Hoping someone can shed some light on this issue I have. I have a 2003 Domain with a single 2003DC. I recently put in a new Win2008R2 member server. Followed all the guides to DCPromo it and took all the FMSO roles from the 2003DC to the 2008R2 DC. Everything seemed to go well.
Last night I was going through the GPO's – since we currently just use an old bat file login script, when I noticed I couldn't create or edit anything in teh GPO manager. I kept getting 'file not found' errors. 3 minutes of investigation showed that the 2008R2 DC does not have any Sysvol or Netlogon folders that it should have got with I DCPromo'd it, and that its not replicating that info from the 2003DC.
Everything else appears to be working fine. Whats the best way of fixing this…short of blowing the 2008R2 box away that is….
*Edit: Adding DCDIAG output as instructed
C:\Users\username>dcdiag Directory Server Diagnosis Performing initial
setup: Trying to find home server… Home Server = 2008DC *
Identified AD Forest. Done gathering initial info. Doing initial
required tests Testing server: Default-First-Site\2008DC
Starting test: Connectivity
……………………. 2008DC passed test ConnectivityDoing primary tests Testing server: Default-First-Site\2008DC
Starting test: Advertising
Warning: DsGetDcName returned information for \2003DC.domainname.local,
when we were trying to reach 2008DC.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
……………………. 2008DC failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
……………………. 2008DC passed test FrsEvent
Starting test: DFSREvent
……………………. 2008DC passed test DFSREvent
Starting test: SysVolCheck
……………………. 2008DC passed test SysVolCheck
Starting test: KccEvent
……………………. 2008DC passed test KccEvent
Starting test: KnowsOfRoleHolders
……………………. 2008DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
……………………. 2008DC passed test MachineAccount
Starting test: NCSecDesc
……………………. 2008DC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\2008DC\netlogon)
[2008DC] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
……………………. 2008DC failed test NetLogons
Starting test: ObjectsReplicated
……………………. 2008DC passed test ObjectsReplicated
Starting test: Replications
[Replications Check,2008DC] A recent replication attempt failed:
From AnotherDC to 2008DC
Naming Context: DC=ForestDnsZones,DC=domainname,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help. The failure
occurred at 2012-01-31 22:57:38.
The last success occurred at 2012-01-30 14:57:32.
32 failures have occurred since the last success.
[AnotherDC] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,2008DC] A recent replication attempt failed:
From AnotherDC to 2008DC
Naming Context: CN=Schema,CN=Configuration,DC=domainname,DC=local
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure. The failure occurred at 2012-01-31 22:57:38.
The last success occurred at 2012-01-30 14:57:32.
32 failures have occurred since the last success.
The guid-based DNS name
6c5a6774-0b76-4621-b7f4-3771ab09f143._msdcs.domainname.local
is not registered on one or more DNS servers.
[Replications Check,2008DC] A recent replication attempt failed:
From AnotherDC to 2008DC
Naming Context: DC=AnotherDomain,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help. The failure
occurred at 2012-01-31 22:57:38.
The last success occurred at 2012-01-30 15:18:56.
32 failures have occurred since the last success.
……………………. 2008DC failed test Replications
Starting test: RidManager
……………………. 2008DC passed test RidManager
Starting test: Services
Could not open NTDS Service on 2008DC, error 0x5
"Access is denied."
……………………. 2008DC failed test Services
Starting test: SystemLog
……………………. 2008DC passed test SystemLog
Starting test: VerifyReferences
……………………. 2008DC passed test VerifyReferencesRunning partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test
CrossRefValidationRunning partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test
CrossRefValidationRunning partition tests on : Schema
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidationRunning partition tests on : Configuration
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidationRunning partition tests on : domainname
Starting test: CheckSDRefDom
……………………. domainname passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. domainname passed test CrossRefValidationRunning enterprise tests on : domainname.local
Starting test: LocatorCheck
……………………. domainname.local passed test LocatorCheck
Starting test: Intersite
……………………. domainname.local passed test Intersite
For reference, after changing some names around:
2008DC my new 2008 R2 Server recently DCPROMO'd and FMSO roles given to it
2003DC my old, still running, DC
AnotherDC/AnotherDomain – a 2008R2 VM I ran up yesterday playing around with a second domain in the forest and nothing really to do with the above issue as it was occuring before this server went up.
**Unable to add a new post to this or fit a reply to Peca so posting here, hope its not too confusing!
In answer to Peca's solution offered, here are the results observed:
OK, followed instructions and performed this step on the 2008DC. Event log showed the process attempting to replicate from the 2003DC:
Event 153501 showing that NTFRS has started. Event 13566 File Replication Service is scanning the data in the system volume. Computer 2008DC cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
Event 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer 2008R2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. Event 13533 The File Replication Service successfully added this computer to the following replica set: "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" Information related to this event is shown below: Computer DNS name is "2008R2.domainname.local" Replica set member name is "2008R2" Replica set root path is "c:\windows\sysvol\domain" Replica staging directory path is "c:\windows\sysvol\staging\domain" Replica working directory path is "c:\windows\ntfrs\jet" Event 13554 The File Replication Service successfully added the connections shown below to the replica set: "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Outbound to "2003DC. domainname.local"
Inbound from "2003DC. domainname.local"
Which all looks good and then:
Event 13508 The File Replication Service is having trouble enabling replication from 2003DC.domainname.local to 2008DC for c:\windows\sysvol\domain using the DNS name 2003DC. domainname.local. FRS will keep retrying. Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name 2003DC.domainname.local from this computer. [2] FRS is not running on 2003DC.domainname.local. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
Both servers can 'see' each other, ping each other, browse files on each others shares etc and both are on the same subnet.
Any other ideas?
Best Answer
Microsoft Knowledge Base article KB290762 (http://support.microsoft.com/kb/290762/) –Using the BurFlags registry key to reinitialize File Replication Service replica sets.
Authoritative FRS restore procedure using the D4 flag on the old server.
Click Start,and then click Run. In the Open box,type cmd and then press ENTER. In the Command box,type net stop ntfrs. Click Start,and then click Run. In the Open box,type regedit and then press ENTER. Locate the following subkey in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup In the right pane,double click BurFlags. In the Edit DWORD Value dialog box,type D4 and then click OK. Quit Registry Editor,and then switch to the Command box. In the Command box,type net start ntfrs. Quit the Command box. Nonauthoritative restore process using the D2 flag on the server2008 server.
Click Start,and then click Run. In the Open box,type cmd and then press ENTER. In the Command box,type net stop ntfrs. Click Start,and then click Run. In the Open box,type regedit and then press ENTER. Locate the following subkey in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup In the right pane,double-click BurFlags. In the Edit DWORD Value dialog box,type D2 and then click OK. Quit Registry Editor,and then switch to the Command box. In the Command box,type net start ntfrs. Quit the Command box.