Solved

re-adding a dfs member server after deleting its membership

Posted on 2016-09-19
14
49 Views
Last Modified: 2016-10-07
I've ready that you can and initial synchronization will take off again, but I've also heard that you should.

We have two 2008 R2 file servers that use DFS to replicate both ways. One server has been having issues and I decided it is time to replace it. I built a new 2012 R2 server and pre-seeded it's 5 disks over the weekend using robocopy and had no problems.

It wasn't until I had began initial replication that I discovered that on one disk, a couple folders deep, all of the permissions were incorrect. They had the permissions of the root folder (hundreds, maybe thousands of folders).

I deleted the servers membership from the replication group, received the event letting me know that it had stopped and was able to correct the security using 'robocopy <source> <destination> /secfix /copy:atsou /e /xx' That copied only the NTFS permissions over and no data.

I need to put it back as a member of the replication group and begin initial replication, but I've been reading that if I do so, the files I preseeded yesterday could replicate over the files on the other file servers, possibly overwriting work done today.
http://www.kendalvandyke.com/2009/07/things-you-need-to-know-if-you-use-dfs.html

Anyone have ideas?
0
Comment
Question by:mansontech
  • 8
  • 6
14 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 41806296
you should disable replication instead of deleting replication member

if you delete remplicated member from dfsr, it will remain in AD tombstome for 60 days and during this period if you add same server again, it will not wait for initial sync and DFSR assumes that server is already synced and start two way replication, in this case if you already have deleted any data on that server prior to adding to dfsr again, that changes (deletion in your case) will get replicated to other replica members

However if you disable the replication on specific member, then when you enable it, it will try initial sync again from another replicated partner for which replication is enabled.

If you are sure after deleting member from dfsr, no changes have been done on deleted member (if you have not deleted any data), you can simply add that member again, but if you deleted data on that member, do not add it again.
In that case, delete dfsr replication group entirely, delete drive root\system volume information\dfsr hidden folder (drive where dfsr replicated folder resides) and create new dfsr replication group and setup replication again, this action will not any data

http://www.adshotgyan.com/2010/12/dfsr-replication-group-in-windows-2008.html
1
 

Author Comment

by:mansontech
ID: 41806452
I haven't deleted any information from the new server (fs03), but like I mentioned in my original post, I  ran robocopy with the /secfix and /copy:atsou switches so only the permissions copied over and no data.

At this point though data on the other two servers has changed so even though I haven't deleted any data from fs03, if I add it back will it become part of the replication group or will it become the primary? I don't want it to over-write new data with data I pre-seeded this past weekend.

What about pre-seeding it again?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41806493
You already have prestaged data on fs03 right?

Then you add the server to dfsr replication group and after some time you have deleted it from dfsr right?

After that you used robocopy to migrate permissions right?

Can you check dfsr event logs on fs03 for event id 4104 - it confirms that initial sync is completed
In that case if you add fs03 again to dfsr replication group, it will start replicating back and forth, there will not be any primary - secondary servers, all servers will replicate back and forth, as you said if you have not deleted any data from fs03, you will not face any problem and updated data from other servers will get replicated to fs03

If you don't find 4104 event, it means server (fs03) intial sync is not completed and in that case it will try to poll the data from other members to complete initial sync, your data on onther servers will remain intact. In that case other server will act as primary
1
 

Author Comment

by:mansontech
ID: 41806581
Yes, Pre-staged the data, added server to group, then removed, robocopied ntfs permisions.


Okay so I just double checked and I was getting a lot of 4412's, which is why I stopped replication. I then received a 4010 event after removing it from configuration.

I didn't get a 4104 event, but 3 hours after I had removed FS03 from the replication group I got a 2002 event stating that "The DFS Replication service successfully initialized replication on volume *:"

I got a 2002 event for each disk even though none had been replicating for hours. Not sure what that means.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41806830
2002 will just tell you that volume is in normal condition for replication, but it not menas initial sync is also completed

4412 is informational event and may be generated depending on how you did the robocopy at 1st place, it is likely that the permissions on the source and destination are not similar. In that case filehash would differ and cause 4412 events

Until you get 4104 event id on fs03, it would not replicate to other servers, it will accept data from other servers
1
 

Author Comment

by:mansontech
ID: 41806997
Okay so you think it should be okay to add back to the replication group?

