-51f5190cb19f._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a847d961-166f-4c51-953f-51f5190cb19f/DOMAIN.local
         * SPN found :HOST/Srv01.DOMAIN.local/DOMAIN.local
         * SPN found :HOST/Srv01.DOMAIN.local
         * SPN found :HOST/SRV01
         * SPN found :HOST/Srv01.DOMAIN.local/DOMAIN
         * SPN found :GC/Srv01.DOMAIN.local/DOMAIN.local
         ......................... SRV01 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SRV01 passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... SRV01 passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         SRV01 is in domain DC=DOMAIN,DC=local
         Checking for CN=SRV01,OU=Domain Controllers,DC=DOMAIN,DC=local in domain DC=DOMAIN,DC=local on 2 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 2 servers
            Object is up-to-date on all servers.
         ......................... SRV01 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... SRV01 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         There are warning or error events within the last 24 hours after the
 
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
 
         Group Policy problems. 
         An Error Event occured.  EventID: 0xC0003500
            Time Generated: 04/14/2009   20:13:29
            (Event String could not be retrieved)
         ......................... SRV01 failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SRV01 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... SRV01 passed test systemlog
      Starting test: VerifyReplicas
         ......................... SRV01 passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=SRV01,OU=Domain Controllers,DC=DOMAIN,DC=local and backlink on
 
         CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN={92c2ebd0-63e8-49d1-9f53-aec552fd63d8},CN=silos,CN=silos,CN=DFS Volumes,CN=File Replication Service,CN=System,DC=DOMAIN,DC=local
 
         and backlink on CN=SRV01,OU=Domain Controllers,DC=DOMAIN,DC=local
 
         are correct. 
         The system object reference (serverReferenceBL)
 
         CN=SRV01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAIN,DC=local
 
         and backlink on
 
         CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
 
         are correct. 
         ......................... SRV01 passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... SRV01 passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC SRV01 for domain DOMAIN.local in site Default-First-Site
         Checking machine account for DC SRV01 on DC SRV01.
         * SPN found :LDAP/Srv01.DOMAIN.local/DOMAIN.local
         * SPN found :LDAP/Srv01.DOMAIN.local
         * SPN found :LDAP/SRV01
         * SPN found :LDAP/Srv01.DOMAIN.local/DOMAIN
         * SPN found :LDAP/a847d961-166f-4c51-953f-51f5190cb19f._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a847d961-166f-4c51-953f-51f5190cb19f/DOMAIN.local
         * SPN found :HOST/Srv01.DOMAIN.local/DOMAIN.local
         * SPN found :HOST/Srv01.DOMAIN.local
         * SPN found :HOST/SRV01
         * SPN found :HOST/Srv01.DOMAIN.local/DOMAIN
         * SPN found :GC/Srv01.DOMAIN.local/DOMAIN.local
         [SRV01] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... SRV01 passed test CheckSecurityError
   
   Testing server: Default-First-Site\SRV02
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DOMAIN,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... SRV02 passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SRV02 passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SRV02 passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SRV02.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=DOMAIN,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=DOMAIN,DC=local
            (Domain,Version 2)
         ......................... SRV02 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Unable to connect to the NETLOGON share! (\\SRV02\netlogon)
         [SRV02] An net use or LsaPolicy operation failed with error 1203, Win32 Error 1203.
         ......................... SRV02 failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\Srv01.DOMAIN.local, when we were trying to reach SRV02.
         Server is not responding or is not considered suitable.
         The DC SRV02 is advertising itself as a DC and having a DS.
         The DC SRV02 is advertising as an LDAP server
         The DC SRV02 is advertising as having a writeable directory
         The DC SRV02 is advertising as a Key Distribution Center
         The DC SRV02 is advertising as a time server
         The DS SRV02 is advertising as a GC.
         ......................... SRV02 failed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         ......................... SRV02 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 3610 to 1073741823
         * Srv01.DOMAIN.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 3110 to 3609
         * rIDPreviousAllocationPool is 3110 to 3609
         * rIDNextRID: 3115
         ......................... SRV02 passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SRV02 on DC SRV02.
         * SPN found :LDAP/Srv02.DOMAIN.local/DOMAIN.local
         * SPN found :LDAP/Srv02.DOMAIN.local
         * SPN found :LDAP/SRV02
         * SPN found :LDAP/Srv02.DOMAIN.local/DOMAIN
         * SPN found :LDAP/c71b4468-ea36-4029-9540-aa39d1c83df3._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c71b4468-ea36-4029-9540-aa39d1c83df3/DOMAIN.local
         * SPN found :HOST/Srv02.DOMAIN.local/DOMAIN.local
         * SPN found :HOST/Srv02.DOMAIN.local
         * SPN found :HOST/SRV02
         * SPN found :HOST/Srv02.DOMAIN.local/DOMAIN
         * SPN found :GC/Srv02.DOMAIN.local/DOMAIN.local
         ......................... SRV02 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SRV02 passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... SRV02 passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         SRV02 is in domain DC=DOMAIN,DC=local
         Checking for CN=SRV02,OU=Domain Controllers,DC=DOMAIN,DC=local in domain DC=DOMAIN,DC=local on 2 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SRV02,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 2 servers
            Object is up-to-date on all servers.
         ......................... SRV02 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         The registry lookup failed to determine the state of the SYSVOL.  The
 
