Sysvol & Netlogon Replication issue
Hi All, i am battling with a replication issue to a newly promoted DC, i made sure DCDIAG was 100% clear on main DC before i promoted the new server to the DC.
Everything during the DC promo went fine and server rebooted, logs on good and all looks well, but there is no Sysvol or Netlogon replication folders.
Checked DFS management on both servers and there are warnings that the initial replication is waiting
I have tried to force it from Sites & Services but nothing, DFS logs on both servers show log 5004
"The DFS Replication service successfully established an inbound connection with partner %severname% for replication group Domain System Volume"
And all the DNS logs look fine, the sysvol & netlogon will just not replicate to the new server, any assistance will be greatly appreciated
I am no expert on this but have replication elsewhere without issue, its like something is blocking the replication, tried turing off the firewalls but no luck
Main server and FSMO role holder is 2012R2, new server is 2019
Could it be the server Antivirus?
Any help please
Everything during the DC promo went fine and server rebooted, logs on good and all looks well, but there is no Sysvol or Netlogon replication folders.
Checked DFS management on both servers and there are warnings that the initial replication is waiting
I have tried to force it from Sites & Services but nothing, DFS logs on both servers show log 5004
"The DFS Replication service successfully established an inbound connection with partner %severname% for replication group Domain System Volume"
And all the DNS logs look fine, the sysvol & netlogon will just not replicate to the new server, any assistance will be greatly appreciated
I am no expert on this but have replication elsewhere without issue, its like something is blocking the replication, tried turing off the firewalls but no luck
Main server and FSMO role holder is 2012R2, new server is 2019
Could it be the server Antivirus?
Any help please
ASKER
Hi it_sage, sorry i forgot to specify, the main server is a Server 2012 R2 and the new server is Server 2019 so neither use FRS, rather DFS
Does the solution still apply?
Does the solution still apply?
If you have never had a Windows Server 2003, Windows Server 2008 or Windows Server 20018 R2 DC, then most likely this is not the case. You could still check the logs to make sure though.
-saige-
-saige-
ASKER
The DFS Propagation report just shows tests are incomplete
%mainserver% Default-First-Site-Name Arrival pending
%mainserver% Default-First-Site-Name Arrival pending
You really, really need to make sure that FRS has been retired.
https://blogs.technet.microsoft.com/filecab/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol/
https://blogs.technet.microsoft.com/filecab/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol/
ASKER
There is no FRS on this network, main server 2012 R2 was built from scratch, brand new AD, so there is only DFS
ASKER
FRS service on both servers is Disabled by default
check if on 2012 r2 DC, Sysvol and netlogon folders are shared and if you are able to open GPMC without errors
If yes, you can attempt Sysvol auth restore on 2012 R2 DC and non auth restore on 2019 DC
Find below article for sequential steps
https://www.experts-exchange.com/articles/17360/Active-Directory-DFSR-Sysvol-Authoritative-and-Non-Authoritative-Restore-Sequence.html
If yes, you can attempt Sysvol auth restore on 2012 R2 DC and non auth restore on 2019 DC
Find below article for sequential steps
https://www.experts-exchange.com/articles/17360/Active-Directory-DFSR-Sysvol-Authoritative-and-Non-Authoritative-Restore-Sequence.html
ASKER
Hi Mashesh,
The Sysvol and Netlogon share are not active on the 2019 server. can i set these shares manually on the folder level?
The Sysvol and Netlogon share are not active on the 2019 server. can i set these shares manually on the folder level?
Check if Sysvol and netlogon folder structure is physically available on 2019 DC?
If yes, simply attempt DFSR Auth restore on 2012 R2 DC and DFSR non auth restore on 2019 DC as outlined in above article
Else, If folder structure is not available, you can create one, then on 2019 DC, follow Step 11 and 12 under Recovery Procedure - DFSR SYSVOL in below article
https://www.experts-exchange.com/articles/33363/Active-Directory-System-State-Recovery-with-Sysvol-Authoritative-Restore-Authsysvol-switch-Explained.html
Once folder structure is created, do not forget to restart netlogon service, this should populate Sysvol and netlogon shares and then check if GPOs are replicated from 2012 DC or not
If yes, simply attempt DFSR Auth restore on 2012 R2 DC and DFSR non auth restore on 2019 DC as outlined in above article
Else, If folder structure is not available, you can create one, then on 2019 DC, follow Step 11 and 12 under Recovery Procedure - DFSR SYSVOL in below article
https://www.experts-exchange.com/articles/33363/Active-Directory-System-State-Recovery-with-Sysvol-Authoritative-Restore-Authsysvol-switch-Explained.html
Once folder structure is created, do not forget to restart netlogon service, this should populate Sysvol and netlogon shares and then check if GPOs are replicated from 2012 DC or not
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
If you find these errors, you can use an Authoritative restore of FRS in order to complete the promotion:
Instructions for an Authoritative Restore of FRS (in a nutshell):
1. Stop the FRS service.
2. Modify the registry setting for the BurFlags key using a value of D4.
3. Restart the FRS service.
* BurFlags is located in the registry here - HKEY_LOCAL_MACHINE\SYSTEM\
More information can be found here - https:/Q_28591065.html#a40532465
After that, I would migrate FRS to DFSR:
https://blogs.technet.microsoft.com/filecab/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol/
-saige-