CMS Replication issue
I've started my upgrade from lync 2010 to lync 2013. I've got my lync 2013 enterprise pilot pool up, certs installed all services running but I cannot get replication working between my 2013 front end servers. Just not sure where to start
troubleshooting this as there are no events logged on any of the servers concerning file replication. I've been through this
http://support.microsoft.com/kb/2759117
but Im not seeing any of those events logged on any of my front end servers. The replication service is running. If I run Get-CsManagementStoreReplicationStatus
-CentralManagementStoreStatus, All my lync 2010 servers replicas are up to date my but my 2013 servers are not. I can invoke replication and with in a few seconds lync 2010 is updated by lync 2013 never does, but no errors are logged. Where
can I begin to troubleshoot this? Thanks!!
Rich
Hi,
Would you please tell us which step did you do during migrating from Lync Server 2010 to Lync Server 2013?
Did you move CMS to 2013 already?
On Lync Server 2013 FE server:
Please check if the schema extension have been successfully replicated in your AD DS forest.
Open Lync Server 2013 Deployment Wizard, click “Install or Update Lync Server System”. In the interface, check if all steps show normally. If not,click "Run" to complete the step.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support
Similar Messages
-
CMS Replication between Edge and Front End
Hello Support
We have a global Lync Deployment with CMS Store located in UK
We have installed new AU Lync-FE and Edge server but the CMS replication between Front End Server and Lync Edge is not working
I have test 4443 and certainly open. Lync Edge server or the FE server does not logs anything in event viewer.
I have used OCSlogger but I could not find any issue
I have checked certificates and they are all valid.
Can I please get some guidance.
Thanks
Naimesh Mistry
+61401446946
Naimesh MistryHI NImesh,
First if you are looking at Lync control panel you might see the Cross because Edge server is non domain machine.
you can check the command Get-CsManagementStoreReplicationStatus
Also there are Cert problem which could lead this issue
The root CA certificate should be located in Trusted Root Certification Authorities ONLY,
and must be removed from any other container.
The intermediate CA certificate should be located in Intermediate Certification AuthoritiesAND Trusted
People ONLY, and must be removed from any other container
Also create the below registry values.
created2 registry values in:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL as follows (to prevent schnnell.dll from
interfering with validating the certificates by Edge server):
Value
1:
Name: SendTrustedIssuerList
Type: DWord
Value: 0
Value
2:
Name: ClientAuthTrustMode
Type: DWord
Value: 2
then try to reboot the server and run this command Invoke-CsManagementStoreReplication
Hope this works.
Regards
Zahoor -
Replication issue between lync 2010 FE and lync 2013 FE
Hello
I face any issue in my lync server's .
I was in the last steps in the migration process from lync 2010 to 2013 enterprise edition .
where CMS was moved already to 2013 , and later on many time I checked the replication and it was fine , then I deleted the CMS DB FROM 2010 FE and I checked the replication and it was fine .
later on I proceed to delete the archiving server and monitoring server and it was fine .
later on I proceed to
Reset call admission control
Prevent sessions for services
Stop Lync Server 2010 services
Remove a Front End Server from a pool
I just I face this replication issue after I start the process to delete the lync 2010 pool which im stuck on it now .
one more thing while I was trying to delete the 2010 front end pool , I got the error .
Error: An error occurred: "System.InvalidOperationException" "Cannot publish topology changes. Conference directories still exist on a pool that would be deleted. Remove the conference directories before continuing."
so I moved the conference directories from 2010 pool to the 2013 pool successfully.
but later on when I check the replication I notice the replication issue ?
