Migration from SBS 2003 to Server 2008 caused dcdiag errors on new dc after FSMO transfer, but why?
here is the report back:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\chris.w>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Starting test: Advertising
......................... DC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Laure
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Laure
......................... DC1 failed test NCSecDesc
Starting test: NetLogons
[DC1] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... DC1 failed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,DC1] DsReplicaGetInfo(PENDING_O
error 0x2105 "Replication access was denied."
......................... DC1 failed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
Could not open NTDS Service on DC1, error 0x5 "Access is denied."
......................... DC1 failed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 04/14/2010 08:46:15
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 04/14/2010 09:01:43
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
......................... DC1 passed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : LaurentideInc
Starting test: CheckSDRefDom
......................... LaurentideInc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... LaurentideInc passed test CrossRefValidation
Running enterprise tests on : LaurentideInc.local
Starting test: LocatorCheck
......................... LaurentideInc.local passed test LocatorCheck
Starting test: Intersite
......................... LaurentideInc.local passed test Intersite
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\chris.w>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Starting test: Advertising
......................... DC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Laure
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Laure
......................... DC1 failed test NCSecDesc
Starting test: NetLogons
[DC1] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... DC1 failed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,DC1] DsReplicaGetInfo(PENDING_O
error 0x2105 "Replication access was denied."
......................... DC1 failed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
Could not open NTDS Service on DC1, error 0x5 "Access is denied."
......................... DC1 failed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 04/14/2010 08:46:15
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 04/14/2010 09:01:43
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
......................... DC1 passed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : LaurentideInc
Starting test: CheckSDRefDom
......................... LaurentideInc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... LaurentideInc passed test CrossRefValidation
Running enterprise tests on : LaurentideInc.local
Starting test: LocatorCheck
......................... LaurentideInc.local passed test LocatorCheck
Starting test: Intersite
......................... LaurentideInc.local passed test Intersite
Were both the SBS server and the 2008 server configured to use the Windows 2008 Server for DNS BEFORE you transfered the roles?
ASKER
No, the SBS was pointed to itself and OpenDNS. So was Server 2008.
That's the problem.
Is the SBS server still live?
Have you installed DNS on the 2008 server?
Is the SBS server still live?
Have you installed DNS on the 2008 server?
ASKER
The sysvol did replicate, but threw this error still when I ran DCDIAG on 2K8, and the DFSREvent concerns me as this is also a DFS server to the BDC running 2K8. I may have solved this however because I noticed neither server had "sharing so anyone with network access can open, change, and create files"
This was stopping my users from scanning into their docs from printers.
This was stopping my users from scanning into their docs from printers.
ASKER
Yes its till on too. Not mad about FSMO being gone yet it would seem. What can I do? Yes on both the new DCs running 2K8. Do I xfer the roles back, fix DNS, and then transfer them again?
ASKER
Is this also why DFSR and Sysvol issues occurred?
First thing to do is set both servers to use the windows 2008 server for DNS (if it's not installed then install it)
Then reboot both servers. You will probably find that will fix most of the errors above.
Then reboot both servers. You will probably find that will fix most of the errors above.
ASKER
On the 2008 one should I use 127.0.0.1 or its actual IP? So set the DNS on SBS to use the new DCs DNS instead as its primary or secondary as well?
Both servers should have the FULL IP address of the new 2008 DC not 127.0.0.1, and there should be no secondary DNS specified.
ASKER
Understood. Will try it now. Thanks
ASKER
Does this go for all servers on the network? I also have a 2003 Ent file server and 3 more server 2008 Ent one with SQL 2005, one with Exchange 2007, and one as BDC secondary DNS.
Yes, they should all be using the Windows 2008 DC for DNS.
ASKER
So far set all servers to correct DNS and have rebooted DC 2008. Now I cant RDP into the new DC, and I went to console, and its taking forever to log me in.
ASKER
I can ping it, but it had disabled Network Discovery. I still cannot RDP. I'm gonna make sure its still enabled as well.
Is DNS installed on that server? Does it have a forward lookup zone for your INTERNAL domain name?
