I just emailed it to you from my MS account. /Siddharth
On Tue, 2 Sep 2003, Rittenhouse, Cindy wrote: > I'm sorry, but I'm having trouble locating FRSDiag. > > -----Original Message----- > From: Siddharth Sawkar [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 02, 2003 00:43 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] sysvol not replicating > > > Adding to this nice proactive information, the first thing PSS will want > from you during an FRS case is a complete output of FRSDiag run against > all the DC's in your environment (usually). Leave the defaults, select > all the servers and hit Go! Send all your cab files and sit back :) > > /Siddharth > > On Mon, 1 Sep 2003, Rick Kingslan wrote: > > > And, just because the cool info keeps coming: > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;312862 > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;296183 > > > > Also, for those following along - look to the NTFRS Management Pack for a > > little-known monitoring interface for resolving issues with FRS and Dfs > > called 'Sonar'. Can be gotten here: > > > > http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/sonar-o.asp > > > > Enjoy! > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > _____ > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, > Cindy > > Sent: Monday, September 01, 2003 7:13 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > Yes, the GUID._MSDCS.domain name is present in the Lancco.root zone. The > > "Replica Set Parent" is PSDC1.police.lancco.pa.us. Is there a way to check > > for the SID mismatch? I am hoping to download the ADDiag scripts when I > get > > back in the office tomorrow and my crystal ball tells me there is going to > > be a road trip in my very near future (like Wednesday). > > > > -----Original Message----- > > From: Dennis Schut [mailto:[EMAIL PROTECTED] > > Sent: Monday, September 01, 2003 3:37 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > Okay, this sounds okay, regarding TCP, UDP LDAP, Kerberos and Kpasswd > > records. is there also a GUID._MSDCS.Domain Name present? > > > > Can you check if the following Reg key is present > > HKLM\SYSTEM\CurrentControlSet\Services\NTFRS\"Replica Set Parent", and > check > > if the correct data is present in this key? > > > > This is because during the promotion of replica DCs to an Active Directory > > domain, a registry key (Replica Set Parent), under the NTFRS section of > the > > registry is populated with the name of the DC that is used to source the > > Active Directory. FRS uses this key to source the SYSVOL share. Initial > > SYSVOL replication occurs following the reboot after promotion. > > > > Because of a faulty compare of the Microsoft Windows NT 4.0-style domain > > name that is returned by DsCrackNames and the server principle name that > is > > returned by RpcMgmtInqServerPrincName, FRS fails to join the volatile > > connection. This results in a delay to share out sysvols after the > > promotion. > > > > The reason that the new replica DC is not joining with the existing DC is > > because of an SID mismatch. The SID from the RPC call from replica to > source > > DC is known, but the SID that the source DC gets by calling DsCrackName is > > <unknown> or NULL. > > > > Regards, > > > > Dennis Schut MSCA, MCSAS, MCSA2K3, MCSE, MCSES, MCSE2K3 > > Technical Consultant > > _____ > > > > From: [EMAIL PROTECTED] on behalf of Rittenhouse, Cindy > > Sent: Mon 01-Sep-03 00:57 > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > > > I agree, it certainly sounds like it could be DNS related, but it appears > > that all SRV records are present. ECPDC registered itself in > > _msdcs/dc/_sites/eastcocalicopd/tcp/kerberos (port88) and ldap(port 389), > in > > _msdcs/dc/_tcp/_kerberos and _ldap, in > _sites/eastcocalicopd/_tcp/_kerberos > > and _ldap, in _tcp/_kerberos, _kpasswd, and _ldap, and in _udp/_kerberos > and > > _kpasswd. It registered and A record as ECPDC and an A record (same as > > parent folder). We do not use AD integrated DNS. All servers involved are > > pointed to the DNS server that is authoratative for the zone. I deleted > the > > A record, did an ipconfig /registerdns, and the server registers without > > problem. There is a ptr record for the server in the reverse lookup zone. > I > > can map from PSDC1 to any point on ECPDC and vice versa. I can do an > > NSLOOKUP from either server. If the problem is DNS, I just don't see it. > > I have not configured any static port mappings. > > The only noteworthy item in the DNS event log is : The DNS server has > > encountered numerous run-time events. These are usually caused by the > > reception of bad or unexpected packets, or from problems with or excessive > > replication traffic. The data is the number of suppressed events > > encountered in the last 15 minute interval. > > > > > > > > -----Original Message----- > > From: Dennis Schut [mailto:[EMAIL PROTECTED] > > Sent: Sunday, August 31, 2003 3:15 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > Can happen Rick, the same hear... that's why checking and rechecking of > > documentation is always fun.... > > > > Diane, I have to agree with Rick, that the problem can be related to > > registration of DNS SRV records, it is advisable to check if all the SRV > > and other records are all registered correctly in the _MSDCS zone or the > > appropriate