         error returned  was 0 (Win32 Error 0).  Check the FRS event log to see
 
         if the SYSVOL has successfully been shared. 
         ......................... SRV02 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         There are warning or error events within the last 24 hours after the
 
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
 
         Group Policy problems. 
         An Warning Event occured.  EventID: 0x800034FD
            Time Generated: 04/15/2009   09:46:22
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800034D0
            Time Generated: 04/15/2009   09:46:24
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800034C4
            Time Generated: 04/15/2009   09:48:04
            (Event String could not be retrieved)
         ......................... SRV02 failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SRV02 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 04/15/2009   10:53:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 04/15/2009   10:53:43
            (Event String could not be retrieved)
         ......................... SRV02 failed test systemlog
      Starting test: VerifyReplicas
         ......................... SRV02 passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=SRV02,OU=Domain Controllers,DC=DOMAIN,DC=local and backlink on
 
         CN=SRV02,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN={3c93c6b4-70d0-4860-8b88-d6cd9c87c9aa},CN=silos,CN=silos,CN=DFS Volumes,CN=File Replication Service,CN=System,DC=DOMAIN,DC=local
 
         and backlink on CN=SRV02,OU=Domain Controllers,DC=DOMAIN,DC=local
 
         are correct. 
         The system object reference (serverReferenceBL)
 
         CN=SRV02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAIN,DC=local
 
         and backlink on
 
         CN=NTDS Settings,CN=SRV02,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
 
         are correct. 
         ......................... SRV02 passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... SRV02 passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC SRV01 for domain DOMAIN.local in site Default-First-Site
         Checking machine account for DC SRV02 on DC SRV01.
         * SPN found :LDAP/Srv02.DOMAIN.local/DOMAIN.local
         * SPN found :LDAP/Srv02.DOMAIN.local
         * SPN found :LDAP/SRV02
         * SPN found :LDAP/Srv02.DOMAIN.local/DOMAIN
         * SPN found :LDAP/c71b4468-ea36-4029-9540-aa39d1c83df3._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c71b4468-ea36-4029-9540-aa39d1c83df3/DOMAIN.local
         * SPN found :HOST/Srv02.DOMAIN.local/DOMAIN.local
         * SPN found :HOST/Srv02.DOMAIN.local
         * SPN found :HOST/SRV02
         * SPN found :HOST/Srv02.DOMAIN.local/DOMAIN
         * SPN found :GC/Srv02.DOMAIN.local/DOMAIN.local
         Checking for CN=SRV02,OU=Domain Controllers,DC=DOMAIN,DC=local in domain DC=DOMAIN,DC=local on 2 servers
            Object is up-to-date on all servers.
         [SRV02] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... SRV02 passed test CheckSecurityError
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : TAPI3Directory
      Starting test: CrossRefValidation
         ......................... TAPI3Directory passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... TAPI3Directory passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : DOMAIN
      Starting test: CrossRefValidation
         ......................... DOMAIN passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DOMAIN passed test CheckSDRefDom
   
   Running enterprise tests on : DOMAIN.local
      Starting test: Intersite
         Skipping site Default-First-Site, this site is outside the scope
 
         provided by the command line arguments provided. 
         ......................... DOMAIN.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\Srv01.DOMAIN.local
         Locator Flags: 0xe00003fd
         PDC Name: \\Srv01.DOMAIN.local
         Locator Flags: 0xe00003fd
         Time Server Name: \\Srv01.DOMAIN.local
         Locator Flags: 0xe00003fd
         Preferred Time Server Name: \\Srv01.DOMAIN.local
         Locator Flags: 0xe00003fd
         KDC Name: \\Srv01.DOMAIN.local
         Locator Flags: 0xe00003fd
         ......................... DOMAIN.local passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
            
            DC: Srv01.DOMAIN.local
            Domain: DOMAIN.local
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
                     MAC address is 00:15:17:30:17:78
                     IP address is static
                     IP address: 192.168.100.101
                     DNS servers:
                        192.168.100.101 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     213.147.96.3 (<name unavailable>) [Valid] 
                     213.147.96.4 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure DOMAIN.local.
                  Test record _dcdiag_test_record added successfully in zone DOMAIN.local.
                  Test record _dcdiag_test_record deleted successfully in zone DOMAIN.local.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
                     Matching A record found at DNS server 192.168.100.101:
                     Srv01.DOMAIN.local
 
                     Matching CNAME record found at DNS server 192.168.100.101:
                     a847d961-166f-4c51-953f-51f5190cb19f._msdcs.DOMAIN.local
 
                     Matching DC SRV record found at DNS server 192.168.100.101:
                     _ldap._tcp.dc._msdcs.DOMAIN.local
 
                     Matching GC SRV record found at DNS server 192.168.100.101:
                     _ldap._tcp.gc._msdcs.DOMAIN.local
 
                     Matching PDC SRV record found at DNS server 192.168.100.101:
                     _ldap._tcp.pdc._msdcs.DOMAIN.local
 
         
            
            DC: Srv02.DOMAIN.local
            Domain: DOMAIN.local
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
                     MAC address is 00:15:17:30:19:A4
                     IP address is static
                     IP address: 192.168.100.102
                     DNS servers:
                        192.168.100.102 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     213.147.96.3 (<name unavailable>) [Valid] 
                     213.147.96.4 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure DOMAIN.local.
                  Test record _dcdiag_test_record added successfully in zone DOMAIN.local.
                  Test record _dcdiag_test_record deleted successfully in zone DOMAIN.local.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
                     Matching A record found at DNS server 192.168.100.102:
                     Srv02.DOMAIN.local
 
                     Matching CNAME record found at DNS server 192.168.100.102:
                     c71b4468-ea36-4029-9540-aa39d1c83df3._msdcs.DOMAIN.local
 
                     Matching DC SRV record found at DNS server 192.168.100.102:
                     _ldap._tcp.dc._msdcs.DOMAIN.local
 
                     Matching GC SRV record found at DNS server 192.168.100.102:
                     _ldap._tcp.gc._msdcs.DOMAIN.local
 
         
         Summary of test results for DNS servers used by the above domain controllers:
 
            DNS server: 192.168.100.101 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 192.168.100.102 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 213.147.96.3 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               
            DNS server: 213.147.96.4 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: DOMAIN.local
               Srv01                        PASS PASS PASS PASS WARN PASS n/a  
               Srv02                        PASS PASS PASS PASS WARN PASS n/a  
         
         ......................... DOMAIN.local passed test DNS

Open in new window

0
 

Author Comment

by:ivugrinec
ID: 24145980
Can you reach the SYSVOL? \\servername\SYSVOL
No!
As stated in orginal question in ERROR 1:
net share  command does not show SYSVOL as shared!
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24146484
It don't look like you got a tombstoned DC. Normally it gets tombstone after 60 days without replication. If your domain was build on 2003 SP1 the tombstone lifetime is 90 days.

On SRV02:
-------------------------
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         The registry lookup failed to determine the state of the SYSVOL.  The
 
         error returned  was 0 (Win32 Error 0).
-------------------------

When the file replication service is successfully initialized to replicate the contents of the SYSVOL and replication is healthy, the service sets the registry key SysvolReady' to 1:

HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\Sysvol

If the value is '0', change it to '1'.

When the Netlogon service running on SRV02 notices this registry key has been set to 1, it should share out the SYSVOL folder.


SG


0
 

Author Comment

by:ivugrinec
ID: 24146748
hmmm about HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady registry entry:

FRSDiag Log explicitly say:
.....
Checking NtFrs related Registry Keys for possible problems...
      SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady = 0 :: ERROR: SysvolReady is not set to 1 :: SYSVOL is likely not Sharing! This key should NOT be changed manually but this should be addressed! See article KB.327781 (How to Troubleshoot Missing SYSVOL and NETLOGON Shares on Windows Server) for further information!
failed with 1 error(s) and 0 warning(s)
...