ASKER
For some reason it had also re-enabled the firewall and it was blocking me. Got in and now rebooting the old SBS.
ASKER
Yes to both of your most recent questions sir.
ASKER
SBS takes quite a while to reboot, so I will check back in about 10-15 if nothing explodes hehe
ASKER
the new dcdiag is all screwed. I can't find the DNS domain name, and its too long to see all of it. Is there a way to log it out? Such as > c:\log.txt?
Yes you can just put > c:\dcdiag.txt on the end
ASKER
If I post this thing it will be huge because its also a print server and threw up about 20 printer publishing errors.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is a nightmare wow hehe
dcdiag.txt
dcdiag.txt
ASKER
I know it can't publish printers cause I'm not at 2008 functional level yet, so those can be ignored right?
ASKER
DCDIAG /Fix didn't help either.
ASKER
The old SBS according to its diag is still advertising as the DC having DS, and is throwing up gang signs at me about the DFS replication not working. I think it may actually cut me soon :(
ASKER
No, DNS is definitely there. Hmmmmm. Here is a better log with a full view
newdiag.txt
newdiag.txt
OK, don't worry we can fix this.
My guess is there is a problem with the DNS on the 2008 server.
So lets set all servers to use the SBS servers IP address for DNS (including the SBS server) restart them then check all is working.
Post DCDIAG and NETDIAG fromthe SBS server once this is done.
Lets get you back up and running then we will work out what's wrong with the other server.
My guess is there is a problem with the DNS on the 2008 server.
So lets set all servers to use the SBS servers IP address for DNS (including the SBS server) restart them then check all is working.
Post DCDIAG and NETDIAG fromthe SBS server once this is done.
Lets get you back up and running then we will work out what's wrong with the other server.
ASKER
When I look at ADUC and go to change to another DC, it shows the new PDC as unavailable, but the old sbs as online as well as the bdc. . .
ASKER
K thanks will do.
ASKER
I believe replication was having issues before I xferred the roles, and that's probably the culprit. I noticed last night that I had to access GPMC from DC2 cause DC1 couldn't hit it, and that was before I transferred teh roles.
ASKER
This was before xferring FSMO
The File Replication Service is having trouble enabling replication from DC1 to SERVER for c:\windows\sysvol\domain using the DNS name DC1.LaurentideInc.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC1.LaurentideInc.local from this computer.
[2] FRS is not running on DC1.LaurentideInc.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
The File Replication Service is having trouble enabling replication from DC1 to SERVER for c:\windows\sysvol\domain using the DNS name DC1.LaurentideInc.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC1.LaurentideInc.local from this computer.
[2] FRS is not running on DC1.LaurentideInc.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
Have you made the DNS changes?
Can you also post the results of NETDOM QUERY FSMO
Can you also post the results of NETDOM QUERY FSMO
ASKER
yes, and I have made the DNS changes. right now the SBS just came back up, and new dc has been back up for about 4 minutes. This is the dcdiag from new dc adn I will add the stuff drom sbs soon.
newdc.txt
newdc.txt
ASKER
netdom query fsmo all returns dc1 (the new dc) and attached is the dcdiag from sbs
dcdiagSBS.txt
dcdiagSBS.txt
ASKER
finally netdiag
sbsnetdiag.txt
sbsnetdiag.txt
ASKER
Why does my BDC show up as having a dynamic address in DNS? WTH?
Which is the BDC?
ASKER
2 records for DC1, 1 shows a timestamp (i.e. dynamic) and the other just says static where the timestamp would be
ASKER
DC2 - Server 2008 Secondary DFS and secondary DNS
ASKER
need a dcdiag from it as well?
ASKER
here it is
BDCdcdiag.txt
BDCdcdiag.txt
ASKER
This is from the BDC DNS even log - warning:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
ASKER
It never replicated DNS from SBS to them I'm guessing. How did I miss this? Why didn't it go?
ASKER
Should I post some screens on DNS properties for you?
