[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Netlogon and Sysvol shares and Replication

Posted on 2011-09-17
8
Medium Priority
?
980 Views
Last Modified: 2014-06-24
Hello,
I'm beginning to feel I MUST be doing something wrong, Microsoft couldn't have made this THAT much trouble for adding additional DCs, but it seems every time I add an additional DC, I cannot get Netlogon and Sysvol to share out and replicate as expected.

Here's what I'm experiencing currently:

Server 2008 Standard is the Pre-existing DC (was added to domain to replicate with a Server 2003 DC, now that Server 2003 DC has failed)
Server 2008 R2 x64 is the new DC, dcpromo run with no issues, no DNS complaints, etc.

No SYSVOL replication now
No Netlogon Share
I have run the MS KB and changed the burflags key to D4, have set SysVolReady to 1, now have Sysvol shared out, no replication and now still no netlogon share.

dcdiag reports:
  Starting test: NCSecDesc
     Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
        Replicating Directory Changes In Filtered Set
     access rights for the naming context:
     DC=DomainDnsZones,DC=domain,DC=local
     Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
        Replicating Directory Changes In Filtered Set
     access rights for the naming context:
     DC=ForestDnsZones,DC=domain,DC=local
     ......................... SERVER failed test NCSecDesc

Thanks for any help you can provide. I feel like I need to make some sort of change to the way we do our additional DCs because this is a royal pain to have to go through this every time.
Thanks in advance!
0
Comment
Question by:stsanford
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Assisted Solution

by:SuperTaco
SuperTaco earned 1000 total points
ID: 36554480
Are all of the machine GUID's showing up in DNS?  do you have any other DC's or DNS sevrers trapped in DNS?   if so , remove them
0
 

Author Comment

by:stsanford
ID: 36557878
I searched through, I don't see any of the old DCs listed.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 36557894
What is your domain and forest functioning level?

How to check the level:
http://www.techgalaxy.net/Docs/Win2003/Verifying_functional_levels_by_using_ADSIEdit.htm
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 23

Expert Comment

by:yo_bee
ID: 36557911
Also open active directory domians and trust  > domain > right click > properties.
This will show both domain and forest levels.

0
 

Author Comment

by:stsanford
ID: 36557912
It is Windows2003 functional level...Thanks,
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 36557963
Did you do the forest adprep before adding the 2008 machines ?
0
 

Author Comment

by:stsanford
ID: 36558081
I have gone back through things, and the only oddities I am seeing are the following:
DNS Eventlog error 4013
When I try to run ntfrsutl server I receive:
ERROR - Cannot RPC to computer, (null); 00001f47 (8007)

Thanks for any additional help.
0
 
LVL 16

Accepted Solution

by:
Syed_M_Usman earned 1000 total points
ID: 37499714
Dear,

with regards to below error,
"dcdiag reports:
  Starting test: NCSecDesc
     Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
        Replicating Directory Changes In Filtered Set
     access rights for the naming context:
     DC=DomainDnsZones,DC=domain,DC=local
     Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
        Replicating Directory Changes In Filtered Set
     access rights for the naming context:
     DC=ForestDnsZones,DC=domain,DC=local
     ......................... SERVER failed test NCSecDesc"

you shoudl look at http://support.microsoft.com/kb/967482

i think you have 1 or more 2003Dc and you also have 2008DC. can you please run below commands and upload screen shots

netdom query fsmo
dcdiag
repadmin /showrepl

upload screen shots plz.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question