Solved

2012 DNS/SYSVOL replication issues.

Posted on 2013-11-12
7
5,023 Views
Last Modified: 2013-12-14
Howdy,

I've recently taken over a 3 month old Server 2012 install running as a PDC that was very unstable, it was decided to replicate AD to a brand new 2012 installation and move to that, however I've run in to several DNS misconfigurations along the way.

DC1 is the original DC
DC2 is the new DC

Where I currently stand, ADUC, ADSS, DNS are all populated with information on DC2, however the SYSVOL and NETLOGON shares are not replicating.

DC1:
IP: 192.168.1.2
DNS1: 192.168.1.2
DNS2: 192.168.1.10

DC2:
IP: 192.168.1.10
DNS1: 192.168.1.10
DNS2: 192.168.1.2

DC1 can resolve DC2 via hostname & fqdn.
DC2 can resolve DC1 via hostname & fqdn.

All firewalls completely disabled on both servers.

FSMO query from both DC1 and DC2 shows the FSMO roles are all kept on DC1
C:\Users\administrator.SDF>NETDOM QUERY /D:mydomain FSMO
Schema master               DC1.mydomain.local
Domain naming master        DC1.mydomain.local
PDC                         DC1.mydomain.local
RID pool manager            DC1.mydomain.local
Infrastructure master       DC1.mydomain.local
The command completed successfully.

Open in new window


DCDIAG /v from DC2
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine DC2, is a Directory Server. 
   Home Server = DC2

   * Connecting to directory service on server DC2.

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=sdf,DC=loc,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=sdf,DC=loc,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 2 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\DC2

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         * Active Directory RPC Services Check
         ......................... DC2 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\DC2

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\DC1.mydomain.local, when we

         were trying to reach DC2.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... DC2 failed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         Skip the test because the server is running DFSR.

         ......................... DC2 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         An error event occurred.  EventID: 0xC0001390

            Time Generated: 11/12/2013   21:49:38

            Event String:

            The DFS Replication service failed to communicate with partner DC1 for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. 

             

            Partner DNS Address: DC1.mydomain.local 

             

            Optional data if available: 

            Partner WINS Address: DC1 

            Partner IP Address:  

             

            The service will retry the connection periodically. 

             

            Additional Information: 

            Error: 1722 (The RPC server is unavailable.) 

            Connection ID: A03E18CC-91CE-4DF7-BE5C-4625539743DE 

            Replication Group ID: 5B88FD88-1456-4250-BF21-A7A793994369

         An error event occurred.  EventID: 0xC0001204

            Time Generated: 11/12/2013   21:49:38

            Event String:

            The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC1.mydomain.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. 

             

            Additional Information: 

            Replicated Folder Name: SYSVOL Share 

            Replicated Folder ID: 99AF930D-5871-4D30-874A-9FD153A70DA9 

            Replication Group Name: Domain System Volume 

            Replication Group ID: A03E18CC-91CE-4DF7-BE5C-4625539743DE 

            Member ID: E768E632-5326-481C-8DC4-4C98E13647B0 

            Read-Only: 0

         An error event occurred.  EventID: 0xC0001390

            Time Generated: 11/13/2013   05:54:51

            Event String:

            The DFS Replication service failed to communicate with partner DC1 for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. 

             

            Partner DNS Address: DC1.mydomain.local 

             

            Optional data if available: 

            Partner WINS Address: DC1 

            Partner IP Address:  

             

            The service will retry the connection periodically. 

             

            Additional Information: 

            Error: 1722 (The RPC server is unavailable.) 

            Connection ID: A03E18CC-91CE-4DF7-BE5C-4625539743DE 

            Replication Group ID: 5B88FD88-1456-4250-BF21-A7A793994369

         An error event occurred.  EventID: 0xC0001204

            Time Generated: 11/13/2013   05:54:51

            Event String:

            The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC1.mydomain.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. 

             

            Additional Information: 

            Replicated Folder Name: SYSVOL Share 

            Replicated Folder ID: 99AF930D-5871-4D30-874A-9FD153A70DA9 

            Replication Group Name: Domain System Volume 

            Replication Group ID: A03E18CC-91CE-4DF7-BE5C-4625539743DE 

            Member ID: E768E632-5326-481C-8DC4-4C98E13647B0 

            Read-Only: 0

         A warning event occurred.  EventID: 0x80001396

            Time Generated: 11/13/2013   12:56:08

            Event String:

            The DFS Replication service is stopping communication with partner DC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically. 

             

            Additional Information: 

            Error: 9033 (The request was cancelled by a shutdown) 

            Connection ID: 1857D141-DB42-4C59-A079-667E2E63FEB2 

            Replication Group ID: 5B88FD88-1456-4250-BF21-A7A793994369

         An error event occurred.  EventID: 0xC0001390

            Time Generated: 11/13/2013   12:56:46

            Event String:

            The DFS Replication service failed to communicate with partner DC1 for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. 

             

            Partner DNS Address: DC1.mydomain.local 

             

            Optional data if available: 

            Partner WINS Address: DC1 

            Partner IP Address: 192.168.1.2 

             

            The service will retry the connection periodically. 

             

            Additional Information: 

            Error: 1722 (The RPC server is unavailable.) 

            Connection ID: 1857D141-DB42-4C59-A079-667E2E63FEB2 

            Replication Group ID: 5B88FD88-1456-4250-BF21-A7A793994369

         An error event occurred.  EventID: 0xC0001204

            Time Generated: 11/13/2013   12:56:46

            Event String:

            The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC1.mydomain.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. 

             

            Additional Information: 

            Replicated Folder Name: SYSVOL Share 

            Replicated Folder ID: 99AF930D-5871-4D30-874A-9FD153A70DA9 

            Replication Group Name: Domain System Volume 

            Replication Group ID: 1857D141-DB42-4C59-A079-667E2E63FEB2 

            Member ID: E768E632-5326-481C-8DC4-4C98E13647B0 

            Read-Only: 0

         An error event occurred.  EventID: 0xC000138A

            Time Generated: 11/13/2013   13:05:02

            Event String:

            The DFS Replication service encountered an error communicating with partner DC1 for replication group Domain System Volume. 

             

            Partner DNS address: DC1.mydomain.local 

             

            Optional data if available: 

            Partner WINS Address: DC1 

            Partner IP Address: 192.168.1.2 

             

            The service will retry the connection periodically. 

             

            Additional Information: 

            Error: 1753 (There are no more endpoints available from the endpoint mapper.) 

            Connection ID: 1857D141-DB42-4C59-A079-667E2E63FEB2 

            Replication Group ID: 5B88FD88-1456-4250-BF21-A7A793994369

         An error event occurred.  EventID: 0xC0001204

            Time Generated: 11/13/2013   13:05:02

            Event String:

            The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC1.mydomain.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. 

             

            Additional Information: 

            Replicated Folder Name: SYSVOL Share 

            Replicated Folder ID: 99AF930D-5871-4D30-874A-9FD153A70DA9 

            Replication Group Name: Domain System Volume 

            Replication Group ID: 1857D141-DB42-4C59-A079-667E2E63FEB2 

            Member ID: E768E632-5326-481C-8DC4-4C98E13647B0 

            Read-Only: 0

         ......................... DC2 failed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         The registry lookup failed to determine the state of the SYSVOL.  The

         error returned  was 0x0 "The operation completed successfully.".

         Check the FRS event log to see if the SYSVOL has successfully been

         shared. 
         ......................... DC2 passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... DC2 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         ......................... DC2 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC DC2 on DC DC2.
         * SPN found :LDAP/DC2.mydomain.local/mydomain.local
         * SPN found :LDAP/DC2.mydomain.local
         * SPN found :LDAP/DC2
         * SPN found :LDAP/DC2.mydomain.local/SDF
         * SPN found :LDAP/f2555240-5729-4e40-a0c1-346c1a57b2d2._msdcs.mydomain.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/f2555240-5729-4e40-a0c1-346c1a57b2d2/mydomain.local
         * SPN found :HOST/DC2.mydomain.local/mydomain.local
         * SPN found :HOST/DC2.mydomain.local
         * SPN found :HOST/DC2
         * SPN found :HOST/DC2.mydomain.local/SDF
         * SPN found :GC/DC2.mydomain.local/mydomain.local
         ......................... DC2 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC DC2.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=sdf,DC=loc
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=sdf,DC=loc
            (NDNC,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=sdf,DC=loc
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=sdf,DC=loc
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=sdf,DC=loc
            (Domain,Version 3)
         ......................... DC2 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Unable to connect to the NETLOGON share! (\\DC2\netlogon)

         [DC2] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... DC2 failed test NetLogons

      Starting test: ObjectsReplicated

         DC2 is in domain DC=sdf,DC=loc
         Checking for CN=DC2,OU=Domain Controllers,DC=sdf,DC=loc in domain DC=sdf,DC=loc on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc in domain CN=Configuration,DC=sdf,DC=loc on 1 servers
            Object is up-to-date on all servers.
         ......................... DC2 passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
         ......................... DC2 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 2101 to 1073741823
         * DC1.mydomain.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1601 to 2100
         * rIDPreviousAllocationPool is 1601 to 2100
         * rIDNextRID: 1601
         ......................... DC2 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... DC2 passed test Services

      Starting test: SystemLog

         * The System Event log test
         An error event occurred.  EventID: 0x00000456

            Time Generated: 11/13/2013   15:14:25

            Event String:

            The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 11/13/2013   16:09:12

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID      68c (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 11/13/2013   16:09:50

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID      4ec (C:\Windows\system32\dcdiag.exe).

         ......................... DC2 failed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=DC2,OU=Domain Controllers,DC=sdf,DC=loc and backlink on

         CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc

         are correct. 
         The system object reference (serverReferenceBL)

         CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sdf,DC=loc

         and backlink on

         CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc

         are correct. 
         The system object reference (msDFSR-ComputerReferenceBL)

         CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sdf,DC=loc

         and backlink on CN=DC2,OU=Domain Controllers,DC=sdf,DC=loc are

         correct. 
         ......................... DC2 passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : sdf

      Starting test: CheckSDRefDom

         ......................... sdf passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... sdf passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\DC1.mydomain.local

         Locator Flags: 0xe00073fd
         PDC Name: \\DC1.mydomain.local
         Locator Flags: 0xe00073fd
         Time Server Name: \\DC1.mydomain.local
         Locator Flags: 0xe00073fd
         Preferred Time Server Name: \\DC1.mydomain.local
         Locator Flags: 0xe00073fd
         KDC Name: \\DC1.mydomain.local
         Locator Flags: 0xe00073fd
         ......................... mydomain.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided. 
         ......................... mydomain.local passed test Intersite

Open in new window


DCDIAG /v from DC1
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine DC1, is a Directory Server. 
   Home Server = DC1

   * Connecting to directory service on server DC1.

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=sdf,DC=loc,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=sdf,DC=loc,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 2 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\DC1

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         * Active Directory RPC Services Check
         ......................... DC1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\DC1

      Starting test: Advertising

         The DC DC1 is advertising itself as a DC and having a DS.
         The DC DC1 is advertising as an LDAP server
         The DC DC1 is advertising as having a writeable directory
         The DC DC1 is advertising as a Key Distribution Center
         The DC DC1 is advertising as a time server
         The DS DC1 is advertising as a GC.
         ......................... DC1 passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         Skip the test because the server is running DFSR.

         ......................... DC1 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         An error event occurred.  EventID: 0xC0001390

            Time Generated: 11/12/2013   21:52:33

            Event String:

            The DFS Replication service failed to communicate with partner DC2 for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. 

             

            Partner DNS Address: DC2.mydomain.local 

             

            Optional data if available: 

            Partner WINS Address: DC2 

            Partner IP Address: 192.168.1.10 

             

            The service will retry the connection periodically. 