Get-CsManagementStoreReplicationStatus
UpToDate : False """""""""""""""""""it is already shutdown
ReplicaFqdn : HQ-EDGE01.mydom
LastStatusReport :
LastUpdateCreation : 3/23/2015 11:22:17 AM
ProductVersion :
UpToDate : True
ReplicaFqdn : HQ-LYNC2013-FE.mydom
LastStatusReport : 3/19/2015 5:21:27 PM
LastUpdateCreation : 3/19/2015 5:21:25 PM
ProductVersion : 5.0.8308.556
UpToDate : False
ReplicaFqdn : HQ-LYNC-FE-01.mydom
LastStatusReport : 3/19/2015 11:38:25 AM
LastUpdateCreation : 3/23/2015 11:52:17 AM
ProductVersion : 4.0.7577.0
then I run the
I run Invoke-CsManagementStoreReplication
Get-CsManagementStoreReplicationStatus
UpToDate : False """""""""""""""""""it is already shutdown """"""""""""""""""
ReplicaFqdn : HQ-EDGE01.mydomain
LastStatusReport :
LastUpdateCreation : 3/23/2015 10:18:22 PM
ProductVersion :
UpToDate : True
ReplicaFqdn : HQ-LYNC2013-FE.mydomain
LastStatusReport : 3/23/2015 10:18:26 PM
LastUpdateCreation : 3/23/2015 10:18:22 PM
ProductVersion : 5.0.8308.556
UpToDate : False
ReplicaFqdn : HQ-LYNC-FE-01.mydomain
LastStatusReport : 3/19/2015 11:38:25 AM
LastUpdateCreation : 3/23/2015 10:18:22 PM
ProductVersion : 4.0.7577.0
====================
Get-CsManagementStoreReplicationStatus
UpToDate : False """"""""""""""" it is already down """""""""""""""""""""
ReplicaFqdn : HQ-EDGE01.mydomain
LastStatusReport :
LastUpdateCreation : 3/23/2015 10:53:23 PM
ProductVersion :
UpToDate : True
ReplicaFqdn : HQ-LYNC2013-FE.mydomain
LastStatusReport : 3/23/2015 10:18:26 PM
LastUpdateCreation : 3/23/2015 10:18:22 PM
ProductVersion : 5.0.8308.556
UpToDate : False
ReplicaFqdn : HQ-LYNC-FE-01.mydomain
LastStatusReport : 3/19/2015 11:38:25 AM
LastUpdateCreation : 3/23/2015 10:53:23 PM
ProductVersion : 4.0.7577.0
why LastUpdateCreation : 3/23/2015 10:53:23 PM from the lync 2010 pool ????
I'm not doing any change on 2010 pool now (I just try to delete it ) , all the change it is on 2013 pool .
for edge server 2013 I shut down the server since there is another configuration issue there (so replication to edge server not the issue now since it is down).
my question is this will affect my lync 2013 since it is the production now ? is this un completed steps for removing the 2010 pool affect my production.
is the replication issue affects my 2013 pool ?
Kind Regards
MKHi,
From your description above, did you mean before deleting the Lync Server 2010 Pool from topology, you found the replication of Lync 2010 FE Server not update to date?
If it is the case, based on my knowledge, there is no affect for Lync Server 2013 Pool. Please double check if Lync Server 2013 Pool work normally, and Lync users in Lync 2013 Pool can use all Lync function without issues. Then you can delete Lync 2010 Pool
from Topology and publish it. After finish it, please re-run step 2 on Lync Server 2013 FE Servers.
Best Regards,
Eason Huang
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Eason Huang
TechNet Community Support -
How CMS replication works in Lync 2013.
Hi can you anyone tell how CMS replication works in LYnc 2013 2 FE servers in pool scenario and Lync 2013 3 FE servers in pool scenario.
Please give me the useful article if you have related to this topic?
Thanks
Thanksall good articles which you can find in internet in shared above. read those and you would get a fair idea.
my 2 cents - in short summary.
these is no difference in CMS replication in case of 2 FE or 3 FE or max of FE in a pool of lync server. the CMS replication mechanism is the same.
CMS - it's a repository to store management data ie Topology, configurations and policies inform of xml documents in the data called XDS (Xml Data Store) in SQL.
CMS is implemented using three Windows services:
1. Lync server File Transfer Afent ( FTA )
2. Lync server Master Replicator Agent ( MRA )
3. Lync server Replica Replicator Agent ( RRA )
Workflow
1. MRA generates data packages in to-replica as needed
2. MRA has change notifications on from-replica to pickup status packages coming in from replica
3. FTA has change notifications on to-replica for all replicas on the Master to pickup data packages going out to the replicas
4. All replicas
\xds-replica\from-master">\\<replica>\xds-replica\from-master to pickup data packages coming in from master
Sreejith.PS CCNA, MCTS Lync -
10.9: Server Replication Issue
Hi ther guys,
I have seen several posts about this replication issue since 2012, i have 2 fresh install systems 10.9 Server app 3.0.2 on both boxes DNS shows correctly setup but im totaly lost on where to continue.
Is there anyone out there that already resolved this?
domaintest2:~ admin$ sudo slapconfig -createreplica 192.168.2.17 diradmin
Password:
2014-01-08 01:05:11 +0000 slapconfig -createreplica
diradmin's Password:
2014-01-08 01:05:22 +0000 1 Creating computer record for replica
2014-01-08 01:05:26 +0000 command: /usr/sbin/slapconfig -delkeychain /LDAPv3/127.0.0.1 domaintest2.int$
2014-01-08 01:05:26 +0000 Added computer password to keychain
2014-01-08 01:05:26 +0000 Adding ldap and host service principals
Unable to obtain kerberos princ, using CRAM-MD5: -2
Unable to obtain kerberos princ, using CRAM-MD5: -2
2014-01-08 01:05:26 +0000 2 Creating ldap replicator user
2014-01-08 01:05:26 +0000 _ldap_replicator exists from previous replica - migrating
2014-01-08 01:05:26 +0000 NSString *_getReplicatorPasswordWithNode(ODNode *): no syncrepl attribute found in results
2014-01-08 01:05:26 +0000 Unable to get replicator password, recreating replicator
2014-01-08 01:05:27 +0000 GetLastServerID: Error creating DSLDAPContainer: 77014 Can't contact LDAP server (-1)
2014-01-08 01:05:27 +0000 ServerID for this replica 1
2014-01-08 01:05:27 +0000 SetLastServerID: Unable to create DSLDAPContainer: 77014 Can't contact LDAP server (-1)
2014-01-08 01:05:27 +0000 Error setting last server id
2014-01-08 01:05:28 +0000 command: /usr/bin/sntp -s time.apple.com.
