Jeff Brubaker
asked on
Removing old 2003 DC - FRS damaged & won't replicate to new servers
Hello,
I recently inherited a client that must upgrade their servers. This is a small business, about 50 computers.
The network consists of three domain controllers - two Windows 2012 servers and one Windows 2003 server. Ultimately, I want to introduce a Windows 2019 server/DC
All rolls were moved to the other DC's. (FSMO, DNS, etc.)
Last weekend I was about to demote the 2003 DC, but luckily I discovered a huge problem. It seems FRS (File Replication) never occurred between the 2003 DC and the 2012's! On both of the 2012 DC's the SYSVOL and NETLOGON folders didn't even exist.
I am with the understanding that I must get this to replicate in order to demote this old server.
I've done basic troubleshooting, making sure that DNS is configured properly. I recreated the SYSVOL and the NETLOGON shares on the 2012 DC's with this registry procedure (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters ), I read articles about NULL entries but could not find any in ADSIEDIT.
I see another procedure to rebuild the SYSVOL objects using the BurFlags registry key D4 or D2. But it says "use this as your last resort."
So, at this point I'm looking for some direction as I don't want to do anything and risk making it worse. Anyone have any experience with this?
Thanks!
I recently inherited a client that must upgrade their servers. This is a small business, about 50 computers.
The network consists of three domain controllers - two Windows 2012 servers and one Windows 2003 server. Ultimately, I want to introduce a Windows 2019 server/DC
All rolls were moved to the other DC's. (FSMO, DNS, etc.)
Last weekend I was about to demote the 2003 DC, but luckily I discovered a huge problem. It seems FRS (File Replication) never occurred between the 2003 DC and the 2012's! On both of the 2012 DC's the SYSVOL and NETLOGON folders didn't even exist.
I am with the understanding that I must get this to replicate in order to demote this old server.
I've done basic troubleshooting, making sure that DNS is configured properly. I recreated the SYSVOL and the NETLOGON shares on the 2012 DC's with this registry procedure (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters ), I read articles about NULL entries but could not find any in ADSIEDIT.
I see another procedure to rebuild the SYSVOL objects using the BurFlags registry key D4 or D2. But it says "use this as your last resort."
So, at this point I'm looking for some direction as I don't want to do anything and risk making it worse. Anyone have any experience with this?
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
kevinhsieh
Have been following this at the other you posted to. You're at last resort. You need to set the flags.
ASKER
On my Windows 2012 Servers, the domain functional level is 2003, so does that mean it's using FRS? dfsrmig.exe will only run on 2008 and above.
Out of curiosity, what errors are in the FRS event log on that 2003 DC?
ASKER
Initially the event log was reporting the JRNL_WRAP_ERROR. After someone's advice I tried the BurFlag D2 fix.
I am not getting that error anymore but I'm getting Event ID 13508 "The file replication Service is having trouble enabling replication from......
Still recommend the BurFlag D4?
I am not getting that error anymore but I'm getting Event ID 13508 "The file replication Service is having trouble enabling replication from......
Still recommend the BurFlag D4?
Yes, the D4 option is appropriate here, since that DC is the only one with a copy of SYSVOL at all. Make sure the SYSVOL folder hierarchy is still intact on that DC before you do this, though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm not positive it's "Healthy" but it's all I have. I'll be trying it this weekend. I'll keep you posted!
ASKER
Question - In the state this is in, do you think this would prevent me from Uninstalling an Exchange 2013 Server? They currently have an Exchange Server running in Hybrid mode. I was thinking cutting the cord so they are 100% Office 365 for emails. I'm doing this in case for some reason I am unable to get FRS working properly again.
If you don't have a functional SYSVOL on any DC, it may very well prevent you from uninstalling, given all of Exchange's AD dependencies. I've seen the lack of a SYSVOL share cause errors like "The domain could not be found," even when AD is otherwise fine. I'd personally get the SYSVOL issue resolved before trying to remove Exchange.
ASKER
Back again -
I was going to perform the BurFlag D4/D2 fix tonight but I want to get your input before I do it.
DrDave242 says "Make sure the SYSVOL folder hierarchy is still intact on that DC before you do this, though."
All the folders are still there - However, there appears to be some other things that concern me
Inside \sysvol\domain and the sysvol\sysvol\domainname.local folder there are two rogue folders
\Do_Not_Remove_NtFrs_PreInstall_Directory
\NtFrs_PreExisting__See_EventLog
In addition, inside the \sysvol\staging\domain folder there are 70 files
They are all similar and look like this: NTFRS_CMP_5d3b139e-7509-476d-a8fcefd727d3f24
And the same thing inside \sysvol\staging\domainname.local\
Should I run the commands or should I clean these up? Hate to delete anything.....
I was going to perform the BurFlag D4/D2 fix tonight but I want to get your input before I do it.
DrDave242 says "Make sure the SYSVOL folder hierarchy is still intact on that DC before you do this, though."
All the folders are still there - However, there appears to be some other things that concern me
Inside \sysvol\domain and the sysvol\sysvol\domainname.local folder there are two rogue folders
\Do_Not_Remove_NtFrs_PreInstall_Directory
\NtFrs_PreExisting__See_EventLog
In addition, inside the \sysvol\staging\domain folder there are 70 files
They are all similar and look like this: NTFRS_CMP_5d3b139e-7509-476d-a8fcefd727d3f24
And the same thing inside \sysvol\staging\domainname.local\
Should I run the commands or should I clean these up? Hate to delete anything.....
\Do_Not_Remove_NtFrs_PreInstall_Directory
\NtFrs_PreExisting__See_EventLog
Is there anything inside these two folders?
