New DC does not share SYSVOL and NETLOGON
hello.
i have home lab ad domain called tnx.cz. have single dc called dc02 (windows server 2012). needed install new dc called dc03 (windows server 2012). have done many time, never run trouble. time went ok, @ end new dc03 not sharing netlogon , sysvol. replication worked according repadmin. dns working, new server serving clients ok. when shutdown old dc02, domain stopped working. instead of network called tnx.cz computers showed network 2 or this. have removed dc03 (moved fsmo back, done correct demotion, uninstalled od adds, dns) , started again. before started adding new dc, have walked through dns , checked every single record in whole tree. have ran bpa adds , dns before installing. no significant errors or warnings. (not counting warnings have single dc, or should use localhost dns server in tcpip settings on dc, not first.) have used windows server 2012 r2 time installation of new dc, result same.
replications seem working.
results of repadmin /showrepl dc02:
c:\users\administrator.tnx>repadmin /showrepl
repadmin: running command /showrepl against full dc localhost
home\dc02
dsa options: is_gc
site options: (none)
dsa object guid: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
dsa invocationid: bceb8b7d-f5e7-45ee-b5fd-f36b9c601d37
==== inbound neighbors ======================================
dc=tnx,dc=cz
home\dc03 via rpc
dsa object guid: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
last attempt @ 2013-12-03 09:56:52 successful.
cn=configuration,dc=tnx,dc=cz
home\dc03 via rpc
dsa object guid: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
last attempt @ 2013-12-03 09:56:52 successful.
cn=schema,cn=configuration,dc=tnx,dc=cz
home\dc03 via rpc
dsa object guid: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
last attempt @ 2013-12-03 09:56:52 successful.
dc=forestdnszones,dc=tnx,dc=cz
home\dc03 via rpc
dsa object guid: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
last attempt @ 2013-12-03 09:56:52 successful.
dc=domaindnszones,dc=tnx,dc=cz
home\dc03 via rpc
dsa object guid: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
last attempt @ 2013-12-03 09:56:52 successful.
results of repadmin /showrepl dc03:
c:\users\administrator.tnx>repadmin /showrepl
repadmin: running command /showrepl against full dc localhost
home\dc03
dsa options: is_gc
site options: (none)
dsa object guid: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
dsa invocationid: cb1960e2-9fed-45d5-8539-bad3bbca3981
==== inbound neighbors ======================================
dc=tnx,dc=cz
home\dc02 via rpc
dsa object guid: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
last attempt @ 2013-12-03 10:25:56 successful.
cn=configuration,dc=tnx,dc=cz
home\dc02 via rpc
dsa object guid: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
last attempt @ 2013-12-03 09:50:00 successful.
cn=schema,cn=configuration,dc=tnx,dc=cz
home\dc02 via rpc
dsa object guid: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
last attempt @ 2013-12-03 09:50:00 successful.
dc=forestdnszones,dc=tnx,dc=cz
home\dc02 via rpc
dsa object guid: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
last attempt @ 2013-12-03 09:50:00 successful.
dc=domaindnszones,dc=tnx,dc=cz
home\dc02 via rpc
dsa object guid: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
last attempt @ 2013-12-03 09:50:00 successful.
but dcdiag shows errors.
dcdiag dc02:
directory server diagnosis
performing initial setup:
trying find home server...
home server = dc02
* identified ad forest.
done gathering initial info.
doing initial required tests
testing server: home\dc02
starting test: connectivity
......................... dc02 passed test connectivity
doing primary tests
testing server: home\dc02
starting test: advertising
......................... dc02 passed test advertising
starting test: frsevent
......................... dc02 passed test frsevent
starting test: dfsrevent
there warning or error events within last 24 hours after the
sysvol has been shared. failing sysvol replication problems may cause
group policy problems.
