Andy Howard
asked on
Replica 2016DC not functioning correctly when remote mainsite SBS2011 DC is unavailable
A 2016 Standard server has been added as a replica DC to a remote SBS2011 server. The two sites are linked via a IPSec VPN and all has functioned well until today.
The SBS2011 site has had a powercut over night so the intersite VPN is down.
None of the AD tools on the 2016 replica DC will work (ADUC, ADSS etc). The error is "Naming information cannot be located because: The specified domain either does not exist or could not be contacted".
It was my understanding that the replica DC would still function should the main DC (SBS2011 in this case) "do down".
What's up?
Many thanks.
The SBS2011 site has had a powercut over night so the intersite VPN is down.
None of the AD tools on the 2016 replica DC will work (ADUC, ADSS etc). The error is "Naming information cannot be located because: The specified domain either does not exist or could not be contacted".
It was my understanding that the replica DC would still function should the main DC (SBS2011 in this case) "do down".
What's up?
Many thanks.
Is the 2016 DC a Global Catalog and DNS server, and have you confirmed that AD and SYSVOL replication were working before the SBS 2011 server went down?
ASKER
Thank you for responding. The link between the two sites is available again.
Yes the 2016 server is GC and DNS.
I've just run a dcdiag and see:
Starting test: Netlogons
Unable to connect to the NETLOGON share! (\\DCReplica\netlogon)
[DCReplica] An net use or LsaPolicy operation failed with error 67, the network name cannot be found.
DCReplica failed test Netlogons
Clearly something is wrong then.
I am able to create users or other objects (e.g. OUs) either side and the changes are reflected OK.
I forced a replication with ADSS too and saw no faults.
Yes the 2016 server is GC and DNS.
I've just run a dcdiag and see:
Starting test: Netlogons
Unable to connect to the NETLOGON share! (\\DCReplica\netlogon)
[DCReplica] An net use or LsaPolicy operation failed with error 67, the network name cannot be found.
DCReplica failed test Netlogons
Clearly something is wrong then.
I am able to create users or other objects (e.g. OUs) either side and the changes are reflected OK.
I forced a replication with ADSS too and saw no faults.
Run net share from a command prompt on both servers and check to see if the SYSVOL and NETLOGON shares are listed in the output.
ASKER
HI there. I have just done that for you. On the SBS2011 there are SYSVOL & NETLOGON present, on the 2016 server they are not.
I have run dcdiag again on the 2k16 server and this is the only aspect that appears to be failing.
Cheers
I have run dcdiag again on the 2k16 server and this is the only aspect that appears to be failing.
Cheers
ASKER
Morning @ DrDave242
All is fixed.
Following your heads up re: net share I googled the sh!t out of this.
On Checking the SBS server I found a bunch of Event ID 13561 “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR" in the FRS log.
I referred to a page:
https://www.experts-exchange.com/questions/29112028/Replica-2016DC-not-functioning-correctly-when-remote-mainsite-SBS2011-DC-is-unavailable.html?anchorAnswerId=42642432#a42642432 (use with extreme caution and read the comments at the bottom first!!!)
This fixed the corrupt sysvol on the SBS server (a problem that has been there unseen for long time, even pre the replica DC being added).
Thanks for pointing the way.
All is fixed.
Following your heads up re: net share I googled the sh!t out of this.
On Checking the SBS server I found a bunch of Event ID 13561 “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR" in the FRS log.
I referred to a page:
https://www.experts-exchange.com/questions/29112028/Replica-2016DC-not-functioning-correctly-when-remote-mainsite-SBS2011-DC-is-unavailable.html?anchorAnswerId=42642432#a42642432 (use with extreme caution and read the comments at the bottom first!!!)
This fixed the corrupt sysvol on the SBS server (a problem that has been there unseen for long time, even pre the replica DC being added).
Thanks for pointing the way.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.