?
Solved

New Domain Controller FRS error

Posted on 2014-04-14
6
Medium Priority
?
1,355 Views
Last Modified: 2014-04-21
Three days ago, I promoted a new 2012 R2 server to a domain controller.  I keep checking to see if the sysvol is shared and it is not, so I looked at the event logs.  (FYI: Currently, our domain is still transitioning from FRS to DFS replication of the sysvol.  The global state is "Redirected".  Not sure if that has any bearing on the situation.)  We are getting the event 13508 twice every day since the promotion, but we never got the 13509 event.  It is trying to replicate from a server in the same site (Windows Server 2008).  I have verified that the File Replication Service is running on both machines and that the new server can ping by name the server it is replicating from.  Active directory is replicating just fine.  What should I be looking at to resolve this issue?

Thanks in advance for your help.
0
Comment
Question by:ejscn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 42

Expert Comment

by:Adam Brown
ID: 40000395
What functional level are you at? Server 2012 will not receive FRS replicated SYSVOL unless the functional level is 2000 or 2003. Basically, if you're at 2008+ functional level, you will not be able to properly use a server 2012 DC until you finish migrating to DFS replication for SYSVOL.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40000916
Run dfsrmig /getmigrationstate command on PDC master server to confirm DFSR migration reached to Redirected state

Once that confirmed, run Net Share command on affected 2012 r2 ADC and check if sysvol is replicated through DFSR

The command output should look like below
NETLOGON     C:\Windows\SYSVOL_DFSR\sysvol\corp.contoso.com\SCRIPTS
                                             Logon server share
SYSVOL       C:\Windows\SYSVOL_DFSR\sysvol   Logon server share

If you won't be able to find sysvol shared as shown above, demotion and repromotion of 2012 R2 ADC is one good option.

Install DFS management tools on domain controller and from there run DFSR propogation test for all domain controllers for verification

Check below article for more info
http://blogs.technet.com/b/askds/archive/2008/05/22/verifying-file-replication-during-the-windows-server-2008-dfsr-sysvol-migration-down-and-dirty-style.aspx

Your FRS service will also remain running and now all GPO changes, creation will be happening in DFSR Sysvol only and not with FRS sysvol.DFSR syvol is now active Sysvol Share for any operations.
FRS Sysvol is now just a folder

Also check Ad replication within Ad sites and services and check if its working correctly
Use repadmin /showrepl and repadmin /syncall commands
Also trigger replication between sites manually in AD sites and services console for confirmation

If every thing is fine, just proceed with Eliminated state

Mahesh.
0
 

Author Comment

by:ejscn
ID: 40003813
Thank you both for your answers.  I'm following your instructions, Mahesh.  I'm going through all the verification steps listed here: http://technet.microsoft.com/en-us/library/dd641340(v=ws.10).aspx before moving to the eliminated state in the DFSR transition.  About a year ago, one of our DCs failed and we reformatted it with Server 2012.  I am looking in the DFS Management console, and the failed (now non-existent) DC is showing up in the replication group as disabled.  Should I just remove it from the replication group?
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 2000 total points
ID: 40003886
You will find that DC under File replication service container and DFS container under domain.com\system container in active directory
Also you will find it within Metadata also if its not cleared properly when you demoted earlier

Just remove every possible trace of failed DC in active directory

This includes:
Domain Controllers OU (I guess its not there and already removed)
AD sites and services
domain.com\system\File replication servioces\domain system volume (Sysvol)
NS records in DNS
SRV records in DNS
Host(A) records in DNS

Check below article for metadata cleanup
http://support.microsoft.com/kb/216498
http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

After cleaning up traces from all above places, make sure that your DFSR sysvol is healthy with redirected state prior to moving Eliminated State
http://technet.microsoft.com/en-us/library/dd640019(v=ws.10).aspx

Mahesh.
0
 

Author Comment

by:ejscn
ID: 40012503
Mahesh,

Thank you SO MUCH for all of your great help.  The new server is up and running and the old one is gone.

Adam
0
 

Author Closing Comment

by:ejscn
ID: 40012504
Mahesh went above and beyond with the level of detail in his responses and pointing me in the right direction for help with my problem.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question