2014-01-08 01:05:29 +0000 3 Updating local replica configuration
2014-01-08 01:05:29 +0000 4 Gathering replication data from the master
2014-01-08 01:05:29 +0000 5 Copying master database to new replica
2014-01-08 01:05:29 +0000 Removed directory at path /var/db/openldap/openldap-data.
2014-01-08 01:05:29 +0000 Starting LDAP server (slapd)
2014-01-08 01:05:30 +0000 slapd started
2014-01-08 01:05:30 +0000 Stopping LDAP server (slapd)
2014-01-08 01:05:31 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2014-01-08 01:05:31 +0000 command: /usr/sbin/slapadd -c -w -l /var/db/openldap/openldap-data/backup.ldif
2014-01-08 01:05:31 +0000 command: /usr/sbin/slapadd -c -w -b cn=authdata -l /var/db/openldap/authdata/authdata.ldif
2014-01-08 01:05:31 +0000
2014-01-08 01:05:31 +0000 52cca45b slapd is running in import mode - only use if importing large data
52cca45b bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
2014-01-08 01:05:31 +0000 6 Starting new replica
2014-01-08 01:05:31 +0000 Starting LDAP server (slapd)
2014-01-08 01:05:31 +0000 slapd started
2014-01-08 01:05:31 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-01-08 01:05:31 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2014-01-08 01:05:31 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-01-08 01:05:31 +0000 Starting password server
2014-01-08 01:05:37 +0000 CFStringRef CopyHostGUID(DSLDAPContainerRef, CFStringRef): Could not get query results
2014-01-08 01:05:37 +0000 FATAL : Could not retrieve HOST GUID for parent
2014-01-08 01:05:37 +0000 FATAL : Could not retrieve HOST GUID for parent (error = 78)
2014-01-08 01:05:37 +0000 Deleting Cert Authority related data
2014-01-08 01:05:37 +0000 No intCAIdentity, not removing int CA from keychain
2014-01-08 01:05:37 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2014-01-08 01:05:37 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2014-01-08 01:05:37 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2014-01-08 01:05:37 +0000 Updating ldapreplicas on primary master
2014-01-08 01:05:37 +0000 Unable to create ODNode for domaintest1.int: 2100 Connection failed to the directory server.
2014-01-08 01:05:37 +0000 Primary master node is nil!
2014-01-08 01:05:37 +0000 Unable to locate ldapreplicas record: 0 (null)
2014-01-08 01:05:37 +0000 Error setting read ldap replicas array: 0 (null)
2014-01-08 01:05:37 +0000 Error setting write ldap replicas array: 0 (null)
2014-01-08 01:05:37 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2014-01-08 01:05:37 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2014-01-08 01:05:37 +0000 Error synchronizing ldapreplicas: 0 (null)
2014-01-08 01:05:37 +0000 Removing self from the database
2014-01-08 01:05:37 +0000 Warning: An error occurred while re-enabling GSSAPI.
2014-01-08 01:05:38 +0000 Stopping LDAP server (slapd)
2014-01-08 01:05:39 +0000 Stopping password server
2014-01-08 01:05:39 +0000 Removed all service principals from keytab for realm DOMAINTEST1.INT
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/alock.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/authdata.ldif.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2014-01-08 01:05:39 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2014-01-08 01:05:39 +0000 Removed directory at path /var/db/openldap/authdata.
2014-01-08 01:05:39 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2014-01-08 01:05:39 +0000 Removed file at path /etc/openldap/slapd.conf.
2014-01-08 01:05:39 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2014-01-08 01:05:39 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2014-01-08 01:05:39 +0000 Removed directory at path /etc/openldap/slapd.d.
2014-01-08 01:05:39 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2014-01-08 01:05:39 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2014-01-08 01:05:39 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2014-01-08 01:05:39 +0000 Stopping password server
2014-01-08 01:05:39 +0000 Removed file at path /etc/ntp_opendirectory.conf.
2014-01-08 01:05:39 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.We're having the exact same issue, also between two 10.9 servers - any luck finding a resolution?
-
Active directory SYSVOL replication issues
Hello.
