Solved

Is my Server 2003 DC Replicating Properly?

Posted on 2010-11-15
14
759 Views
Last Modified: 2012-05-10
I recently put a new Domain Controller online. After dcpromo I installed DNS, and selected it as a global catalog. I then let it sit for over 24 hours to let it replicate. The link we are on that connects to the rest of my domain is slow so I figured it would take a while. I started looking into the Event logs to make sure everything was going ok. I started seeing these events in the Application section about every 5 minutes.

Source: SceCli      Type: warning
Event ID: 1202
Security policies were propagated with warning. 0x5 : Access is denied.

Under the File Replication Service tab in the Event Viewer I am getting this warning off and on.

Source: NTFrs       Type: Warning
Event ID: 13565
File Replication Service is initializing the system volume with data from another domain controller. computer MYDC cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

To check for the SYSVOL share, at the command prompt type: net share

When File replication Service completes the initialization process, the SYSVOL share will appear.

The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

I have looked into a lot of fixes for the 1202 error i am getting. I have looked in every GPO policy that is on my domain and none of them affect the FRS. And the other DCs that are functioning on the domain are not having this problem. I have looked in the registry under: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTFRS for the security subkey, but there is not one. I have ran DCdiag and will attach it at the bottom. Any guidance on what is going on with my DC and/or how to fix the warnings would be great.


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: DEL\MYDC
      Starting test: Connectivity
         ......................... MYDC passed test Connectivity

Doing primary tests
   
   Testing server: DEL\DELSDC02
      Starting test: Replications
         REPLICATION-RECEIVED LATENCY WARNING
         DELSDC02:  Current time is 2010-11-15 18:03:19.
            DC=ForestDnsZones,DC=afg,DC=usmc,DC=mil
               Last replication recieved from TheirDC01 at 2010-10-16 23:20:14.
               Last replication recieved from TheirDC02 at 2010-09-19 18:19:56.
            DC=lnk,DC=afg,DC=usmc,DC=mil
               Last replication recieved from TheirDC03 at 2010-09-16 22:22:39.
         ......................... MYDC passed test Replications
      Starting test: NCSecDesc
         .........................  MYDC passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\MYDC\netlogon)
         [MYDC] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... MYDC failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\TheirDC.FQDN, when we were trying to reach MYDC.
         Server is not responding or is not considered suitable.
         Warning: MYDC is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC are available.
         ......................... MYDC failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MYDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MYDC passed test RidManager
      Starting test: MachineAccount
         ......................... MYDC passed test MachineAccount
      Starting test: Services
         ......................... MYDC passed test Services
      Starting test: ObjectsReplicated
         ......................... MYDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MYDC passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the         SYSVOL has been shared.  Failing SYSVOL replication problems may cause         Group Policy problems.
         ......................... MYDC failed test frsevent
      Starting test: kccevent
         ......................... MYDC passed test kccevent
      Starting test: systemlog
         ......................... MYDC passed test systemlog
      Starting test: VerifyReferences
         ......................... MYDC passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : dwr
      Starting test: CrossRefValidation
         ......................... dwr passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... dwr passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running enterprise tests on : FQDN
      Starting test: Intersite
         ......................... FQDN passed test Intersite
      Starting test: FsmoCheck
         ......................... FQDN passed test FsmoCheck
0
Comment
Question by:DEHLI
  • 7
  • 6
14 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Could be because of a slow link.

Are you running Symantec AV by chance?

Make sure the server is pointing to another DNS server within the TCP\IP properties as primary until the full promotion is done.

Did you promote 2003 or 2008 server?
0
 

Author Comment

by:DEHLI
Comment Utility
We have to run McAfee. The DNS TCP\IP properties are set to the other DCs IPs. It is a 2003 server.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Remove or disable your AV.

Currently your Netlogon share hasn't been created yet or your DC hasn't become a GC yet.

You can demote the server then run metadata cleanup on an existing DC then repromote server could have been an issue with the connection
0
 

Author Comment

by:DEHLI
Comment Utility
I am removing the AV.

Will the Netlogon share be created? How long does it usually take for a DC to become a GC over a slow link?

I am confused about the demote and re-promote suggestion? I feel like that would bring me back to step one and start all the slow replication over again. Or do you think this DC is not replicating anymore and giving it more time will not do anything?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Well you  have an option to wait to see if something happens but could be some other issue that would be fixed by starting from square one.
0
 

Author Comment

by:DEHLI
Comment Utility
Do you think the 1202 event could be blocking the Replication process? I have been looking around and still can not find anything anywhere on how to resolve that issue other then the registry edit on the key string i don't have.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
The error is fine that is not causing the problem with replication thought
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:DEHLI
Comment Utility
If there was problems with replication they would show in the Event log correct? (sorry am a noob at server)
The last event i have in the File replication Service tab was from 5pm yesterday. It was the warning 13565. I have not had another event yet. The event before that was the FRS starting. I am not sure if it is just not giving me updates or if it really has been replicating non-stop that long.
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 250 total points
Comment Utility
The easist option would be to demote, then re-promote this server.
The DCPROMO should not leave your Server in an unstable state...
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Post a repadmin /syncall
0
 

Author Comment

by:DEHLI
Comment Utility
I have never demoted a DC before. What all would it entail as far as prep?
The repadmin /syncall says: CALLBACK MESSAGE: Finished.
SyncALL terminated with no error.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
Comment Utility
Go through the same process of promotion but you will be demoting make sure before moving forward move your fsmo roles back to the other server.

After demotion on your existing DC run metadata cleanup to remove any lingering objects from the failed DC.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 

Accepted Solution

by:
DEHLI earned 0 total points
Comment Utility
My DC FINALLYYYYYYY finished replicating. I did replomon to see if it was still replicating properly. The outlook said it was so I let it sit. The next day the Sysvol was finally created and it was done. Just took a long time over the slow link.
0
 

Author Closing Comment

by:DEHLI
Comment Utility
Everything was fine, it was just taking forever. And if I had restarted it would not changed nothing other then starting all the way over. Remaking would be the best thing to do over a faster link, but my link is VERY slow.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now