From: Joe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 07:20
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
Rick, LOL. Always good to walk through the basics before running to the advanced stuff. Plus I always like to troubleshoot EVERYTHING else before FRS because I HATE troubleshooting FRS so I was right there with you Rick. All I wanted was to know that normal AD replicationw as working both ways, if that is the case most if not all of the of the underpinning issues could be ruled out.On the TS thing, I swear Alex A. (TS MVP) once published something on how to remotely install Admin TS mode on a W2K machine. If necessary we can grab him and get the details. That would save having to get someone involved.Cindy, before I did travel (unless it was someplace nice like Hawaii or London or Aruba or something) I would take this upgraded machine, demote it if it would let me, have someone wipe its partitions and start over with a fresh load of W2K versus using an upgrade.joe-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, September 01, 2003 10:29 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicatingCindy,Not that Dennis is not making sense (he is) but here is where the information is documented that he is relaying to you - and it's good to know regardless.http://support.microsoft.com/default.aspx?kbid=296951 (I had to fid it because inquiring minds need to know..... I needed to understand to the next level what was going on here. Now I've been reminded.)Now that much of the DNS troubleshooting is out of the way, it's time to move to FRS. Kudos to those who started there. Me, I had to get the 'Server not found' thing out of the way.You've gotten some good information already on the FRS related issues, but kicking the log into verbose debug mode is going to help tremendously - as it's going to eliminate this possibility, which by all accounts should have been fixed via SP3. (Props to Joe, Deji, Siddharth)And, as to the travel - can someone not install TS on that server for you (if it's not already)? I'd think the prudent move would be to exhaust all possibilities before traveling there. Much of what might need to be done can be done from your desk - not the console.Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, Cindy
Sent: Monday, September 01, 2003 7:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] sysvol not replicatingYes, the GUID._MSDCS.domain name is present in the Lancco.root zone. The "Replica Set Parent" is PSDC1.police.lancco.pa.us. Is there a way to check for the SID mismatch? I am hoping to download the ADDiag scripts when I get back in the office tomorrow and my crystal ball tells me there is going to be a road trip in my very near future (like Wednesday).-----Original Message-----
From: Dennis Schut [mailto:[EMAIL PROTECTED]
Sent: Monday, September 01, 2003 3:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicatingOkay, this sounds okay, regarding TCP, UDP LDAP, Kerberos and Kpasswd records. is there also a GUID._MSDCS.Domain Name present?Can you check if the following Reg key is present HKLM\SYSTEM\CurrentControlSet\Services\NTFRS\"Replica Set Parent", and check if the correct data is present in this key?This is because during the promotion of replica DCs to an Active Directory domain, a registry key (Replica Set Parent), under the NTFRS section of the registry is populated with the name of the DC that is used to source the Active Directory. FRS uses this key to source the SYSVOL share. Initial SYSVOL replication occurs following the reboot after promotion.
Because of a faulty compare of the Microsoft Windows NT 4.0-style domain name that is returned by DsCrackNames and the server principle name that is returned by RpcMgmtInqServerPrincName, FRS fails to join the volatile connection. This results in a delay to share out sysvols after the promotion.
The reason that the new replica DC is not joining with the existing DC is because of an SID mismatch. The SID from the RPC call from replica to source DC is known, but the SID that the source DC gets by calling DsCrackName is <unknown> or NULL.Regards,Dennis Schut MSCA, MCSAS, MCSA2K3, MCSE, MCSES, MCSE2K3
Technical Consultant
From: [EMAIL PROTECTED] on behalf of Rittenhouse, Cindy
Sent: Mon 01-Sep-03 00:57
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] sysvol not replicatingI agree, it certainly sounds like it could be DNS related, but it appears
that all SRV records are present. ECPDC registered itself in
_msdcs/dc/_sites/eastcocalicopd/tcp/kerberos (port88) and ldap(port 389), in
_msdcs/dc/_tcp/_kerberos and _ldap, in _sites/eastcocalicopd/_tcp/_kerberos
and _ldap, in _tcp/_kerberos, _kpasswd, and _ldap, and in _udp/_kerberos and
_kpasswd. It registered and A record as ECPDC and an A record (same as
parent folder). We do not use AD integrated DNS. All servers involved are
pointed to the DNS server that is authoratative for the zone. I deleted the
A record, did an ipconfig /registerdns, and the server registers without
problem. There is a ptr record for the server in the reverse lookup zone. I
can map from PSDC1 to any point on ECPDC and vice versa. I can do an
NSLOOKUP from either server. If the problem is DNS, I just don't see it.
I have not configured any static port mappings.
The only noteworthy item in the DNS event log is : The DNS server has
encountered numerous run-time events. These are usually caused by the
reception of bad or unexpected packets, or from problems with or excessive
replication traffic. The data is the number of suppressed events
encountered in the last 15 minute interval.