I have 2 domain controllers, both of them on the same site DC1 & DC2. I have added a new site with a DC3. When I have added DC3 to the domain, I have realized, SYSVOL was not initialized correctly. I went back to DC1 and found out, there's following
error in the event viewer:
Error: 4012 on DC1
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 99 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter
(60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
Error: 2213 on DC2
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication
WMI method to resume replication.
This indicates a DFS replication issue between DC1 & DC2 and probably this would be the reason, why the SYSVOL was not properly initialized on DC3.
How can I restore correct DFS replication between DC1 & DC2? I've read
this article, but it's not clear to me, which of the 2 domain controllers has a good version of SYSVOL + I can not find a decent step-by-step article for reconnecting Windows 2012 domain controller.
Any idea, how I can proceed further here?Here's a complete documentation with resolution of my issue. I have created this documentation for my own purposes in our WIKI, so I will paste it here (I hope, it will help somebody else in the future):
The Problem
We have bought a new server for our domain. This server (NEWDC01) was promoted to be a domain
controller in the DOMAIN. After the promotion, I have added a single computer to the domain. When I have logged on the client to the domain, I realized, this computer is not using the new domain controller (NEWDC01)
for authentication, but DC02 domain controller instead. This is not intended. Local clients should use local domain controllers for authentication (assuming, the Active directory sites & services are configured properly). Further investigation revealed,
there are some replication errors on OLDDC01 & OLDDC02 servers. First I need to solve these replication errors. Then I can
add the NEWDC01 server to domain properly.
Analysis
There are several errors related to DFSR replication on both domain controllers:
Error: 4012 on OLDDC01
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain.
This server has been disconnected from other partners for 99 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder
until this error is corrected.
Error: 2213 on OLDDC02
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database
is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.
In order to have active directory in a healthy condition, one must ensure, there’s a successful
replication between existing domain controllers up and running. If the replication does not work correctly, you can expect bunch of issues.
group policies and logon scripts are not applied correctly, or as intended
when you want to add a new domain controller to the domain, it will not work as expected (although, you will not see any specific errors after the
server is promoted to be a domain controller)
Active directory backup
I have scheduled an AD backup on OLDDC01 server using the ‘Windows Backup’ solution to make sure,
I can restore the AD / SYSVOL, in case something goes wrong. The backup is scheduled to be executed every day.
Active directory restore
In this particular case, I will talk only about SYSVOL restore. As indicated above, we must get
rid of the DFSR event viewer errors which you can find in event viewer. One of them is indicating, that the JET database was not shut down cleanly and autorecovery was disabled. The other error indicates, the SYSVOL volume is no longer replicated. I am not
sure, what is the reason, why the AD’s in the domain stopped to replicate. Probably it was an unclean server shutdown. The DFSR service stopped to replicate the SYSVOL share and I was not aware about that. When the replication did not run for more than ~99
days, the SYSVOL share was excluded from the DFSR replications.
Find out the most accurate SYSVOL share in the domain
I have compared the content of the SYSVOL directories on both OLDDC01 and OLDDC02 servers: C:\Windows\SYSVOL\domain\Policies.
Both directories have 37 subdirectories. Each subdirectory corresponds to one group policy. This means, that the content is approximately the same, thus I can’t tell, which version is most recent. I do most of the GPO changes on OLDDC01, so I made a conclusion,
that this server contains the most recent version of the SYSVOL share.
There are 2 types of SYSVOL restores, you can do:
Authoritative restore
Non-authoritative restore
Non-authoritative restore
This is a more simple kind of a restore. You can perform this kind of restore, when you are sure,
that one of the domain controllers is authoritative (e.g. you presume, the SYSVOL share is intact and working properly). If you can identify such a working server, you can perform non-authoritative restore of the active directory on a broken domain controller.
Authoritative restore
In this case, you can designate a specific domain controller to be authoritative. You set a special
flag on this server, which will prohibit to overwrite it’s state from another domain controllers, when the replication is enabled on the server again. After you designate one server to be authoritative, you need to update all the another domain controllers
using the non-authoritative procedure.
In this article, you can find, how to perform authoritative vs. non authoritative AD resotre:
http://support.microsoft.com/kb/2218556.
In my case, I was not sure, which of the domain controllers had a more recent copy of AD, so I
have decided to make OLDDC01 authoritative (check the link above). Once this has been done, I have made a non-authoritative update on OLDDC02 server.
Everything was almost ready. The last step, I needed to execute was, I needed to fix the ‘JET’
event viewer error on SRVBK1. In the event log entry on the bottom, you can find following:
Recovery Steps
1. Back up the files in all replicated folders on the volume. Failure to do
so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.
2. To resume the replication for this volume, use the WMI method ResumeReplication
of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig
where volumeGuid="D37A9FC3-8B1D-11E2-93E8-806E6F6E6963" call ResumeReplication
For more information, see http://support.microsoft.com/kb/2663685.
