Solved

SBS 2003 migration Active directory replication problem

Posted on 2010-08-17
14
609 Views
Last Modified: 2012-05-10
Hi, I am in the middle of a SBS2003 migration. I want to move my domain controller with Exchange to a new hardware, following the instructions from microsoft. Than when i insalled exchange on the destination folder, i could not move public folders. On the destination server the sysvol and netlogon directories are not shared.. so i think AD is not replicated. What should i do? how can i solve this?

Thanks very much
Best regards
Patrik
0
Comment
Question by:Patricck
  • 7
  • 7
14 Comments
 
LVL 17

Expert Comment

by:aoakeley
ID: 33453007
Is this an 2003-2008 migration?
or 2003-2003 new hardware migration?

Andy
0
 
LVL 3

Author Comment

by:Patricck
ID: 33453024
It is a SBS2003 (installed transition pack - so it is a windows server 2003) to a new hardware with SBS2003
0
 
LVL 3

Author Comment

by:Patricck
ID: 33453026
Source server is German, destination is English
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 500 total points
ID: 33453056
If ther is no Netlogon/sysvol share on the new server we definately need to get that sorted before you contine with the migration

there is some basic troubleshooting to go through first
a) disable firewall on both servers
b) make sure your new server has the DNS Server on its network card pointed to the old server
c) make sure AD on the old server is not in JRNL_WRAP_ERROR (Check FRS event viewer, and fix if applicable)
d) I am not sure if the change in language has any relevance, I'll research that foryou, but would not have thought so.
e) report on any other errors in Active Directory or FRS event logs on the new or old server
f) ad sites and services, expand down to servers and NTDS, check there is a connection for each DC
g) fron command prompt #> dcdiag /v > dcdiag.txt and post dcdiag.txt from both servers

Andy
0
 
LVL 3

Author Comment

by:Patricck
ID: 33453188
Hi, thanks very much for the answer:

so...
firewall disabled on both servers, DNS was set to point to destination server, i have changed it to point to source server (on both servers)
I have attached an error from the file replication logs. so it seems like this is is the error what you have mentioned.

How can i fix it?

thanks very much.
Der Dateireplikationsdienst hat ermittelt, dass sich der Replikatsatz "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" sich in JRNL_WRAP_ERROR befindet. 
 
 Name des Replikatsatzes    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" 
 Replikatstammpfad           : "c:\windows\sysvol\domain" 
 Replikatstammvolume         : "\\.\C:" n%
 Ein Replikatsatz stößt auf JRNL_WRAP_ERROR, wenn der Eintrag, von dem gelesen werden soll, nicht vom NTFS-USN-Journal gefunden wird. Mögliche Ursachen hierfür sind: n%
 
 [1] Volume "\\.\C:" wurde formatiert. 
 [2] Das NTFS-USN-Journal auf Volume "\\.\C:" wurde gelöscht. 
 [3] Das NTFS-USN-Journal auf Volume "\\.\C:" wurde abgeschnitten. Chkdsk kann das Journal abschneiden, falls es beschädigte Einträge am Ende des Journals vorfindet. 
 [4] Der Dateireplikationsdienst wurde seit längerer Zeit auf diesem Computer nicht mehr ausgeführt. 
 [5] Die Rate der Laufwerks-E/A-Aktivität auf "\\.\C:" war zu schnell für den Dateireplikationsdienst. 
 Das Festlegen des Registrierungsparameters "Enable Journal Wrap Automatic Restore" auf 1 führt dazu, dass folgende Maßnahmen zum automatischen Beheben des Fehlerzustands vorgenommen werden. 
 [1] Beim ersten Poll, der in 5 Minuten durchgeführt wird, wird dieser Computer vom Replikatsatz entfernt. Wenn Sie nicht 5 Minuten warten möchten, führen Sie "net stop ntfrs" aus, gefolgt von "net start ntfrs", um den Dateireplikationsdienst neu zu starten. 
 [2] Beim auf die Löschung folgenden Poll wird der Computer erneut zum Replikatsatz hinzugefügt. Durch das erneute Hinzufügen wird eine vollständige Struktursynchronisierung für den Replikatsatz ausgelöst. 
 
WARNUNG: Während des Wiederherstellungsvorgangs sind Daten in der Replikatstruktur möglicherweise nicht verfügbar. Sie sollten den oben beschriebenen Registrierungsparameter auf 0 festlegen, um eine unerwartete Nichtverfügbarkeit von Daten durch die automatische Wiederherstellung zu verhindern, wenn dieser Fehlerzustand erneut auftritt. 
 
Führen Sie regedit aus, um diesen Registrierungsparameter zu ändern. 
 
