I know there are several posts regarding the following issue but non of them have solved the issue for me.
Let me explain the situation:
We have a customer that want's to migrate from an old datacenter to ours.
So we created a site to site connection between them and i tried to dcpromo a server on our side today.
The domain functional level is Windows server 2012 and the domain controller is a Windows server 2012 datacenter server on the old side.
The servers on our side are Windows server 2012 R2 servers.
So i preformed the dcpromo without any problems, everything (DNS, users and computers, etc) was replicated to the new domain controller.
Now I try to domain join one of our new servers (also Windows 2012 R2) but I receive the following error:
DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain "domain.X":The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.X
The following domain controllers were identified by the query:
ad.domain.X dc01.domain.X dc02.domain.XHowever no domain controllers could be contacted.
Common causes of this error include:
Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect
addresses.Domain controllers registered in DNS are not connected to the network or are not running.
ad.domain.X is the domain controller in the old datacenter, dc01 and dc02 are new and in the new datacenter.
In the netSetup logfile on the server that needs to be domain joined, I find the following error when I try to domain join.
NetpValidateName: checking to see if 'domain.X' is valid as type 3 name NetpCheckDomainNameIsValid for domain.X returned 0x54b, last error is 0x0 NetpCheckDomainNameIsValid [ Exists ] for 'domain.X' returned 0x54b
On the domain controller I also cannot find any odd events in the eventviewer and all the DNS records seem to be there (A records, SRV, ldap).
The server i'm trying to join to the domain is also in the same subnet as the new domain controllers so there is no firewall betweem them.
Regarding the Site to site connection between the datacenters. We created an (temporary) any any rule between in both ways the domain controllers to rule out port blocking issues.
Ping to the domain controllers and nslookup is also not a problem. Telnet to port 389 is also possible. So the domain controllers are fully reachable for the other servers.
These are some ipconfig /all results
One of the problematic domain controllers in the new datacenter.
172.70.0.20 is the domain controller in the old datacenter.
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc01 Primary Dns Suffix . . . . . . . : domain.X Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.XEthernet adapter Ethernet:
Connection-specific DNS Suffix . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.4.88.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.224 Default Gateway . . . . . . . . . : 10.4.88.30 DNS Servers . . . . . . . . . . . : 10.4.88.1 172.70.0.20 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled
The following IP config is from one of the servers that cannot join to the domain. This server is in the same vlan as the problematic domain controllers so there are no ports blocked betweem them.
Windows IP Configuration
Host Name . . . . . . . . . . . . : server1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Ethernet:
Connection-specific DNS Suffix . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.4.88.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.224 Default Gateway . . . . . . . . . : 10.4.88.30 DNS Servers . . . . . . . . . . . : 10.4.88.1 10.4.88.2 NetBIOS over Tcpip. . . . . . . . : Enabled
Does anyone have an idea what we're doing wrong here?
Kind regards,
Gijs
Best Answer
If you don't see it when you open %systemroot% but you do when you open \domain.x then \domain.x is probably showing the folder from another DC. That leads me to believe you might have a problem with DFS Replication.https://social.technet.microsoft.com/Forums/en-US/58b8cdc3-a990-46c7-a70e-a51fd6965537/sysvol-and-netlogon-shares-missing-from-new-domain-controllers-using-dfrs
You can verify DFS Replication is being used by running
dfsrmig.exe /getglobalstate. If it is installed on the FSMO role master but not the new domain controller, you will should install it on the new domain controller so DFS Replication can run between the two DCs. You should restart the new DC once you install DFS.https://social.technet.microsoft.com/Forums/en-US/58b8cdc3-a990-46c7-a70e-a51fd6965537/sysvol-and-netlogon-shares-missing-from-new-domain-controllers-using-dfrsAfter you do that you should perform a replication between the new DC and the original DC. To do that you need to go to Active Directory Sites and Services, expand all objects in the left part of the window, find the server you want to replicate to, go to NTDS Settings, select the server you want to replicate from, and select Replicate Now.https://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx
If you find the SYSVOL folder on the new DC but do not see anything in the SYSVOL folder on the new DC, then you can try running
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="YOURGUID" call ResumeReplicationto resume replication.https://social.technet.microsoft.com/Forums/en-US/58b8cdc3-a990-46c7-a70e-a51fd6965537/sysvol-and-netlogon-shares-missing-from-new-domain-controllers-using-dfrsLet me know if this fixes things.