             

            Additional Information: 

            Error: 1722 (The RPC server is unavailable.) 

            Connection ID: D7991D93-1FAD-4B52-BC6E-528C1CCAEB20 

            Replication Group ID: 5B88FD88-1456-4250-BF21-A7A793994369

         A warning event occurred.  EventID: 0x800008A5

            Time Generated: 11/12/2013   22:52:26

            Event String:

            The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication. 

             

            Additional Information: 

            Volume: C: 

            GUID: 6874A17F-CED9-11E2-93E8-806E6F6E6963 

             

            Recovery Steps 

            1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders. 

            2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command: 

            wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="6874A17F-CED9-11E2-93E8-806E6F6E6963" call ResumeReplication 

             

            For more information, see http://support.microsoft.com/kb/2663685.

         A warning event occurred.  EventID: 0x800008A5

            Time Generated: 11/13/2013   13:01:34

            Event String:

            The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication. 

             

            Additional Information: 

            Volume: C: 

            GUID: 6874A17F-CED9-11E2-93E8-806E6F6E6963 

             

            Recovery Steps 

            1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders. 

            2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command: 

            wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="6874A17F-CED9-11E2-93E8-806E6F6E6963" call ResumeReplication 

             

            For more information, see http://support.microsoft.com/kb/2663685.

         A warning event occurred.  EventID: 0x800008A5

            Time Generated: 11/13/2013   13:06:43

            Event String:

            The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication. 

             

            Additional Information: 

            Volume: C: 

            GUID: 6874A17F-CED9-11E2-93E8-806E6F6E6963 

             

            Recovery Steps 

            1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders. 

            2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command: 

            wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="6874A17F-CED9-11E2-93E8-806E6F6E6963" call ResumeReplication 

             

            For more information, see http://support.microsoft.com/kb/2663685.

         ......................... DC1 failed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... DC1 passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... DC1 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc
         ......................... DC1 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC DC1 on DC DC1.
         * SPN found :LDAP/DC1.mydomain.local/mydomain.local
         * SPN found :LDAP/DC1.mydomain.local
         * SPN found :LDAP/DC1
         * SPN found :LDAP/DC1.mydomain.local/SDF
         * SPN found :LDAP/9c695ac2-da5a-45be-9b11-a7ca60648c2f._msdcs.mydomain.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9c695ac2-da5a-45be-9b11-a7ca60648c2f/mydomain.local
         * SPN found :HOST/DC1.mydomain.local/mydomain.local
         * SPN found :HOST/DC1.mydomain.local
         * SPN found :HOST/DC1
         * SPN found :HOST/DC1.mydomain.local/SDF
         * SPN found :GC/DC1.mydomain.local/mydomain.local
         ......................... DC1 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC DC1.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=sdf,DC=loc
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=sdf,DC=loc
            (NDNC,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=sdf,DC=loc
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=sdf,DC=loc
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=sdf,DC=loc
            (Domain,Version 3)
         ......................... DC1 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\DC1\netlogon
         Verified share \\DC1\sysvol
         ......................... DC1 passed test NetLogons

      Starting test: ObjectsReplicated

         DC1 is in domain DC=sdf,DC=loc
         Checking for CN=DC1,OU=Domain Controllers,DC=sdf,DC=loc in domain DC=sdf,DC=loc on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc in domain CN=Configuration,DC=sdf,DC=loc on 1 servers
            Object is up-to-date on all servers.
         ......................... DC1 passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
         ......................... DC1 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 2101 to 1073741823
         * DC1.mydomain.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1101 to 1600
         * rIDPreviousAllocationPool is 1101 to 1600
         * rIDNextRID: 1162
         ......................... DC1 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... DC1 passed test Services

      Starting test: SystemLog

         * The System Event log test
         An error event occurred.  EventID: 0x0000272C

            Time Generated: 11/13/2013   16:09:03

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID     3890 (C:\Windows\system32\dcdiag.exe).

