Domain SYSVOL and NETLOGON not created when adding new DC Server 2012
I have been struggling with this for about three days. I have two DCs running Server 2012. I had some issues with GPO replication. I thought i fixed it but I did not. I ended up demoting one of the DCs and re promoting it. However whenever I added the new DC the Netlogon and Sysvol shares are not created.
When I run DCDIAG on the SERVER that is missing the Shares this is the error:
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\BEHS-SV102\netlogon)
[BEHS-SV102] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... BEHS-SV102 failed test NetLogons
DCDIAG on the DC that has the NETLOGONS and SYSVOL:
Doing primary tests
Testing server: Default-First-Site-Name\BE
Starting test: Advertising
......................... BEHS-SV100 passed test Advertising
Starting test: FrsEvent
......................... BEHS-SV100 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... BEHS-SV100 passed test DFSREvent
Starting test: SysVolCheck
......................... BEHS-SV100 passed test SysVolCheck
Starting test: KccEvent
......................... BEHS-SV100 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BEHS-SV100 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BEHS-SV100 passed test MachineAccount
Starting test: NCSecDesc
......................... BEHS-SV100 passed test NCSecDesc
Starting test: NetLogons
......................... BEHS-SV100 passed test NetLogons
Starting test: ObjectsReplicated
......................... BEHS-SV100 passed test ObjectsReplicated
Starting test: Replications
......................... BEHS-SV100 passed test Replications
Starting test: RidManager
......................... BEHS-SV100 passed test RidManager
Starting test: Services
......................... BEHS-SV100 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00000458
Time Generated: 02/01/2013 22:06:39
Event String:
The Group Policy Client Side Extension Folder Redirection was unable to apply one or more settings because t
he changes must be processed before system startup or user logon. The system will wait for Group Policy processing to fi
nish completely before the next startup or logon for this user, and this may result in slow startup and boot performance
.
An error event occurred. EventID: 0x0000272C
Time Generated: 02/01/2013 22:21:40
Event String:
DCOM was unable to communicate with the computer 4.2.2.2 using any of the configured protocols; requested by
PID 3988 (C:\Windows\system32\dcdia
An error event occurred. EventID: 0x0000272C
Time Generated: 02/01/2013 22:22:02
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by
PID 3988 (C:\Windows\system32\dcdia
......................... BEHS-SV100 failed test SystemLog
I have set each DC to point to one and another. I have the forwards set to 8.8.8.8 and 4.2.2.2.
I have also verified the times are in sync. I have tried to run this as well: http://support.microsoft.com/kb/290762
But those values are not in 2012 since it does not use FRS.
Anyone have any ideas?
Regards,
Tucker
When I run DCDIAG on the SERVER that is missing the Shares this is the error:
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\BEHS-SV102\netlogon)
[BEHS-SV102] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... BEHS-SV102 failed test NetLogons
DCDIAG on the DC that has the NETLOGONS and SYSVOL:
Doing primary tests
Testing server: Default-First-Site-Name\BE
Starting test: Advertising
......................... BEHS-SV100 passed test Advertising
Starting test: FrsEvent
......................... BEHS-SV100 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... BEHS-SV100 passed test DFSREvent
Starting test: SysVolCheck
......................... BEHS-SV100 passed test SysVolCheck
Starting test: KccEvent
......................... BEHS-SV100 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BEHS-SV100 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BEHS-SV100 passed test MachineAccount
Starting test: NCSecDesc
......................... BEHS-SV100 passed test NCSecDesc
Starting test: NetLogons
......................... BEHS-SV100 passed test NetLogons
Starting test: ObjectsReplicated
......................... BEHS-SV100 passed test ObjectsReplicated
Starting test: Replications
......................... BEHS-SV100 passed test Replications
Starting test: RidManager
......................... BEHS-SV100 passed test RidManager
Starting test: Services
......................... BEHS-SV100 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00000458
Time Generated: 02/01/2013 22:06:39
Event String:
The Group Policy Client Side Extension Folder Redirection was unable to apply one or more settings because t
he changes must be processed before system startup or user logon. The system will wait for Group Policy processing to fi
nish completely before the next startup or logon for this user, and this may result in slow startup and boot performance
.
An error event occurred. EventID: 0x0000272C
Time Generated: 02/01/2013 22:21:40
Event String:
DCOM was unable to communicate with the computer 4.2.2.2 using any of the configured protocols; requested by
PID 3988 (C:\Windows\system32\dcdia
An error event occurred. EventID: 0x0000272C
Time Generated: 02/01/2013 22:22:02
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by
PID 3988 (C:\Windows\system32\dcdia
......................... BEHS-SV100 failed test SystemLog
I have set each DC to point to one and another. I have the forwards set to 8.8.8.8 and 4.2.2.2.
I have also verified the times are in sync. I have tried to run this as well: http://support.microsoft.com/kb/290762
But those values are not in 2012 since it does not use FRS.
Anyone have any ideas?
Regards,
Tucker
Hi,
maybe it's dumb, but have you already upgraded your replication system from FRS to DFSR ?
Cheers
maybe it's dumb, but have you already upgraded your replication system from FRS to DFSR ?
Cheers
ASKER
So none of the shares show up. Server 2012 does not use FRS. It only uses DFRS. I did not do a metadata cleanup. But I checked my DNS settings and the old DC was not showing. When I joined it back it showed back up.