0
 

Author Comment

by:ivugrinec
ID: 24146825
OK some direct questions:
What does this error mean?

dcdiag on SRV02:
-------------------------
Warning: DsGetDcName returned information for \\Srv01.DOMAIN.local, w
hen we were trying to reach SRV02.
-------------------------

It looks like some kind of DNS issue but, dcdiag /v /e /c shows:


 DC: Srv02.DOMAIN.local
            Domain: DOMAIN.local
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
                     MAC address is 00:15:17:30:19:A4
                     IP address is static
                     IP address: 192.168.100.102
                     DNS servers:
                        192.168.100.102 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     213.147.96.3 (<name unavailable>) [Valid] 
                     213.147.96.4 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure DOMAIN.local.
                  Test record _dcdiag_test_record added successfully in zone DOMAIN.local.
                  Test record _dcdiag_test_record deleted successfully in zone DOMAIN.local.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
                     Matching A record found at DNS server 192.168.100.102:
                     Srv02.DOMAIN.local
 
                     Matching CNAME record found at DNS server 192.168.100.102:
                     c71b4468-ea36-4029-9540-aa39d1c83df3._msdcs.DOMAIN.local
 
                     Matching DC SRV record found at DNS server 192.168.100.102:
                     _ldap._tcp.dc._msdcs.DOMAIN.local
 
                     Matching GC SRV record found at DNS server 192.168.100.102:
                     _ldap._tcp.gc._msdcs.DOMAIN.local
 
         
         Summary of test results for DNS servers used by the above domain controllers:
 
            DNS server: 192.168.100.101 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 192.168.100.102 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 213.147.96.3 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               
            DNS server: 213.147.96.4 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: DOMAIN.local
               Srv01                        PASS PASS PASS PASS WARN PASS n/a  
               Srv02                        PASS PASS PASS PASS WARN PASS n/a  
         
         ......................... DOMAIN.local passed test DNS

Open in new window

0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24147179
Your DNS looks fine according to the dcdiag log.

The "DSGetDCname" checks if the DC is advertising itself and having the capabilities of a DC. If SRV02 do not share the SYSVOL it will not advertise as a DC.

I would it your case take a system state backup of both DCs and set the "sysvolready" key to '1', and set 'D2' on the burflag key.

KB327781 do not excist anymore, but many have done the Burflag method to correct what was one time written in KB327781.


SG

0
 

Author Comment

by:ivugrinec
ID: 24152101
As we do not know when the issue begin to show restore from backup is going to be absolutely last resort.  I need a solution that would lead to manually fix the error and get the srv02 back to DC functionality. Can you please give me some more advices what to try? What about net id events i have stated in my previous posts? Do you have any idea why do they show?
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 1200 total points
ID: 24152792
I gave you a possible solution. This has nothing to do with a restore of any sort!

The D2 burflag is a so called "non-authoritative restore" but infact it's not a restore. It's a gentle way to re-initialize the SYSVOL. Since the D2 method will replicate the SYSVOL from other DCs in the domain it's called a non-authoritative restore.

Same with the D4 method, but it's refered as an authoritative restore since SYSVOL will rebuild and replicate its SYSVOL to other DCs.

I recomended you to take a system state backup just to be 100 per cents sure that *if* something odd happend, you had a way back and you would feel safer. With the D2 flag set, things will not go wrong.

About the 'sysvolready' key, it will only enable SYSVOL to be shared. Since it's a long time since a sync happend I doubt it will come back on without  setting the reg.key to '1' on SRV02 so it can syncronize again.


SG
0
 
LVL 3

Assisted Solution

by:chrishudson123
chrishudson123 earned 800 total points
ID: 24154665
Since FRS was disabled for long time there's a possibility of journal wrap error(Event ID 13568).Refer http://support.microsoft.com/kb/292438 for details. For journal wrap error conditions you have to follow D2(http://support.microsoft.com/kb/290762)
Steps in short
To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:
1)Click Start, and then click Run.
2)In the Open box, type cmd and then press ENTER.
3)In the Command box, type net stop ntfrs.
4)Click Start, and then click Run.
5)In the Open box, type regedit and then press ENTER.
6)Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
7)In the right pane, double-click BurFlags.
8)In the Edit DWORD Value dialog box, type D2 and then click OK.
9)Quit Registry Editor, and then switch to the Command box.
10)In the Command box, type net start ntfrs.
11)Quit the Command box.