ASKER
DrDave242,
There is nothing in the \Do_Not+Remove_NtFrs_PreInstall_Directory folder.
But inside the \NtFrs_PreExisting__See_EventLog folders there are two sub folders "Policies and Scripts." It just looks like a copy of what is there anyway.
There is nothing in the \Do_Not+Remove_NtFrs_PreInstall_Directory folder.
But inside the \NtFrs_PreExisting__See_EventLog folders there are two sub folders "Policies and Scripts." It just looks like a copy of what is there anyway.
If it's a copy of what's in the normal location (and it probably is, if you haven't made changes to GPOs or scripts in a long time), don't worry about it and proceed with the D4.
ASKER
Ok and what do you think about the \sysvol\staging\domain folder? As I mentioned there are about 70 files in there. It looks like they get written at a certain time interval when the server tries to replicate. Not sure if I should delete those files or keep them there.
ASKER
An update about this -
Last night I set the BurFlag D4 on the Windows 2003 server and D2 on the Windows 2012 Server.
Event ID 13516 was generated on each server.
I also got 13554 on the 2003 DC and it says "The File Replication Service successfully added the connections shown below..." and it lists all the other DC's.
Now, since 9:50pm last night (it's almost been 12 hours) nothing has happened. No other events have been generated
The SYSVOL and NETLOGON shares exist on all the DC's.
DCDIAG passes every test on each DC yet replication is still not happening.
Any thoughts?
Last night I set the BurFlag D4 on the Windows 2003 server and D2 on the Windows 2012 Server.
Event ID 13516 was generated on each server.
I also got 13554 on the 2003 DC and it says "The File Replication Service successfully added the connections shown below..." and it lists all the other DC's.
Now, since 9:50pm last night (it's almost been 12 hours) nothing has happened. No other events have been generated
The SYSVOL and NETLOGON shares exist on all the DC's.
DCDIAG passes every test on each DC yet replication is still not happening.
Any thoughts?
What is the result of repadmin /replsummary?
Can you run repadmin /syncall?
Can you run repadmin /syncall?
ASKER
Here is the result of repadmin /replsummary
Beginning data collection for replication summary, this may take a while
Source DSA largest delta fails/total %% error
CFSFH-SERVER 37m:50s 0 / 10 0
DCBACKUP 40m:50s 0 / 10 0
SFH-SERVER 40m:50s 0 / 10 0
Destination DSA largest delta fails/total %% error
CFSFH-SERVER 40m:50s 0 / 10 0
DCBACKUP 37m:50s 0 / 10 0
SFH-SERVER 33m:26s 0 / 10 0
Beginning data collection for replication summary, this may take a while
Source DSA largest delta fails/total %% error
CFSFH-SERVER 37m:50s 0 / 10 0
DCBACKUP 40m:50s 0 / 10 0
SFH-SERVER 40m:50s 0 / 10 0
Destination DSA largest delta fails/total %% error
CFSFH-SERVER 40m:50s 0 / 10 0
DCBACKUP 37m:50s 0 / 10 0
SFH-SERVER 33m:26s 0 / 10 0
ASKER
repadmin /syncall - "SyncAll terminated with no errors"
repadmin /showrepl - everything was successful
repadmin /queue - nothing in the queue
repadmin /showrepl - everything was successful
repadmin /queue - nothing in the queue
DCDIAG passes every test on each DC yet replication is still not happening.How did you test replication? Why do you think that replication is not happening?
Did you reboot all DCs?
ASKER
I am trying to do the .txt file test - created a few test .txt files and copied them to \sysvol\mydomainname\ and when it replicates I'm supposed to see these text files appear on the other servers. So far I am not seeing that. Or maybe I'm not waiting long enough?
No, I did not reboot the servers yet.
No, I did not reboot the servers yet.
ASKER
I spoke too soon! Yes, the text files are replicating! I guess I was looking in the wrong place!
So everything is working now? DCDIAG and repadmin show that it should be.
ASKER
I'm not seeing any issues in DCDIAG or REPADMIN. It appears to be working.
I'll monitor it for a couple more days before I attempt to demote the 2003 DC
Thanks for your help you have no idea how much this has been stressing me out.
-Jeff
I'll monitor it for a couple more days before I attempt to demote the 2003 DC
Thanks for your help you have no idea how much this has been stressing me out.
-Jeff
You are welcome. I am glad you fixed this.
ASKER
Question, after I demote the 2003 DC, I will be left with two 2012 DC's. Will they still be using FRS or will they automatically switch to DFSR. I will be introducing a 2019 DC in to my AD.
They don't automatically switch to DFSR; you have to perform that migration yourself, but it's not a difficult process. The steps are given here:
https://techcommunity.microsoft.com/t5/storage-at-microsoft/streamlined-migration-of-frs-to-dfsr-sysvol/ba-p/425405
If everything's healthy, the migration process comes down to (1) run dfsrmig /setglobalstate x, where x is the next stage of the migration, (2) run dfsrmig /getmigrationstate one or more times until all DCs have converged, and (3) go back to step 1 until all stages are complete. Not difficult at all, just a little tedious.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/streamlined-migration-of-frs-to-dfsr-sysvol/ba-p/425405
If everything's healthy, the migration process comes down to (1) run dfsrmig /setglobalstate x, where x is the next stage of the migration, (2) run dfsrmig /getmigrationstate one or more times until all DCs have converged, and (3) go back to step 1 until all stages are complete. Not difficult at all, just a little tedious.
You will need to update the domain and forest functional levels to at least 2008. After that you will need to complete the steps to migrate from FRS to DFSR.