AD Replication issues, SYSVOL / NETLOGON not replicating
Hello Experts!
We have a client that recently called us for some assistance. The IT department had a new virtual environment stood up. They Created 3 new VMs and promoted them all to domain controllers. The current domain and forest functional levels are (and were) Server
2003. There were two existing domain controllers, both Server 2003. The new domain controllers are Server 2012 R2. After promoting the 3 new servers to DC’s, they demoted one of the old DC’s. Then they transferred FSMO roles to a new 2012 R2 DC. When they
went to demote the last server 2003 DC, it was giving them the error that it is the last DC in the domain. That’s when we were called to assist. I have since demoted 2 of the 3 new 2012 R2 DCs and transferred all FSMO roles back to the Server 2003 DC.
I have been running some tools to try and gather data. Here is the DCDIAG from the last Server 2003 DC:
C:\Documents and Settings\user>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: domainname\server2003server
Starting test: Connectivity
......................... server2003server passed test Connectivity
Doing primary tests
Testing server: domainname\server2003server
Starting test: Replications
......................... server2003server passed test Replications
Starting test: NCSecDesc
......................... server2003server passed test NCSecDesc
Starting test: NetLogons
......................... server2003server passed test NetLogons
Starting test: Advertising
......................... server2003server passed test Advertising
Starting test: KnowsOfRoleHolders
......................... server2003server passed test KnowsOfRoleHolders
Starting test: RidManager
......................... server2003server passed test RidManager
Starting test: MachineAccount
......................... server2003server passed test MachineAccount
Starting test: Services
......................... server2003server passed test Services
Starting test: ObjectsReplicated
......................... server2003server passed test ObjectsReplicated
Starting test: frssysvol
......................... server2003server passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... server2003server failed test frsevent
Starting test: kccevent
......................... server2003server passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000410B
Time Generated: 02/18/2015 19:27:04
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 19:28:22
Event String: Component: System Information Agent
An Error Event occured. EventID: 0xC00110CD
Time Generated: 02/18/2015 19:28:22
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 19:28:22
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0xC0060024
Time Generated: 02/18/2015 19:28:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002720
Time Generated: 02/18/2015 19:32:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 02/18/2015 14:33:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:33:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:33:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410B
Time Generated: 02/18/2015 14:36:18
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 14:38:48
Event String: Component: System Information Agent
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 14:38:48
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0xC4350505
Time Generated: 02/18/2015 14:38:54
Event String: NIC Agent: Connectivity has been lost for the NIC
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:39:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:39:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0xC25A001D
Time Generated: 02/18/2015 14:42:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:42:22
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:42:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 14:48:03
Event String: Component: System Information Agent
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 14:48:03
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 02/18/2015 14:55:30
Event String: The kerberos client received a
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:39
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
......................... server2003server failed test systemlog
Starting test: VerifyReferences
Some objects relating to the DC server2003server have problems:
[1] Problem: Missing Expected Value
Base Object:
CN= server2003server,OU=Domain Controllers,DC=domainname,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN= server2003server,CN=Servers,CN=domainname,CN=Sites,CN=C
onfiguration,DC=domainname,DC=com
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... server2003server failed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domainname
Starting test: CrossRefValidation
......................... domainname passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Running enterprise tests on : domainname.com
Starting test: Intersite
......................... domainname.com passed test Intersite
Starting test: FsmoCheck
......................... domainname.com passed test FsmoCheck
C:\Documents and Settings\user>
Now the DCDIAG for the Server 2012 R2 DC.
2012R2DC
PS C:\Users\user > dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = 2012R2DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: domainname\2012R2DC
Starting test: Connectivity
......................... 2012R2DC
passed test Connectivity
Doing primary tests
Testing server: domainname\2012R2DC
Starting test: Advertising
Warning: DsGetDcName returned information for \\server2003server.domainname.com, when we were trying to reach 2012R2DC.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... 2012R2DC
failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... 2012R2DC
passed test FrsEvent
Starting test: DFSREvent
......................... 2012R2DC passed test DFSREvent
Starting test: SysVolCheck
......................... 2012R2DC passed test SysVolCheck
Starting test: KccEvent
......................... 2012R2DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... 2012R2DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... 2012R2DC passed test MachineAccount
Starting test: NCSecDesc
......................... 2012R2DC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\2012R2DC \netlogon)
[2012R2DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... 2012R2DC failed test NetLogons
Starting test: ObjectsReplicated
......................... 2012R2DC passed test ObjectsReplicated
Starting test: Replications
[Replications Check, 2012R2DC] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105
"Replication access was denied."
......................... 2012R2DC failed test Replications
Starting test: RidManager
......................... 2012R2DC passed test RidManager
Starting test: Services
Could not open NTDS Service on 2012R2DC, error 0x5 "Access is denied."
......................... 2012R2DC failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 02/18/2015 14:39:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/18/2015 14:44:34
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x40000004
Time Generated: 02/18/2015 14:47:09
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server cr-dc3$. The target name used was C
RDC02$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when t
he target server principal name (SPN) is registered on an account other than the account the target service is using. En
sure that the target SPN is only registered on the account used by the server. This error can also happen if the target
service account password is different than what is configured on the Kerberos Key Distribution Center for that target se
rvice. Ensure that the service on the server and the KDC are both configured to use the same password. If the server nam
e is not fully qualified, and the target domain (domainname.COM) is different from the client domain (domainname.COM),
check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify
the server.
......................... 2012R2DC failed test SystemLog
Starting test: VerifyReferences
......................... 2012R2DC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domainname
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domainname passed test CrossRefValidation
Running enterprise tests on : domainname.com
Starting test: LocatorCheck
......................... domainname.com passed test LocatorCheck
Starting test: Intersite
......................... domainname.com passed test Intersite
PS C:\Users\user>
From here I can see SYSVOL and NETLOGON are not replicating from server2003server. When I log on to server2003server and run ‘net share’ the SYSVOL and NETLOGON shares are shared. But, when I do the same on 2012R2DC there are no NETLOGON or SYSVOL shares.
