Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


DC Migration - SYSVOL not established

Posted on 2013-01-30
Medium Priority
Last Modified: 2013-01-31
Hi there,
In attempting to migrate an old SBS2003 DC to a new W2008R2 DC for a client, we are hitting issues where FRS is not able to complete the replication. This may be a DNS or RPC issue.

Pertinent info:
- SBS2003 has been giving issues with DC for the past few months. There was a BDC in place, however this caused severe authentication issues when this assumed master browser.
- The old BDC has been forcefully demoted, and metadata tidied up on the SBS.
- SBS did have a JOURNAL_WRAP issue, which has stopped erroring since the forceful demotion.

In attempting to DCPromo a new 2008 R2 DC that will eventually sieze the FSMO roles and replace SBS, we are hitting issues with FRS, where SYSVOL and Net Logon shares are not appearing, although AD objects and DNS have replicated successfully.

Event 13508 appears without Event 13509, and the technet article has been checked:

FRSDiag on SBS:
Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <FrsDsGetComputer:              3212:  8967: S1: 14:41:38> :DS: WARN - GetComputerObjectName(LGSERVER); Len 260, WStatus EPT_S_NOT_REGISTERED

Open in new window

Can we register NTFRS against RPC, to alleviate the EPT_S_NOT_REGISTERED issue? Google's no help here.
RPC Connectivity has been checked, found Ok (e.g. remote event viewer).

FRSDiag on new DC:
Checking for errors/warnings in FRS Event Log .... 	
NtFrs	29/01/2013 19:18:33	Warning	13508	The File Replication Service is having trouble enabling replication  from LGSERVER to LGVS-DC1 for c:\windows\sysvol\domain using the DNS name lgserver.<contoso>.local.

Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                      572:   904: S0: 15:31:18> :SR: Cmd 00371bb0, CxtG 18e347c6, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (372) [SndFail - Send Penalty]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   877: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - rpc call]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   904: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - Send Penalty]

Open in new window

Repadmin /showreps is 100% successful.
Repadmin /syncall shows no errors.

On SBS>dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003 for Small Business Server
 (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000009] Microsoft Virtual Machine Bus Network Adapter:
                     MAC address is 00:15:5D:14:02:26
                     IP address is static
                     IP address:
                     DNS servers:
               (lgserver.<contoso>.local.) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found

Open in new window

On 2008R2: >dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, D
escription: Access is denied.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC

Open in new window

Beyond this, we are getting related RPC errors on Certificate enrolment for the new DC:

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Date:          30/01/2013 11:15:11
Event ID:      13
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      LGVS-DC1.<contoso>.local
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from lgserver.<contoso>.local\lgserver.<contoso>.local (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

Open in new window

RPC is running however, and appears fine with PortQueryUI, although I couldn't see any RPC provider for NTFRS or the CA? Should there be?

Folks, up against it here. Any thoughts would be greatly appreciated.
Question by:plokij5006
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1200 total points
ID: 38838433
This will happen if you didn't properly resolve a journal wrap error. The netlogon service will not instantiate the shares until it detects a fully healthy environment.
LVL 14

Accepted Solution

BlueCompute earned 800 total points
ID: 38839332

Author Closing Comment

ID: 38839489
Thanks cgaliher, BlueCompute.
It indeed turned out to be caused by the journal wrap error, despite the event not reoccurring since removing the bad BDC. This was cleared with the burFlags D4.

Awarding the points to both, as cgaliher was first in and BlueCompute provided links.

Thanks to both for the quick responses!

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question