Klicken Sie auf "Start", dann auf "Ausführen", und geben Sie dann "regedit" ein. 
 
Erweitern HKEY_LOCAL_MACHINE. 
Folgen Sie folgendem Pfad: 
   "System\CurrentControlSet\Services\NtFrs\Parameters" 
Doppelklicken Sie auf den Namen des Wertes 
   "Enable Journal Wrap Automatic Restore" 
und aktualisieren Sie den Wert. 
 
Ist der Name des Wertes nicht vorhanden, können Sie ihn mit dem Befehl "Neu" und dann "DWORD-Wert " im Menü "Bearbeiten" hinzufügen. Geben Sie den Wert genauso ein wie oben gezeigt. 

Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.

Open in new window

0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33453212
Follow the instructions in the event log (translated to english below).

To change this registry parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\Services\NtFrs\Parameters"
Double click on the value name
"Enable Journal Wrap Automatic Restore" and update the value. (update to 1)

If the value name is not present you may add it with the Add Value function under the Edit Menu item. Type the value name exactly as shown above using the the registry data type REG_DWORD.

then from command prompt
#> net stop ntfrs
#> net start ntfrs
#> net stop netlogon
#> net start netlogon

then on new server
#> net stop ntfrs
#> net start ntfrs

Watch the FRS even log to recieve confirmation that replication is now working and server is now DC. Give it a good 15 mins.

andy
0
 
LVL 3

Author Comment

by:Patricck
ID: 33453309
Now i see this warning on the source server in the event log:

Der Dateireplikationsdienst konnte die Replikation von Destination server nach source server für c:\windows\sysvol\domain mit DNS-Namen destination server.domainname-hq.local nicht aktivieren. Es wird ein neuer Versuch gestartet.
 Mögliche Ursachen für diese Warnung sind:

.
.
.

0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33453441
no knowing which server is which at this time:

That looks like the source server is trying to replicate from the destination, but the destination is not ready yet. This is OK, we know the new server is not ready for replication.

if you want to hide server names please replace with new.domain-hq.local and old.domain-hq.local so i can tell which server is what.

So working down my original post. now that we have passed JRN_WRAP_ERR
e) report on any other errors in Active Directory or FRS event logs on the new or old server
f) ad sites and services, expand down to servers and NTDS, check there is a connection for each DC, right click each connection and try to replicate
g) from command prompt #> dcdiag /v > dcdiag.txt and post dcdiag.txt from both servers (post as attached file to keep thread readable)
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33453455
Also patience - give it time to sort itself out. Sometime rebooting first the source then the destination can help speed things along.
0
 
LVL 3

Author Comment

by:Patricck
ID: 33453585
I have found this error in source server event log:

Verbindung wurde durch den Remote-WINS-Dienst abgebrochen. Der WINS-Dienst ist möglicherweise nicht für die Replikation mit diesem Server konfiguriert.

Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.

And i have found this in the dest. server event log:

The File Replication Service is no longer preventing the computer "new" from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type "net share" to check for the SYSVOL share.

"f) ad sites and services, expand down to servers and NTDS, check there is a connection for each DC, right click each connection and try to replicate"

-i have clicked the replicate now button, and it says that active directory was replicated.

- I have attached the dcdiag outputs. CODE snippet is the Source server, and the odt file is the Destination server
SERVER is the source server.. and SERVER2 is the destination server in the file


Thank you very much for the help :)

so is there anything what i need to do?




SOURCE SERVER CODE


Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine SERVER, is a DC. 
   * Connecting to directory service on server SERVER.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: domain-donaueschingen\SERVER
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... SERVER passed test Connectivity

