Apologies, but I was told it had been made public already, but I'm a few weeks early. A PSS contact should be able to hook you up if you need it.
/Siddharth On Wed, 3 Sep 2003, Graham Turner wrote: > where do we find FRSdiag ?? > > GT > ----- Original Message ----- > From: "Rittenhouse, Cindy" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, September 02, 2003 8:32 PM > Subject: RE: [ActiveDir] sysvol not replicating > > > > I'm sorry, but I'm having trouble locating FRSDiag. > > > > -----Original Message----- > > From: Siddharth Sawkar [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, September 02, 2003 00:43 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > Adding to this nice proactive information, the first thing PSS will want > > from you during an FRS case is a complete output of FRSDiag run against > > all the DC's in your environment (usually). Leave the defaults, select > > all the servers and hit Go! Send all your cab files and sit back :) > > > > /Siddharth > > > > On Mon, 1 Sep 2003, Rick Kingslan wrote: > > > > > And, just because the cool info keeps coming: > > > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;312862 > > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;296183 > > > > > > Also, for those following along - look to the NTFRS Management Pack for > a > > > little-known monitoring interface for resolving issues with FRS and Dfs > > > called 'Sonar'. Can be gotten here: > > > > > > > http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/sonar-o.asp > > > > > > Enjoy! > > > > > > Rick Kingslan MCSE, MCSA, MCT > > > Microsoft MVP - Active Directory > > > Associate Expert > > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > > > > _____ > > > > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, > > Cindy > > > Sent: Monday, September 01, 2003 7:13 PM > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > > > > Yes, the GUID._MSDCS.domain name is present in the Lancco.root zone. The > > > "Replica Set Parent" is PSDC1.police.lancco.pa.us. Is there a way to > check > > > for the SID mismatch? I am hoping to download the ADDiag scripts when I > > get > > > back in the office tomorrow and my crystal ball tells me there is going > to > > > be a road trip in my very near future (like Wednesday). > > > > > > -----Original Message----- > > > From: Dennis Schut [mailto:[EMAIL PROTECTED] > > > Sent: Monday, September 01, 2003 3:37 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > > > > Okay, this sounds okay, regarding TCP, UDP LDAP, Kerberos and Kpasswd > > > records. is there also a GUID._MSDCS.Domain Name present? > > > > > > Can you check if the following Reg key is present > > > HKLM\SYSTEM\CurrentControlSet\Services\NTFRS\"Replica Set Parent", and > > check > > > if the correct data is present in this key? > > > > > > This is because during the promotion of replica DCs to an Active > Directory > > > domain, a registry key (Replica Set Parent), under the NTFRS section of > > the > > > registry is populated with the name of the DC that is used to source the > > > Active Directory. FRS uses this key to source the SYSVOL share. Initial > > > SYSVOL replication occurs following the reboot after promotion. > > > > > > Because of a faulty compare of the Microsoft Windows NT 4.0-style domain > > > name that is returned by DsCrackNames and the server principle name that > > is > > > returned by RpcMgmtInqServerPrincName, FRS fails to join the volatile > > > connection. This results in a delay to share out sysvols after the > > > promotion. > > > > > > The reason that the new replica DC is not joining with the existing DC > is > > > because of an SID mismatch. The SID from the RPC call from replica to > > source > > > DC is known, but the SID that the source DC gets by calling DsCrackName > is > > > <unknown> or NULL. > > > > > > Regards, > > > > > > Dennis Schut MSCA, MCSAS, MCSA2K3, MCSE, MCSES, MCSE2K3 > > > Technical Consultant > > > _____ > > > > > > From: [EMAIL PROTECTED] on behalf of Rittenhouse, Cindy > > > Sent: Mon 01-Sep-03 00:57 > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > > > > > > > I agree, it certainly sounds like it could be DNS related, but it > appears > > > that all SRV records are present. ECPDC registered itself in > > > _msdcs/dc/_sites/eastcocalicopd/tcp/kerberos (port88) and ldap(port > 389), > > in > > > _msdcs/dc/_tcp/_kerberos and _ldap, in > > _sites/eastcocalicopd/_tcp/_kerberos > > > and _ldap, in _tcp/_kerberos, _kpasswd, and _ldap, and in _udp/_kerberos > > and > > > _kpasswd. It registered and A record as ECPDC and an A record (same as > > > parent folder). We do not use AD integrated DNS. All servers involved > are > > > pointed to the DNS server that is authoratative for the zone. I deleted > > the > > > A record, did an ipconfig /registerdns, and the server registers without > > > problem. There is a ptr record for the server in the reverse lookup > zone. > > I > > > can map from PSDC1 to any point on ECPDC and vice versa. I can do an > > > NSLOOKUP from either server. If the problem is DNS, I just don't see it. > > > I have not configured any static port mappings. > > > The only noteworthy item in the DNS event log is : The DNS server has > > > encountered numerous run-time events. These are usually caused by the > > > reception of bad or unexpected packets, or from problems with or > excessive > > > replication traffic. The data is the number of suppressed events > > > encountered in the last 15 minute interval. > > > > > > > > > > > > -----Original Message----- > > > From: Dennis Schut [mailto:[EMAIL PROTECTED] > > > Sent: Sunday, August 31, 2003 3:15 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > > > > Can happen Rick, the same hear... that's why checking and rechecking of > > > documentation is always fun.... > > > > > > Diane, I have to agree with Rick, that the problem can be related to > > > registration of DNS SRV