-----Original Message-----
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 01:57
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicatingCindy,Be sure that you check the free space on the System Volume of the system that is experiencing the problem. I was able to duplicate this exact problem in my lab tonight and just resolved the problem - at least for my cause / effect.In essence, the USN Journal size is 512MB - and if there is not sufficient space, NTFRS will stop with the errors that we have been seeing - in effect the 13552 and 13555 errors in the NTFRS log. What I had to do to resolve the problem was to free up sufficient space to allow the USN Journal to have room to work. I then stopped and restarted the FRS service, and got four clean informationals - the final saying that it had established communication with my other DC and had successfully published the SYSVOL and it is now actively replicating with it.Given standard practice of what many of us did for NT 4.0 servers and the %SYSTEMROOT% drive, it's not hard to imagine that after putting Windows 2000 and a healthy pagefile, that the drive is low on space - causing FRS to starve and fail.I'd suggest taking a hard look at the system volume, and clean it up per the following article:Good luck!Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, Cindy
Sent: Monday, September 01, 2003 7:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] sysvol not replicatingYes, the GUID._MSDCS.domain name is present in the Lancco.root zone. The "Replica Set Parent" is PSDC1.police.lancco.pa.us. Is there a way to check for the SID mismatch? I am hoping to download the ADDiag scripts when I get back in the office tomorrow and my crystal ball tells me there is going to be a road trip in my very near future (like Wednesday).-----Original Message-----
From: Dennis Schut [mailto:[EMAIL PROTECTED]
Sent: Monday, September 01, 2003 3:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicatingOkay, this sounds okay, regarding TCP, UDP LDAP, Kerberos and Kpasswd records. is there also a GUID._MSDCS.Domain Name present?Can you check if the following Reg key is present HKLM\SYSTEM\CurrentControlSet\Services\NTFRS\"Replica Set Parent", and check if the correct data is present in this key?This is because during the promotion of replica DCs to an Active Directory domain, a registry key (Replica Set Parent), under the NTFRS section of the registry is populated with the name of the DC that is used to source the Active Directory. FRS uses this key to source the SYSVOL share. Initial SYSVOL replication occurs following the reboot after promotion.
Because of a faulty compare of the Microsoft Windows NT 4.0-style domain name that is returned by DsCrackNames and the server principle name that is returned by RpcMgmtInqServerPrincName, FRS fails to join the volatile connection. This results in a delay to share out sysvols after the promotion.
The reason that the new replica DC is not joining with the existing DC is because of an SID mismatch. The SID from the RPC call from replica to source DC is known, but the SID that the source DC gets by calling DsCrackName is <unknown> or NULL.Regards,Dennis Schut MSCA, MCSAS, MCSA2K3, MCSE, MCSES, MCSE2K3
Technical Consultant
From: [EMAIL PROTECTED] on behalf of Rittenhouse, Cindy
Sent: Mon 01-Sep-03 00:57
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] sysvol not replicatingI agree, it certainly sounds like it could be DNS related, but it appears
that all SRV records are present. ECPDC registered itself in
_msdcs/dc/_sites/eastcocalicopd/tcp/kerberos (port88) and ldap(port 389), in
_msdcs/dc/_tcp/_kerberos and _ldap, in _sites/eastcocalicopd/_tcp/_kerberos
and _ldap, in _tcp/_kerberos, _kpasswd, and _ldap, and in _udp/_kerberos and
_kpasswd. It registered and A record as ECPDC and an A record (same as
parent folder). We do not use AD integrated DNS. All servers involved are
pointed to the DNS server that is authoratative for the zone. I deleted the
A record, did an ipconfig /registerdns, and the server registers without
problem. There is a ptr record for the server in the reverse lookup zone. I
can map from PSDC1 to any point on ECPDC and vice versa. I can do an
NSLOOKUP from either server. If the problem is DNS, I just don't see it.
I have not configured any static port mappings.
The only noteworthy item in the DNS event log is : The DNS server has
encountered numerous run-time events. These are usually caused by the
reception of bad or unexpected packets, or from problems with or excessive
replication traffic. The data is the number of suppressed events
encountered in the last 15 minute interval.
-----Original Message-----
From: Dennis Schut [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 31, 2003 3:15 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
Can happen Rick, the same hear... that's why checking and rechecking of
documentation is always fun....
Diane, I have to agree with Rick, that the problem can be related to
registration of DNS SRV records, it is advisable to check if all the SRV
and other records are all registered correctly in the _MSDCS zone or the
appropriate domain DNS zone.
What kind of records are you registering in DNS, domain & AtSite related
records, or only the AtSite records ("DnsAvoidRegisterRecords" reg key)?
Are you using a static port mapping for RPC based AD replication?
Regards,
Dennis Schut MSCA, MCSAS, MCSA2K3, MCSE, MCSES, MCSE2K3
Technical Consultant
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rick Kingslan
Sent: Sunday, August 31, 2003 00:40
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
My apologies to Dennis Schut (Read NOT *Shutts*). I have a co-worker
Deb
Shutts, and apparently my fingers got ahead of my brain. But, that
happens
a bunch - regardless if it's here, a NG, or just in a document. :-)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rick Kingslan
Sent: Saturday, August 30, 2003 5:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
Diane,
I have to agree that there is something going on here. Dennis Shutts
tried
to get the ADDiag scripts (if you haven't seen it - but I know you, you
likely have) to her to run on her system. It's the same tools that PSS
will
have you run on your system to gather all of the information necessary
to
diagnose this type of issue.
