Carol Chisholm
asked on
Windows 2003 domain with only one DC giving DCDIAG FRS errors
A single Windows 2003 DC (so no replication as there is only one DC) is reporting problems in DCDIAG.
Before I add references as suggested in Knowledge Base Article: Q312862 I want to understand why a domain with one DC is trying to replicate.
I do not have the whole history of the domain, but there may have been other DCs in the past. There was also a WINS server which I have got rid of and there were some network issues which are also resolved. It is a SLD and I need to sort this all out before either trying to rename it or using ADMT to move to a properly named domain. This DC has had forestprep run on it for promoting to 2008, but domainprep failed, and that is where I got involved.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MY -SERVER
Starting test: Connectivity
......................... MY-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MY -SERVER
Starting test: Replications
......................... MY-SERVER passed test Replications
Starting test: NCSecDesc
......................... MY-SERVER passed test NCSecDesc
Starting test: NetLogons
......................... MY-SERVER passed test NetLogons
Starting test: Advertising
......................... MY-SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MY-SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MY-SERVER passed test RidManager
Starting test: MachineAccount
......................... MY-SERVER passed test MachineAccount
Starting test: Services
......................... MY-SERVER passed test Services
Starting test: ObjectsReplicated
......................... MY-SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... MY-SERVER passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MY-SERVER failed test frsevent
Starting test: kccevent
......................... MY-SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000007
Time Generated: 02/13/2013 21:56:37
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0xC0000007
Time Generated: 02/13/2013 21:56:37
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:55
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:55
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:55
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:15
(Event String could not be retrieved)
......................... MY-SERVER failed test systemlog
Starting test: VerifyReferences
Some objects relating to the DC MY-SERVER have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MY-SERVER,OU=Domain Controllers,DC=MYDOM
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=MY-SERVER,CN=S ervers,CN= Default-Fi rst-Site-N ame,CN=Sit es,CN=Conf iguration, DC=MYDOM
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... MY-SERVER failed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : MYDOM
Starting test: CrossRefValidation
......................... MYDOM passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... MYDOM passed test CheckSDRefDom
Running enterprise tests on : MYDOM
Starting test: Intersite
......................... MYDOM passed test Intersite
Starting test: FsmoCheck
......................... MYDOM passed test FsmoCheck
Before I add references as suggested in Knowledge Base Article: Q312862 I want to understand why a domain with one DC is trying to replicate.
I do not have the whole history of the domain, but there may have been other DCs in the past. There was also a WINS server which I have got rid of and there were some network issues which are also resolved. It is a SLD and I need to sort this all out before either trying to rename it or using ADMT to move to a properly named domain. This DC has had forestprep run on it for promoting to 2008, but domainprep failed, and that is where I got involved.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MY
Starting test: Connectivity
......................... MY-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MY
Starting test: Replications
......................... MY-SERVER passed test Replications
Starting test: NCSecDesc
......................... MY-SERVER passed test NCSecDesc
Starting test: NetLogons
......................... MY-SERVER passed test NetLogons
Starting test: Advertising
......................... MY-SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MY-SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MY-SERVER passed test RidManager
Starting test: MachineAccount
......................... MY-SERVER passed test MachineAccount
Starting test: Services
......................... MY-SERVER passed test Services
Starting test: ObjectsReplicated
......................... MY-SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... MY-SERVER passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MY-SERVER failed test frsevent
Starting test: kccevent
......................... MY-SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 21:25:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000007
Time Generated: 02/13/2013 21:56:37
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0xC0000007
Time Generated: 02/13/2013 21:56:37
Event String: The Security Account Manager failed a KDC request
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:55
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:55
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:02:55
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2013 22:13:15
(Event String could not be retrieved)
......................... MY-SERVER failed test systemlog
Starting test: VerifyReferences
Some objects relating to the DC MY-SERVER have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MY-SERVER,OU=Domain Controllers,DC=MYDOM
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=MY-SERVER,CN=S
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... MY-SERVER failed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : MYDOM
Starting test: CrossRefValidation
......................... MYDOM passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... MYDOM passed test CheckSDRefDom
Running enterprise tests on : MYDOM
Starting test: Intersite
......................... MYDOM passed test Intersite
Starting test: FsmoCheck
......................... MYDOM passed test FsmoCheck
Have you checked that there are no other dc's referenced in AD? there my only be one online but could someone else have decommisioned one (ie yanked it out ungracefully)?
EventID: 0x00000457 suggests either dns errors can you ping both ways you know client to dc and the other way ?
it could be stale dns entries from old dc too ie dns/ad thinks the dc is missing
it could be stale dns entries from old dc too ie dns/ad thinks the dc is missing
ASKER
No other DCs visible in users & computers under Domain Controllers. Ping and NSLOOKUP are working perfectly on clients and servers.
I have gone through the DNS and it is clean. Rebooted the server too.
I have gone through the DNS and it is clean. Rebooted the server too.
it could be a gpo problem
Group Policy problems.
......................... MY-SERVER failed test frsevent
run gpupdate /force on both server and client and try again
Group Policy problems.
......................... MY-SERVER failed test frsevent
run gpupdate /force on both server and client and try again
Perform a metadata cleanup of this DC. There is metadata somewhere within Sites and Services, or a reference to another DC. Here's the best guide I have found for you to follow.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
ASKER
The metadata was clean... Still working on it.
Once done with the cleanup, delete the frs data and restart the NTFRS service.
ASKER
What FRS data exactly? I have only one DC.
There still appears to be some metadata:
Follow this link and the metadata will be gone:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Then restart NTFRS service.
Follow this link and the metadata will be gone:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Then restart NTFRS service.
ASKER
There are no other servers left in the metadata. Restarted the sever.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
There IS ONLY ONE DC, see title of message. It owns all the roles.
I already checked that.
Can we close this, no one seems to be able to have any help
ONE DC
No metadata
All roles owned by this one DC
I already checked that.
Can we close this, no one seems to be able to have any help
ONE DC
No metadata
All roles owned by this one DC
Good luck.
ASKER
Closing this, have not resolved it an no-one seems to be able to give advice when there is only one DC.
ASKER
My problem is with only one DC, all advice relates to environments with several DCs
NO, the advice given above also pertains to a solo DC.
Believe it or not, a computer has to network to itself for File replication.
Again, GOOD LUCK.
Believe it or not, a computer has to network to itself for File replication.
Again, GOOD LUCK.