ASKER
I can ping "\\DC1.Laurentideinc.local
ASKER
domain ping, on DC1 it returns its own IP, on DC2 it returns ITS own IP, and on sbs it returns DC1's IP
ASKER
cannot ping \\sbs.domain.com\share from either 2008's, but they can be pinged from sbs that way. I can hit sbs at its FQDN
ASKER
DC1 log :
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
AND
The DFS Replication service encountered an unsupported reparse point in a replicated folder. This reparse point will not be replicated because the replication of this type of reparse point is not supported by the DFS Replication service.
Additional Information:
File Path: .DFSFolderLink
Replicated Folder Root: E:\DFSRoots\Docs\Fabricati
Replicated Folder Name: Fabrication
Replicated Folder ID: 04C0C524-843A-4C20-A43C-9B
Replication Group Name: FabricationDocs
Replication Group ID: EF4E39ED-0B35-46BD-BBF7-F5
Member ID: A4BB23ED-65D2-4837-B232-E2
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
AND
The DFS Replication service encountered an unsupported reparse point in a replicated folder. This reparse point will not be replicated because the replication of this type of reparse point is not supported by the DFS Replication service.
Additional Information:
File Path: .DFSFolderLink
Replicated Folder Root: E:\DFSRoots\Docs\Fabricati
Replicated Folder Name: Fabrication
Replicated Folder ID: 04C0C524-843A-4C20-A43C-9B
Replication Group Name: FabricationDocs
Replication Group ID: EF4E39ED-0B35-46BD-BBF7-F5
Member ID: A4BB23ED-65D2-4837-B232-E2
ASKER
sbs log:
The File Replication Service is having trouble enabling replication from DC2 to SERVER for c:\windows\sysvol\domain using the DNS name DC2.LaurentideInc.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC2.LaurentideInc.local from this computer.
[2] FRS is not running on DC2.LaurentideInc.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
AND
The File Replication Service is having trouble enabling replication from DC1 to SERVER for c:\windows\sysvol\domain using the DNS name DC1.LaurentideInc.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC1.LaurentideInc.local from this computer.
[2] FRS is not running on DC1.LaurentideInc.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
The File Replication Service is having trouble enabling replication from DC2 to SERVER for c:\windows\sysvol\domain using the DNS name DC2.LaurentideInc.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC2.LaurentideInc.local from this computer.
[2] FRS is not running on DC2.LaurentideInc.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
AND
The File Replication Service is having trouble enabling replication from DC1 to SERVER for c:\windows\sysvol\domain using the DNS name DC1.LaurentideInc.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC1.LaurentideInc.local from this computer.
[2] FRS is not running on DC1.LaurentideInc.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
OK, I will be back at a computer in about 10-15 minutes.
I can help you fix this but I need you to provide me with the information to do it.
How many servers do you have? Can you list all of them and what their roles are along with their actual names (helps me to identify them in the logs)
How many of them are DC's? Can you post NETDIAG from ALL DC's, please don't modify the logs, post them as they are.
I can help you fix this but I need you to provide me with the information to do it.
How many servers do you have? Can you list all of them and what their roles are along with their actual names (helps me to identify them in the logs)
How many of them are DC's? Can you post NETDIAG from ALL DC's, please don't modify the logs, post them as they are.
ASKER
sorry first one was DFS log not FRS
ASKER
DC2: repl log
The File Replication Service is having trouble enabling replication from SERVER to DC2 for c:\windows\sysvol\domain using the DNS name server.LaurentideInc.local
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name server.LaurentideInc.local
[2] FRS is not running on server.LaurentideInc.local
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
The File Replication Service is having trouble enabling replication from SERVER to DC2 for c:\windows\sysvol\domain using the DNS name server.LaurentideInc.local
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name server.LaurentideInc.local
[2] FRS is not running on server.LaurentideInc.local
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
ASKER
dc1 repl log:
The File Replication Service is having trouble enabling replication from DC2 to DC1 for c:\windows\sysvol\domain using the DNS name DC2.LaurentideInc.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC2.LaurentideInc.local from this computer.
