Pedro Baptista
asked on
DFSR Migration Stuck
We're in the process migrating domain controllers.
Server 2008 to Server 2016
Did "dfsrmig /setglobalstate 1" on Server 2008 which is going to be decommissioned
its been a few hours. The message said it could take up to 60 minutes to reach a consistent state.
When typing in "dfsrmig /getmigrationstate" the following comes up
"Migration has not yet reached a consistent state on all Domain Ctonrollers. State information might be stale due to AD latency."
Server 2008 to Server 2016
Did "dfsrmig /setglobalstate 1" on Server 2008 which is going to be decommissioned
its been a few hours. The message said it could take up to 60 minutes to reach a consistent state.
When typing in "dfsrmig /getmigrationstate" the following comes up
"Migration has not yet reached a consistent state on all Domain Ctonrollers. State information might be stale due to AD latency."
ASKER
Only one DC is replicating with this DC. Both have free disk space.
dcdiag on Server 2016 reports the following
Warning: DsGetDcName returned information for \\TO-SVR.trvlrsoasis.local
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC\netlogon)
[DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... DC failed test NetLogons
dcdiag on Server 2008 reports the following
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC\netlogon)
[DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... DC failed test NetLogons
dcdiag on Server 2016 reports the following
Warning: DsGetDcName returned information for \\TO-SVR.trvlrsoasis.local
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC\netlogon)
[DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... DC failed test NetLogons
dcdiag on Server 2008 reports the following
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC\netlogon)
[DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... DC failed test NetLogons
Do the NETLOGON shares exists on those two DCs?
Can you run a Dcdiag /e /test:sysvolcheck /test:advertising and post the results?
ASKER
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TO
Starting test: Connectivity
......................... TO-SVR passed test Connectivity
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TO
Starting test: Advertising
......................... TO-SVR passed test Advertising
Starting test: SysVolCheck
......................... TO-SVR passed test SysVolCheck
Testing server: Default-First-Site-Name\DC
Starting test: Advertising
Warning: DsGetDcName returned information for \\TO-SVR.trvlrsoasis.local
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... DC failed test Advertising
Starting test: SysVolCheck
......................... DC passed test SysVolCheck
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : trvlrsoasis
Running enterprise tests on : trvlrsoasis.local
Performing initial setup:
Trying to find home server...
Home Server = DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TO
Starting test: Connectivity
......................... TO-SVR passed test Connectivity
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TO
Starting test: Advertising
......................... TO-SVR passed test Advertising
Starting test: SysVolCheck
......................... TO-SVR passed test SysVolCheck
Testing server: Default-First-Site-Name\DC
Starting test: Advertising
Warning: DsGetDcName returned information for \\TO-SVR.trvlrsoasis.local
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... DC failed test Advertising
Starting test: SysVolCheck
......................... DC passed test SysVolCheck
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : trvlrsoasis
Running enterprise tests on : trvlrsoasis.local
Did you install Active Directory on the 2016 server without first upgrading from FRS to DSFR? I think if so that may be your problem. I would try removing ADDS from the 2016 server and try running the DFSR migration again on the 2008 server only.
ASKER
Yes, I did install AD on 2016 without first upgrading from FRS to DSFR.
Can I just remove it from the roles and features or would I need to complete remove the 2016 DC from the domain before removing ADDS?
Can I just remove it from the roles and features or would I need to complete remove the 2016 DC from the domain before removing ADDS?
ASKER
One more question... Being this is a Server 2008 should it already be using DFS Replication? Is there a way for me to check this?
It's a fairly common misconception, made worse by Microsoft, that FRS isn't supported in 2016; it is. You don't have to migrate to DFSR before installing a 2016 domain controller. (If you're running one of the Semi-Annual Channel versions, that's a different story, but you're probably not. The quickest way to tell? If your server OS has a GUI, it's not a SAC version.)
Having said that, it is quicker and simpler to migrate to DFSR with only one DC, as you don't have to wait for everything to converge, so Hypercat's recommendation has merit. I'm concerned that you may have an issue in FRS on the 2008 DC, though, that will prevent the migration from succeeding even after the 2016 DC has been removed.
Do you see any recent errors in the FRS event log on the 2008 DC?
Having said that, it is quicker and simpler to migrate to DFSR with only one DC, as you don't have to wait for everything to converge, so Hypercat's recommendation has merit. I'm concerned that you may have an issue in FRS on the 2008 DC, though, that will prevent the migration from succeeding even after the 2016 DC has been removed.
Do you see any recent errors in the FRS event log on the 2008 DC?
DrDave has a good point. But I think removing ADDS from the 2016 server first will simplify things anyway.
To answer your questions:
Can I just remove it from the roles and features or would I need to complete remove the 2016 DC from the domain before removing ADDS? YES, just remove ADDS using the Server Manager "Remove Roles and Services."
Being this is a Server 2008 should it already be using DFS Replication? Is there a way for me to check this? YES again. If you are already using DFSR, you'll see a folder in the Windows folder named "SYSVOL_DFSR."
To answer your questions:
Can I just remove it from the roles and features or would I need to complete remove the 2016 DC from the domain before removing ADDS? YES, just remove ADDS using the Server Manager "Remove Roles and Services."
Being this is a Server 2008 should it already be using DFS Replication? Is there a way for me to check this? YES again. If you are already using DFSR, you'll see a folder in the Windows folder named "SYSVOL_DFSR."
ASKER
DrDave242: In the Event Viewer > FRS > Event ID: 13568 Error "The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. "
Hypercat: In Windows folder it shows both SYSVOL and SYSVOL_DFSR. Is that because I set it to state 1 to initiate the migration or does it only show it if the migration is complete?
Hypercat: In Windows folder it shows both SYSVOL and SYSVOL_DFSR. Is that because I set it to state 1 to initiate the migration or does it only show it if the migration is complete?
Yes, if it's in a partial state of conversion you'd see both folders. I think you should try to fix the journal wrap error at this point and then see where your DFRS migration process is.
Before we get to that, though, a question about the 2016 server. Did you ever run dcpromo on it? Does it have a FRS or DFSR folder?
Before we get to that, though, a question about the 2016 server. Did you ever run dcpromo on it? Does it have a FRS or DFSR folder?
ASKER
Yes I did run dcpromo on the 2016.
The Server 2016: C:\Windows\SYSVOL ... the SYSVOL_DFSR is not present on 2016.
I did go through a regedit to Enable Journal Wrap Automatic Restore. It says it could take up to 20 minutes for event logs to generate.
The Server 2016: C:\Windows\SYSVOL ... the SYSVOL_DFSR is not present on 2016.
I did go through a regedit to Enable Journal Wrap Automatic Restore. It says it could take up to 20 minutes for event logs to generate.
ASKER
I am still getting the following FRS warning in the event viewer.
"The File Replication Service is having trouble enabling replication from DC to TO-SVR for c:\windows\sysvol\domain using the DNS name DC.trvlrsoasis.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC.trvlrsoasis.local from this computer.
[2] FRS is not running on DC.trvlrsoasis.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established."
Should I go ahead and proceed with demoting the 2016 DC and removing ADDS Role at this point. Then, proceeding with the migration before installing ADDS and promoting the DC again?
"The File Replication Service is having trouble enabling replication from DC to TO-SVR for c:\windows\sysvol\domain using the DNS name DC.trvlrsoasis.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC.trvlrsoasis.local from this computer.
[2] FRS is not running on DC.trvlrsoasis.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established."
Should I go ahead and proceed with demoting the 2016 DC and removing ADDS Role at this point. Then, proceeding with the migration before installing ADDS and promoting the DC again?
What DNS settings do you have on each of the DC's? They should be pointing to themselves first with the other DC as secondary. If you do a simple ping from one to the other, do they resolve correctly?
Also check the services on the 2016 DC to see if FRS is, in fact, running.
Also check the services on the 2016 DC to see if FRS is, in fact, running.
Does the FRS event log on the 2008 DC show event 13516, indicating that all is well with FRS, or is it still showing errors after you made that registry change?
ASKER
Hypercat, I am successfully able to ping using the names on both servers. There are DNS entries for each on both servers.
DrDave, after the registry change, I am no longer getting event 13516.
DrDave, after the registry change, I am no longer getting event 13516.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ran dfsrmig.exe /getglobalstate once again and it is now showing as "Prepared" succeeded.
I think we're in good shape now!
I'll continue to go through the steps.
I think we're in good shape now!
I'll continue to go through the steps.
Ok, sounds good now. I think the restarting the FRS service was the missing link; when you do a restore (to fix the journal wrap error) you would normally have to restart the service. I assumed you'd done that, and didn't think to check.
Cheers!
Cheers!
ASKER
DFS Replication Information Event:
"DFSR has successfully migrated the Domain Controller TO-SVR to the 'ELIMINATED' state. NTFRS is no longer replicating the SYSVOL share located at C:\Windows\SYSVOL. DFSR is currently replicating the SYSVOL_DFSR folder located at C:\Windows\SYSVOL_DFSR. If you are not using NTFRS to replicate any non-SYSVOL folders, please consider stopping the NTFRS service and setting its start type to "Manual". "
Am I Safe to disable the File Replication Service on the 2008 server or should I just leave it?
"DFSR has successfully migrated the Domain Controller TO-SVR to the 'ELIMINATED' state. NTFRS is no longer replicating the SYSVOL share located at C:\Windows\SYSVOL. DFSR is currently replicating the SYSVOL_DFSR folder located at C:\Windows\SYSVOL_DFSR. If you are not using NTFRS to replicate any non-SYSVOL folders, please consider stopping the NTFRS service and setting its start type to "Manual". "
Am I Safe to disable the File Replication Service on the 2008 server or should I just leave it?
Yes you can safely disable it.
Does SMB connection works fine to you server 2016. Windows Server 2016 is not installing as default CIFS/SMB share as default. Have a look if that fixes you issue and check with netmon/Wireshark if you are getting proper SM. connection established.
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405#express