DFSREvent Error when running DCdiag Preparatory to Domain Upgrade to 2008

Posted on 2011-05-03
Medium Priority
Last Modified: 2012-05-11
Trying to clear the last event error before upgrading domain controllers to 2008 from 2003.  The error I get when running dcdiag is: DFSREvent - There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.

There are a handful of postings that describe similar conditions but I can't seem to resolve the errors with what they suggest. For example, I've disabled IPv6. Run ipconfig /registerdns (No errors); run dcdiag /fix on both DCs (no errors).

The only Event errors or warnings in the past 24 hours have to do with Printers or a low number of remaining addresses in one DHCP server.  Any pointers to possible solutions would be appreciated.
Question by:Herb-Avore
  • 5
  • 2
LVL 39

Expert Comment

ID: 35542623
Please provide the output of DCdiag /test:DNS

Author Comment

ID: 35689680
C:\Tools>dcdiag /test:DNS

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\BAROQUE
      Starting test: Connectivity
         ......................... BAROQUE passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\BAROQUE

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : WOLK

   Running enterprise tests on : EDWARDS.local
      Starting test: DNS
         Test results for domain controllers:

            DC: BAROQUE.EDWARDS.local
            Domain: EDWARDS.local

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (

               TEST: Delegations (Del)
                  Warning: DNS server: tempdc.edwards.local. IP: <Unavailable> Fail
ure:Missing glue A record

         Summary of test results for DNS servers used by the above domain contro

            DNS server: (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the
7.in-addr.arpa. failed on the DNS server

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            Domain: EDWARDS.local
               baroque                  PASS PASS PASS FAIL PASS PASS n/a

         ......................... EDWARDS.local failed test DNS

Ah, very useful command!  Didn't know about this one.  I do remember a consultant some years back creating a DC called tempdc.  Guess it was never removed.  Do you know off-hand where this phantom DC resides?  And as to the Root Hints error, I'm guessing that is tied in with the tempdc issue since they point to the same IP.
LVL 39

Expert Comment

ID: 35695166
DFS replication will stop if there is an invalid server. What you will have to do is run a metadata cleanup. There are three types of metadata cleanup to accomodate. Those three types are FRS metadata, DNS metadata and AD metadata. The VERY BEST article to walk you through all three stages of a metadata cleanup is this one:


It's my opinion that you have DNS metadata and that is seizing DFSR because DFSR doesn't know what to do.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 39

Accepted Solution

ChiefIT earned 2000 total points
ID: 35695169
Also, you may want to look at your DNS snapin and see if you have a GREYED OUT ..MSDCS.domain.name file folder in your DNS forward lookup zone. This could be a bad delegation record within DNS.

Author Closing Comment

ID: 35700546
This pointed me right to the phantom DC.  No DCdiag errors now. My only remaining question would be do you think I still need to run through the cleanup routine you recommended in the link?  Thanks!
LVL 39

Expert Comment

ID: 35701572

DCdiag /test:DNS
DCdiag /v

Those two commands are indicators of a good/healthy domain. You should run those commands on all DCs on that domain.
LVL 39

Expert Comment

ID: 35701602
If you followed the advice on this thread for bad delegation records:

I encourage you to run these command lines:

IPconfig /registerDNS
Net stop netlogon
Net start netlogon
DCdiag /fix:DNS

This fixes deleting the delegation records and putting your MSDCS... Service records within the forward lookup zone.

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question