......................... dc02 failed test dfsrevent
starting test: sysvolcheck
......................... dc02 passed test sysvolcheck
starting test: kccevent
......................... dc02 passed test kccevent
starting test: knowsofroleholders
......................... dc02 passed test knowsofroleholders
starting test: machineaccount
......................... dc02 passed test machineaccount
starting test: ncsecdesc
......................... dc02 passed test ncsecdesc
starting test: netlogons
......................... dc02 passed test netlogons
starting test: objectsreplicated
......................... dc02 passed test objectsreplicated
starting test: replications
......................... dc02 passed test replications
starting test: ridmanager
......................... dc02 passed test ridmanager
starting test: services
......................... dc02 passed test services
starting test: systemlog
......................... dc02 passed test systemlog
starting test: verifyreferences
......................... dc02 passed test verifyreferences
running partition tests on : domaindnszones
starting test: checksdrefdom
......................... domaindnszones passed test checksdrefdom
starting test: crossrefvalidation
......................... domaindnszones passed test
crossrefvalidation
running partition tests on : forestdnszones
starting test: checksdrefdom
......................... forestdnszones passed test checksdrefdom
starting test: crossrefvalidation
......................... forestdnszones passed test
crossrefvalidation
running partition tests on : schema
starting test: checksdrefdom
......................... schema passed test checksdrefdom
starting test: crossrefvalidation
......................... schema passed test crossrefvalidation
running partition tests on : configuration
starting test: checksdrefdom
......................... configuration passed test checksdrefdom
starting test: crossrefvalidation
......................... configuration passed test crossrefvalidation
running partition tests on : tnx
starting test: checksdrefdom
......................... tnx passed test checksdrefdom
starting test: crossrefvalidation
......................... tnx passed test crossrefvalidation
running enterprise tests on : tnx.cz
starting test: locatorcheck
......................... tnx.cz passed test locatorcheck
starting test: intersite
......................... tnx.cz passed test intersite
dcdiag dc03:
directory server diagnosis
performing initial setup:
trying find home server...
home server = dc03
* identified ad forest.
done gathering initial info.
doing initial required tests
testing server: home\dc03
starting test: connectivity
......................... dc03 passed test connectivity
doing primary tests
testing server: home\dc03
starting test: advertising
warning: dsgetdcname returned information \\dc02.tnx.cz, when we
trying reach dc03.
server not responding or not considered suitable.
......................... dc03 failed test advertising
starting test: frsevent
......................... dc03 passed test frsevent
starting test: dfsrevent
there warning or error events within last 24 hours after the
sysvol has been shared. failing sysvol replication problems may cause
group policy problems.
......................... dc03 failed test dfsrevent
starting test: sysvolcheck
......................... dc03 passed test sysvolcheck
starting test: kccevent
......................... dc03 passed test kccevent
starting test: knowsofroleholders
......................... dc03 passed test knowsofroleholders
starting test: machineaccount
......................... dc03 passed test machineaccount
starting test: ncsecdesc
......................... dc03 passed test ncsecdesc
starting test: netlogons
unable connect netlogon share! (\\dc03\netlogon)
[dc03] net use or lsapolicy operation failed error 67,
network name cannot found..