I see ntfrs issues. So I ran ntfrsutl ds on server2003server and the results are here:
C:\Documents and Settings\user>ntfrsutl ds
NTFRS CONFIGURATION IN THE DS
SUBSTITUTE DCINFO FOR DC
FRS DomainControllerName: (null)
Computer Name : SERVER2003SERVER
Computer DNS Name : SERVER2003SERVER.domainname.com
BINDING TO THE DS:
ldap_connect : SERVER2003SERVER.domainname.com
DsBind : SERVER2003SERVER.domainname.com
NAMING CONTEXTS:
SitesDn : CN=Sites,cn=configuration,dc= domainname,dc=com
ServicesDn : CN=Services,cn=configuration,dc= domainname,dc=com
DefaultNcDn: DC= domainname,DC=com
ComputersDn: CN=Computers,DC= domainname,DC=com
DomainCtlDn: OU=Domain Controllers,DC= domainname,DC=com
Fqdn : CN= SERVER2003SERVER,OU=Domain Controllers,DC= domainname,DC=com
Searching : Fqdn
COMPUTER: SERVER2003SERVER
DN : cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : d3cfdf56-a013-40ab-a2e9ffc3d88896bd
UAC : 0x00082000
Server BL : CN= SERVER2003SERVER,CN=Servers,CN=domainname,CN=Sites,CN=Configuration,D
C= SERVER2003SERVER,DC=com
Settings : cn=ntds settings,cn= SERVER2003SERVER,cn=servers,cn= domainname,cn=sites,c
n=configuration,dc= domainname,dc=com
DNS Name : SERVER2003SERVER. domainname.com
WhenCreated : 5/29/2007 10:36:30 Eastern Standard Time Eastern Daylight Time
[300]
WhenChanged : 2/17/2015 11:21:58 Eastern Standard Time Eastern Daylight Time
[300]
SUBSCRIPTION: NTFRS SUBSCRIPTIONS
DN : cn=ntfrs subscriptions,cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : 5d0ca299-209d-4814-ae6d7acd9209e10a
Working : c:\windows\ntfrs
Actual Working: c:\windows\ntfrs
WhenCreated : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
WhenChanged : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
SUBSCRIBER: DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
DN : cn=domain system volume (sysvol share),cn=ntfrs subscriptions,cn
= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : fb56d707-3c40-429f-bd7c63d227b9fb5d
Member Ref: (null)
Root : c:\windows\sysvol\domain
Stage : c:\windows\sysvol\staging\domain
WhenCreated : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
WhenChanged : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
SERVER2003SERVER IS NOT A MEMBER OF ANY SET!
C:\Documents and Settings\user>
Also worth noting that when we power down SERVER2003SERVER no computer can contact a logon server.
The last line of this worries me as well. I am going to continue to work on this but I wanted to get these logs to some other eyes in case you have some ideas off the bat. Thanks in advance!
I would first recommend to make sure that the new DCs are also global catalogs and to refer to IP setting recommendations I shared here: http://www.ahmedmalek.com/web/fr/home.asp
It is possible to do a non-authoritative restore of SYSVOL to make it appear on the other DCs: https://support.microsoft.com/kb/290762?wa=wsignin1.0
However, you would need to upgrade to DFSR.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile
Similar Messages
-
Replication issue Windows 2008 (not R2) FrsEvent error ?
I've had a few netlogon share issues but with help from this forum they've all gone away.
When I use the event log to look at administrative events all 3 give the same error "Access is denied" to the File replication service.
DCdiag /e gives the following errors ?
It looks like I''m actually down to just this error but its similar on all 3 Domain Controllers ?
PDC (ch-dc1-2k8)
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared.
Failing SYSVOL replication problems may cause Group Policy problems.
DC2 (ch-dc2-2k8)
Starting test: FrsEvent
The event log File Replication Service on server ch-dc1-2k8.companyname.local could not be queried, error 0x5 "Win32 Error 5"
......................... CH-DC1-2K8 failed
DC3 (na-dc2-2k8)
Starting test: FrsEvent
The event log File Replication Service on server ch-dc1-2k8.companyname.local could not be queried,
error 0x5 "Win32 Error 5" ......................... CH-DC1-2K8 failed
Any ideas ?
Also I've put a test file into the scripts folder and it has NOT replicated ?Testing server: Cardiff\CH-DC2-2K8
Starting test: Replications
* Replications Check
CN=Schema,CN=Configuration,DC=companyname,DC=local has 7 cursors.
CN=Configuration,DC=companyname,DC=local has 7 cursors.
DC=companyname,DC=local has 7 cursors.
* Replication Latency Check
CN=Schema,CN=Configuration,DC=companyname,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=companyname,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=companyname,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
Site Settings = CN=NTDS Site Settings,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
[0x904de,v=62142,t=2015-04-23 09:16:18,g=a1d47848-fb4f-497b-a8a2-f11d40b71481,orig=20719256,local=20719256]
Elapsed time (sec) = 2264
Site Settings = CN=NTDS Site Settings,CN=Edinburgh,CN=Sites,CN=Configuration,DC=companyname,DC=local
Site
CN=NTDS Site Settings,CN=Edinburgh,CN=Sites,CN=Configuration,DC=companyname,DC=local
was skipped because it never had an ISTG running in it.
Site Settings = CN=NTDS Site Settings,CN=London,CN=Sites,CN=Configuration,DC=companyname,DC=local
Site
CN=NTDS Site Settings,CN=London,CN=Sites,CN=Configuration,DC=companyname,DC=local
was skipped because it never had an ISTG running in it.
Site Settings = CN=NTDS Site Settings,CN=Belfast,CN=Sites,CN=Configuration,DC=companyname,DC=local
Site
CN=NTDS Site Settings,CN=Belfast,CN=Sites,CN=Configuration,DC=companyname,DC=local
was skipped because it never had an ISTG running in it.
......................... CH-DC2-2K8 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CH-DC2-2K8 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CH-DC2-2K8 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CH-DC2-2K8.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=companyname,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=companyname,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=companyname,DC=local
(Domain,Version 2)
......................... CH-DC2-2K8 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CH-DC2-2K8\netlogon
Verified share \\CH-DC2-2K8\sysvol
......................... CH-DC2-2K8 passed test NetLogons
Starting test: Advertising
The DC CH-DC2-2K8 is advertising itself as a DC and having a DS.
The DC CH-DC2-2K8 is advertising as an LDAP server
The DC CH-DC2-2K8 is advertising as having a writeable directory
The DC CH-DC2-2K8 is advertising as a Key Distribution Center
The DC CH-DC2-2K8 is advertising as a time server
The DS CH-DC2-2K8 is advertising as a GC.
