Solved

AD Replication issues / SYSVOL / NETLOGON not replicating

Posted on 2015-02-18
4
197 Views
Last Modified: 2015-02-19
Hello Experts!

We have a client that recently called us for some assistance. The IT department had a new virtual environment stood up. They Created 3 new VMs and promoted them all to domain controllers. The current domain and forest functional levels are (and were) Server 2003. There were two existing domain controllers, both Server 2003. The new domain controllers are Server 2012 R2. After promoting the 3 new servers to DC’s, they demoted one of the old DC’s. Then they transferred FSMO roles to a new 2012 R2 DC. When they went to demote the last server 2003 DC, it was giving them the error that it is the last DC in the domain. That’s when we were called to assist. I have since demoted 2 of the 3 new 2012 R2 DCs and transferred all FSMO roles back to the Server 2003 DC.

I have been running some tools to try and gather data. Here is the DCDIAG from the last Server 2003 DC:


C:\Documents and Settings\user>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: domainname\server2003server
      Starting test: Connectivity
         ......................... server2003server passed test Connectivity

Doing primary tests

   Testing server: domainname\server2003server
      Starting test: Replications
         ......................... server2003server passed test Replications
      Starting test: NCSecDesc
         ......................... server2003server passed test NCSecDesc
      Starting test: NetLogons
         ......................... server2003server passed test NetLogons
      Starting test: Advertising
         ......................... server2003server passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... server2003server passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... server2003server passed test RidManager
      Starting test: MachineAccount
         ......................... server2003server passed test MachineAccount
      Starting test: Services
         ......................... server2003server passed test Services
      Starting test: ObjectsReplicated
         ......................... server2003server passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... server2003server passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... server2003server failed test frsevent
      Starting test: kccevent
         ......................... server2003server passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x0000410B
            Time Generated: 02/18/2015   19:27:04
            Event String: The request for a new account-identifier pool
         An Error Event occured.  EventID: 0xC4350607
            Time Generated: 02/18/2015   19:28:22
            Event String: Component: System Information Agent
         An Error Event occured.  EventID: 0xC00110CD
            Time Generated: 02/18/2015   19:28:22
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00072787
            Time Generated: 02/18/2015   19:28:22
            Event String: The WinRM service is unable to start because of a
         An Error Event occured.  EventID: 0xC0060024
            Time Generated: 02/18/2015   19:28:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002720
            Time Generated: 02/18/2015   19:32:26
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 02/18/2015   14:33:27
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x825A0011
            Time Generated: 02/18/2015   14:33:28
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x825A0011
            Time Generated: 02/18/2015   14:33:31
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000410B
            Time Generated: 02/18/2015   14:36:18
            Event String: The request for a new account-identifier pool
         An Error Event occured.  EventID: 0xC4350607
            Time Generated: 02/18/2015   14:38:48
            Event String: Component: System Information Agent
         An Error Event occured.  EventID: 0x00072787
            Time Generated: 02/18/2015   14:38:48
            Event String: The WinRM service is unable to start because of a
         An Error Event occured.  EventID: 0xC4350505
            Time Generated: 02/18/2015   14:38:54
            Event String: NIC Agent: Connectivity has been lost for the NIC
         An Error Event occured.  EventID: 0x825A0011
            Time Generated: 02/18/2015   14:39:00
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x825A0011
            Time Generated: 02/18/2015   14:39:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 02/18/2015   14:39:54
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168F
            Time Generated: 02/18/2015   14:42:09
            Event String: The dynamic deletion of the DNS record
         An Error Event occured.  EventID: 0x0000168F
            Time Generated: 02/18/2015   14:42:09
            Event String: The dynamic deletion of the DNS record
         An Error Event occured.  EventID: 0x0000168F
            Time Generated: 02/18/2015   14:42:09
            Event String: The dynamic deletion of the DNS record
         An Error Event occured.  EventID: 0x0000168F
            Time Generated: 02/18/2015   14:42:09
            Event String: The dynamic deletion of the DNS record
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 02/18/2015   14:42:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x825A0011
            Time Generated: 02/18/2015   14:42:22
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x825A0011
            Time Generated: 02/18/2015   14:42:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC4350607
            Time Generated: 02/18/2015   14:48:03
            Event String: Component: System Information Agent
         An Error Event occured.  EventID: 0x00072787
            Time Generated: 02/18/2015   14:48:03
            Event String: The WinRM service is unable to start because of a
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   14:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 02/18/2015   14:55:30
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:36
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:11:39
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/18/2015   15:16:10
            (Event String could not be retrieved)
         ......................... server2003server failed test systemlog
      Starting test: VerifyReferences
         Some objects relating to the DC server2003server have problems:
            [1] Problem: Missing Expected Value
             Base Object:
            CN= server2003server,OU=Domain Controllers,DC=domainname,DC=com
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: frsComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            [1] Problem: Missing Expected Value
             Base Object:
            CN=NTDS Settings,CN= server2003server,CN=Servers,CN=domainname,CN=Sites,CN=C
onfiguration,DC=domainname,DC=com
             Base Object Description: "DSA Object"
             Value Object Attribute Name: serverReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... server2003server failed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : domainname
      Starting test: CrossRefValidation
         ......................... domainname passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domainname passed test CheckSDRefDom