domain DNS zone. > > > > What kind of records are you registering in DNS, domain & AtSite related > > records, or only the AtSite records ("DnsAvoidRegisterRecords" reg key)? > > > > Are you using a static port mapping for RPC based AD replication? > > > > Regards, > > > > Dennis Schut MSCA, MCSAS, MCSA2K3, MCSE, MCSES, MCSE2K3 > > Technical Consultant > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > > Sent: Sunday, August 31, 2003 00:40 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] sysvol not replicating > > > > My apologies to Dennis Schut (Read NOT *Shutts*). I have a co-worker > > Deb > > Shutts, and apparently my fingers got ahead of my brain. But, that > > happens > > a bunch - regardless if it's here, a NG, or just in a document. :-) > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > > Sent: Saturday, August 30, 2003 5:06 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] sysvol not replicating > > > > Diane, > > > > I have to agree that there is something going on here. Dennis Shutts > > tried > > to get the ADDiag scripts (if you haven't seen it - but I know you, you > > likely have) to her to run on her system. It's the same tools that PSS > > will > > have you run on your system to gather all of the information necessary > > to > > diagnose this type of issue. > > > > I suspect that there is a DNS problem as the SYSVOL share and the > > NETLOGON > > share will not be published until all conditions are correct. And, the > > primary indicator is that failure in the NETDIAG log that you pointed > > out. > > > > Cindy, leave the FRS issues alone for a bit until the DNS problems are > > resolved on all servers. It might be only one, or might be all of them. > > Check your DNS and SYSTEM event logs. > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Diane Ayers > > Sent: Saturday, August 30, 2003 11:49 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] sysvol not replicating > > > > Do you have all the necessary SRV records for this server in DNS? Your > > Dcdiag run had this error: > > > > test NetLogons > > Starting test: Advertising > > Warning: DsGetDcName returned information for > > \\psdc1.police.lancco.pa.us, when we were trying to reach ECPDC. > > Server is not responding or is not considered suitable. > > ......................... ECPDC failed > > > > DsGetDcName is failing. I'd look at the SRV records in DNS to see if > > that > > is 100%. Another area to check is the time on the DC to see if it's > > sync > > with it's partners. > > > > Diane > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, > > Cindy > > Sent: Friday, August 29, 2003 7:51 PM > > To: '[EMAIL PROTECTED]' > > > > results from repadmin look fine, server is running SP4 > > > > > > C:\Documents and Settings\Administrator.LC_POLICE>repadmin /showreps > > ecpdc > > EastCocalicoPD\ECPDC DSA Options : IS_GC objectGuid : > > 261bdbfc-59ef-4aa8-b087-36fe5e363e9f > > invocationID: 9f91ded7-35c3-47a9-a30f-312f51da6f3a > > > > ==== INBOUND NEIGHBORS ====================================== > > > > DC=police,DC=lancco,DC=pa,DC=us > > Default-First-Site-Name\PSDC1 via RPC > > objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9 > > Last attempt @ 2003-08-29 22:42.22 was successful. > > > > CN=Schema,CN=Configuration,DC=LANCCO,DC=ROOT > > Default-First-Site-Name\PSDC1 via RPC > > objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9 > > Last attempt @ 2003-08-29 22:42.22 was successful. > > > > CN=Configuration,DC=LANCCO,DC=ROOT > > Default-First-Site-Name\PSDC1 via RPC > > objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9 > > Last attempt @ 2003-08-29 22:42.22 was successful. > > > > DC=LANCCO,DC=ROOT > > Default-First-Site-Name\PSDC1 via RPC > > objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9 > > Last attempt @ 2003-08-29 22:42.22 was successful. > > > > ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============ > > > > -----Original Message----- > > From: Joe [mailto:[EMAIL PROTECTED] > > Sent: Friday, August 29, 2003 5:28 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > This is probably a silly question, but you have applied all of the > > latest > > SP's and hotfixes correct and this machine isn't sitting at like > > SP1 or something? There are a ton of fixes for FRS out there. Other than > > that I would be looking at DNS very carefully and also checking regular > > replication (repadmin /showreps) to make sure that was working as well. > > > > joe > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, > > Cindy > > Sent: Friday, August 29, 2003 10:33 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] sysvol not replicating > > > > > > Two days ago a consulting firm upgraded a BDC at a remote location to > > Windows 2000. After the upgrade users had all types of trouble > > connecting. > > It seems the sysvol is not replicating because the > > Do_Not_Remove_NtFrs_PreInstall_Directory, Policies directory, and > > Scripts > > directory do not exist on the remote server in either the sysvol\domain > > or > > the sysvol\sysvol directory. The rest of AD seems to be replicating > > fine. > > Can I simply copy those directories from one of my DCs to the DC in the > > remote location? Thanks > > > > Cynthia Rittenhouse MCSE,CCNA > > LAN Administrator > > County of Lancaster > > Lancaster, PA 17602 > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