......................... CH-DC2-2K8 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
......................... CH-DC2-2K8 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=companyname,DC=local
* Available RID Pool for the Domain is 12100 to 1073741823
fSMORoleOwner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
* ch-dc1-2k8.companyname.local is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=CH-DC2-2K8,OU=Domain Controllers,DC=companyname,DC=local
* rIDAllocationPool is 11100 to 11599
* rIDPreviousAllocationPool is 9100 to 9599
* rIDNextRID: 9425
......................... CH-DC2-2K8 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC CH-DC2-2K8 on DC CH-DC2-2K8.
* SPN found :LDAP/ch-dc2-2k8.companyname.local/companyname.local
* SPN found :LDAP/ch-dc2-2k8.companyname.local
* SPN found :LDAP/CH-DC2-2K8
* SPN found :LDAP/ch-dc2-2k8.companyname.local/companyname
* SPN found :LDAP/abb03237-e91b-457f-ab16-788d5dc3930e._msdcs.companyname.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/abb03237-e91b-457f-ab16-788d5dc3930e/companyname.local
* SPN found :HOST/ch-dc2-2k8.companyname.local/companyname.local
* SPN found :HOST/ch-dc2-2k8.companyname.local
* SPN found :HOST/CH-DC2-2K8
* SPN found :HOST/ch-dc2-2k8.companyname.local/companyname
* SPN found :GC/ch-dc2-2k8.companyname.local/companyname.local
......................... CH-DC2-2K8 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CH-DC2-2K8 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... CH-DC2-2K8 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
CH-DC2-2K8 is in domain DC=companyname,DC=local
Checking for CN=CH-DC2-2K8,OU=Domain Controllers,DC=companyname,DC=local in domain DC=companyname,DC=local on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CH-DC2-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local in domain CN=Configuration,DC=companyname,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CH-DC2-2K8 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CH-DC2-2K8 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/22/2015 14:53:29
Event String: The File Replication Service is having trouble
enabling replication from CH-DC1-2K8 to
CH-DC2-2K8 for c:\windows\sysvol\domain using the
DNS name ch-dc1-2k8.companyname.local. FRS
will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
ch-dc1-2k8.companyname.local from this
computer.
[2] FRS is not running on
ch-dc1-2k8.companyname.local.
[3] The topology information in the Active
Directory Domain Services for this replica has
not yet replicated to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/22/2015 14:53:29
Event String: The File Replication Service is having trouble
enabling replication from NA-DC1-2K8 to
CH-DC2-2K8 for c:\windows\sysvol\domain using the
DNS name na-dc1-2k8.companyname.local. FRS
will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
na-dc1-2k8.companyname.local from this
computer.
[2] FRS is not running on
na-dc1-2k8.companyname.local.
[3] The topology information in the Active
Directory Domain Services for this replica has
not yet replicated to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... CH-DC2-2K8 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... CH-DC2-2K8 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 04/23/2015 09:30:54
Event String: The Kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
Administrator. The target name used was
companyname\CH-DC1-2K8$. This indicates that
the target server failed to decrypt the ticket
provided by the client. This can occur when the
target server principal name (SPN) is registered
on an account other than the account the target
service is using. Please ensure that the target
SPN is registered on, and only registered on, the
account used by the server. This error can also
happen when the target service is using a
different password for the target service account
than what the Kerberos Key Distribution Center
(KDC) has for the target service account. Please
ensure that the service on the server and the KDC
are both updated to use the current password. If
the server name is not fully qualified, and the
target domain (companyname.LOCAL) is different
from the client domain (companyname.LOCAL),
check if there are identically named server
accounts in these two domains, or use the
fully-qualified name to identify the server.
An Error Event occured. EventID: 0x40000004
Time Generated: 04/23/2015 09:30:54
Event String: The Kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
Administrator. The target name used was
companyname\NA-DC1-2K8$. This indicates that
the target server failed to decrypt the ticket
provided by the client. This can occur when the
target server principal name (SPN) is registered
on an account other than the account the target
service is using. Please ensure that the target
SPN is registered on, and only registered on, the
account used by the server. This error can also
happen when the target service is using a
different password for the target service account
than what the Kerberos Key Distribution Center
(KDC) has for the target service account. Please
ensure that the service on the server and the KDC
are both updated to use the current password. If
the server name is not fully qualified, and the
target domain (companyname.LOCAL) is different
from the client domain (companyname.LOCAL),
check if there are identically named server
accounts in these two domains, or use the
fully-qualified name to identify the server.
......................... CH-DC2-2K8 failed test systemlog
Starting test: VerifyReplicas
......................... CH-DC2-2K8 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=CH-DC2-2K8,OU=Domain Controllers,DC=companyname,DC=local and
backlink on
CN=CH-DC2-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CH-DC2-2K8,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=companyname,DC=local
and backlink on
CN=CH-DC2-2K8,OU=Domain Controllers,DC=companyname,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CH-DC2-2K8,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=companyname,DC=local
and backlink on
CN=NTDS Settings,CN=CH-DC2-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
are correct.
......................... CH-DC2-2K8 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... CH-DC2-2K8 passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CH-DC1-2K8 for domain companyname.local in site Cardiff
Checking machine account for DC CH-DC2-2K8 on DC CH-DC1-2K8.
* SPN found :LDAP/ch-dc2-2k8.companyname.local/companyname.local
* SPN found :LDAP/ch-dc2-2k8.companyname.local
* SPN found :LDAP/CH-DC2-2K8
* SPN found :LDAP/ch-dc2-2k8.companyname.local/companyname
* SPN found :LDAP/abb03237-e91b-457f-ab16-788d5dc3930e._msdcs.companyname.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/abb03237-e91b-457f-ab16-788d5dc3930e/companyname.local
* SPN found :HOST/ch-dc2-2k8.companyname.local/companyname.local
* SPN found :HOST/ch-dc2-2k8.companyname.local
* SPN found :HOST/CH-DC2-2K8
* SPN found :HOST/ch-dc2-2k8.companyname.local/companyname
* SPN found :GC/ch-dc2-2k8.companyname.local/companyname.local
Checking for CN=CH-DC2-2K8,OU=Domain Controllers,DC=companyname,DC=local in domain DC=companyname,DC=local on 2 servers
Object is up-to-date on all servers.
