Link to home
Create AccountLog in
Avatar of DEHLI
DEHLIFlag for United States of America

asked on

Is my Server 2003 DC Replicating Properly?

I recently put a new Domain Controller online. After dcpromo I installed DNS, and selected it as a global catalog. I then let it sit for over 24 hours to let it replicate. The link we are on that connects to the rest of my domain is slow so I figured it would take a while. I started looking into the Event logs to make sure everything was going ok. I started seeing these events in the Application section about every 5 minutes.

Source: SceCli      Type: warning
Event ID: 1202
Security policies were propagated with warning. 0x5 : Access is denied.

Under the File Replication Service tab in the Event Viewer I am getting this warning off and on.

Source: NTFrs       Type: Warning
Event ID: 13565
File Replication Service is initializing the system volume with data from another domain controller. computer MYDC cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

To check for the SYSVOL share, at the command prompt type: net share

When File replication Service completes the initialization process, the SYSVOL share will appear.

The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

I have looked into a lot of fixes for the 1202 error i am getting. I have looked in every GPO policy that is on my domain and none of them affect the FRS. And the other DCs that are functioning on the domain are not having this problem. I have looked in the registry under: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTFRS for the security subkey, but there is not one. I have ran DCdiag and will attach it at the bottom. Any guidance on what is going on with my DC and/or how to fix the warnings would be great.


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: DEL\MYDC
      Starting test: Connectivity
         ......................... MYDC passed test Connectivity

Doing primary tests
   
   Testing server: DEL\DELSDC02
      Starting test: Replications
         REPLICATION-RECEIVED LATENCY WARNING
         DELSDC02:  Current time is 2010-11-15 18:03:19.
            DC=ForestDnsZones,DC=afg,DC=usmc,DC=mil
               Last replication recieved from TheirDC01 at 2010-10-16 23:20:14.
               Last replication recieved from TheirDC02 at 2010-09-19 18:19:56.
            DC=lnk,DC=afg,DC=usmc,DC=mil
               Last replication recieved from TheirDC03 at 2010-09-16 22:22:39.
         ......................... MYDC passed test Replications
      Starting test: NCSecDesc
         .........................  MYDC passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\MYDC\netlogon)
         [MYDC] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... MYDC failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\TheirDC.FQDN, when we were trying to reach MYDC.
         Server is not responding or is not considered suitable.
         Warning: MYDC is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC are available.
         ......................... MYDC failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MYDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MYDC passed test RidManager
      Starting test: MachineAccount
         ......................... MYDC passed test MachineAccount
      Starting test: Services
         ......................... MYDC passed test Services
      Starting test: ObjectsReplicated
         ......................... MYDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MYDC passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the         SYSVOL has been shared.  Failing SYSVOL replication problems may cause         Group Policy problems.
         ......................... MYDC failed test frsevent
      Starting test: kccevent
         ......................... MYDC passed test kccevent
      Starting test: systemlog
         ......................... MYDC passed test systemlog
      Starting test: VerifyReferences
         ......................... MYDC passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : dwr
      Starting test: CrossRefValidation
         ......................... dwr passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... dwr passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running enterprise tests on : FQDN
      Starting test: Intersite
         ......................... FQDN passed test Intersite
      Starting test: FsmoCheck
         ......................... FQDN passed test FsmoCheck
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Could be because of a slow link.

Are you running Symantec AV by chance?

Make sure the server is pointing to another DNS server within the TCP\IP properties as primary until the full promotion is done.

Did you promote 2003 or 2008 server?
Avatar of DEHLI

ASKER

We have to run McAfee. The DNS TCP\IP properties are set to the other DCs IPs. It is a 2003 server.
Remove or disable your AV.

Currently your Netlogon share hasn't been created yet or your DC hasn't become a GC yet.

You can demote the server then run metadata cleanup on an existing DC then repromote server could have been an issue with the connection
Avatar of DEHLI

ASKER

I am removing the AV.

Will the Netlogon share be created? How long does it usually take for a DC to become a GC over a slow link?

I am confused about the demote and re-promote suggestion? I feel like that would bring me back to step one and start all the slow replication over again. Or do you think this DC is not replicating anymore and giving it more time will not do anything?
Well you  have an option to wait to see if something happens but could be some other issue that would be fixed by starting from square one.
Avatar of DEHLI

ASKER

Do you think the 1202 event could be blocking the Replication process? I have been looking around and still can not find anything anywhere on how to resolve that issue other then the registry edit on the key string i don't have.
The error is fine that is not causing the problem with replication thought
Avatar of DEHLI

ASKER

If there was problems with replication they would show in the Event log correct? (sorry am a noob at server)
The last event i have in the File replication Service tab was from 5pm yesterday. It was the warning 13565. I have not had another event yet. The event before that was the FRS starting. I am not sure if it is just not giving me updates or if it really has been replicating non-stop that long.
SOLUTION
Avatar of Leon Fester
Leon Fester
Flag of South Africa image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Post a repadmin /syncall
Avatar of DEHLI

ASKER

I have never demoted a DC before. What all would it entail as far as prep?
The repadmin /syncall says: CALLBACK MESSAGE: Finished.
SyncALL terminated with no error.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of DEHLI

ASKER

Everything was fine, it was just taking forever. And if I had restarted it would not changed nothing other then starting all the way over. Remaking would be the best thing to do over a faster link, but my link is VERY slow.