I see this in my DFS Replication Event log:
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=B
Error: 2 (The system cannot find the file specified.)
Domain Controller: BEHS-SV100.behs.local
Polling Cycle: 60
The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner BEHS-SV100.behs.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 9346389F-A235-4586-AF67-C0
Replication Group Name: Domain System Volume
Replication Group ID: 6694B859-BF54-4000-9DD5-8D
Member ID: A92922D7-7210-4BF8-8AF1-76
Read-Only: 0
The DFS Replication service detected that the local path of a replicated folder (domain) in its database does not match the newly configured local path (C:\Windows\SYSVOL\domain)
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 9346389F-A235-4586-AF67-C0
Replication Group Name: Domain System Volume
Replication Group ID: 6694B859-BF54-4000-9DD5-8D
Member ID: A92922D7-7210-4BF8-8AF1-76
The DFS Replication service has detected that no connections are configured for replication group Domain System Volume. No data is being replicated for this replication group.
Additional Information:
Replication Group ID: 6694B859-BF54-4000-9DD5-8D
Member ID: A92922D7-7210-4BF8-8AF1-76
I see this in my DFS Replication Event log:
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=B
Error: 2 (The system cannot find the file specified.)
Domain Controller: BEHS-SV100.behs.local
Polling Cycle: 60
The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner BEHS-SV100.behs.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 9346389F-A235-4586-AF67-C0
Replication Group Name: Domain System Volume
Replication Group ID: 6694B859-BF54-4000-9DD5-8D
Member ID: A92922D7-7210-4BF8-8AF1-76
Read-Only: 0
The DFS Replication service detected that the local path of a replicated folder (domain) in its database does not match the newly configured local path (C:\Windows\SYSVOL\domain)
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 9346389F-A235-4586-AF67-C0
Replication Group Name: Domain System Volume
Replication Group ID: 6694B859-BF54-4000-9DD5-8D
Member ID: A92922D7-7210-4BF8-8AF1-76
The DFS Replication service has detected that no connections are configured for replication group Domain System Volume. No data is being replicated for this replication group.
Additional Information:
Replication Group ID: 6694B859-BF54-4000-9DD5-8D
Member ID: A92922D7-7210-4BF8-8AF1-76
ASKER
I also created a totally new VM with Server 2012 and it did the same thing. So I think the issue is totally on the existing DC with holds all the FSMO roles as well.
Tucker
Tucker
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did that then I got the following after I restarted the replication service:
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.
Additional Information:
Volume: C:
GUID: 05EAB7C6-36AA-11E2-93E7-80
Recovery Steps
1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.
2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:
wmic /namespace:\\root\microsof
For more information, see http://support.microsoft.com/kb/2663685.
So I did a backup and ran the wmic and then I got this:
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 62 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
Additional Information:
Error: 9061 (The replicated folder has been offline for too long.)
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 9346389F-A235-4586-AF67-C0
Replication Group Name: Domain System Volume
Replication Group ID: 6694B859-BF54-4000-9DD5-8D
Member ID: 1A6C2937-B21D-45A0-A071-D5
So what I did was ran this:
wmic.exe /namespace:\\root\microsof
I re-did the restore per the instructions on the link you gave me:
[1] When a backup application performs a system state restore, it must indicate that it has done so by setting the LastRestoreId registry value. The LastRestoreId is a GUID that is formatted as 00000000-0000-0000-0000-00
I then restarted the dfs service and BAM!!! IT WORKED!!!! WHOOOOO!
Thanks guys for all of your help!
Tucker
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.
Additional Information:
Volume: C:
GUID: 05EAB7C6-36AA-11E2-93E7-80
Recovery Steps
1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.
2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:
wmic /namespace:\\root\microsof
For more information, see http://support.microsoft.com/kb/2663685.
So I did a backup and ran the wmic and then I got this:
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 62 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
Additional Information:
Error: 9061 (The replicated folder has been offline for too long.)
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 9346389F-A235-4586-AF67-C0
Replication Group Name: Domain System Volume
Replication Group ID: 6694B859-BF54-4000-9DD5-8D
Member ID: 1A6C2937-B21D-45A0-A071-D5
So what I did was ran this:
wmic.exe /namespace:\\root\microsof
I re-did the restore per the instructions on the link you gave me:
[1] When a backup application performs a system state restore, it must indicate that it has done so by setting the LastRestoreId registry value. The LastRestoreId is a GUID that is formatted as 00000000-0000-0000-0000-00
I then restarted the dfs service and BAM!!! IT WORKED!!!! WHOOOOO!
Thanks guys for all of your help!
Tucker
ASKER
I searched for days trying to find a write up like that! Thanks for your assistance!
"On healthy DC you need to run D4 and D2 on other servers."
This worked for me, thanks!
This worked for me, thanks!
You have said that demoted the DC then did you performed Meta Data cleanup.
Also check in the c:\windows\debug folder for netlogon.log and check for any errors in it.
Are you able to view SYSVOL & NETLOGON shares for the command,
net share
in the problematic Domain controller.
Check for event ID: 13516 in the File replication service Log, if it's not present the server is not advertised itself as domain controller in the network.
Kindly check the DFRS service status, also you can give a try by restarting the service.
Also check the Directory service log and File replication service(FRS) log for any error and share the same here.