DC Migration - SYSVOL not established

Posted on 2013-01-30
Last Modified: 2013-01-31
Hi there,
In attempting to migrate an old SBS2003 DC to a new W2008R2 DC for a client, we are hitting issues where FRS is not able to complete the replication. This may be a DNS or RPC issue.

Pertinent info:
- SBS2003 has been giving issues with DC for the past few months. There was a BDC in place, however this caused severe authentication issues when this assumed master browser.
- The old BDC has been forcefully demoted, and metadata tidied up on the SBS.
- SBS did have a JOURNAL_WRAP issue, which has stopped erroring since the forceful demotion.

In attempting to DCPromo a new 2008 R2 DC that will eventually sieze the FSMO roles and replace SBS, we are hitting issues with FRS, where SYSVOL and Net Logon shares are not appearing, although AD objects and DNS have replicated successfully.

Event 13508 appears without Event 13509, and the technet article has been checked:

FRSDiag on SBS:
Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <FrsDsGetComputer:              3212:  8967: S1: 14:41:38> :DS: WARN - GetComputerObjectName(LGSERVER); Len 260, WStatus EPT_S_NOT_REGISTERED

Open in new window

Can we register NTFRS against RPC, to alleviate the EPT_S_NOT_REGISTERED issue? Google's no help here.
RPC Connectivity has been checked, found Ok (e.g. remote event viewer).

FRSDiag on new DC:
Checking for errors/warnings in FRS Event Log .... 	
NtFrs	29/01/2013 19:18:33	Warning	13508	The File Replication Service is having trouble enabling replication  from LGSERVER to LGVS-DC1 for c:\windows\sysvol\domain using the DNS name lgserver.<contoso>.local.

Checking for errors in debug logs ...
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                      572:   904: S0: 15:31:18> :SR: Cmd 00371bb0, CxtG 18e347c6, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (372) [SndFail - Send Penalty]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   877: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - rpc call]
	ERROR on NtFrs_0005.log : "ERROR_RETRY" : <SndCsMain:                     1764:   904: S0: 15:42:40> :SR: Cmd 00371730, CxtG 865cecc9, WS ERROR_RETRY, To   lgserver.<contoso>.local Len:  (396) [SndFail - Send Penalty]

Open in new window

Repadmin /showreps is 100% successful.
Repadmin /syncall shows no errors.

On SBS>dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003 for Small Business Server
 (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000009] Microsoft Virtual Machine Bus Network Adapter:
                     MAC address is 00:15:5D:14:02:26
                     IP address is static
                     IP address:
                     DNS servers:
               (lgserver.<contoso>.local.) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found

Open in new window

On 2008R2: >dcdiag /test:dns /v /e
      Starting test: DNS
         Test results for domain controllers:
            DC: lgserver.<contoso>.local
            Domain: <contoso>.local
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, D
escription: Access is denied.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC

Open in new window

Beyond this, we are getting related RPC errors on Certificate enrolment for the new DC:

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Date:          30/01/2013 11:15:11
Event ID:      13
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      LGVS-DC1.<contoso>.local
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from lgserver.<contoso>.local\lgserver.<contoso>.local (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

Open in new window

RPC is running however, and appears fine with PortQueryUI, although I couldn't see any RPC provider for NTFRS or the CA? Should there be?

Folks, up against it here. Any thoughts would be greatly appreciated.
Question by:plokij5006
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 300 total points
ID: 38838433
This will happen if you didn't properly resolve a journal wrap error. The netlogon service will not instantiate the shares until it detects a fully healthy environment.
LVL 14

Accepted Solution

BlueCompute earned 200 total points
ID: 38839332

Author Closing Comment

ID: 38839489
Thanks cgaliher, BlueCompute.
It indeed turned out to be caused by the journal wrap error, despite the event not reoccurring since removing the bad BDC. This was cleared with the burFlags D4.

Awarding the points to both, as cgaliher was first in and BlueCompute provided links.

Thanks to both for the quick responses!

Join & Write a Comment

Suggested Solutions

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now