   Running enterprise tests on : domainname.com
      Starting test: Intersite
         ......................... domainname.com passed test Intersite
      Starting test: FsmoCheck
         ......................... domainname.com passed test FsmoCheck

C:\Documents and Settings\user>



Now the DCDIAG for the Server 2012 R2 DC.

2012R2DC

PS C:\Users\user > dcdiag /fix

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = 2012R2DC

   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: domainname\2012R2DC

      Starting test: Connectivity
         ......................... 2012R2DC
passed test Connectivity

Doing primary tests

   Testing server: domainname\2012R2DC

      Starting test: Advertising
         Warning: DsGetDcName returned information for \\server2003server.domainname.com, when we were trying to reach 2012R2DC.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... 2012R2DC
failed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
         replication problems may cause Group Policy problems.
         ......................... 2012R2DC
passed test FrsEvent
      Starting test: DFSREvent
         ......................... 2012R2DC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... 2012R2DC passed test SysVolCheck
      Starting test: KccEvent
         ......................... 2012R2DC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... 2012R2DC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... 2012R2DC passed test MachineAccount
      Starting test: NCSecDesc
         ......................... 2012R2DC passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\2012R2DC \netlogon)
         [2012R2DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
         ......................... 2012R2DC failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... 2012R2DC passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check, 2012R2DC] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105
         "Replication access was denied."
         ......................... 2012R2DC failed test Replications
      Starting test: RidManager
         ......................... 2012R2DC passed test RidManager
      Starting test: Services
            Could not open NTDS Service on 2012R2DC, error 0x5 "Access is denied."
         ......................... 2012R2DC failed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x0000041E
            Time Generated: 02/18/2015   14:39:32
            Event String:
            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
         An error event occurred.  EventID: 0x0000041E
            Time Generated: 02/18/2015   14:44:34
            Event String:
            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 02/18/2015   14:47:09
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server cr-dc3$. The target name used was C
RDC02$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when t
he target server principal name (SPN) is registered on an account other than the account the target service is using. En
sure that the target SPN is only registered on the account used by the server. This error can also happen if the target
service account password is different than what is configured on the Kerberos Key Distribution Center for that target se
rvice. Ensure that the service on the server and the KDC are both configured to use the same password. If the server nam
e is not fully qualified, and the target domain (domainname.COM) is different from the client domain (domainname.COM),
 check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify
the server.
         ......................... 2012R2DC failed test SystemLog
      Starting test: VerifyReferences
         ......................... 2012R2DC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domainname
      Starting test: CheckSDRefDom
         ......................... domainname passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domainname passed test CrossRefValidation

   Running enterprise tests on : domainname.com
      Starting test: LocatorCheck
         ......................... domainname.com passed test LocatorCheck
      Starting test: Intersite
         ......................... domainname.com passed test Intersite
PS C:\Users\user>


From here I can see SYSVOL and NETLOGON are not replicating from server2003server. When I log on to server2003server and run ‘net share’ the SYSVOL and NETLOGON shares are shared. But, when I do the same on 2012R2DC there are no NETLOGON or SYSVOL shares. I see ntfrs issues. So I ran ntfrsutl ds on server2003server and the results are here:



C:\Documents and Settings\user>ntfrsutl ds
NTFRS CONFIGURATION IN THE DS
SUBSTITUTE DCINFO FOR DC
   FRS  DomainControllerName: (null)
   Computer Name            : SERVER2003SERVER
   Computer DNS Name        : SERVER2003SERVER.domainname.com

BINDING TO THE DS:
   ldap_connect     : SERVER2003SERVER.domainname.com
   DsBind     : SERVER2003SERVER.domainname.com

NAMING CONTEXTS:
   SitesDn    : CN=Sites,cn=configuration,dc= domainname,dc=com
   ServicesDn : CN=Services,cn=configuration,dc= domainname,dc=com
   DefaultNcDn: DC= domainname,DC=com
   ComputersDn: CN=Computers,DC= domainname,DC=com
   DomainCtlDn: OU=Domain Controllers,DC= domainname,DC=com
   Fqdn       : CN= SERVER2003SERVER,OU=Domain Controllers,DC= domainname,DC=com
   Searching  : Fqdn

COMPUTER: SERVER2003SERVER
   DN   : cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
   Guid : d3cfdf56-a013-40ab-a2e9ffc3d88896bd
   UAC  : 0x00082000
   Server BL : CN= SERVER2003SERVER,CN=Servers,CN=domainname,CN=Sites,CN=Configuration,D
C= SERVER2003SERVER,DC=com
   Settings  : cn=ntds settings,cn= SERVER2003SERVER,cn=servers,cn= domainname,cn=sites,c
n=configuration,dc= domainname,dc=com
   DNS Name  : SERVER2003SERVER. domainname.com
   WhenCreated  : 5/29/2007 10:36:30 Eastern Standard Time Eastern Daylight Time
 [300]
   WhenChanged  : 2/17/2015 11:21:58 Eastern Standard Time Eastern Daylight Time
 [300]

   SUBSCRIPTION: NTFRS SUBSCRIPTIONS
      DN   : cn=ntfrs subscriptions,cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
      Guid : 5d0ca299-209d-4814-ae6d7acd9209e10a
      Working       : c:\windows\ntfrs
      Actual Working: c:\windows\ntfrs
      WhenCreated  : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
      WhenChanged  : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]

      SUBSCRIBER: DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
         DN   : cn=domain system volume (sysvol share),cn=ntfrs subscriptions,cn
= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
         Guid : fb56d707-3c40-429f-bd7c63d227b9fb5d
         Member Ref: (null)
         Root      : c:\windows\sysvol\domain
         Stage     : c:\windows\sysvol\staging\domain
         WhenCreated  : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
         WhenChanged  : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
   SERVER2003SERVER IS NOT A MEMBER OF ANY SET!

C:\Documents and Settings\user>

Also worth noting that when we power down SERVER2003SERVER no computer can contact a logon server.

The last line of this worries me as well. I am going to continue to work on this but I wanted to get these logs to some other eyes in case you have some ideas off the bat. Thanks in advance!
0
Comment
Question by:CCtech
  • 2
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 250 total points
Comment Utility
Can you run the following commands..

repadmin /replsum
repadmin /showrepl
netdom query dc
netdom query fsmo

Have you also been able to perform a authoritative restore for the Sysvol Share?

Will.
0
 
LVL 32

Assisted Solution

by:it_saige
it_saige earned 250 total points
Comment Utility
Agreed with Will.  First you want to run his commands.  If you need to do an FRS restore you can use the following steps - http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28591065.html#a40532465

In case you have existing policies and scripts on the 2003 Server; VB ITS posts something very similar to my instructions above with the exception of backing up the existing scripts and policies - http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28618223.html#a40614027

Then, you want to ensure that replication is taking place.  Ensure that the DNS for your additional DC's have the 2003 server as their primary DNS server.

-saige-
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Another thing I would recommend running is the Active Directory Best Practice Analyzer.
https://technet.microsoft.com/en-us/library/dd391875%28v=ws.10%29.aspx

Will.
0
 
LVL 1

Author Closing Comment

by:CCtech
Comment Utility
Authoritative restore did the trick. Thanks!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now