[CH-DC2-2K8] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... CH-DC2-2K8 passed test CheckSecurityError
Testing server: Cardiff\NA-DC1-2K8
Starting test: Replications
* Replications Check
CN=Schema,CN=Configuration,DC=companyname,DC=local has 7 cursors.
CN=Configuration,DC=companyname,DC=local has 7 cursors.
DC=companyname,DC=local has 7 cursors.
* Replication Latency Check
CN=Schema,CN=Configuration,DC=companyname,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=companyname,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=companyname,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
Site Settings = CN=NTDS Site Settings,CN=Edinburgh,CN=Sites,CN=Configuration,DC=companyname,DC=local
Site
CN=NTDS Site Settings,CN=Edinburgh,CN=Sites,CN=Configuration,DC=companyname,DC=local
was skipped because it never had an ISTG running in it.
Site Settings = CN=NTDS Site Settings,CN=London,CN=Sites,CN=Configuration,DC=companyname,DC=local
Site
CN=NTDS Site Settings,CN=London,CN=Sites,CN=Configuration,DC=companyname,DC=local
was skipped because it never had an ISTG running in it.
Site Settings = CN=NTDS Site Settings,CN=Belfast,CN=Sites,CN=Configuration,DC=companyname,DC=local
Site
CN=NTDS Site Settings,CN=Belfast,CN=Sites,CN=Configuration,DC=companyname,DC=local
was skipped because it never had an ISTG running in it.
Site Settings = CN=NTDS Site Settings,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
[0x904de,v=62142,t=2015-04-23 09:16:18,g=a1d47848-fb4f-497b-a8a2-f11d40b71481,orig=20719256,local=5719216]
Elapsed time (sec) = 2265
......................... NA-DC1-2K8 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... NA-DC1-2K8 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=companyname,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... NA-DC1-2K8 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC NA-DC1-2K8.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=companyname,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=companyname,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=companyname,DC=local
(Domain,Version 2)
......................... NA-DC1-2K8 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\NA-DC1-2K8\netlogon
Verified share \\NA-DC1-2K8\sysvol
......................... NA-DC1-2K8 passed test NetLogons
Starting test: Advertising
The DC NA-DC1-2K8 is advertising itself as a DC and having a DS.
The DC NA-DC1-2K8 is advertising as an LDAP server
The DC NA-DC1-2K8 is advertising as having a writeable directory
The DC NA-DC1-2K8 is advertising as a Key Distribution Center
The DC NA-DC1-2K8 is advertising as a time server
The DS NA-DC1-2K8 is advertising as a GC.
......................... NA-DC1-2K8 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
......................... NA-DC1-2K8 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=companyname,DC=local
* Available RID Pool for the Domain is 12100 to 1073741823
fSMORoleOwner = CN=NTDS Settings,CN=CH-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local
* ch-dc1-2k8.companyname.local is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=NA-DC1-2K8,OU=Domain Controllers,DC=companyname,DC=local
* rIDAllocationPool is 11600 to 12099
* rIDPreviousAllocationPool is 11600 to 12099
* rIDNextRID: 11670
......................... NA-DC1-2K8 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC NA-DC1-2K8 on DC NA-DC1-2K8.
* SPN found :LDAP/na-dc1-2k8.companyname.local/companyname.local
* SPN found :LDAP/na-dc1-2k8.companyname.local
* SPN found :LDAP/NA-DC1-2K8
* SPN found :LDAP/na-dc1-2k8.companyname.local/companyname
* SPN found :LDAP/2961b38b-570f-4a35-908f-9818a8080c0d._msdcs.companyname.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2961b38b-570f-4a35-908f-9818a8080c0d/companyname.local
* SPN found :HOST/na-dc1-2k8.companyname.local/companyname.local
* SPN found :HOST/na-dc1-2k8.companyname.local
* SPN found :HOST/NA-DC1-2K8
* SPN found :HOST/na-dc1-2k8.companyname.local/companyname
* SPN found :GC/na-dc1-2k8.companyname.local/companyname.local
......................... NA-DC1-2K8 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... NA-DC1-2K8 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... NA-DC1-2K8 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
NA-DC1-2K8 is in domain DC=companyname,DC=local
Checking for CN=NA-DC1-2K8,OU=Domain Controllers,DC=companyname,DC=local in domain DC=companyname,DC=local on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=NA-DC1-2K8,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=companyname,DC=local in domain CN=Configuration,DC=companyname,DC=local on 3 servers
Object is up-to-date on all servers.
......................... NA-DC1-2K8 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... NA-DC1-2K8 passed test frssysvol -
Active Directory Replication Servers (wont replicate SYSVOL and NETLOGON Not showing)
I have my first DC Server (DC1). DC1.DOMAIN.lOCAL, I decided to add another Domain Controller. Made it a secondary DNS Server and also GC. Everything seems to replicate, but its missing NETLOGON and SYSVOL Wont replicate.
Windows 2008 R2Errr 5706
The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\INFGRP.LOCAL\SCRIPTS. The following error occurred:
The system cannot find the file specified.
Event 7009
A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
Event 1058
The processing of Group Policy failed. Windows attempted to read the file \\INFGRP.LOCAL\SysVol\INFGRP.LOCAL\Policies\{55DE4000-0D51-44CD-92A1-30F286B2BC86}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until
this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
All Critical
This domain controller has migrated to using the DFS Replication service to replicate the SYSVOL share. Use of the File Replication Service for replication of non-SYSVOL content sets has been deprecated and therefore, the service has been stopped. The DFS
Replication service is recommended for replication of folders, the SYSVOL share on domain controllers and DFS link targets.
Test replication
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine dc, is a DC.
* Connecting to directory service on server dc.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\dc
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... dc passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\dc
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=GRP,DC=LOCAL
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=GRP,DC=LOCAL
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=GRP,DC=LOCAL
Latency information for 8 entries in the vector were ignored.
8 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=GRP,DC=LOCAL
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=GRP,DC=LOCAL
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... dc passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : GRP
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running enterprise tests on : GRP.LOCAL
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
On the second DC (DCR). I see SYSVOL, no files replicated, also theres no NETLOGON. -
FRS errors 13552 & 13555. SYSVOL not replicating.
Hi All, looking for a little help here...
