Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


NTFRS and DFS failures on 2003 SBS trying to migrate to 2008 SBS

Posted on 2011-10-14
Medium Priority
Last Modified: 2012-05-12
Hi all,

I am trying to migrate a 2003 SBS to 2008 SBS, and have followed the migration guide so far to the letter.  The 2008 SBS is stuck at the dreaded "expanding and installing files" section of the migration, with a message:

Active Directory replication is taking longer than expected. You can choose whether to continue waiting. If you choose not to wait, the migration may fail. Unless you are sure that replication is working correctly, it is recommended that you continue waiting. Do you want to wait for the replication to finish? (Yes/No).

Clicking yes just makes the server sit there for a further 20 minutes before coming back with the same message, over and over again.

I have looked at the event logs on the 2003 SBS that I am trying to migrate from, and it looks like the problem is being caused by NTFRS - it won't start.  When I try to start the service, it generates 4 events and stops - 13501, 13512, 13555 and finally 13502.

Also, I cannot open AD U&C on the 2003 SBS - it says it can't open the snap-in, although it is present and correct and the permissions on the file itself are fine.  AD S&S and AD D&T work fine, just U&C I can't open.

What may be related is that there was a second DC in this domain up until a few weeks ago, when it died, so I had to forcibly remove it from the AD.  I removed it using ntdsutil with metadata cleanup and there don't seem to be any references to the old DC anywhere in adsiedit or dns any more.  One mistake I think I made though was after doing that, I deleted the NTDS entry in AD S&S for the dead server, and then manually deleted the server from there too, which I think may have caused an issue.

Also, the orphaned server did have a DFS root on it for data which was shared with the 2003 SBS, which I don't seem to be able to now delete using the DFS management snap-in.  It shows the root is present, but when I try and delete it, it says:

The following error occurred during deleting the DFS root on (dead server)
Do you want to forcibly remove the DFS root?
The RPC server is unavailable.

When I click Yes it says:

The following error occurred while deleting the DFS root (dead server):
The specified domain either does not exist or could not be contacted.

So I can't delete it.

I have a feeling all these things are linked and are what are preventing the migration from proceeding - for what it's worth runninng netdom query fsmo on the 2003 SBS shows that the 2008 SBS I am trying to migrate to has all the FSMO roles assigned to it - the 2003 SBS no longer has any of them.

I am reluctant to restart the 2003 SBS in case I can't log back into it again when it comes back up.

Do any of you have any ideas how I can rectify this situation so that I can start NTFRS and get the replication going again please?

Thanks very much in advance!
Question by:chris3879
  • 2
  • 2
LVL 12

Expert Comment

ID: 36970178
>I am reluctant to restart the 2003 SBS in case I can't log back into it again when it comes back up.
NTDS is not that fragile, to be honest. If you want to make sure, keep making copies of the System State along the way (best practice ever) and make sure you know the AD restore mode password, or reset it: http://support.microsoft.com/kb/322672

Event ID 13555 is the only error message, is that right? Does the event mention any recovery steps, or any clue as to what is wrong with the FRS?

One idea is to check whether any NTFRS replica sets have invalid primary members. Ntdsutil does not clean those up. The replica sets are located in containers underneath:
CN=File Replication Service,CN=System of your Domain Naming Context.
Check each replica set underneath that container for non-existing servers in the fRSPrimaryMember attribute.

Author Comment

ID: 36980405
Thanks for the reply.  I did end up restarting it, and the NTDS came back up okay, but the problem is still present.

You're correct that 13555 is the only error message.  No clues - it just mentions that I should do a non-authoritative restore - which I am not sure is wise given that the other DC on the network hasn't managed to replicate anything with it yet, so I am pretty sure it doesn't have a valid copy that it can restore back to it.

I've checked in the CN you mention and it shows Sysvol as being present and correct, with no references to the old server.

To say I am stumped is an understatement!  Any other ideas?

Thanks again.
LVL 12

Accepted Solution

Rant32 earned 2000 total points
ID: 36984162
You're welcome, Chris.

Have you tried FrsDiag?

Also you could be right about the NTDS connection objects. From MS KB 312862:

In Active Directory Sites and Services, do not delete an NTDS Settings object on a domain controller (regardless of whether it is orphaned or offline). If you make the deletion, the Server-References attributes on the FRS member object become null; null Server-Reference attributes halt inbound and outbound replication of SYSVOL on the domain controller. This type of deletion is a common scenario.

Please run the FrsDiag tool against both/all your domain controllers, and let us know what you find.


Author Comment

ID: 37728943
Just to give an update to this - eventually I gave up and run a system state restore on the original box after everything went very wrong trying to fix this.

They are sticking with 2003 for now...

Thanks very much for your help.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question