Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DC Migration - SYSVOL not established

Posted on 2013-01-30
3
Medium Priority
?
899 Views
Last Modified: 2013-01-31
Hi there,
In attempting to migrate an old SBS2003 DC to a new W2008R2 DC for a client, we are hitting issues where FRS is not able to complete the replication. This may be a DNS or RPC issue.

Pertinent info:
- SBS2003 has been giving issues with DC for the past few months. There was a BDC in place, however this caused severe authentication issues when this assumed master browser.
- The old BDC has been forcefully demoted, and metadata tidied up on the SBS.
- SBS did have a JOURNAL_WRAP issue, which has stopped erroring since the forceful demotion.

In attempting to DCPromo a new 2008 R2 DC that will eventually sieze the FSMO roles and replace SBS, we are hitting issues with FRS, where SYSVOL and Net Logon shares are not appearing, although AD objects and DNS have replicated successfully.

Event 13508 appears without Event 13509, and the technet article has been checked:
http://technet.microsoft.com/en-us/library/bb727056.aspx

FRSDiag on SBS:
Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <FrsDsGetComputer:              3212:  8967: S1: 14:41:38> :DS: WARN - GetComputerObjectName(LGSERVER); Len 260, WStatus EPT_S_NOT_REGISTERED

Open in new window


Can we register NTFRS against RPC, to alleviate the EPT_S_NOT_REGISTERED issue? Google's no help here.
RPC Connectivity has been checked, found Ok (e.g. remote event viewer).


FRSDiag on new DC:
Checking for errors/warnings in FRS Event Log .... 	
NtFrs	29/01/2013 19:18:33	Warning	13508	The File Replication Service is having trouble enabling replication  from LGSERVER to LGVS-DC1 for c:\windows\sysvol\domain using the DNS name lgserver.<contoso>.local.

Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                      572:   904: S0: 15:31:18> :SR: Cmd 00371bb0, CxtG 18e347c6, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (372) [SndFail - Send Penalty]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   877: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - rpc call]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   904: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - Send Penalty]

Open in new window


Repadmin /showreps is 100% successful.
Repadmin /syncall shows no errors.

On SBS>dcdiag /test:dns /v /e
[...]
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003 for Small Business Server
 (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000009] Microsoft Virtual Machine Bus Network Adapter:
                     MAC address is 00:15:5D:14:02:26
                     IP address is static
                     IP address: 192.168.10.20
                     DNS servers:
                        192.168.10.20 (lgserver.<contoso>.local.) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
[...]

Open in new window


On 2008R2: >dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, D
escription: Access is denied.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC

Open in new window


Beyond this, we are getting related RPC errors on Certificate enrolment for the new DC:

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Date:          30/01/2013 11:15:11
Event ID:      13
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      LGVS-DC1.<contoso>.local
Description:
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from lgserver.<contoso>.local\lgserver.<contoso>.local (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

Open in new window


RPC is running however, and appears fine with PortQueryUI, although I couldn't see any RPC provider for NTFRS or the CA? Should there be?
Attached.

Folks, up against it here. Any thoughts would be greatly appreciated.
portquery.txt
0
Comment
Question by:plokij5006
3 Comments
 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1200 total points
ID: 38838433
This will happen if you didn't properly resolve a journal wrap error. The netlogon service will not instantiate the shares until it detects a fully healthy environment.
0
 
LVL 14

Accepted Solution

by:
BlueCompute earned 800 total points
ID: 38839332
0
 

Author Closing Comment

by:plokij5006
ID: 38839489
Thanks cgaliher, BlueCompute.
It indeed turned out to be caused by the journal wrap error, despite the event not reoccurring since removing the bad BDC. This was cleared with the burFlags D4.

Awarding the points to both, as cgaliher was first in and BlueCompute provided links.

Thanks to both for the quick responses!
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question