Doing primary tests
   
   Testing server: domain-donaueschingen\SERVER
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         ......................... SERVER passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SERVER.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=domain-hq,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=domain-hq,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=domain-hq,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=domain-hq,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=domain-hq,DC=local
            (Domain,Version 2)
         ......................... SERVER passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SERVER\netlogon
         Verified share \\SERVER\sysvol
         ......................... SERVER passed test NetLogons
      Starting test: Advertising
         The DC SERVER is advertising itself as a DC and having a DS.
         The DC SERVER is advertising as an LDAP server
         The DC SERVER is advertising as having a writeable directory
         The DC SERVER is advertising as a Key Distribution Center
         The DC SERVER is advertising as a time server
         The DS SERVER is advertising as a GC.
         ......................... SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=domain-donaueschingen,CN=Sites,CN=Configuration,DC=domain-hq,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=domain-donaueschingen,CN=Sites,CN=Configuration,DC=domain-hq,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=domain-donaueschingen,CN=Sites,CN=Configuration,DC=domain-hq,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=domain-donaueschingen,CN=Sites,CN=Configuration,DC=domain-hq,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=domain-donaueschingen,CN=Sites,CN=Configuration,DC=domain-hq,DC=local
         ......................... SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 3609 to 1073741823
         * SERVER2.domain-hq.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2609 to 3108
         * rIDPreviousAllocationPool is 2109 to 2608
         * rIDNextRID: 2596
         * Warning :There is less than 3% available RIDs in the current pool
         ......................... SERVER passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SERVER on DC SERVER.
         * SPN found :LDAP/SERVER.domain-hq.local/domain-hq.local
         * SPN found :LDAP/SERVER.domain-hq.local
         * SPN found :LDAP/SERVER
         * SPN found :LDAP/SERVER.domain-hq.local/domain-HQ
         * SPN found :LDAP/b141a5f6-fe3a-4bc2-b036-aea429e9442d._msdcs.domain-hq.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/b141a5f6-fe3a-4bc2-b036-aea429e9442d/domain-hq.local
         * SPN found :HOST/SERVER.domain-hq.local/domain-hq.local
         * SPN found :HOST/SERVER.domain-hq.local
         * SPN found :HOST/SERVER
         * SPN found :HOST/SERVER.domain-hq.local/domain-HQ
         * SPN found :GC/SERVER.domain-hq.local/domain-hq.local
         ......................... SERVER passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SERVER passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         SERVER is in domain DC=domain-hq,DC=local
         Checking for CN=SERVER,OU=Domain Controllers,DC=domain-hq,DC=local in domain DC=domain-hq,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SERVER,CN=Servers,CN=domain-donaueschingen,CN=Sites,CN=Configuration,DC=domain-hq,DC=local in domain CN=Configuration,DC=domain-hq,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... SERVER passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems. 
         An Warning Event occured.  EventID: 0x800034C4
            Time Generated: 08/17/2010   13:09:30
            (Event String could not be retrieved)
         ......................... SERVER failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SERVER passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x40011006
            Time Generated: 08/17/2010   13:14:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40011006
            Time Generated: 08/17/2010   13:44:09
            (Event String could not be retrieved)
         ......................... SERVER failed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=SERVER,OU=Domain Controllers,DC=domain-hq,DC=local and backlink on
         CN=SERVER,CN=Servers,CN=domain-donaueschingen,CN=Sites,CN=Configuration,DC=domain-hq,DC=local
          are correct. 
         The system object reference (frsComputerReferenceBL)
         CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain-hq,DC=local
         and backlink on CN=SERVER,OU=Domain Controllers,DC=domain-hq,DC=local
         are correct. 
         The system object reference (serverReferenceBL)
         CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain-hq,DC=local
         and backlink on
         CN=NTDS Settings,CN=SERVER,CN=Servers,CN=domain-donaueschingen,CN=Sites,CN=Configuration,DC=domain-hq,DC=local
         are correct. 
         ......................... SERVER passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : domain-hq
      Starting test: CrossRefValidation
         ......................... domain-hq passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domain-hq passed test CheckSDRefDom
   
   Running enterprise tests on : domain-hq.local
      Starting test: Intersite
         Skipping site domain-donaueschingen, this site is outside the scope
         provided by the command line arguments provided. 
         Skipping site enprovia-bratislava, this site is outside the scope
         provided by the command line arguments provided. 
         ......................... domain-hq.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\SERVER.domain-hq.local
         Locator Flags: 0xe00001fc
         PDC Name: \\SERVER2.domain-hq.local
         Locator Flags: 0xe00003fd
         Time Server Name: \\SERVER.domain-hq.local
         Locator Flags: 0xe00001fc
         Preferred Time Server Name: \\SERVER2.domain-hq.local
         Locator Flags: 0xe00003fd
         KDC Name: \\SERVER.domain-hq.local
         Locator Flags: 0xe00001fc
         ......................... domain-hq.local passed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS

Open in new window

dest-server.odt
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33453664
Hi,

Looks like AD is now working and replicating as it should. So nothing more to do on the Active Directory front. Maybe make sure you new DC is a GC before demoting the old server etc, but that is a whole another process.

So I think your question your question should be resolved:
> On the destination server the sysvol and netlogon directories are not shared.. so i think AD is not replicated. What should i do? how can i solve this?

I think this is resolved.


0
 
LVL 3

Author Comment

by:Patricck
ID: 33453736
Thank you very much,
and could you please help me with my second question too?

i am still not able to replicate public folders.
the question is here:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26397420.html
0
 
LVL 3

Author Closing Comment

by:Patricck
ID: 33453743
Thanks very much, great help :)
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33453758
no sweat - I'll take a look
0

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now