stsanford
asked on
Netlogon and Sysvol shares and Replication
Hello,
I'm beginning to feel I MUST be doing something wrong, Microsoft couldn't have made this THAT much trouble for adding additional DCs, but it seems every time I add an additional DC, I cannot get Netlogon and Sysvol to share out and replicate as expected.
Here's what I'm experiencing currently:
Server 2008 Standard is the Pre-existing DC (was added to domain to replicate with a Server 2003 DC, now that Server 2003 DC has failed)
Server 2008 R2 x64 is the new DC, dcpromo run with no issues, no DNS complaints, etc.
No SYSVOL replication now
No Netlogon Share
I have run the MS KB and changed the burflags key to D4, have set SysVolReady to 1, now have Sysvol shared out, no replication and now still no netlogon share.
dcdiag reports:
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=domai
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=domai
......................... SERVER failed test NCSecDesc
Thanks for any help you can provide. I feel like I need to make some sort of change to the way we do our additional DCs because this is a royal pain to have to go through this every time.
Thanks in advance!
I'm beginning to feel I MUST be doing something wrong, Microsoft couldn't have made this THAT much trouble for adding additional DCs, but it seems every time I add an additional DC, I cannot get Netlogon and Sysvol to share out and replicate as expected.
Here's what I'm experiencing currently:
Server 2008 Standard is the Pre-existing DC (was added to domain to replicate with a Server 2003 DC, now that Server 2003 DC has failed)
Server 2008 R2 x64 is the new DC, dcpromo run with no issues, no DNS complaints, etc.
No SYSVOL replication now
No Netlogon Share
I have run the MS KB and changed the burflags key to D4, have set SysVolReady to 1, now have Sysvol shared out, no replication and now still no netlogon share.
dcdiag reports:
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=domai
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=domai
......................... SERVER failed test NCSecDesc
Thanks for any help you can provide. I feel like I need to make some sort of change to the way we do our additional DCs because this is a royal pain to have to go through this every time.
Thanks in advance!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What is your domain and forest functioning level?
How to check the level:
http://www.techgalaxy.net/Docs/Win2003/Verifying_functional_levels_by_using_ADSIEdit.htm
How to check the level:
http://www.techgalaxy.net/Docs/Win2003/Verifying_functional_levels_by_using_ADSIEdit.htm
Also open active directory domians and trust > domain > right click > properties.
This will show both domain and forest levels.
This will show both domain and forest levels.
ASKER
It is Windows2003 functional level...Thanks,
Did you do the forest adprep before adding the 2008 machines ?
ASKER
I have gone back through things, and the only oddities I am seeing are the following:
DNS Eventlog error 4013
When I try to run ntfrsutl server I receive:
ERROR - Cannot RPC to computer, (null); 00001f47 (8007)
Thanks for any additional help.
DNS Eventlog error 4013
When I try to run ntfrsutl server I receive:
ERROR - Cannot RPC to computer, (null); 00001f47 (8007)
Thanks for any additional help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER