ArchitectChuck
asked on
_MSDCS Problem on 2008 R2
We upgraded our 2003 Enterprise server to a new 2008 R2 Enterprise server several years ago. The old 2003 server is still a backup DC, but serves no other purpose.
During the December holidays, there were several Microsoft updates and software updates to Symantec Backup Exec 2012. I think I may have also turned off IPv6 at our primary NIC. (We have a second NIC that is primarily used for external access. IPv6 is still active on that NIC.) I also did some other maintenance on the server.
The Primary NIC's address is the address of our internal DNS server and includes a loopback as the second address. We also have WINS active. The second NIC uses the primary NIC as its DNS server.
We had replication issues from the beginning. Some of those were related to our Exchange server being moved to the new 2008 R2 server and deactivated on the old server. I worked with Microsoft tech support to get everything working properly when we created the new 2008 R2 server.
It should be pointed out that we are a small office. Our server does everything including file server, web server, FTP server, Exchange Server. We have always operated that way and it has always done a great job. I know it is not the recommended configuration, but it does not make sense for us to pay for multiple servers. It keeps everything simple including our ability to backup the entire system to tape.
After the updates during the holidays, we noticed that the server was not as responsive as it had been. It was typically as fast as always, but there would sometimes be delays when you tried to do something as simple as open a directory. I also noted that when I was working on the server, it was not as responsive as it had been.
Interestingly, we do not get many error messages once the server has been booted up.
I believe the problem is in DNS. I have tried several things to solve the problem. One site suggested fixing _MSDCS by recreating _MSDCS in a new zone. That worked ok. _MSDCS is now greyed out under the domain name in dns and a new zone was created above the domain name.
However, that has created a few other problems. SRV is not being found by the client computers. All of the shares are available and very responsive. Outlook on my client computer works, but now has a security window that pops up that says connecting to ... However, Outlook is still connected and working properly.
Mobile devices are all connecting and working as well as always.
I tried to reconnect my username and computer under Advanced System Settings. I get the error message "An Active Directory Domain Controller (AD DC) for the domain *** could not be contacted. Sometimes if I enter the domain name as the NETBIOS name, it will work, other times I get the same error message.
I believe this is a simple fix, but I have not found it. Plus I want to avoid creating a bigger problem. Any help would be appreciated.
During the December holidays, there were several Microsoft updates and software updates to Symantec Backup Exec 2012. I think I may have also turned off IPv6 at our primary NIC. (We have a second NIC that is primarily used for external access. IPv6 is still active on that NIC.) I also did some other maintenance on the server.
The Primary NIC's address is the address of our internal DNS server and includes a loopback as the second address. We also have WINS active. The second NIC uses the primary NIC as its DNS server.
We had replication issues from the beginning. Some of those were related to our Exchange server being moved to the new 2008 R2 server and deactivated on the old server. I worked with Microsoft tech support to get everything working properly when we created the new 2008 R2 server.
It should be pointed out that we are a small office. Our server does everything including file server, web server, FTP server, Exchange Server. We have always operated that way and it has always done a great job. I know it is not the recommended configuration, but it does not make sense for us to pay for multiple servers. It keeps everything simple including our ability to backup the entire system to tape.
After the updates during the holidays, we noticed that the server was not as responsive as it had been. It was typically as fast as always, but there would sometimes be delays when you tried to do something as simple as open a directory. I also noted that when I was working on the server, it was not as responsive as it had been.
Interestingly, we do not get many error messages once the server has been booted up.
I believe the problem is in DNS. I have tried several things to solve the problem. One site suggested fixing _MSDCS by recreating _MSDCS in a new zone. That worked ok. _MSDCS is now greyed out under the domain name in dns and a new zone was created above the domain name.
However, that has created a few other problems. SRV is not being found by the client computers. All of the shares are available and very responsive. Outlook on my client computer works, but now has a security window that pops up that says connecting to ... However, Outlook is still connected and working properly.
Mobile devices are all connecting and working as well as always.
I tried to reconnect my username and computer under Advanced System Settings. I get the error message "An Active Directory Domain Controller (AD DC) for the domain *** could not be contacted. Sometimes if I enter the domain name as the NETBIOS name, it will work, other times I get the same error message.
I believe this is a simple fix, but I have not found it. Plus I want to avoid creating a bigger problem. Any help would be appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DCDIAG Summary:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
SRV1D failed test NCSecDesc - Seems to be related to failed relication of directory
SRV1D failed test Replications
These were the only errors, all pointing to the replication failure to the old server.
Directions are given in the first error to fix the replication problem. Should I proceed with making those corrections. It basically asked to make a registry entry to force the replication to the other server.
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
SRV1D failed test NCSecDesc - Seems to be related to failed relication of directory
SRV1D failed test Replications
These were the only errors, all pointing to the replication failure to the old server.
Directions are given in the first error to fix the replication problem. Should I proceed with making those corrections. It basically asked to make a registry entry to force the replication to the other server.
ASKER
The FRSEvent fix is to change the registry entry:
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
It does not say what DC to do this on. I have confidence in Srv1d. I do not have confidence in the older server Srv1c. Does it make a difference which server I make this registry entry on?
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
It does not say what DC to do this on. I have confidence in Srv1d. I do not have confidence in the older server Srv1c. Does it make a difference which server I make this registry entry on?
Unfortunately the advice in the event is outdated, and really should not be applied except in cases where you only have a single DC. It's best to try a non-authoritative restore first, and if that doesn't work, then an authoritative restore. See these links for more info.
http://support.microsoft.com/kb/290762
http://adfordummiez.com/?p=61
Failing the NCSecDesc is expected if you haven't run adprep /rodcprep.
http://support.microsoft.com/kb/967482
http://support.microsoft.com/kb/290762
http://adfordummiez.com/?p=61
Failing the NCSecDesc is expected if you haven't run adprep /rodcprep.
http://support.microsoft.com/kb/967482
ASKER
I proceeded with the Registry modification, and the replication was successful.
I then say you note above, and tried the adprep /forestprep from a copy of the installation DVD on the I drive on the server and received the following error message:
The procedure entry point I_netpathtype could not be located in the dynamic link library NETAPI32.dll
I believe that the relocation of _MSDCS in DNS has made it difficult for process to find the correct path to _MSDCS. Does that make sense?
I then say you note above, and tried the adprep /forestprep from a copy of the installation DVD on the I drive on the server and received the following error message:
The procedure entry point I_netpathtype could not be located in the dynamic link library NETAPI32.dll
I believe that the relocation of _MSDCS in DNS has made it difficult for process to find the correct path to _MSDCS. Does that make sense?
ASKER
I have since removed IPv6. That seems to have solved many problems. I am still working on this.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The dcdiag /v /test:dns completed with no errors.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: ***.com
Srv1d PASS PASS PASS PASS PASS PASS n/a
......................... ***.com passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
I am reviewing the results for dcdiag /v