Geekbox
asked on
DNS replication issues after SBS migration
After following MS's guide to migrating from SBS 2003 to SBS 2008, I am having a few issues with replication. I'm unsure what I can do to fix these problems and need help. :(
I can see problems in four different places:
1. Group Policy Management gives me errors when I try to manipulate anything, "The network name cannot be found." This is when I click on and GPO. I cannot see anythign in any of the 4 GPO's listed on the new server, but the 4 GPO names match what I see on the old server.
2. I cannot browse to the new servers sysvol folder or netlogon folder. So "\\server\sysvol" and "\\server\netlogon" do not seem to exist.
3. Here are the results of repadmin /showreps on the new server:
Default-First-Site-Name\SE
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 7abd68c7-07ae-489a-bcd1-8d
DSA invocationID: 71c1ca75-2cdd-4ff6-9031-5f
==== INBOUND NEIGHBORS ==========================
DC=MYDOMAIN,DC=com
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 15:33:18 was successful.
CN=Configuration,DC=MYDOMA
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 14:51:39 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 14:51:39 was successful.
DC=ForestDnsZones,DC=MYDOM
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 14:51:40 was successful.
DC=DomainDnsZones,DC=MYDOM
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 14:51:40 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
4. I have also done a dcdiag, and there does seem to be errors in that as well, the log is really long. If needed I can post it.
I can see problems in four different places:
1. Group Policy Management gives me errors when I try to manipulate anything, "The network name cannot be found." This is when I click on and GPO. I cannot see anythign in any of the 4 GPO's listed on the new server, but the 4 GPO names match what I see on the old server.
2. I cannot browse to the new servers sysvol folder or netlogon folder. So "\\server\sysvol" and "\\server\netlogon" do not seem to exist.
3. Here are the results of repadmin /showreps on the new server:
Default-First-Site-Name\SE
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 7abd68c7-07ae-489a-bcd1-8d
DSA invocationID: 71c1ca75-2cdd-4ff6-9031-5f
==== INBOUND NEIGHBORS ==========================
DC=MYDOMAIN,DC=com
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 15:33:18 was successful.
CN=Configuration,DC=MYDOMA
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 14:51:39 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 14:51:39 was successful.
DC=ForestDnsZones,DC=MYDOM
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 14:51:40 was successful.
DC=DomainDnsZones,DC=MYDOM
Default-First-Site-Name\SE
DSA object GUID: 8c4ea0f2-ceef-4e8e-a8e1-e6
Last attempt @ 2010-08-26 14:51:40 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
4. I have also done a dcdiag, and there does seem to be errors in that as well, the log is really long. If needed I can post it.
ASKER
My new server had the old servers ip as a second dns. I have now changed this, however this so far has not seemed to impact anything. I have forced replication between the two domain controllers, but have yet to see any difference.
Replication can take a while to happen.
Use the DSSite.msc on the source to see if the correct AD replication links exist for both servers.
Check your logs to see if there is a problem with replication.
Philip
Use the DSSite.msc on the source to see if the correct AD replication links exist for both servers.
Check your logs to see if there is a problem with replication.
Philip
Seems like the SYSVOL is not shared or vaild.
ASKER
I agree, any ideas on how to proceed?
If you do not have a SYSVOL then you have not promoted fully to a DC. Did you installed SBS 2008 server did you put in migration mode?
ASKER
Indeed I did, I ran the migration wizard on the old server, created an answer file, used that answer file to installe sbs 2008. Unfortunatly it did run into some errors relate to replication. I'm certain that this is where they stem from, however this is the state I am in now and want to fix the issues rather than load again.
Hard since it is a SBS to SBS migration.
Check this out.
http://www.open-a-socket.com/index.php/2009/02/04/windows-server-2008-user-account-control-gotcha-3/
Look on your C: and if you have a SYSVOL.
Check this out.
http://www.open-a-socket.com/index.php/2009/02/04/windows-server-2008-user-account-control-gotcha-3/
Look on your C: and if you have a SYSVOL.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I want to thank everyone that responded so quickly to my posting. Here is where I sit no.
Per Philip's links, I was able to determine that the domain was in fact replicating correctly. My new server is indeed the pdc. The main issue, was it turns out was just that the sysvol folder had not set it self up correctly.
following: http://support.microsoft.com/default.aspx?scid=kb;en-us;315457 I was able to create the folder structure on my new server for sysvol data. After I fired ntfrs back up, things replicated correctly and suddenly I could manipulate group policy!! Woot!
This being said, now that things are looking a lot better, my one follow up question is this:
What actions should I take to verify the overall health of the new servers file replication?
Per Philip's links, I was able to determine that the domain was in fact replicating correctly. My new server is indeed the pdc. The main issue, was it turns out was just that the sysvol folder had not set it self up correctly.
following: http://support.microsoft.com/default.aspx?scid=kb;en-us;315457 I was able to create the folder structure on my new server for sysvol data. After I fired ntfrs back up, things replicated correctly and suddenly I could manipulate group policy!! Woot!
This being said, now that things are looking a lot better, my one follow up question is this:
What actions should I take to verify the overall health of the new servers file replication?
Create an OU called "Test OU-S" under MyBusiness on the source SBS 2003 and "Test OU-D" on the destination SBS 2008 server.
If replication is working as expected, the test OUs should show up in the GPMC on both servers.
Philip
If replication is working as expected, the test OUs should show up in the GPMC on both servers.
Philip
ASKER
I called it a little to soon, but all is well. In the end I just had to follow the link that I posted above completion and now group policy objects are working as expected.
I just tested the OU replicaiton as you suggested. Works great.
I just tested the OU replicaiton as you suggested. Works great.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
DNS1: Self (own IP)
DNS2: Blank
Because DNS is AD integrated, there is no need for pointers on DNS2 to the other server.
Philip