Final words
After I have executed this command, the replication was again started between OLDDC01 and OLDDC02
servers. After I have started up the NEWDC01 server, I have realized, it has automatically replicated the contents of the SYSVOL share - almost immediately after the server was started up. I have again tried to login with the local client into DOMAIN domain
and now I see, that local client is using local Domain controller for authentication.
Everything seems to be OK now. -
AD replication issue. had 1722 error after running repadmin
Hi,
I got 1722 error ( The RPC server is unavailable) when I run repadmin /replsummary. The result points that one source DSA is having 1722 error and the problem DC is the DC I run repadmin command from.
Do it make sense. Why DC itself cannot rpc to itself?
Thanks
QingI would start with what is mentioned in this Wiki article: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
That should be a good start for troubleshooting.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
CMS replication not updating automatically
Hi All
When running get-csmanagementstorereplicationstatus all the lync servers shows up as true and with the same time stamp.
If I update a user in the lync control panel or just move the user to another pool and then check the cms replication status again the date and time stamp stays the same. If I invoke replication then it updates and all the servers shows the same time and
true status again.
On the cms master I have restarted the replication service as well as the master replication service and dont' see any errors in the logs. There are also replication errors on any of the other servers.
I'm thinking of restarting all the servers, but this is a big setup and I was hoping for a quick fix if anyone have any suggestions.
RegardsHi danielategan,
Anthony is right.
CMS is a repository to store management data in the form of topology, configurations and policies.
Please have a look at the following article.
http://blogs.technet.com/b/jenstr/archive/2010/10/13/what-is-central-management-store-cms.aspx
Best regards,
Eric -
Hello Team,
We have built a new Domain Controller in our environment with OS 2003 Server.
While checking for replication from an existing server (using the command repadmin /replsummary) I get and an as below:
1753 - NLHAAAHDC002
(NLHAAAHDC002 is the DC name that is built new)
Also if I run the same command on the new server (NLHAAAHDC002) I get the error that as below:
"'repadmin' is not recognized as an internal or external command,
operable program or batch file".
An urgent response is appreciated.
Regards,
Suman RoutHi Suman,
Please refer the below link on Microsoft KB article for Troubleshooting steps - DC Replication issue,
http://support.microsoft.com/kb/2089874/en-us
Regards,
Gopi
JiJi
Technologies -
AD Replication issues, SYSVOL / NETLOGON not replicating
Hello Experts!
We have a client that recently called us for some assistance. The IT department had a new virtual environment stood up. They Created 3 new VMs and promoted them all to domain controllers. The current domain and forest functional levels are (and were) Server
2003. There were two existing domain controllers, both Server 2003. The new domain controllers are Server 2012 R2. After promoting the 3 new servers to DC’s, they demoted one of the old DC’s. Then they transferred FSMO roles to a new 2012 R2 DC. When they
went to demote the last server 2003 DC, it was giving them the error that it is the last DC in the domain. That’s when we were called to assist. I have since demoted 2 of the 3 new 2012 R2 DCs and transferred all FSMO roles back to the Server 2003 DC.
I have been running some tools to try and gather data. Here is the DCDIAG from the last Server 2003 DC:
C:\Documents and Settings\user>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: domainname\server2003server
Starting test: Connectivity
......................... server2003server passed test Connectivity
Doing primary tests
Testing server: domainname\server2003server
Starting test: Replications
......................... server2003server passed test Replications
Starting test: NCSecDesc
......................... server2003server passed test NCSecDesc
Starting test: NetLogons
......................... server2003server passed test NetLogons
Starting test: Advertising
......................... server2003server passed test Advertising
Starting test: KnowsOfRoleHolders
......................... server2003server passed test KnowsOfRoleHolders
Starting test: RidManager
......................... server2003server passed test RidManager
Starting test: MachineAccount
......................... server2003server passed test MachineAccount
Starting test: Services
......................... server2003server passed test Services
Starting test: ObjectsReplicated
......................... server2003server passed test ObjectsReplicated
Starting test: frssysvol
......................... server2003server passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... server2003server failed test frsevent
Starting test: kccevent
......................... server2003server passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000410B
Time Generated: 02/18/2015 19:27:04
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 19:28:22
Event String: Component: System Information Agent
An Error Event occured. EventID: 0xC00110CD
Time Generated: 02/18/2015 19:28:22
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 19:28:22
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0xC0060024
Time Generated: 02/18/2015 19:28:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002720
Time Generated: 02/18/2015 19:32:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 02/18/2015 14:33:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:33:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:33:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410B
Time Generated: 02/18/2015 14:36:18
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 14:38:48
Event String: Component: System Information Agent
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 14:38:48
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0xC4350505
Time Generated: 02/18/2015 14:38:54
Event String: NIC Agent: Connectivity has been lost for the NIC
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:39:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:39:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0xC25A001D
Time Generated: 02/18/2015 14:42:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:42:22
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:42:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 14:48:03
Event String: Component: System Information Agent
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 14:48:03
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 02/18/2015 14:55:30
Event String: The kerberos client received a
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:39
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
......................... server2003server failed test systemlog
Starting test: VerifyReferences
Some objects relating to the DC server2003server have problems:
[1] Problem: Missing Expected Value
Base Object:
CN= server2003server,OU=Domain Controllers,DC=domainname,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN= server2003server,CN=Servers,CN=domainname,CN=Sites,CN=C
onfiguration,DC=domainname,DC=com
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... server2003server failed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domainname
Starting test: CrossRefValidation
......................... domainname passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Running enterprise tests on : domainname.com
Starting test: Intersite
......................... domainname.com passed test Intersite
Starting test: FsmoCheck
......................... domainname.com passed test FsmoCheck
C:\Documents and Settings\user>
Now the DCDIAG for the Server 2012 R2 DC.