Here is the scenario. My (new) client has ONLY 1 domain controller (Windows Server 2003 which I will call SERVER1). I recently installed a new 2008 R2 server and made it a replica domain controller. Everything went well until I realised that
there was no SYSVOL share on the new server. I checked FRS event logs on SERVER1 and noticed that event ID errors 13552 & 13555 have been occuring since December 2010.
I've been reading about changing burflags to do a nonauthorative restore from a replica DC however in this case there is only 1 DC. Can someone advise how I go about fixing this?
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13552
Date: 21/06/2011
Time: 2:15:57 PM
User: N/A
Computer: SERVER1
Description:
The File Replication Service is unable to add this computer to the following replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
This could be caused by a number of problems such as:
-- an invalid root path,
-- a missing directory,
-- a missing disk volume,
-- a file system on the volume that does not support NTFS 5.0
The information below may help to resolve the problem:
Computer DNS name is "server1.mydomain.local"
Replica set member name is "SERVER1"
Replica set root path is "c:\windows\sysvol\domain"
Replica staging directory path is "c:\windows\sysvol\staging\domain"
Replica working directory path is "c:\windows\ntfrs\jet"
Windows error status code is
FRS error status code is FrsErrorMismatchedJournalId
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13555
Date: 21/06/2011
Time: 2:15:57 PM
User: N/A
Computer: SERVER1
Description:
The File Replication Service is in an error state. Files will not replicate to or from one or all of the replica sets on this computer until the following recovery steps are performed:Hi CURNS, thanks for the replies. Yes, it works in below scenario (Replication from 2003 to 2008).
There was only 1 copy of sysvol, and it was on the old DC. The new DC has not yet shared or replicated sysvol thus making the burflag D2 option a no go. I first had to fix whatever the issue was with the old DC before the new one would replicate.
I fixed replication issue with 4 easy steps:
1. stopped the FRS service on both DCs (old and new)
2. set burflag on old DC to D4 (to tell it its the boss)
To configure the SYSVOL replica set to be authoritative, follow these steps:
Click Start, click Run, type regedit, and then click OK.
Locate and then click the BurFlags entry under the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Cumulative
Replica Sets\GUID
GUID is the GUID of the domain system volume replica set that is shown in the following
registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Replica
Sets\GUID
Right-click BurFlags, and then click Modify.
Type D4 in the Value Data field (HexaDecimal), and then click OK.
3. restarted FRS service on old DC.
4. restarted FRS service on new DC.
After this I could see event logs saying FRS was now working and I confirmed sysvol and netlogon shares now existed on the new DC using net share command.
Thanks. -
Active directory SYSVOL replication issues
Hello.
I have 2 domain controllers, both of them on the same site DC1 & DC2. I have added a new site with a DC3. When I have added DC3 to the domain, I have realized, SYSVOL was not initialized correctly. I went back to DC1 and found out, there's following
error in the event viewer:
Error: 4012 on DC1
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 99 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter
(60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
Error: 2213 on DC2
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication
WMI method to resume replication.
This indicates a DFS replication issue between DC1 & DC2 and probably this would be the reason, why the SYSVOL was not properly initialized on DC3.
How can I restore correct DFS replication between DC1 & DC2? I've read
this article, but it's not clear to me, which of the 2 domain controllers has a good version of SYSVOL + I can not find a decent step-by-step article for reconnecting Windows 2012 domain controller.
Any idea, how I can proceed further here?Here's a complete documentation with resolution of my issue. I have created this documentation for my own purposes in our WIKI, so I will paste it here (I hope, it will help somebody else in the future):
The Problem
We have bought a new server for our domain. This server (NEWDC01) was promoted to be a domain
controller in the DOMAIN. After the promotion, I have added a single computer to the domain. When I have logged on the client to the domain, I realized, this computer is not using the new domain controller (NEWDC01)
for authentication, but DC02 domain controller instead. This is not intended. Local clients should use local domain controllers for authentication (assuming, the Active directory sites & services are configured properly). Further investigation revealed,
there are some replication errors on OLDDC01 & OLDDC02 servers. First I need to solve these replication errors. Then I can
add the NEWDC01 server to domain properly.
Analysis
There are several errors related to DFSR replication on both domain controllers:
Error: 4012 on OLDDC01
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain.
This server has been disconnected from other partners for 99 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder
until this error is corrected.
Error: 2213 on OLDDC02
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database
is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.
In order to have active directory in a healthy condition, one must ensure, there’s a successful
replication between existing domain controllers up and running. If the replication does not work correctly, you can expect bunch of issues.
group policies and logon scripts are not applied correctly, or as intended
when you want to add a new domain controller to the domain, it will not work as expected (although, you will not see any specific errors after the
server is promoted to be a domain controller)
Active directory backup
I have scheduled an AD backup on OLDDC01 server using the ‘Windows Backup’ solution to make sure,
I can restore the AD / SYSVOL, in case something goes wrong. The backup is scheduled to be executed every day.
Active directory restore
In this particular case, I will talk only about SYSVOL restore. As indicated above, we must get
rid of the DFSR event viewer errors which you can find in event viewer. One of them is indicating, that the JET database was not shut down cleanly and autorecovery was disabled. The other error indicates, the SYSVOL volume is no longer replicated. I am not
sure, what is the reason, why the AD’s in the domain stopped to replicate. Probably it was an unclean server shutdown. The DFSR service stopped to replicate the SYSVOL share and I was not aware about that. When the replication did not run for more than ~99
days, the SYSVOL share was excluded from the DFSR replications.
Find out the most accurate SYSVOL share in the domain
I have compared the content of the SYSVOL directories on both OLDDC01 and OLDDC02 servers: C:\Windows\SYSVOL\domain\Policies.
Both directories have 37 subdirectories. Each subdirectory corresponds to one group policy. This means, that the content is approximately the same, thus I can’t tell, which version is most recent. I do most of the GPO changes on OLDDC01, so I made a conclusion,
that this server contains the most recent version of the SYSVOL share.
There are 2 types of SYSVOL restores, you can do:
Authoritative restore
Non-authoritative restore
Non-authoritative restore
This is a more simple kind of a restore. You can perform this kind of restore, when you are sure,
that one of the domain controllers is authoritative (e.g. you presume, the SYSVOL share is intact and working properly). If you can identify such a working server, you can perform non-authoritative restore of the active directory on a broken domain controller.