......................... dc03 failed test netlogons
starting test: objectsreplicated
......................... dc03 passed test objectsreplicated
starting test: replications
......................... dc03 passed test replications
starting test: ridmanager
......................... dc03 passed test ridmanager
starting test: services
dfsr service stopped on [dc03]
......................... dc03 failed test services
starting test: systemlog
......................... dc03 passed test systemlog
starting test: verifyreferences
......................... dc03 passed test verifyreferences
running partition tests on : domaindnszones
starting test: checksdrefdom
......................... domaindnszones passed test checksdrefdom
starting test: crossrefvalidation
......................... domaindnszones passed test
crossrefvalidation
running partition tests on : forestdnszones
starting test: checksdrefdom
......................... forestdnszones passed test checksdrefdom
starting test: crossrefvalidation
......................... forestdnszones passed test
crossrefvalidation
running partition tests on : schema
starting test: checksdrefdom
......................... schema passed test checksdrefdom
starting test: crossrefvalidation
......................... schema passed test crossrefvalidation
running partition tests on : configuration
starting test: checksdrefdom
......................... configuration passed test checksdrefdom
starting test: crossrefvalidation
......................... configuration passed test crossrefvalidation
running partition tests on : tnx
starting test: checksdrefdom
......................... tnx passed test checksdrefdom
starting test: crossrefvalidation
......................... tnx passed test crossrefvalidation
running enterprise tests on : tnx.cz
starting test: locatorcheck
......................... tnx.cz passed test locatorcheck
starting test: intersite
......................... tnx.cz passed test intersite
there warnings , errors in logs, quite confusing me:
-----
there error on dc03 in dfs replication log:
the dfs replication service initialized sysvol @ local path c:\windows\sysvol\domain , waiting perform initial replication. replicated folder remain in initial synchronization state until has replicated partner dc02.tnx.cz. if server in process of being promoted domain controller, domain controller not advertise , function domain controller until issue resolved. can occur if specified partner in initial synchronization state, or if sharing violations encountered on server or sync partner. if event occurred during migration of sysvol file replication service (frs) dfs replication, changes not replicate out until issue resolved. can cause sysvol folder on server become out of sync other domain controllers.
additional information:
replicated folder name: sysvol share
replicated folder id: 5c759754-f9f4-4eda-b262-b2e86bf6487f
replication group name: domain system volume
replication group id: cb8e010a-2891-495e-b1d5-c8128b4eaa52
member id: fa76f872-92c5-454b-875b-ca1a1df414fe
read-only: 0
-----
later there information in dfs replication log saying:
the dfs replication service established inbound connection partner dc02 replication group domain system volume.
additional information:
connection address used: dc02.tnx.cz
connection id: cb8e010a-2891-495e-b1d5-c8128b4eaa52
replication group id: 106fa20d-096b-4c4c-87c9-5f58355b7165
-----
dns server log on dc03 says:
the dns server has finished background loading , signing of zones. zones available dns updates , zone transfers, allowed individual zone configuration.
-----
on dc02:
error in dfs replication log:
the dfs replication service stopped replication on folder following local path: c:\windows\sysvol\domain. server has been disconnected other partners 362 days, longer time allowed maxofflinetimeindays parameter (60). dfs replication considers data in folder stale, , server not replicate folder until error corrected.
resume replication of folder, use dfs management snap-in remove server replication group, , add group. causes server perform initial synchronization task, replaces stale data fresh data other members of replication group.
additional information:
error: 9061 (the replicated folder has been offline long.)
replicated folder name: sysvol share
replicated folder id: 5c759754-f9f4-4eda-b262-b2e86bf6487f
replication group name: domain system volume
replication group id: 106fa20d-096b-4c4c-87c9-5f58355b7165
member id: 0fbb30b0-d9c5-401a-897e-2129d3230429
-----
later information in dfs replication log:
the dfs replication service has detected @ least 1 connection configured replication group domain system volume.
additional information:
replication group id: 106fa20d-096b-4c4c-87c9-5f58355b7165
member id: 0fbb30b0-d9c5-401a-897e-2129d3230429
-----
there information in log describing should do. "to resume replication of folder, use dfs management snap-in remove server replication group, , add group. causes server perform initial synchronization task, replaces stale data fresh data other members of replication group. " not have dns management snapin in dc mmc. should install continue? error relevant in case? not understand why says disconnected replication when dc in domain.
can advice, please?
thank you
best regards
jan kovar
honza@tnx.cz
actually, solved it. due error:
this server has been disconnected other partners 362 days, longer time allowed maxofflinetimeindays parameter (60). dfs replication considers data in folder stale, , server not replicate folder until error corrected.
unfortunatelly advice comes error not usable. not possible remove server dfs replication group in case of sysvol in windows server 2012. have changed time limit 380 allow initial replication.
wmic.exe /namespace:\\root\microsoftdfs path dfsrmachineconfig set maxofflinetimeindays=380
and restarted dfsr service.
then replicated , works. dcdiag clean.
Windows Server > Directory Services
Comments
Post a Comment