2012R2DC
PS C:\Users\user > dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = 2012R2DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: domainname\2012R2DC
Starting test: Connectivity
......................... 2012R2DC
passed test Connectivity
Doing primary tests
Testing server: domainname\2012R2DC
Starting test: Advertising
Warning: DsGetDcName returned information for \\server2003server.domainname.com, when we were trying to reach 2012R2DC.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... 2012R2DC
failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... 2012R2DC
passed test FrsEvent
Starting test: DFSREvent
......................... 2012R2DC passed test DFSREvent
Starting test: SysVolCheck
......................... 2012R2DC passed test SysVolCheck
Starting test: KccEvent
......................... 2012R2DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... 2012R2DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... 2012R2DC passed test MachineAccount
Starting test: NCSecDesc
......................... 2012R2DC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\2012R2DC \netlogon)
[2012R2DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... 2012R2DC failed test NetLogons
Starting test: ObjectsReplicated
......................... 2012R2DC passed test ObjectsReplicated
Starting test: Replications
[Replications Check, 2012R2DC] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105
"Replication access was denied."
......................... 2012R2DC failed test Replications
Starting test: RidManager
......................... 2012R2DC passed test RidManager
Starting test: Services
Could not open NTDS Service on 2012R2DC, error 0x5 "Access is denied."
......................... 2012R2DC failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 02/18/2015 14:39:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/18/2015 14:44:34
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x40000004
Time Generated: 02/18/2015 14:47:09
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server cr-dc3$. The target name used was C
RDC02$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when t
he target server principal name (SPN) is registered on an account other than the account the target service is using. En
sure that the target SPN is only registered on the account used by the server. This error can also happen if the target
service account password is different than what is configured on the Kerberos Key Distribution Center for that target se
rvice. Ensure that the service on the server and the KDC are both configured to use the same password. If the server nam
e is not fully qualified, and the target domain (domainname.COM) is different from the client domain (domainname.COM),
check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify
the server.
......................... 2012R2DC failed test SystemLog
Starting test: VerifyReferences
......................... 2012R2DC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domainname
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domainname passed test CrossRefValidation
Running enterprise tests on : domainname.com
Starting test: LocatorCheck
......................... domainname.com passed test LocatorCheck
Starting test: Intersite
......................... domainname.com passed test Intersite
PS C:\Users\user>
From here I can see SYSVOL and NETLOGON are not replicating from server2003server. When I log on to server2003server and run ‘net share’ the SYSVOL and NETLOGON shares are shared. But, when I do the same on 2012R2DC there are no NETLOGON or SYSVOL shares.
