DC Migration - SYSVOL not established

Posted on 2013-01-30
Medium Priority
Last Modified: 2013-01-31
Hi there,
In attempting to migrate an old SBS2003 DC to a new W2008R2 DC for a client, we are hitting issues where FRS is not able to complete the replication. This may be a DNS or RPC issue.

Pertinent info:
- SBS2003 has been giving issues with DC for the past few months. There was a BDC in place, however this caused severe authentication issues when this assumed master browser.
- The old BDC has been forcefully demoted, and metadata tidied up on the SBS.
- SBS did have a JOURNAL_WRAP issue, which has stopped erroring since the forceful demotion.

In attempting to DCPromo a new 2008 R2 DC that will eventually sieze the FSMO roles and replace SBS, we are hitting issues with FRS, where SYSVOL and Net Logon shares are not appearing, although AD objects and DNS have replicated successfully.

Event 13508 appears without Event 13509, and the technet article has been checked:

FRSDiag on SBS:
Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <FrsDsGetComputer:              3212:  8967: S1: 14:41:38> :DS: WARN - GetComputerObjectName(LGSERVER); Len 260, WStatus EPT_S_NOT_REGISTERED

Open in new window

Can we register NTFRS against RPC, to alleviate the EPT_S_NOT_REGISTERED issue? Google's no help here.
RPC Connectivity has been checked, found Ok (e.g. remote event viewer).

FRSDiag on new DC:
Checking for errors/warnings in FRS Event Log .... 	
NtFrs	29/01/2013 19:18:33	Warning	13508	The File Replication Service is having trouble enabling replication  from LGSERVER to LGVS-DC1 for c:\windows\sysvol\domain using the DNS name lgserver.<contoso>.local.

Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                      572:   904: S0: 15:31:18> :SR: Cmd 00371bb0, CxtG 18e347c6, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (372) [SndFail - Send Penalty]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   877: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - rpc call]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   904: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - Send Penalty]

Open in new window

Repadmin /showreps is 100% successful.
Repadmin /syncall shows no errors.

On SBS>dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003 for Small Business Server
 (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000009] Microsoft Virtual Machine Bus Network Adapter:
                     MAC address is 00:15:5D:14:02:26
                     IP address is static
                     IP address:
                     DNS servers:
               (lgserver.<contoso>.local.) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found

Open in new window

On 2008R2: >dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, D
escription: Access is denied.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC

Open in new window

Beyond this, we are getting related RPC errors on Certificate enrolment for the new DC:

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Date:          30/01/2013 11:15:11
Event ID:      13
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      LGVS-DC1.<contoso>.local
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from lgserver.<contoso>.local\lgserver.<contoso>.local (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

Open in new window

RPC is running however, and appears fine with PortQueryUI, although I couldn't see any RPC provider for NTFRS or the CA? Should there be?

Folks, up against it here. Any thoughts would be greatly appreciated.
Question by:plokij5006
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1200 total points
ID: 38838433
This will happen if you didn't properly resolve a journal wrap error. The netlogon service will not instantiate the shares until it detects a fully healthy environment.
LVL 14

Accepted Solution

BlueCompute earned 800 total points
ID: 38839332

Author Closing Comment

ID: 38839489
Thanks cgaliher, BlueCompute.
It indeed turned out to be caused by the journal wrap error, despite the event not reoccurring since removing the bad BDC. This was cleared with the burFlags D4.

Awarding the points to both, as cgaliher was first in and BlueCompute provided links.

Thanks to both for the quick responses!

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question