Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

FRS DomainControllerName: (null)

Posted on 2015-01-13
18
Medium Priority
?
529 Views
Last Modified: 2015-01-21
I ran dcdiag /c to check the health of my domain.  Under VerifyEnterpriseReferences I got this message:

Starting test: VerifyEnterpriseReferences
         The following problems were found while verifying various important DN
         references.  Note, that  these problems can be reported because of
         latency in replication.  So follow up to resolve the following
         problems, only if the same problem is reported on all DCs for a given
         domain or if  the problem persists after replication has had
         reasonable time to replicate changes.
            [1] Problem: Missing Expected Value
             Base Object: CN=server1,OU=Domain Controllers,DC=domain,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: msDFSR-ComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            [2] Problem: Missing Expected Value
             Base Object: CN=server2,OU=Domain Controllers,DC=domain,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: msDFSR-ComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            LDAP Error 0x20 (32) - No Such Object.
         ......................... server1 failed test VerifyEnterpriseReferences

I then ran dfsrmig /getglobalstate and noticed that the FRS DomainControllerName was null.

DFSR migration has not yet initialized. To start migration please
set global state to desired value.
C:\Windows\system32>ntfrsutl ds
NTFRS CONFIGURATION IN THE DS
SUBSTITUTE DCINFO FOR DC
   FRS  DomainControllerName: (null)
   Computer Name            : server1
   Computer DNS Name        : server1.domain.local

If anyone could help me with issue that would be great!

Thanks
0
Comment
Question by:ollybuba
  • 9
  • 7
  • 2
18 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 40547301
Have you started FRS to DFSR migration?

The value for msDFSR-ComputerReferenceBL is not correct according to my understanding
Probably its missing, check from adsieidt.msc under  domain controllers\domain system volume
You cannot edit this attribute as far as I know

The root cause of this is FRS DomainControllerName was null
In http://support.microsoft.com/kb/312862 article
Find below paragraphs:
Detecting null Server-Reference attributes

Then follow steps mentioned in Repairing the null Server-Reference attributes

Once you cure that again run dfsrmig /GetGlobalState
Probably you can follow then FRS to DFSR guide to migrate FRS to DFSR
Also check below article
http://technet.microsoft.com/en-us/library/dd639789(WS.10).aspx
0
 

Author Comment

by:ollybuba
ID: 40547355
It asks for the DN path of the NTDS Settings object so that would be CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=domain,DC=local corrrect?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40547376
It should be
CN=NTDS Settings,CN=server name,CN=Servers,CN=Site name,CN=Sites,CN=Configuration,DC=domain,DC=com

You can get above DN \ path from AD sites and services\sites\sitename\servers\servername\ntds settings properties
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:ollybuba
ID: 40547413
Do you know where to find this?  member object (nTFRSMember) that lacks the settings reference
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40547431
underneath adsieidt.msc add domain directory partition
There you will find domain controller object underneath below path:
domain.com\system\file replication service\domain system volume
Go to DC object properties (nTFRSMember) and Check ServerReference and frscomputerreference as well
0
 

Author Comment

by:ollybuba
ID: 40547454
ServerReference looks good but frsComputerReference points to CN=servername,OU=Domain Controllers,DC=domain,DC=local   is that correct?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40547539
yes, it is correct
0
 

Author Comment

by:ollybuba
ID: 40547561
So what would be the next step?  Poll Active Directory even though nothing changed?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40548598
Navigate to domain.com\domain controllers\DC name\NTFRS Subscriptions and go to properties of domain system volume and check frsMemberReference attribute
It should point to:
CN=DC Name,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=com

If above is also correct, what exactly issue you are facing
Are you trying to migrate FRS to DFSR sysvol and facing any issues?
0
 

Author Comment

by:ollybuba
ID: 40550017
Yes that was correct.  Well previously I have raised the forest functional level from 2003 to 2008.  I'm going to moving my AD roles to another server and it said to run dcdiag /c to make sure everything was functioning properly.  One of the errors was:

Starting test: VerifyEnterpriseReferences
   The following problems were found while verifying various important DN
   references.  Note, that  these problems can be reported because of
   latency in replication.  So follow up to resolve the following
   problems, only if the same problem is reported on all DCs for a given
   domain or if  the problem persists after replication has had
   reasonable time to replicate changes.
      [1] Problem: Missing Expected Value
       Base Object: CN=server1,OU=Domain Controllers,DC=domain,DC=local
       Base Object Description: "DC Account Object"
       Value Object Attribute Name: msDFSR-ComputerReferenceBL
       Value Object Description: "SYSVOL FRS Member Object"
       Recommended Action: See Knowledge Base Article: Q312862

      [2] Problem: Missing Expected Value
       Base Object: CN=server2,OU=Domain Controllers,DC=domain,DC=local
       Base Object Description: "DC Account Object"
       Value Object Attribute Name: msDFSR-ComputerReferenceBL
       Value Object Description: "SYSVOL FRS Member Object"
       Recommended Action: See Knowledge Base Article: Q312862

      LDAP Error 0x20 (32) - No Such Object.
   ......................... server1 failed test VerifyEnterpriseReferences
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40550208
Have you tried the steps in the following Microsoft article on how to recover missing FRS attributes..

http://support.microsoft.com/kb/312862/en-us
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40550561
Ok
Can you run dcdiag /v on domain controller and paste output here?

Check if AD replication is working fine across both DCs?

Also download Frsdiag utility from MS and check \ test if sysvol shares are working correctly on both DCs
http://www.microsoft.com/en-in/download/details.aspx?id=8613 - Download Link for Frsdiag

Follow below guide to test FRS Sysvol shares with Frsdiag and same guide will help you to migrate FRS sysvol to DFSR sysvol
http://blogs.technet.com/b/askds/archive/2008/05/22/verifying-file-replication-during-the-windows-server-2008-dfsr-sysvol-migration-down-and-dirty-style.aspx

If AD replication and sysvol replication is working correctly, you can straight way go ahead and migrate FRS Sysvol to DFSR Sysvol
0
 

Author Comment

by:ollybuba
ID: 40552356
Do I have to migrate from an FRS to DFSR Sysvol to move a PDC?
0
 

Author Comment

by:ollybuba
ID: 40552385
I also ran dcdiag /v /q /f:c:\logfile.txt and the only errors are about redirected printer drivers from the machine I'm RDPing from.

I'm also trying to install adreplstatus and I'm getting an error about Windows Installer:

"The system administrator has set policies to prevent this installation."

I also have no local software restriction policies.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40552400
You could use the repadmin command to view AD replication..

http://technet.microsoft.com/en-us/library/cc770963.aspx
0
 

Author Comment

by:ollybuba
ID: 40552424
I ran repadmin /queue and it said that the queue contained 0 items.  I also ran repadmin /showrepl and all the times it tried to contact my second dc came back successful.
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40552892
No need to move from FRS to DFSR sysvol only to move PDC role

Have you tested your FRS sysvol with FRSDIAG utility as mentioned in my earlier comment

IF FRS test and replication is successful, you can further test FRS by creating new GPO on one server and ensure if its replicated to another DC
U  can check total no of GPO count on both servers by navigating to \\DC1\sysvol\policies

If everything is fine, you can ignore error
0
 

Author Closing Comment

by:ollybuba
ID: 40562862
Everything does replicate but I still receive the errors.  I will disregard the errors.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question