I see ntfrs issues. So I ran ntfrsutl ds on server2003server and the results are here:
C:\Documents and Settings\user>ntfrsutl ds
NTFRS CONFIGURATION IN THE DS
SUBSTITUTE DCINFO FOR DC
FRS DomainControllerName: (null)
Computer Name : SERVER2003SERVER
Computer DNS Name : SERVER2003SERVER.domainname.com
BINDING TO THE DS:
ldap_connect : SERVER2003SERVER.domainname.com
DsBind : SERVER2003SERVER.domainname.com
NAMING CONTEXTS:
SitesDn : CN=Sites,cn=configuration,dc= domainname,dc=com
ServicesDn : CN=Services,cn=configuration,dc= domainname,dc=com
DefaultNcDn: DC= domainname,DC=com
ComputersDn: CN=Computers,DC= domainname,DC=com
DomainCtlDn: OU=Domain Controllers,DC= domainname,DC=com
Fqdn : CN= SERVER2003SERVER,OU=Domain Controllers,DC= domainname,DC=com
Searching : Fqdn
COMPUTER: SERVER2003SERVER
DN : cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : d3cfdf56-a013-40ab-a2e9ffc3d88896bd
UAC : 0x00082000
Server BL : CN= SERVER2003SERVER,CN=Servers,CN=domainname,CN=Sites,CN=Configuration,D
C= SERVER2003SERVER,DC=com
Settings : cn=ntds settings,cn= SERVER2003SERVER,cn=servers,cn= domainname,cn=sites,c
n=configuration,dc= domainname,dc=com
DNS Name : SERVER2003SERVER. domainname.com
WhenCreated : 5/29/2007 10:36:30 Eastern Standard Time Eastern Daylight Time
[300]
WhenChanged : 2/17/2015 11:21:58 Eastern Standard Time Eastern Daylight Time
[300]
SUBSCRIPTION: NTFRS SUBSCRIPTIONS
DN : cn=ntfrs subscriptions,cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : 5d0ca299-209d-4814-ae6d7acd9209e10a
Working : c:\windows\ntfrs
Actual Working: c:\windows\ntfrs
WhenCreated : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
WhenChanged : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
SUBSCRIBER: DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
DN : cn=domain system volume (sysvol share),cn=ntfrs subscriptions,cn
= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : fb56d707-3c40-429f-bd7c63d227b9fb5d
Member Ref: (null)
Root : c:\windows\sysvol\domain
Stage : c:\windows\sysvol\staging\domain
WhenCreated : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
WhenChanged : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
SERVER2003SERVER IS NOT A MEMBER OF ANY SET!
C:\Documents and Settings\user>
Also worth noting that when we power down SERVER2003SERVER no computer can contact a logon server.
The last line of this worries me as well. I am going to continue to work on this but I wanted to get these logs to some other eyes in case you have some ideas off the bat. Thanks in advance!I would first recommend to make sure that the new DCs are also global catalogs and to refer to IP setting recommendations I shared here: http://www.ahmedmalek.com/web/fr/home.asp
It is possible to do a non-authoritative restore of SYSVOL to make it appear on the other DCs: https://support.microsoft.com/kb/290762?wa=wsignin1.0
However, you would need to upgrade to DFSR.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Hello Experts,
We are in SRM 7.0 classic scenario.We are facing an issue in Vendor replication as described below:-
We have connected a new backend R/3 system to the SRM system i.e now the SRM system is connected to 2 backend R/3 system.
We replicated the vendor from the new backend R/3 system as shown below
1.Transaction BBPGETVD to bring the vendors from the new backend R/3 system into SRM system
2.Transaction BBPUPDVD to update the vendor from the new backend R/3 system.
There were around 25000 vendors linked to the Required Purchasing org in the the new backend R/3 system, but out of these only 2 could be replicated.
We verified the Vendor Replication as described below
1) SE16-Table VENMAP(logsys-new backend R/3 system)
2) SE16-BBPM_BUT_FRG0061(To confirm the Org ID of the Porg for which these vendors are extended)
We can see that the vendor are from the New backend R/3 system and extended for the required Porg.
However, when we try to search for these vendors in the SRM portal, we are unable to find it.
Can you all experts, plz let us know
1. Why only 2 vendors were successfully replicated from the new backend R/3 system?We checked the vendors status using LFM1 & LFB1 and could see many more vendor could had been replicated.
2.Why we were unable to search for the vendors in portal inspite of the fact the we can see the vendor in VENMAP and also in the BBPM_BUT_FRG0061(we have ensured that we are putting the correct Porg ID in the search for eg. 0 5*******) and also we can search the vendor from the old R/3 system?
We would like to also mention that we have same vendors with different vendor numbers in different backend R/3 system.
Any pointers to resolve this issue will be highly appreciated.
Regards,
RKSHello Experts ,
I forgot to mention that ,i'm getting following warning message:-
Warning:
If you use external number assignment,you will lose data records
Number of supplier lost 23.333
The following allocation results from the transfer.
Total number of suppliers: 23.335
Adoption of R/3 description 23.333
Can you all experts plz explain what is "external number assignment" and also we are using option transfer only R/3 number
but still why 23.333 verdors are lost
Thank you in advance for suggestions,
Thaks & Regards,
RKS -
Project Structure in SAP R/3 Replication Issues
Hi All,
I have some of the Issues while creating the Project Structure in cProjects.
1) The Project Structure getting generated in SAP R/3 is only mappped with WBS elements, why not Networks and Network Activies.
e.g
*cProjects SAP Project Systems*
Project Definition -
> Project definition
Phase----
> WBS Element
Task----
>WBS Element
Mirrored Task----
>WBS Element
Sub Task----
>WBS Element
Checklist----
>WBS Element
Checklist item----
>WBS Element
Is this the standard feature or whether we can create the Network and Network Activites for Tasks and Checklist??
2) The Numbering of the Phase, Tasks, Sub tasks, hecklist etc... all are of some 24 digit numerals, Can we automate the numbering like, the WBS element at level 1 should copy the project definition number and some extension...