Authoritative restore
In this case, you can designate a specific domain controller to be authoritative. You set a special
flag on this server, which will prohibit to overwrite it’s state from another domain controllers, when the replication is enabled on the server again. After you designate one server to be authoritative, you need to update all the another domain controllers
using the non-authoritative procedure.
In this article, you can find, how to perform authoritative vs. non authoritative AD resotre:
http://support.microsoft.com/kb/2218556.
In my case, I was not sure, which of the domain controllers had a more recent copy of AD, so I
have decided to make OLDDC01 authoritative (check the link above). Once this has been done, I have made a non-authoritative update on OLDDC02 server.
Everything was almost ready. The last step, I needed to execute was, I needed to fix the ‘JET’
event viewer error on SRVBK1. In the event log entry on the bottom, you can find following:
Recovery Steps
1. Back up the files in all replicated folders on the volume. Failure to do
so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.
2. To resume the replication for this volume, use the WMI method ResumeReplication
of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig
where volumeGuid="D37A9FC3-8B1D-11E2-93E8-806E6F6E6963" call ResumeReplication
For more information, see http://support.microsoft.com/kb/2663685.
Final words
After I have executed this command, the replication was again started between OLDDC01 and OLDDC02
servers. After I have started up the NEWDC01 server, I have realized, it has automatically replicated the contents of the SYSVOL share - almost immediately after the server was started up. I have again tried to login with the local client into DOMAIN domain
and now I see, that local client is using local Domain controller for authentication.
Everything seems to be OK now. -
Sysvol was not shared\replicating after the DCpromo windows 2012 R2 datacenter
SYSVOL does not shared\replicating after the DCpromo windows 2012 R2 datacenter, and the partner DC is 2008 R2 Standard.
both the forest & domain level is Windows2008R2.First glance they cannot communicate through RPC, you might need to review the firewalls configuration.
Some info on this topic:
Active Directory Replication Over Firewalls
Restricting AD Replication Traffic between DCs to only a few ports
Another option would be a site to site vpn
This post is provided AS IS with no warranties or guarantees, and confers no rights.
~~~
Questo post non fornisce garanzie e non conferisce diritti -
Transactional Replication - Not replicating
Hello,
I've recently set up transactional replication from one database in Server 1 to another database in server 2.
I've checked the Replication Monitor and they stay green with Latency 0.02 sec and not showing any issues.
However when I inserted a row on the database on Server 1 and waiting 1 minute it's not replicating on Server 2 database.
Could anyone advise what and where to check for issues?
Best regards,
MohanWhat is the latency now? Does it show higher latency?
Could you confirm if the table in which you inserted the row is part of replication?
Could you also try inserting a "tracer token" and see if it replicates and how much time it takes?
http://technet.microsoft.com/en-us/library/ms151846(v=sql.105).aspx
Regards, Ashwin Menon My Blog - http:\\sqllearnings.com -
User Password Not Replicated during ACS Replication
I am provisioning user accounts in ACS through a provisioning system. The provisioned ACS is set to replicate user and group database to another ACS. Replication interval time is set to 15 mins.
Problem is that even though the replication cycle runs every 15 mins, if no user is added or deleted, the pre-checks determine that outbound replication is not required and cycle is completed. Hence, if user's password change, they are not replicated to other ACS and in case the authentication request goes to the other ACS then it fails. Manual replication is fine.
How to make sure replication is run even in case of user password change and not just when a user is added or removed.Hi,
What is the acs ver ? Are the user accounts you are referring to stored? i.e. are the local to the ACS server itself, or are they defined in an external user database (e.g. Active Directory, LDAP, etc.)?
Users defined via Active Directory are dynamically mapped to a user account in ACS and this account information is typically not replicated since the users created are dynamic and can change properties based on
configuration/changes in Active Directory itself.
Regards,
Jagdeep -
Sysvol Not Replicated Gpt.ini File Have a Differnet Version
Hi,
I have 3 domain controllers
1.Id-dc1 - its the main dc (server2008 R2)
2.id-dc2 (server2008 R2)
3.id-dc3 (server2003)
On Id-dc1(server2008 r2) & id-dc3(server2003) the sysvol folder its good the same folders and its the same version in gpt.ini file.
On id-dc2 (server 2008 r2) the sysvol folder not the same i have just 6 folders of 14 folders.
How i can Sync Sysvol folder on this server ?
ThanksHi,
The gpt.ini file contains the corresponding GPO's configuration settings, which includes its current version number and the default GPO display name. The version number is updated every time a change to the GPO is made.
In this case, there seems to be something wrong with the AD replication. To identify Active Directory replication problems, use the
repadmin /showreps command.
What's more, please check the Event viewer to see if there is any error indicate a problem with Active Directory replication.
For your information, please refer to the following article to get more help:
Troubleshooting Active Directory Replication Problems
http://technet.microsoft.com/en-us/library/bb727057.aspx
Regards,
Lany Zhang -
Active Directory Not Replicating
Hey Guys,
I have a Windows 2012 server but it has a demo license, this is also my DC. I am trying to create another DC and let it replicate so I can license the new properly and stuff. I have the DNS of each server pointing to each other as the primary and themselves
as the alternative. When I check my SYSVOL folder and go to domains, its empty, as I shutdown my original DC the other one the entries disappear and I get errors. When I go to the event log on my new DC I get errors with event IDs 1202 and 2213. Any assistance
with this issue i'm having will be greatly appreciated, thanks!
Regards,
Jevon.Please follow this , it should help expecially this section:
For environments that have two domain controllers
Determine whether a dirty shutdown was detected (event ID 2213) on either domain controller. You may find the second domain controller
is waiting to complete initialization of SYSVOL, This is because after promotion, it will have logged a 4614 event that indicates that DFS Replication is waiting to perform initial replication, and it will not have logged a 4604 event signaling that
DFS Replication has initialized SYSVOL.
If content freshness is enabled on both domain controllers
If the second domain controller is waiting to perform initial synchronization (event 4614 logged without the 4604 anti-event), follow
the section of article 2218556 to
set the first domain controller as authoritative. You do not have to configure the second domain controller as nonauthoritative, because it is already waiting to perform initial synchronization.
Or, if the second domain controller is healthy and SYSVOL is shared, perform the following steps:
Back up all SYSVOL contents of the first domain controller.
