Link to home
Start Free TrialLog in
Avatar of Herb-Avore
Herb-AvoreFlag for United States of America

asked on

DFSREvent Error when running DCdiag Preparatory to Domain Upgrade to 2008

Trying to clear the last event error before upgrading domain controllers to 2008 from 2003.  The error I get when running dcdiag is: DFSREvent - There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.

There are a handful of postings that describe similar conditions but I can't seem to resolve the errors with what they suggest. For example, I've disabled IPv6. Run ipconfig /registerdns (No errors); run dcdiag /fix on both DCs (no errors).

The only Event errors or warnings in the past 24 hours have to do with Printers or a low number of remaining addresses in one DHCP server.  Any pointers to possible solutions would be appreciated.
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Please provide the output of DCdiag /test:DNS
Avatar of Herb-Avore

ASKER

C:\Tools>dcdiag /test:DNS

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\BAROQUE
      Starting test: Connectivity
         ......................... BAROQUE passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\BAROQUE

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : WOLK

   Running enterprise tests on : EDWARDS.local
      Starting test: DNS
         Test results for domain controllers:

            DC: BAROQUE.EDWARDS.local
            Domain: EDWARDS.local


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)

               TEST: Delegations (Del)
                  Warning: DNS server: tempdc.edwards.local. IP: <Unavailable> Fail
ure:Missing glue A record

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: EDWARDS.local
               baroque                  PASS PASS PASS FAIL PASS PASS n/a

         ......................... EDWARDS.local failed test DNS

Ah, very useful command!  Didn't know about this one.  I do remember a consultant some years back creating a DC called tempdc.  Guess it was never removed.  Do you know off-hand where this phantom DC resides?  And as to the Root Hints error, I'm guessing that is tied in with the tempdc issue since they point to the same IP.
DFS replication will stop if there is an invalid server. What you will have to do is run a metadata cleanup. There are three types of metadata cleanup to accomodate. Those three types are FRS metadata, DNS metadata and AD metadata. The VERY BEST article to walk you through all three stages of a metadata cleanup is this one:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

It's my opinion that you have DNS metadata and that is seizing DFSR because DFSR doesn't know what to do.
ASKER CERTIFIED SOLUTION
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This pointed me right to the phantom DC.  No DCdiag errors now. My only remaining question would be do you think I still need to run through the cleanup routine you recommended in the link?  Thanks!
Run:

DCdiag /test:DNS
and
DCdiag /v

Those two commands are indicators of a good/healthy domain. You should run those commands on all DCs on that domain.
If you followed the advice on this thread for bad delegation records:
https://www.experts-exchange.com/questions/24349599/URGENT-MSDCS-records-registering-directly-under-FWD-lookup-zone-not-under-FQDN-name-space.html

I encourage you to run these command lines:

IPconfig /registerDNS
Net stop netlogon
Net start netlogon
DCdiag /fix:DNS

This fixes deleting the delegation records and putting your MSDCS... Service records within the forward lookup zone.