I suspect that there is a DNS problem as the SYSVOL share and the
NETLOGON
share will not be published until all conditions are correct. And, the
primary indicator is that failure in the NETDIAG log that you pointed
out.
Cindy, leave the FRS issues alone for a bit until the DNS problems are
resolved on all servers. It might be only one, or might be all of them.
Check your DNS and SYSTEM event logs.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Diane Ayers
Sent: Saturday, August 30, 2003 11:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
Do you have all the necessary SRV records for this server in DNS? Your
Dcdiag run had this error:
test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for
\\psdc1.police.lancco.pa.us, when we were trying to reach ECPDC.
Server is not responding or is not considered suitable.
......................... ECPDC failed
DsGetDcName is failing. I'd look at the SRV records in DNS to see if
that
is 100%. Another area to check is the time on the DC to see if it's
sync
with it's partners.
Diane
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rittenhouse,
Cindy
Sent: Friday, August 29, 2003 7:51 PM
To: '[EMAIL PROTECTED]'
results from repadmin look fine, server is running SP4
C:\Documents and Settings\Administrator.LC_POLICE>repadmin /showreps
ecpdc
EastCocalicoPD\ECPDC DSA Options : IS_GC objectGuid :
261bdbfc-59ef-4aa8-b087-36fe5e363e9f
invocationID: 9f91ded7-35c3-47a9-a30f-312f51da6f3a
==== INBOUND NEIGHBORS ======================================
DC=police,DC=lancco,DC=pa,DC=us
Default-First-Site-Name\PSDC1 via RPC
objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9
Last attempt @ 2003-08-29 22:42.22 was successful.
CN=Schema,CN=Configuration,DC=LANCCO,DC=ROOT
Default-First-Site-Name\PSDC1 via RPC
objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9
Last attempt @ 2003-08-29 22:42.22 was successful.
CN=Configuration,DC=LANCCO,DC=ROOT
Default-First-Site-Name\PSDC1 via RPC
objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9
Last attempt @ 2003-08-29 22:42.22 was successful.
DC=LANCCO,DC=ROOT
Default-First-Site-Name\PSDC1 via RPC
objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9
Last attempt @ 2003-08-29 22:42.22 was successful.
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
-----Original Message-----
From: Joe [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 29, 2003 5:28 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
This is probably a silly question, but you have applied all of the
latest
SP's and hotfixes correct and this machine isn't sitting at like
SP1 or something? There are a ton of fixes for FRS out there. Other than
that I would be looking at DNS very carefully and also checking regular
replication (repadmin /showreps) to make sure that was working as well.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rittenhouse,
Cindy
Sent: Friday, August 29, 2003 10:33 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] sysvol not replicating
Two days ago a consulting firm upgraded a BDC at a remote location to
Windows 2000. After the upgrade users had all types of trouble
connecting.
It seems the sysvol is not replicating because the
Do_Not_Remove_NtFrs_PreInstall_Directory, Policies directory, and
Scripts
directory do not exist on the remote server in either the sysvol\domain
or
the sysvol\sysvol directory. The rest of AD seems to be replicating
fine.
Can I simply copy those directories from one of my DCs to the DC in the
remote location? Thanks
Cynthia Rittenhouse MCSE,CCNA
LAN Administrator
County of Lancaster
Lancaster, PA 17602
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Title: RE: [ActiveDir] sysvol not replicating
I read
the article, but there is currently 1.87 GB of free space on volume C, the
pagefile is located on volume D. I just got Sonar installed and running. Maybe
it will shed a brighter light on the problem. I've been up to my eyeballs in FRS
documentation, but I haven't come up with a solution. I found the previous
reference to null account in the ntfrsapi.log, but it was successfully resolved
to ECPDC.
- RE: [ActiveDir] sysvol not replicating Dennis Schut
- Re: [ActiveDir] sysvol not replicating Jan Wilson
- RE: [ActiveDir] sysvol not replicating Rick Kingslan
- RE: [ActiveDir] sysvol not replic... Siddharth Sawkar
- RE: [ActiveDir] sysvol not replicating Rick Kingslan
- RE: [ActiveDir] sysvol not replicating Joe
- RE: [ActiveDir] sysvol not replicating James_Day
- RE: [ActiveDir] sysvol not replicating Rittenhouse, Cindy
- RE: [ActiveDir] sysvol not replicating Rittenhouse, Cindy
- RE: [ActiveDir] sysvol not replicating Rittenhouse, Cindy
- RE: [ActiveDir] sysvol not replic... Siddharth Sawkar
- Re: [ActiveDir] sysvol not replic... Graham Turner
- Re: [ActiveDir] sysvol not re... Siddharth Sawkar
- RE: [ActiveDir] sysvol not replic... Dean Wells
- RE: [ActiveDir] sysvol not replicating Rittenhouse, Cindy
- RE: [ActiveDir] sysvol not replicating GRILLENMEIER,GUIDO (HP-Germany,ex1)
- RE: [ActiveDir] sysvol not replicating Rittenhouse, Cindy
- RE: [ActiveDir] sysvol not replicating Dennis Schut