Evaluate if the second domain controller's SYSVOL data is up to date. If it is not, you may want to copy updated SYSVOL files to the second domain controller from the first domain controller. Otherwise, any existing data
present on first domain controller not present on the second will go into the 'PreExisting' and 'Conflict and Deleted' folders.
Set the first domain controller as nonauthoritative by disabling the membership per 2218556.
Confirm that an event ID 4114 is logged to indicate the membership is disabled.
Enable the first domain controller's membership, and wait for the 4614 and 4604 events that report completion of the initial synchronization. If it is necessary, restore any updated files from "PreExisting" to the
original location.
If content freshness is not enabled or triggered on both domain controllers
If the first domain controller is in the event ID 2213 state and the second domain controller has never completed initialization
after it was promoted and content freshness has not been triggered, perform the following steps:
Run the ResumeReplication WMI method on the first domain controller as instructed in the 2213 event.
After replication resumes, it will log an event ID 4602 that indicates that DFS Replication initialized the SYSVOL replicated folder and designated it as the primary member.
Run the dfsrdiag pollad command on the second domain controller to trigger it to complete initial sync (event ID 4614). As soon as initial sync is finished, event ID 4604 is logged, signaling SYSVOL
has completed initialization.
Or, if the first domain controller is in the 2213 state and the second domain controller is healthy (SYSVOL is shared), run theResumeReplication WMI
method on the first domain controller. It will log event ID 2214 at the completion of dirty shutdown recovery.
This post is provided AS IS with no warranties or guarantees, and confers no rights.
~~~
Questo post non fornisce garanzie e non conferisce diritti -
Replication issue in ABAP to ABAP scenario
Hello,
I have a ABAP to ABAP replication scenario where I am replicating custom and standard tables like MDMA but found below issue.
The replication current action is struck in "Replication (Initial Load)" with Initial load is getting done but not replicating data afterwards.
Also, the tables is keep on switching between "Failed" and "In process" status. I checked the system is sufficient number of jobs.
I found below error message after checking the show error log.
I restarted the replication many times and even created the configuration but no luck.
Please enlighten me to fix this issue...
RegardsHi Tobi,
I removed all the records from target table and replicated again but same result.
Initial load is getting done but not replicating data afterwards. And the table is keep on switching between "Failed" and "In process" status.
Regards -
SRM 7.0 PO not replicated to Backend ECC 6.0 Ehp 4
Hi SRM Gurus,
SRM 7.0 SP 8 - ECC 6.04 SAPKH60406 ECS
RFx Response to PO -
SRM Local PO is created and is in held status. Purchaser gives the source of supply and Acc Assignment and order it.
PO now is in Ordered status.
Issue: this PO is not replicated to Backend ECC 6.04.
Did the Debugging as follows:
1. BP at B46B_DPO_TRANSFER.
2. Got the PO GUID from the BBP_PD transaction.
3. FM BBP_PD_PO_TRANSFER_EXEC, execute it and it stopped in the breakpoint.
4. On 'FUNCTION 'BBP_PO_INBOUND' DESTINATION lv_destination', hit F6.
5. Checked lt_bapi_return details.
Here there should be information regarding some error during the PO copy to backend.
With this error message you can check why the PO was not created in backend.
ERRORS from Backend are as follows:
1. No instance of object type PurchaseOrder has been created. External reference: E BAPI 001
2. Document contains no items E ID 06 Number 010
3. Please enter items first. W ID 05 005
No XML messages in SXMB_moni both in SRM side and ECC side.
What am i doing wrong here? Any help is highly appreciated.
with regards,
FreemindRZ20 errors:
Local Errors: Business to Business Procurement(600)
Error reading export data for EXEC transfer of purchase order
Error in local purchase order; no update of references in EXEC system
Backend Errors:
PO 3000000051: No instance of object type PurchaseOrder has been created. External reference:
Purchase order 3000000051: Document contains no items
Purchase order 3000000051: Transfer Failed; Resubmit
Since we are in SRM 7.0 ECC 6.04 Ehp 4, with PI 7.11 + ROS and no SUS.
doent the system uses ESOA Service for PO replication.
We did CCTR / CPPR scenarios too. Both are sucessful.
Do we need to impl BADI PUR_SE_PO_INTERFACE_OUT_SELECT
But thats for Service hierarchy and Service POs - We dont have Service hierarchy or SUS in our SLD.
IF PO replication also uses PI, what configuration do i need to do? -
Business partner(employee) is not replicated from ECC to CRM
The Business partner Not replicated in CRM.Two Sales organization have been maintained for the employee for the different time lines in ECC.Checked the BDOCs and the validation error occur in FM CRM_BUPA_MAIN_VAL .The BDOCs message was saying the BPGUID was missing .Could anyone please suggest what could be the root cause of the data not replicated from ECC to CRM.
Hi Pragnya,
This is the case where at the time of creation of BP there was some issue with replication.
The BP itself is not there in CRM or only the changes are not reflected?
In such scenarios, perform following steps for successful replication:
1. Go to TCode: CRMM_BUPA_MAP
2. Enter the BP no. {initially it says it does not exist}
3. Enter ERP customer no. and press enter, the BP GUID gets filled
4. Click on "Gather Information about customer" [you can see the status of the object]
5. Now again enter the BP no. -> The customer is available in CRM now.
Regards,
Swagi -
CRM material description not replicated
Hi All.
We are facing a issue.
A new material was created in R/3 and was replicated in CRM but the material discription is not replicated in CRM when we see in commpr01.
How to solve this issue.
We are using CRM 4.0 and R/3 4.7Hi Rajat,
Please check the procedures during replication process. Generally entire header information will be replicated when standard material is being replicated. if any routines exist, then please check those.
Thanks,
sksingh -
10.9: Server Replication Issue
Hi ther guys,
I have seen several posts about this replication issue since 2012, i have 2 fresh install systems 10.9 Server app 3.0.2 on both boxes DNS shows correctly setup but im totaly lost on where to continue.