Would it be prudent to force FS02 to be Primary member of replication group just in case?

Set the primary member for a replication group
dfsradmin Membership Set /RGName:<replication group name> /RFName:<replicated folder name> /MemName:<primary member> /IsPrimary:True
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 41807320
yes, you can add again it as replicated member since it never completed initial sync

Just for safety take full data backup on original 2008 R2 server and then proceed..

Also you may try below article to again robocopy data on target server before you add it to DFSR
https://technet.microsoft.com/en-us/library/dn495044(v=ws.11).aspx

It should not take much time as data is already on targte server, it will just copy incremental data, if you already followed above article, then no need to recopy data
Intention is to avoid same situation again after adding target server again
1
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:mansontech
ID: 41808600
Sounds good. I will try copying incremental data and then add it back as a member. I'll let you know how it goes. Thank you for your help.
0
 

Author Comment

by:mansontech
ID: 41810659
robocopy.exe \\fs02\E$ E:\ /e /b /copyall /r:6 /w:5 /MT:64 /xd DfsrPrivate /tee /log:C:"\FS_robocopy.log"
Above is the original robocopy cmd I used to pre-seed FS03 from FS02.


Would the below command work to update only the incremental data? I just removed a couple switches and added the /xo.

robocopy.exe \\fs02\E$ E:\ /r:6 /w:5 /MT:64 /xo /xd DfsrPrivate /tee /log:C:"\Inc_robocopy.log"
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41811186
earlier you have excluded dfsrprivate folder or not..
If you copied earlier you need to remove that from target server, because that folder is private as name suggest and will contain server specific data, it will get populated on target server when you add it as DFSR member

use command provided by MS article as shown below

robocopy "<source replicated folder path>" "<destination replicated folder path>" /e /b /copyall /r:6 /w:5 /MT:64 /xd DfsrPrivate /tee /log:<log file path> /v 

Open in new window


If you noticed, there is copyall switch, this will copy file folders and security as well

By default robocopy will copy data in incremental mode only
Even if you specify /copyall switch, it won't copy already copied data, but it will try to fix any permissions if missing
/b will copy data in backup mode to avoid permission issues most of
So still you will save time

Mahesh
0
 

Author Comment

by:mansontech
ID: 41811199
robocopy.exe \\fs02\E$ E:\ /e /b /copyall /r:6 /w:5 /MT:64 /xd DfsrPrivate /tee /log:C:"\FS_robocopy.log"

This is the original cmd I used (I actually used this link) when I pre-seeded the server last weekend.

It should have excluded the dfsprivate folder.

So I can run it again and it will do an incremental copy? Thank you for the clarification.

I saw that there was a /xo switch that copied data only older files and thought I had to include it.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41811222
yes, it will do only incremental copy only, no need to include xo switch

If you already followed MS article, it means your source file data have some permissions issues which robocopy would fail to resolve and replicate

I think you could use Subinacl utility on source to take ownership of files and folders, and also grant adminstrators group full control on all folders, this will work seamlessly without destroying any existing permissions and would your resolve your issue root cause I think
you can follow below link for Subinacl use and syntax
https://www.experts-exchange.com/articles/17526/Windows-File-Server-Folder-ownership-problems-and-resolution.html
0
 

Author Comment

by:mansontech
ID: 41811263
The permissions on the source data are good to go, but I rushed to create the shares and messed something up I think. I'm not quite sure how I did it, but I caused the permissions to get out of whack.

running 'robocopy <source> <destination> /secfix /copy:atsou /e /xx' fixed the issue though.
0
 

Author Comment

by:mansontech
ID: 41833746
https://www.experts-exchange.com/questions/28975016/DFS-Question.html


Mahesh, I was wondering if you could look at a question I have. Thanks!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now