records, it is advisable to check if all the SRV > > > and other records are all registered correctly in the _MSDCS zone or the > > > appropriate domain DNS zone. > > > > > > What kind of records are you registering in DNS, domain & AtSite related > > > records, or only the AtSite records ("DnsAvoidRegisterRecords" reg key)? > > > > > > Are you using a static port mapping for RPC based AD replication? > > > > > > Regards, > > > > > > Dennis Schut MSCA, MCSAS, MCSA2K3, MCSE, MCSES, MCSE2K3 > > > Technical Consultant > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > > > Sent: Sunday, August 31, 2003 00:40 > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > My apologies to Dennis Schut (Read NOT *Shutts*). I have a co-worker > > > Deb > > > Shutts, and apparently my fingers got ahead of my brain. But, that > > > happens > > > a bunch - regardless if it's here, a NG, or just in a document. :-) > > > > > > Rick Kingslan MCSE, MCSA, MCT > > > Microsoft MVP - Active Directory > > > Associate Expert > > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > > > Sent: Saturday, August 30, 2003 5:06 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > Diane, > > > > > > I have to agree that there is something going on here. Dennis Shutts > > > tried > > > to get the ADDiag scripts (if you haven't seen it - but I know you, you > > > likely have) to her to run on her system. It's the same tools that PSS > > > will > > > have you run on your system to gather all of the information necessary > > > to > > > diagnose this type of issue. > > > > > > I suspect that there is a DNS problem as the SYSVOL share and the > > > NETLOGON > > > share will not be published until all conditions are correct. And, the > > > primary indicator is that failure in the NETDIAG log that you pointed > > > out. > > > > > > Cindy, leave the FRS issues alone for a bit until the DNS problems are > > > resolved on all servers. It might be only one, or might be all of them. > > > Check your DNS and SYSTEM event logs. > > > > > > Rick Kingslan MCSE, MCSA, MCT > > > Microsoft MVP - Active Directory > > > Associate Expert > > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Diane Ayers > > > Sent: Saturday, August 30, 2003 11:49 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > Do you have all the necessary SRV records for this server in DNS? Your > > > Dcdiag run had this error: > > > > > > test NetLogons > > > Starting test: Advertising > > > Warning: DsGetDcName returned information for > > > \\psdc1.police.lancco.pa.us, when we were trying to reach ECPDC. > > > Server is not responding or is not considered suitable. > > > ......................... ECPDC failed > > > > > > DsGetDcName is failing. I'd look at the SRV records in DNS to see if > > > that > > > is 100%. Another area to check is the time on the DC to see if it's > > > sync > > > with it's partners. > > > > > > Diane > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, > > > Cindy > > > Sent: Friday, August 29, 2003 7:51 PM > > > To: '[EMAIL PROTECTED]' > > > > > > results from repadmin look fine, server is running SP4 > > > > > > > > > C:\Documents and Settings\Administrator.LC_POLICE>repadmin /showreps > > > ecpdc > > > EastCocalicoPD\ECPDC DSA Options : IS_GC objectGuid : > > > 261bdbfc-59ef-4aa8-b087-36fe5e363e9f > > > invocationID: 9f91ded7-35c3-47a9-a30f-312f51da6f3a > > > > > > ==== INBOUND NEIGHBORS ====================================== > > > > > > DC=police,DC=lancco,DC=pa,DC=us > > > Default-First-Site-Name\PSDC1 via RPC > > > objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9 > > > Last attempt @ 2003-08-29 22:42.22 was successful. > > > > > > CN=Schema,CN=Configuration,DC=LANCCO,DC=ROOT > > > Default-First-Site-Name\PSDC1 via RPC > > > objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9 > > > Last attempt @ 2003-08-29 22:42.22 was successful. > > > > > > CN=Configuration,DC=LANCCO,DC=ROOT > > > Default-First-Site-Name\PSDC1 via RPC > > > objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9 > > > Last attempt @ 2003-08-29 22:42.22 was successful. > > > > > > DC=LANCCO,DC=ROOT > > > Default-First-Site-Name\PSDC1 via RPC > > > objectGuid: 01dd65d5-caee-4e09-8cb3-85a7d4642ae9 > > > Last attempt @ 2003-08-29 22:42.22 was successful. > > > > > > ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============ > > > > > > -----Original Message----- > > > From: Joe [mailto:[EMAIL PROTECTED] > > > Sent: Friday, August 29, 2003 5:28 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] sysvol not replicating > > > > > > > > > This is probably a silly question, but you have applied all of the > > > latest > > > SP's and hotfixes correct and this machine isn't sitting at like > > > SP1 or something? There are a ton of fixes for FRS out there. Other than > > > that I would be looking at DNS very carefully and also checking regular > > > replication (repadmin /showreps) to make sure that was working as well. > > > > > > joe > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, > > > Cindy > > > Sent: Friday, August 29, 2003 10:33 AM > > > To: [EMAIL PROTECTED] > > > Subject: [ActiveDir] sysvol not replicating > > > > > > > > > Two days ago a consulting firm upgraded a BDC at a remote location to > > > Windows 2000. After the upgrade users had all types of trouble > > > connecting. > > > It seems the sysvol is not replicating because the > > > Do_Not_Remove_NtFrs_PreInstall_Directory, Policies directory, and > > > Scripts > > > directory do not exist on the remote server in either the sysvol\domain > > > or > > > the sysvol\sysvol directory. The rest of AD seems to be replicating > > > fine. > > > Can I simply copy those directories from one of my DCs to the DC in the > > > remote location? Thanks > > > > > > Cynthia Rittenhouse MCSE,CCNA > > > LAN Administrator > > > County of Lancaster > > > Lancaster, PA 17602 > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
