We help IT Professionals succeed at work.
Private
Troubleshooting Question

Removing old 2003 DC - FRS damaged & won't replicate to new servers

72 Views
Last Modified: 2020-10-05
Hello,
I recently inherited a client that must upgrade their servers. This is a small business, about 50 computers.
The network consists of three domain controllers - two Windows 2012 servers and one Windows 2003 server. Ultimately, I want to introduce a Windows 2019 server/DC

All rolls were moved to the other DC's. (FSMO, DNS, etc.)

Last weekend I was about to demote the 2003 DC, but luckily I discovered a huge problem. It seems FRS (File Replication) never occurred between the 2003 DC and the 2012's! On both of the 2012 DC's the SYSVOL and NETLOGON folders didn't even exist.

I am with the understanding that I must  get this to replicate in order to demote this old server.

I've done basic troubleshooting, making sure that DNS is configured properly. I recreated the SYSVOL and the NETLOGON shares on the 2012 DC's with this registry procedure (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters ), I read articles about NULL entries but could not find any in ADSIEDIT.

I see another procedure to rebuild the SYSVOL objects using the BurFlags registry key D4 or D2. But it says "use this as your last resort."

So, at this point I'm looking for some direction as I don't want to do anything and risk making it worse. Anyone have any experience with this?

Thanks!




Comment
Watch Question

Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
 Have been following this at the other you posted to. You're at last resort. You need to set the flags. 
Jeff BrubakerSystem Administrator

Author

Commented:
On my Windows 2012 Servers, the domain functional level is 2003, so does that mean it's using FRS? dfsrmig.exe will only run on 2008 and above.
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
Out of curiosity, what errors are in the FRS event log on that 2003 DC?

Jeff BrubakerSystem Administrator

Author

Commented:
Initially the event log was reporting the JRNL_WRAP_ERROR. After someone's advice I tried  the BurFlag D2 fix.
I am not getting that error anymore but I'm getting Event ID 13508 "The file replication Service is having trouble enabling replication from......

Still recommend the BurFlag D4?
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
Yes, the D4 option is appropriate here, since that DC is the only one with a copy of SYSVOL at all. Make sure the SYSVOL folder hierarchy is still intact on that DC before you do this, though.
System Administrator
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Jeff BrubakerSystem Administrator

Author

Commented:
I'm not positive it's "Healthy" but it's all I have. I'll be trying it this weekend. I'll keep you posted!
Jeff BrubakerSystem Administrator

Author

Commented:
Question - In the state this is in, do you think this would prevent me from Uninstalling an Exchange 2013 Server? They currently have an Exchange Server running in Hybrid mode. I was thinking cutting the cord so they are 100% Office 365 for emails. I'm doing this in case for some reason I am unable to get FRS working properly again.

DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
If you don't have a functional SYSVOL on any DC, it may very well prevent you from uninstalling, given all of Exchange's AD dependencies. I've seen the lack of a SYSVOL share cause errors like "The domain could not be found," even when AD is otherwise fine. I'd personally get the SYSVOL issue resolved before trying to remove Exchange.

Jeff BrubakerSystem Administrator

Author

Commented:
Back again -
I was going to perform the BurFlag D4/D2 fix tonight but I want to get your input before I do it.
DrDave242 says "Make sure the SYSVOL folder hierarchy is still intact on that DC before you do this, though."

All the folders are still there - However, there appears to be some other things that concern me
Inside \sysvol\domain and the sysvol\sysvol\domainname.local folder there are two rogue folders

\Do_Not_Remove_NtFrs_PreInstall_Directory
\NtFrs_PreExisting__See_EventLog

In addition, inside the \sysvol\staging\domain folder there are 70 files
They are all similar and look like this: NTFRS_CMP_5d3b139e-7509-476d-a8fcefd727d3f24

And the same thing inside \sysvol\staging\domainname.local\

Should I run the commands or should I clean these up? Hate to delete anything.....


DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
\Do_Not_Remove_NtFrs_PreInstall_Directory

\NtFrs_PreExisting__See_EventLog 

Is there anything inside these two folders?