         ......................... DC1 failed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=DC1,OU=Domain Controllers,DC=sdf,DC=loc and backlink on

         CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc

         are correct. 
         The system object reference (serverReferenceBL)

         CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sdf,DC=loc

         and backlink on

         CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sdf,DC=loc

         are correct. 
         The system object reference (msDFSR-ComputerReferenceBL)

         CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sdf,DC=loc

         and backlink on CN=DC1,OU=Domain Controllers,DC=sdf,DC=loc are

         correct. 
         ......................... DC1 passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : sdf

      Starting test: CheckSDRefDom

         ......................... sdf passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... sdf passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\DC1.mydomain.local

         Locator Flags: 0xe00073fd
         PDC Name: \\DC1.mydomain.local
         Locator Flags: 0xe00073fd
         Time Server Name: \\DC1.mydomain.local
         Locator Flags: 0xe00073fd
         Preferred Time Server Name: \\DC1.mydomain.local
         Locator Flags: 0xe00073fd
         KDC Name: \\DC1.mydomain.local
         Locator Flags: 0xe00073fd
         ......................... mydomain.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided. 
         ......................... mydomain.local passed test Intersite

Open in new window


repadmin /showrepl
All successful from both servers.

nltest /query from DC1
C:\Users\Administrator>nltest /query
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

Open in new window


nltest /query from DC2
C:\Users\administrator>nltest /query
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully

Open in new window


NETLOGON and DNS service running on both servers.

These events are being logged on DC1:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'mydomain.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Open in new window


These events are being logged on DC2:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

Open in new window


It looks to be very much like a DNS issue, however I can't pinpoint exactly where the issue lays!
0
Comment
Question by:nextsoln
  • 4
  • 2
7 Comments
 
LVL 9

Expert Comment

by:djsharma
Comment Utility
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
It seems from logs that your Sysvol replication is handled by DFS Service.
AD replication is also running.
If your all DCs DNS records are registered properly, You may proceed with sysvol authoritative restore on PDC and then do non-authoritative restore on DC2
Please find steps in below article for DFSR Sysvol authoritative \ non-authoritative restore.
http://support.microsoft.com/kb/2218556
I suggest you to make these operations with exterme care and backup AD system state before proceeding.
Also check for missing sysvol attribute as per below article
http://support.microsoft.com/kb/312862
The above article applies to FRS sysvol, but you can get Idea, what to check in case of DFSR Sysvol.
0
 

Author Comment

by:nextsoln
Comment Utility
I have performed "How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS)" without any success, however I have not tried the second method "How to perform an authoritative synchronization of DFSR-replicated SYSVOL (like "D4" for FRS)"

I will try the second method and report back.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:nextsoln
Comment Utility
I have tried the D2/D4 recovery article with no success, the events that are supposed to be logged are never logged, SYSVOL is still not replicating.

I've also run portqry and confirmed all ports are open, the only port closed is 42 (WINS) on both servers.

Any more ideas?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 310 total points
Comment Utility
TCP 42 is the port used by WINS service and its not required anymore.
Sysvol authoritative restore is the one good option, but it also failed.

Suppose, If all efforts get failed to resolve the issue, then only below option will be left.
If you have recent AD system state backup prior to occuring this issue , then you can think of Forest Recovery since you have only two domain controllers.

Please look at below article for more information
http://technet.microsoft.com/en-us/library/cc757662(v=ws.10).aspx
http://www.microsoft.com/en-in/download/details.aspx?id=16506

I suggest you to hire some Active directory specialist \ Microsoft to identify and resolve the issue

Thanks
Mahesh
0
 

Assisted Solution

by:nextsoln
nextsoln earned 0 total points
Comment Utility
thanks Mahesh for your assistance. Due to the size of the site, that being small and the instability issues we have decided to rebuild a new VM and migrate the users to the new server.
0
 

Author Closing Comment

by:nextsoln
Comment Utility
Unresolved
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now