Is there anyone out there that already resolved this?
domaintest2:~ admin$ sudo slapconfig -createreplica 192.168.2.17 diradmin
Password:
2014-01-08 01:05:11 +0000 slapconfig -createreplica
diradmin's Password:
2014-01-08 01:05:22 +0000 1 Creating computer record for replica
2014-01-08 01:05:26 +0000 command: /usr/sbin/slapconfig -delkeychain /LDAPv3/127.0.0.1 domaintest2.int$
2014-01-08 01:05:26 +0000 Added computer password to keychain
2014-01-08 01:05:26 +0000 Adding ldap and host service principals
Unable to obtain kerberos princ, using CRAM-MD5: -2
Unable to obtain kerberos princ, using CRAM-MD5: -2
2014-01-08 01:05:26 +0000 2 Creating ldap replicator user
2014-01-08 01:05:26 +0000 _ldap_replicator exists from previous replica - migrating
2014-01-08 01:05:26 +0000 NSString *_getReplicatorPasswordWithNode(ODNode *): no syncrepl attribute found in results
2014-01-08 01:05:26 +0000 Unable to get replicator password, recreating replicator
2014-01-08 01:05:27 +0000 GetLastServerID: Error creating DSLDAPContainer: 77014 Can't contact LDAP server (-1)
2014-01-08 01:05:27 +0000 ServerID for this replica 1
2014-01-08 01:05:27 +0000 SetLastServerID: Unable to create DSLDAPContainer: 77014 Can't contact LDAP server (-1)
2014-01-08 01:05:27 +0000 Error setting last server id
2014-01-08 01:05:28 +0000 command: /usr/bin/sntp -s time.apple.com.
2014-01-08 01:05:29 +0000 3 Updating local replica configuration
2014-01-08 01:05:29 +0000 4 Gathering replication data from the master
2014-01-08 01:05:29 +0000 5 Copying master database to new replica
2014-01-08 01:05:29 +0000 Removed directory at path /var/db/openldap/openldap-data.
2014-01-08 01:05:29 +0000 Starting LDAP server (slapd)
2014-01-08 01:05:30 +0000 slapd started
2014-01-08 01:05:30 +0000 Stopping LDAP server (slapd)
2014-01-08 01:05:31 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2014-01-08 01:05:31 +0000 command: /usr/sbin/slapadd -c -w -l /var/db/openldap/openldap-data/backup.ldif
2014-01-08 01:05:31 +0000 command: /usr/sbin/slapadd -c -w -b cn=authdata -l /var/db/openldap/authdata/authdata.ldif
2014-01-08 01:05:31 +0000
2014-01-08 01:05:31 +0000 52cca45b slapd is running in import mode - only use if importing large data
52cca45b bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
2014-01-08 01:05:31 +0000 6 Starting new replica
2014-01-08 01:05:31 +0000 Starting LDAP server (slapd)
2014-01-08 01:05:31 +0000 slapd started
2014-01-08 01:05:31 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-01-08 01:05:31 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2014-01-08 01:05:31 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-01-08 01:05:31 +0000 Starting password server
2014-01-08 01:05:37 +0000 CFStringRef CopyHostGUID(DSLDAPContainerRef, CFStringRef): Could not get query results
2014-01-08 01:05:37 +0000 FATAL : Could not retrieve HOST GUID for parent
2014-01-08 01:05:37 +0000 FATAL : Could not retrieve HOST GUID for parent (error = 78)
2014-01-08 01:05:37 +0000 Deleting Cert Authority related data
2014-01-08 01:05:37 +0000 No intCAIdentity, not removing int CA from keychain
2014-01-08 01:05:37 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2014-01-08 01:05:37 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2014-01-08 01:05:37 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2014-01-08 01:05:37 +0000 Updating ldapreplicas on primary master
2014-01-08 01:05:37 +0000 Unable to create ODNode for domaintest1.int: 2100 Connection failed to the directory server.
2014-01-08 01:05:37 +0000 Primary master node is nil!
2014-01-08 01:05:37 +0000 Unable to locate ldapreplicas record: 0 (null)
2014-01-08 01:05:37 +0000 Error setting read ldap replicas array: 0 (null)
2014-01-08 01:05:37 +0000 Error setting write ldap replicas array: 0 (null)
2014-01-08 01:05:37 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2014-01-08 01:05:37 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2014-01-08 01:05:37 +0000 Error synchronizing ldapreplicas: 0 (null)
2014-01-08 01:05:37 +0000 Removing self from the database
2014-01-08 01:05:37 +0000 Warning: An error occurred while re-enabling GSSAPI.
2014-01-08 01:05:38 +0000 Stopping LDAP server (slapd)
2014-01-08 01:05:39 +0000 Stopping password server
2014-01-08 01:05:39 +0000 Removed all service principals from keytab for realm DOMAINTEST1.INT
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/alock.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/authdata.ldif.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2014-01-08 01:05:39 +0000 Removed directory at path /var/db/openldap/authdata.
2014-01-08 01:05:39 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2014-01-08 01:05:39 +0000 Removed file at path /etc/openldap/slapd.conf.
2014-01-08 01:05:39 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2014-01-08 01:05:39 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2014-01-08 01:05:39 +0000 Removed directory at path /etc/openldap/slapd.d.
2014-01-08 01:05:39 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2014-01-08 01:05:39 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2014-01-08 01:05:39 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2014-01-08 01:05:39 +0000 Stopping password server
2014-01-08 01:05:39 +0000 Removed file at path /etc/ntp_opendirectory.conf.
2014-01-08 01:05:39 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.We're having the exact same issue, also between two 10.9 servers - any luck finding a resolution?
Maybe you are looking for
-
How do i cancel my icloud account
I canceled it off each of my devices. Now I want to cancel the account altogether. Music keeps showing up tagged in my itunes store with the cloud next to it. Also, it is still on my computer. I don't want to use icloud. It did not work the way I wan
-
I have posted picutre I took from my I phone, and have posted them on I cloud, I am unablet to view those picture on my I Cloud desk to computer, the photos Icone is not present.
-
Customizing the blog post web part to not show entire entries
I have a blog site, and as you know, the posts web part shows the entire contents of each listed post, rather than one paragraph, followed by a "click here to read more" link. I know that there is no out-of-box functionality for this, because of cou
-
Hi All, As part of a web service call from Data services, when we uncomment the following lines in axis2.xml, it throws the below error: Uncommented lines: <!parameter name="PROXY" proxy_host="localhost" proxy_port="8080" proxy_username="" proxy_pass
-
Hi Xperts, can anybody give me the Correct Coding todisplay the month year in the format "Dec 2006". WHEN 'ZT_PRVMT-1'. Data : month_nam(3) type c. IF i_step = 2. CLEAR l_s_range. LOOP AT i_t_var_range INTO loc_var_range