-----Original Message-----
From: Dennis Schut [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 31, 2003 3:15 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
Can happen Rick, the same hear... that's why checking and rechecking of
documentation is always fun....
Diane, I have to agree with Rick, that the problem can be related to
registration of DNS SRV records, it is advisable to check if all the SRV
and other records are all registered correctly in the _MSDCS zone or the
appropriate domain DNS zone.
What kind of records are you registering in DNS, domain & AtSite related
records, or only the AtSite records ("DnsAvoidRegisterRecords" reg key)?
Are you using a static port mapping for RPC based AD replication?
Regards,
Dennis Schut MSCA, MCSAS, MCSA2K3, MCSE, MCSES, MCSE2K3
Technical Consultant
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rick Kingslan
Sent: Sunday, August 31, 2003 00:40
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
My apologies to Dennis Schut (Read NOT *Shutts*). I have a co-worker
Deb
Shutts, and apparently my fingers got ahead of my brain. But, that
happens
a bunch - regardless if it's here, a NG, or just in a document. :-)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rick Kingslan
Sent: Saturday, August 30, 2003 5:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
Diane,
I have to agree that there is something going on here. Dennis Shutts
tried
to get the ADDiag scripts (if you haven't seen it - but I know you, you
likely have) to her to run on her system. It's the same tools that PSS
will
have you run on your system to gather all of the information necessary
to
diagnose this type of issue.
I suspect that there is a DNS problem as the SYSVOL share and the
NETLOGON
share will not be published until all conditions are correct. And, the
primary indicator is that failure in the NETDIAG log that you pointed
out.
Cindy, leave the FRS issues alone for a bit until the DNS problems are
resolved on all servers. It might be only one, or might be all of them.
Check your DNS and SYSTEM event logs.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Diane Ayers
Sent: Saturday, August 30, 2003 11:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
Do you have all the necessary SRV records for this server in DNS? Your
Dcdiag run had this error:
test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for
\\psdc1.police.lancco.pa.us, when we were trying to reach ECPDC.
Server is not responding or is not considered suitable.
......................... ECPDC failed
DsGetDcName is failing. I'd look at the SRV records in DNS to see if
that
is 100%. Another area to check is the time on the DC to see if it's
sync
with it's partners.
Diane
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rittenhouse,
Cindy
Sent: Friday, August 29, 2003 7:51 PM
To: '[EMAIL PROTECTED]'
results from repadmin look fine, server is running SP4
C:\Documents and Settings\Administrator.LC_POLICE>repadmin /showreps
ecpdc
EastCocalicoPD\ECPDC DSA Options : IS_GC objectGuid :
261bdbfc-59ef-4aa8-b087-36fe5e363e9f
invocationID: 9f91ded7-35c3-47a9-a30f-312f51da6f3a
==== INBOUND NEIGHBORS ======================================
DC=police,DC=lancco,DC=pa,DC=us
Default-First-Site-Name\PSDC1 via RPC
objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9
Last attempt @ 2003-08-29 22:42.22 was successful.
CN=Schema,CN=Configuration,DC=LANCCO,DC=ROOT
Default-First-Site-Name\PSDC1 via RPC
objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9
Last attempt @ 2003-08-29 22:42.22 was successful.
CN=Configuration,DC=LANCCO,DC=ROOT
Default-First-Site-Name\PSDC1 via RPC
objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9
Last attempt @ 2003-08-29 22:42.22 was successful.
DC=LANCCO,DC=ROOT
Default-First-Site-Name\PSDC1 via RPC
objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9
Last attempt @ 2003-08-29 22:42.22 was successful.
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
-----Original Message-----
From: Joe [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 29, 2003 5:28 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] sysvol not replicating
This is probably a silly question, but you have applied all of the
latest
SP's and hotfixes correct and this machine isn't sitting at like
SP1 or something? There are a ton of fixes for FRS out there. Other than
that I would be looking at DNS very carefully and also checking regular
replication (repadmin /showreps) to make sure that was working as well.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rittenhouse,
Cindy
Sent: Friday, August 29, 2003 10:33 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] sysvol not replicating
Two days ago a consulting firm upgraded a BDC at a remote location to
Windows 2000. After the upgrade users had all types of trouble
connecting.
It seems the sysvol is not replicating because the
Do_Not_Remove_NtFrs_PreInstall_Directory, Policies directory, and
Scripts
directory do not exist on the remote server in either the sysvol\domain
or
the sysvol\sysvol directory. The rest of AD seems to be replicating
fine.
Can I simply copy those directories from one of my DCs to the DC in the
remote location? Thanks
Cynthia Rittenhouse MCSE,CCNA
LAN Administrator
County of Lancaster
Lancaster, PA 17602
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