Jeff BrubakerSystem Administrator

Author

Commented:
DrDave242,

There is nothing in the \Do_Not+Remove_NtFrs_PreInstall_Directory folder.
But inside the \NtFrs_PreExisting__See_EventLog  folders there are two sub folders "Policies and Scripts." It just looks like a copy of what is there anyway.

DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
If it's a copy of what's in the normal location (and it probably is, if you haven't made changes to GPOs or scripts in a long time), don't worry about it and proceed with the D4.

Jeff BrubakerSystem Administrator

Author

Commented:
Ok and what do you think about the  \sysvol\staging\domain folder? As I mentioned there are about 70 files in there. It looks like they get written at a certain time interval when the server tries to replicate. Not sure if I should delete those files or keep them there.
Jeff BrubakerSystem Administrator

Author

Commented:
An update about this -
Last night I set the BurFlag D4 on the Windows 2003 server and D2 on the Windows 2012 Server.
Event ID 13516 was generated on each server.

I also got 13554 on the 2003 DC and it says "The File Replication Service successfully added the connections shown below..." and it lists all the other DC's.

Now, since 9:50pm last night (it's almost been 12 hours) nothing has happened. No other events have been generated

The SYSVOL and NETLOGON shares exist on all the DC's.

DCDIAG passes every test on each DC yet replication is still not happening.

Any thoughts?
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
What is the result of repadmin /replsummary?

Can you run repadmin /syncall? 
Jeff BrubakerSystem Administrator

Author

Commented:
Here is the result of repadmin /replsummary

Beginning data collection for replication summary, this may take a while

Source DSA          largest delta    fails/total %%   error
 CFSFH-SERVER              37m:50s    0 /  10    0
 DCBACKUP                  40m:50s    0 /  10    0
 SFH-SERVER                40m:50s    0 /  10    0


Destination DSA     largest delta    fails/total %%   error
 CFSFH-SERVER              40m:50s    0 /  10    0
 DCBACKUP                  37m:50s    0 /  10    0
 SFH-SERVER                33m:26s    0 /  10    0


Jeff BrubakerSystem Administrator

Author

Commented:
repadmin /syncall  - "SyncAll terminated with no errors"

repadmin /showrepl - everything was successful

repadmin /queue - nothing in the queue

Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
DCDIAG passes every test on each DC yet replication is still not happening. 
How did you test replication? Why do you think that replication is not happening?

Did you reboot all DCs?
Jeff BrubakerSystem Administrator

Author

Commented:
I am trying to do the .txt file test - created a few test .txt files and copied them to \sysvol\mydomainname\ and when it replicates I'm supposed to see these text files appear on the other servers. So far I am not seeing that. Or maybe I'm not waiting long enough?
No, I did not reboot the servers yet.
Jeff BrubakerSystem Administrator

Author

Commented:
I spoke too soon! Yes, the text files are replicating! I guess I was looking in the wrong place!
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
So everything is working now? DCDIAG and repadmin show that it should be.
Jeff BrubakerSystem Administrator

Author

Commented:
I'm not seeing any issues in DCDIAG or REPADMIN. It appears to be working.
I'll monitor it for a couple more days before I attempt to demote the 2003 DC

Thanks for your help you have no idea how much this has been stressing me out.
-Jeff
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
You are welcome. I am glad you fixed this.
Jeff BrubakerSystem Administrator

Author

Commented:
Question, after I demote the 2003 DC, I will be left with two 2012 DC's. Will they still be using FRS or will they automatically switch to DFSR. I will be introducing a 2019 DC in to my AD.
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
They don't automatically switch to DFSR; you have to perform that migration yourself, but it's not a difficult process. The steps are given here:

https://techcommunity.microsoft.com/t5/storage-at-microsoft/streamlined-migration-of-frs-to-dfsr-sysvol/ba-p/425405

If everything's healthy, the migration process comes down to (1) run dfsrmig /setglobalstate x, where x is the next stage of the migration, (2) run dfsrmig /getmigrationstate one or more times until all DCs have converged, and (3) go back to step 1 until all stages are complete. Not difficult at all, just a little tedious.

kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
You will need to update the domain and forest functional levels to at least 2008. After that you will need to complete the steps to migrate from FRS to DFSR. 

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions