DFSREvent Error when running DCdiag Preparatory to Domain Upgrade to 2008

Trying to clear the last event error before upgrading domain controllers to 2008 from 2003.  The error I get when running dcdiag is: DFSREvent - There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.

There are a handful of postings that describe similar conditions but I can't seem to resolve the errors with what they suggest. For example, I've disabled IPv6. Run ipconfig /registerdns (No errors); run dcdiag /fix on both DCs (no errors).

The only Event errors or warnings in the past 24 hours have to do with Printers or a low number of remaining addresses in one DHCP server.  Any pointers to possible solutions would be appreciated.
Who is Participating?
ChiefITConnect With a Mentor Commented:
Also, you may want to look at your DNS snapin and see if you have a GREYED OUT ..MSDCS.domain.name file folder in your DNS forward lookup zone. This could be a bad delegation record within DNS.
Please provide the output of DCdiag /test:DNS
Herb-AvoreAuthor Commented:
C:\Tools>dcdiag /test:DNS

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\BAROQUE
      Starting test: Connectivity
         ......................... BAROQUE passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\BAROQUE

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : WOLK

   Running enterprise tests on : EDWARDS.local
      Starting test: DNS
         Test results for domain controllers:

            DC: BAROQUE.EDWARDS.local
            Domain: EDWARDS.local

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (

               TEST: Delegations (Del)
                  Warning: DNS server: tempdc.edwards.local. IP: <Unavailable> Fail
ure:Missing glue A record

         Summary of test results for DNS servers used by the above domain contro

            DNS server: (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the
7.in-addr.arpa. failed on the DNS server

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            Domain: EDWARDS.local
               baroque                  PASS PASS PASS FAIL PASS PASS n/a

         ......................... EDWARDS.local failed test DNS

Ah, very useful command!  Didn't know about this one.  I do remember a consultant some years back creating a DC called tempdc.  Guess it was never removed.  Do you know off-hand where this phantom DC resides?  And as to the Root Hints error, I'm guessing that is tied in with the tempdc issue since they point to the same IP.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

DFS replication will stop if there is an invalid server. What you will have to do is run a metadata cleanup. There are three types of metadata cleanup to accomodate. Those three types are FRS metadata, DNS metadata and AD metadata. The VERY BEST article to walk you through all three stages of a metadata cleanup is this one:


It's my opinion that you have DNS metadata and that is seizing DFSR because DFSR doesn't know what to do.
Herb-AvoreAuthor Commented:
This pointed me right to the phantom DC.  No DCdiag errors now. My only remaining question would be do you think I still need to run through the cleanup routine you recommended in the link?  Thanks!

DCdiag /test:DNS
DCdiag /v

Those two commands are indicators of a good/healthy domain. You should run those commands on all DCs on that domain.
If you followed the advice on this thread for bad delegation records:

I encourage you to run these command lines:

IPconfig /registerDNS
Net stop netlogon
Net start netlogon
DCdiag /fix:DNS

This fixes deleting the delegation records and putting your MSDCS... Service records within the forward lookup zone.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.