[2] FRS is not running on DC2.LaurentideInc.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
AND
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name server.LaurentideInc.local
[2] FRS is not running on server.LaurentideInc.local
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
Looking like DC1
The File Replication Service is having trouble enabling replication from DC2 to DC1 for c:\windows\sysvol\domain using the DNS name DC2.LaurentideInc.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC2.LaurentideInc.local from this computer.
[2] FRS is not running on DC2.LaurentideInc.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
AND
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name server.LaurentideInc.local
[2] FRS is not running on server.LaurentideInc.local
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
Looking like DC1
Please only post what I ask for, I get confused easily :)
ASKER
Oh sorry
ASKER
this is interesting
ScreenShot.jpg
ScreenShot.jpg
Can you please provide the NETDIAG logs from ALL your domain controllers.
And the list of servers and their roles I asked for earlier.
And the list of servers and their roles I asked for earlier.
ASKER
ASKER
Can you provide NETDIAG from the SBS server and IPCONFIG /ALL from the Windows 2008 DC's
ASKER
DC2 - backup domain controller, DFS replication partner with DC1 for docs, Backup server (backup exec), DNS, Blackberry Ent Server Express (not deployed yet)
BDCdcdiag.txt
BDCdcdiag.txt
ASKER
Just saw your post - will do
netdiag.txt
netdiag.txt
ASKER
DC1 ipconfig /all
DC1-ipconfig.txt
DC1-ipconfig.txt
ASKER
dc2 ipconfig /all
DC2-ipcon.txt
DC2-ipcon.txt
ASKER
By the way, netdiag doesnt work on server 2008 as it was removed. thats why I only gave you the one from SBS 2003. When you initially said NETDIAG, I thought you meant DCDIAG. Sorry about that. Been grinding this all day now.
ASKER
I believe I have resolved this issue. I got it down to a DNS issue. As I began investigating DNS I realized that replication was not occurring properly (according to the logs), but that it was, in fact, replicating. I then began to investigate issues with Server 2008 Enterprise and DNS replication.
What I discovered was M$ has an article about this. Sometimes when adding more than one domain controller to a domain, and then DCPROMOing them, and adding DNS to them, you have to first open Server Manager -> Roles
Here you need to locate the DNS role and restart it on each server. Then when you attempt to replicate, you should setup the replication on one server at a time and let it fully propagate before adding the second new DC to the replication. Otherwise this will sometimes cause DNS and FRS to throw up errors. This is what happened in my case.
I removed one of the DCs from the replication pool in Sites and Services, and in DNS. Wiped out all records on it. Reboot. Then I did the same with the other and cleared their caches. I then restarted the DNS service on each, and added them one at a time while allowing them to fully propagate before adding the next DC. Voila! Problem resolved.
Thanks for your help anyhow Demazter
What I discovered was M$ has an article about this. Sometimes when adding more than one domain controller to a domain, and then DCPROMOing them, and adding DNS to them, you have to first open Server Manager -> Roles
Here you need to locate the DNS role and restart it on each server. Then when you attempt to replicate, you should setup the replication on one server at a time and let it fully propagate before adding the second new DC to the replication. Otherwise this will sometimes cause DNS and FRS to throw up errors. This is what happened in my case.
I removed one of the DCs from the replication pool in Sites and Services, and in DNS. Wiped out all records on it. Reboot. Then I did the same with the other and cleared their caches. I then restarted the DNS service on each, and added them one at a time while allowing them to fully propagate before adding the next DC. Voila! Problem resolved.
Thanks for your help anyhow Demazter
Excellent, I new it was a DNS issue, sorry I cannot see the log files on my iPhone.
ASKER
I tried to award you 100 points for the initial recognition of it being DNS, but I dont think it let me . . .
Yes, you have.
Thank you.
Although it's more important you got your issue resolved.
Thank you.
Although it's more important you got your issue resolved.
ASKER
Thanks for the help Demazter. Tricky 2008 . . . . guess I jumped the gun on starting everything at once. Bad move. I'll know better in the future.
ASKER
DC1 failed test NCSecDesc