Solved

FRS DomainControllerName: (null)

Posted on 2015-01-13
18
383 Views
Last Modified: 2015-01-21
I ran dcdiag /c to check the health of my domain.  Under VerifyEnterpriseReferences I got this message:

Starting test: VerifyEnterpriseReferences
         The following problems were found while verifying various important DN
         references.  Note, that  these problems can be reported because of
         latency in replication.  So follow up to resolve the following
         problems, only if the same problem is reported on all DCs for a given
         domain or if  the problem persists after replication has had
         reasonable time to replicate changes.
            [1] Problem: Missing Expected Value
             Base Object: CN=server1,OU=Domain Controllers,DC=domain,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: msDFSR-ComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            [2] Problem: Missing Expected Value
             Base Object: CN=server2,OU=Domain Controllers,DC=domain,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: msDFSR-ComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            LDAP Error 0x20 (32) - No Such Object.
         ......................... server1 failed test VerifyEnterpriseReferences

I then ran dfsrmig /getglobalstate and noticed that the FRS DomainControllerName was null.

DFSR migration has not yet initialized. To start migration please
set global state to desired value.
C:\Windows\system32>ntfrsutl ds
NTFRS CONFIGURATION IN THE DS
SUBSTITUTE DCINFO FOR DC
   FRS  DomainControllerName: (null)
   Computer Name            : server1
   Computer DNS Name        : server1.domain.local

If anyone could help me with issue that would be great!

Thanks
0
Comment
Question by:ollybuba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 2
18 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40547301
Have you started FRS to DFSR migration?

The value for msDFSR-ComputerReferenceBL is not correct according to my understanding
Probably its missing, check from adsieidt.msc under  domain controllers\domain system volume
You cannot edit this attribute as far as I know

The root cause of this is FRS DomainControllerName was null
In http://support.microsoft.com/kb/312862 article
Find below paragraphs:
Detecting null Server-Reference attributes

Then follow steps mentioned in Repairing the null Server-Reference attributes

Once you cure that again run dfsrmig /GetGlobalState
Probably you can follow then FRS to DFSR guide to migrate FRS to DFSR
Also check below article
http://technet.microsoft.com/en-us/library/dd639789(WS.10).aspx
0
 

Author Comment

by:ollybuba
ID: 40547355
It asks for the DN path of the NTDS Settings object so that would be CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=domain,DC=local corrrect?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40547376
It should be
CN=NTDS Settings,CN=server name,CN=Servers,CN=Site name,CN=Sites,CN=Configuration,DC=domain,DC=com

You can get above DN \ path from AD sites and services\sites\sitename\servers\servername\ntds settings properties
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:ollybuba
ID: 40547413
Do you know where to find this?  member object (nTFRSMember) that lacks the settings reference
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40547431
underneath adsieidt.msc add domain directory partition
There you will find domain controller object underneath below path:
domain.com\system\file replication service\domain system volume
Go to DC object properties (nTFRSMember) and Check ServerReference and frscomputerreference as well
0
 

Author Comment

by:ollybuba
ID: 40547454
ServerReference looks good but frsComputerReference points to CN=servername,OU=Domain Controllers,DC=domain,DC=local   is that correct?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40547539
yes, it is correct
0
 

Author Comment

by:ollybuba
ID: 40547561
So what would be the next step?  Poll Active Directory even though nothing changed?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40548598
Navigate to domain.com\domain controllers\DC name\NTFRS Subscriptions and go to properties of domain system volume and check frsMemberReference attribute
It should point to:
CN=DC Name,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=com

If above is also correct, what exactly issue you are facing
Are you trying to migrate FRS to DFSR sysvol and facing any issues?
0
 

Author Comment

by:ollybuba
ID: 40550017
Yes that was correct.  Well previously I have raised the forest functional level from 2003 to 2008.  I'm going to moving my AD roles to another server and it said to run dcdiag /c to make sure everything was functioning properly.  One of the errors was:

Starting test: VerifyEnterpriseReferences
   The following problems were found while verifying various important DN
   references.  Note, that  these problems can be reported because of
   latency in replication.  So follow up to resolve the following
   problems, only if the same problem is reported on all DCs for a given
   domain or if  the problem persists after replication has had
   reasonable time to replicate changes.
      [1] Problem: Missing Expected Value
       Base Object: CN=server1,OU=Domain Controllers,DC=domain,DC=local
       Base Object Description: "DC Account Object"
       Value Object Attribute Name: msDFSR-ComputerReferenceBL
       Value Object Description: "SYSVOL FRS Member Object"
       Recommended Action: See Knowledge Base Article: Q312862

      [2] Problem: Missing Expected Value
       Base Object: CN=server2,OU=Domain Controllers,DC=domain,DC=local
       Base Object Description: "DC Account Object"
       Value Object Attribute Name: msDFSR-ComputerReferenceBL
       Value Object Description: "SYSVOL FRS Member Object"
       Recommended Action: See Knowledge Base Article: Q312862

      LDAP Error 0x20 (32) - No Such Object.
   ......................... server1 failed test VerifyEnterpriseReferences
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40550208
Have you tried the steps in the following Microsoft article on how to recover missing FRS attributes..

http://support.microsoft.com/kb/312862/en-us
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40550561
Ok
Can you run dcdiag /v on domain controller and paste output here?

Check if AD replication is working fine across both DCs?

Also download Frsdiag utility from MS and check \ test if sysvol shares are working correctly on both DCs
http://www.microsoft.com/en-in/download/details.aspx?id=8613 - Download Link for Frsdiag

Follow below guide to test FRS Sysvol shares with Frsdiag and same guide will help you to migrate FRS sysvol to DFSR sysvol
http://blogs.technet.com/b/askds/archive/2008/05/22/verifying-file-replication-during-the-windows-server-2008-dfsr-sysvol-migration-down-and-dirty-style.aspx

If AD replication and sysvol replication is working correctly, you can straight way go ahead and migrate FRS Sysvol to DFSR Sysvol
0
 

Author Comment

by:ollybuba
ID: 40552356
Do I have to migrate from an FRS to DFSR Sysvol to move a PDC?
0
 

Author Comment

by:ollybuba
ID: 40552385
I also ran dcdiag /v /q /f:c:\logfile.txt and the only errors are about redirected printer drivers from the machine I'm RDPing from.

I'm also trying to install adreplstatus and I'm getting an error about Windows Installer:

"The system administrator has set policies to prevent this installation."

I also have no local software restriction policies.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40552400
You could use the repadmin command to view AD replication..

http://technet.microsoft.com/en-us/library/cc770963.aspx
0
 

Author Comment

by:ollybuba
ID: 40552424
I ran repadmin /queue and it said that the queue contained 0 items.  I also ran repadmin /showrepl and all the times it tried to contact my second dc came back successful.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40552892
No need to move from FRS to DFSR sysvol only to move PDC role

Have you tested your FRS sysvol with FRSDIAG utility as mentioned in my earlier comment

IF FRS test and replication is successful, you can further test FRS by creating new GPO on one server and ensure if its replicated to another DC
U  can check total no of GPO count on both servers by navigating to \\DC1\sysvol\policies

If everything is fine, you can ignore error
0
 

Author Closing Comment

by:ollybuba
ID: 40562862
Everything does replicate but I still receive the errors.  I will disregard the errors.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question