DC Migration - SYSVOL not established

Posted on 2013-01-30
Last Modified: 2013-01-31
Hi there,
In attempting to migrate an old SBS2003 DC to a new W2008R2 DC for a client, we are hitting issues where FRS is not able to complete the replication. This may be a DNS or RPC issue.

Pertinent info:
- SBS2003 has been giving issues with DC for the past few months. There was a BDC in place, however this caused severe authentication issues when this assumed master browser.
- The old BDC has been forcefully demoted, and metadata tidied up on the SBS.
- SBS did have a JOURNAL_WRAP issue, which has stopped erroring since the forceful demotion.

In attempting to DCPromo a new 2008 R2 DC that will eventually sieze the FSMO roles and replace SBS, we are hitting issues with FRS, where SYSVOL and Net Logon shares are not appearing, although AD objects and DNS have replicated successfully.

Event 13508 appears without Event 13509, and the technet article has been checked:

FRSDiag on SBS:
Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <FrsDsGetComputer:              3212:  8967: S1: 14:41:38> :DS: WARN - GetComputerObjectName(LGSERVER); Len 260, WStatus EPT_S_NOT_REGISTERED

Open in new window

Can we register NTFRS against RPC, to alleviate the EPT_S_NOT_REGISTERED issue? Google's no help here.
RPC Connectivity has been checked, found Ok (e.g. remote event viewer).

FRSDiag on new DC:
Checking for errors/warnings in FRS Event Log .... 	
NtFrs	29/01/2013 19:18:33	Warning	13508	The File Replication Service is having trouble enabling replication  from LGSERVER to LGVS-DC1 for c:\windows\sysvol\domain using the DNS name lgserver.<contoso>.local.

Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                      572:   904: S0: 15:31:18> :SR: Cmd 00371bb0, CxtG 18e347c6, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (372) [SndFail - Send Penalty]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   877: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - rpc call]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   904: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - Send Penalty]

Open in new window

Repadmin /showreps is 100% successful.
Repadmin /syncall shows no errors.

On SBS>dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003 for Small Business Server
 (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000009] Microsoft Virtual Machine Bus Network Adapter:
                     MAC address is 00:15:5D:14:02:26
                     IP address is static
                     IP address:
                     DNS servers:
               (lgserver.<contoso>.local.) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found

Open in new window

On 2008R2: >dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, D
escription: Access is denied.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC

Open in new window

Beyond this, we are getting related RPC errors on Certificate enrolment for the new DC:

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Date:          30/01/2013 11:15:11
Event ID:      13
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      LGVS-DC1.<contoso>.local
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from lgserver.<contoso>.local\lgserver.<contoso>.local (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

Open in new window

RPC is running however, and appears fine with PortQueryUI, although I couldn't see any RPC provider for NTFRS or the CA? Should there be?

Folks, up against it here. Any thoughts would be greatly appreciated.
Question by:plokij5006
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 300 total points
ID: 38838433
This will happen if you didn't properly resolve a journal wrap error. The netlogon service will not instantiate the shares until it detects a fully healthy environment.
LVL 14

Accepted Solution

BlueCompute earned 200 total points
ID: 38839332

Author Closing Comment

ID: 38839489
Thanks cgaliher, BlueCompute.
It indeed turned out to be caused by the journal wrap error, despite the event not reoccurring since removing the bad BDC. This was cleared with the burFlags D4.

Awarding the points to both, as cgaliher was first in and BlueCompute provided links.

Thanks to both for the quick responses!

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question