Once You start NTFRs after following the above steps,the server will start the fresh copy of SYSVOL from it's partner.Once it copy complete contents,then it will share SYSVOL.The copy time will be based on the size of SYSVOL folder
0
 

Author Comment

by:ivugrinec
ID: 24154689
chrishudson123,

I tryed done D2 Burnflag already! Now i have tryed it again! It never finishes. The last entry in EventLog is
Event Type:	Warning
Event Source:	NtFrs
Event Category:	None
Event ID:	13508
Date:		16.4.2009
Time:		7:25:16
User:		N/A
Computer:	SRV02
Description:
The File Replication Service is having trouble enabling replication from SRV01 to SRV02 for c:\windows\sysvol\domain using the DNS name Srv01.DOMAIN.local. FRS will keep retrying. 
 Following are some of the reasons you would see this warning. 
 
 [1] FRS can not correctly resolve the DNS name Srv01.DOMAIN.local from this computer. 
 [2] FRS is not running on Srv01.DOMAIN.local. 
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. 
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Open in new window

0
 

Author Comment

by:ivugrinec
ID: 24154853
OK guys, i think i have resolved the issue.  
Chrishudson123, your last comment helped me a lot.
Due to the fact that NTFRS was disabled for long time on both DC-s, on both PC-s there were journal wrap erroros.
I have selected one (SRV01) and made a "D4 Burnflags" registry entry method (Authoritative FRS restore) to recover from journal wrap error! After that i have performed  "D2 Burnflags" method  (non-authoritative FRS restore). DCDiag now shows (passed) on Srv02. Also "net share" shows that SYSVOL and NETLOGON shares are accessible on Srv02. I will monitor replication i perform additonal tests, but having A BIG HOPE that issue has ben resolved!
Thanks to both of you guys!
I will split the points as you were both on the right track!
0
 
LVL 1

Expert Comment

by:HadleyR
ID: 34027852
Made sure DNS was working perfectly on all DC's.  Stopped FRS on all DC's.  Did a "D4 Burnflags" on the PDC.  Started FRS on the PDC.  Did a "D2 Burnflags" on the DC with the FRS errors. Started FRS on that server (and others).  Everything is now working.  I am not sure that it was clear from the above that an FRS Authoritative Restore must be done on the PDC to be sure all is OK there.  Doing just a "D2 Burnflags" on the affected server did not help things.
0
 

Expert Comment

by:raffie613
ID: 34713671
guys,
I am having the same issue although I never had ntfrs disabled. I recently Upgraded an NT4 pdc to 2003 AD 32bit and everything works on the network. Now I added a second dc for redundancy, and getting the same frs replication error code 13508. I did all these steps you have mentioned. burflag on the main existing 2003 to D4 and then on the new one and still getting the replication error of the sysvol folder
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34714366
You should never, ever, set the Burflags to D4 on more then one DC. You set it to D4 on the DC you want to be authoritative for the SYSVOL replica set.

See if this will help: http://adfordummiez.com/?p=61

If not, you should open up a new question.
0
 

Expert Comment

by:raffie613
ID: 34714988
i did only set it to D4 on the main one. I have sysvol folders but no NETLOGON folder on the main Dc. how can I recreat the Netlogon folder?
0
 

Expert Comment

by:raffie613
ID: 34715278
is this safe to do on my dc even though i already have a sysvol folder just not a netlogon folder?it is from a link someone here posted earlier.

FRS replication is dependent on the Active Directory to replicate the configuration information between domain controllers in the domain. If you think that replication is the problem, examine replication events in Event Viewer. Do so after you set the "replication events" entry in the following registry key to 5 on potential source computers (\\M1) and the destination computer (\\M2):
HKEY_LOCAL_MACHINE\System\CCS\Services\NTDS\Diagnostics\

After you set this entry, force replication from \\M1 to \\M2 and \\M2 to \\M1 by using the replicate now command in Dssites.msc or its equivalent command in REPLMON.
The server that is used to source the Active Directory and SYSVOL folder should have created NETLOGON and SYSVOL shares itself.

After the Dcpromo.exe program has restarted the computer, FRS first tries to source the SYSVOL share from the computer that is identified in the following "Replica Set Parent" registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters\SysVol\ DomainName

NOTE: This key is temporary and is deleted after SYSVOL is sourced or the information under SYSVOL has been successfully replicated.

The 2195 release of Ntfrs.exe prevents replication from this initial source server. This delays SYSVOL replication until FRS can try replication from an inbound replication partner in the domain over an automatic or manual NTDS connection object.

All potential source domain controllers in the domain typically have already shared the NETLOGON and SYSVOL shares and applied default domain and domain controllers policy.

0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question