Link to home
Create AccountLog in
Avatar of Carol Chisholm
Carol ChisholmFlag for Switzerland

asked on

Windows 2003 domain with only one DC giving DCDIAG FRS errors

A single Windows 2003 DC (so no replication as there is only one DC) is reporting problems in DCDIAG.

Before I add references as suggested in Knowledge Base Article: Q312862 I want to understand why a domain with one DC is trying to replicate.

I do not have the whole history of the domain, but there may have been other DCs in the past. There was also a WINS server which I have got rid of and there were some network issues which are also resolved. It is a SLD and I need to sort this all out before either trying to rename it or using ADMT to move to a properly named domain. This DC has had forestprep run on it for promoting to 2008, but domainprep failed, and that is where I got involved.

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\MY-SERVER
      Starting test: Connectivity
         ......................... MY-SERVER passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\MY-SERVER
      Starting test: Replications
         ......................... MY-SERVER passed test Replications
      Starting test: NCSecDesc
         ......................... MY-SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... MY-SERVER passed test NetLogons
      Starting test: Advertising
         ......................... MY-SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MY-SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MY-SERVER passed test RidManager
      Starting test: MachineAccount
         ......................... MY-SERVER passed test MachineAccount
      Starting test: Services
         ......................... MY-SERVER passed test Services
      Starting test: ObjectsReplicated
         ......................... MY-SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MY-SERVER passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... MY-SERVER failed test frsevent
      Starting test: kccevent
         ......................... MY-SERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000007
            Time Generated: 02/13/2013   21:56:37
            Event String: The Security Account Manager failed a KDC request

         An Error Event occured.  EventID: 0xC0000007
            Time Generated: 02/13/2013   21:56:37
            Event String: The Security Account Manager failed a KDC request

         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:15
            (Event String could not be retrieved)
         ......................... MY-SERVER failed test systemlog
      Starting test: VerifyReferences
         Some objects relating to the DC MY-SERVER have problems:
            [1] Problem: Missing Expected Value

             Base Object: CN=MY-SERVER,OU=Domain Controllers,DC=MYDOM

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            [1] Problem: Missing Expected Value

             Base Object:

            CN=NTDS Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOM

             Base Object Description: "DSA Object"

             Value Object Attribute Name: serverReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... MY-SERVER failed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : MYDOM
      Starting test: CrossRefValidation
         ......................... MYDOM passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... MYDOM passed test CheckSDRefDom
   
   Running enterprise tests on : MYDOM
      Starting test: Intersite
         ......................... MYDOM passed test Intersite
      Starting test: FsmoCheck
         ......................... MYDOM passed test FsmoCheck
Avatar of Share-IT
Share-IT
Flag of United Kingdom of Great Britain and Northern Ireland image

Have you checked that there are no other dc's referenced in AD? there my only be one online but could someone else have decommisioned one (ie yanked it out ungracefully)?
EventID: 0x00000457 suggests either dns errors can you ping both ways you know client to dc and the other way ?

it could be stale dns entries from old dc too ie dns/ad thinks the dc is missing
Avatar of Carol Chisholm

ASKER

No other DCs visible in users & computers under Domain Controllers. Ping and NSLOOKUP are working perfectly on clients and servers.
I have gone through the DNS and it is clean. Rebooted the server too.
it could be a gpo problem

Group Policy problems.
         ......................... MY-SERVER failed test frsevent

run gpupdate /force on both server and client and try again
Perform a metadata cleanup of this DC. There is metadata somewhere within Sites and Services, or a reference to another DC. Here's the best guide I have found for you to follow.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
The metadata was clean... Still working on it.
Once done with the cleanup, delete the frs data and restart the NTFRS service.
What FRS data exactly? I have only one DC.
There still appears to be some metadata:

Follow this link and the metadata will be gone:


http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Then restart NTFRS service.
There are no other servers left in the metadata. Restarted the sever.
ASKER CERTIFIED SOLUTION
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
There IS ONLY ONE DC, see title of message. It owns all the roles.
I already checked that.
Can we close this, no one seems to be able to have any help

ONE DC
No metadata
All roles owned by this one DC
Good luck.
Closing this, have not resolved it an no-one seems to be able to give advice when there is only one DC.
My problem is with only one DC, all advice relates to environments with several DCs
NO, the advice given above also pertains to a solo DC.

Believe it or not, a computer has to network to itself for File replication.

Again, GOOD LUCK.