3) the Project generated in SAP Project Systems i.e the WBS Elements has status "MDLK" Master data locked.... Why is this set. Is it standard? Can we eliminate this?
Hoping for answers from you all.
Thanks & Regards,
StephenHi Stephen,
1) The Project Structure getting generated in SAP R/3 is only mappped with WBS elements, why not Networks and Network Activies.
e.g
*cProjects SAP Project Systems*
Project Definition -
> Project definition
Phase----
> WBS Element
Task----
>WBS Element
Mirrored Task----
>WBS Element
Sub Task----
>WBS Element
Checklist----
>WBS Element
Checklist item----
>WBS Element
Is this the standard feature or whether we can create the Network and Network Activites for Tasks and Checklist??
>>>> I think, you use cProject 4.0, as in cProject 3.1 it is possible to get object be replicated as PS activity.
Reason: The prupose of the replication is the costs-integration.
2) The Numbering of the Phase, Tasks, Sub tasks, hecklist etc... all are of some 24 digit numerals, Can we automate the numbering like, the WBS element at level 1 should copy the project definition number and some extension...
>>> You can implement a Badi to apply your own logic. There is a Note to give you instruction how to do it. If you fails to find it, please let me know. I will search it.
3) the Project generated in SAP Project Systems i.e the WBS Elements has status "MDLK" Master data locked.... Why is this set. Is it standard? Can we eliminate this?
>>> As the WBS is automatically created via integration. Use this status to prevent the user change it by mistaken. To behonest, I do not this logic, but it is standard behaviour.
Kind regards,
Zhenbo -
Active Directory : Replication Issue - "Disconnected" sub-domain from the Forest
Hello everyone,
I'm managing a multi-domain forest (with 7 sub-domain). All are working fine except for one. Throught repadmin (Repadmin /replsum /bysrc /bydest /sort:delta), I noticed I got both domain controllers of a subdomain (there are only 2 DCs in that
subdomain), who hadn't replicated with the rest of the forest for more than 60 days.
According to my research, it's usually recommended to Depromote and repromote the problematic DC to avoid the issue of lingering objects. In this case, it's both DC of a sub-domain. Of course, on the others DCs in the forest, I got the event
ID 2012 "it has been too long since this machine last replicated with the named source machine....".
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
to a value of 1.
As I understand it, this may cause lingering objects to appear (they can be removed with repadmin /removelingeringobjects command with the DSA GUID, naming context, etc..). So far, I haven't used that registry key yet because of the associated risks.
I didn't noticed any other issue so far. Users in the problematic sub-domain are fine, and the problematic sub-domain seems to be able to pull replication data from the others DCs in the forests. (at least, I'm not getting any error in the A.D. Sites
and Services)
I added two new DCs for the affected sub-domains, so the number of DCs for that domain went from 2 to 4 DCs. The two old DCs that hadn't replicated for 60 days are windows Server 2003 and the two new DCs are Server 2008 R2.
Unfortunately (and I was half expecting this, but did it anyway since I must eventually replace the old DCs), that didn't solve my issue, since the rest of the forest "doesn't see" the two new DCs of the sub-domain. By that, I mean that I
cannot add an Active Directory Domain Services Connection in Sites & Services console (from a DC in another domain of the forest or even the root domain). I see all the DCs, including the two old DCs that are server 2003, but not the new ones.
I believe it's because the others DCs doesn't pull/replicate the information from the old DCs anymore, so they aren't "aware" of the two new DCs for that problematic sub-domain.
I was wondering what is the best course of action. Is it worthwhilte to use the registry key force replication with the old DCs ? (and hopefully, the new DCs will get their AD Services connection/replication vector created, so I can depromote
the old DCs.
Since the Old DCs from the problematic sub-domain seems to be able to pull the replication from the rest of the forest, does the risk of Lingering object isn't that great ?
Or is it too risky and I must create a new sub-domain and migrate one way or another the users ? (which would be time-consuming)
Thanks in advance,
AdamThanks for the reply. One of the link had another link to a good article about the use of repadmin :
So, I ran the command "repadmin /removinglingerobjects " on one of the problematic DCs ().
For clarity purpose, let's say I used the domain :
domain = main domain
subdomain = the domain whose DC are problematic (all of them).
AnotherSubDomain = Just another subdomain I used as a "reference" DC to cleanup the appropriate partition.
Command (the DSA guid is from a DC "clean" in another domain)
repadmin /removelingeringobjects adrec01.mysubdomain.domain.ca C4081E00-921A-480D-9FDE-C4C34F96E7AC dc=ANOTHERsubdomain,dc=domain,dc=ca /advisory_mode
I got the following message in the event viewer :
Active Directory Domain Services has completed the verification of lingering objects on the local domain controller in advisory mode. All objects on this domain controller have had their existence verified on the following source domain controller.
Source domain controller:
c4081e00-921a-480d-9fde-c4c34f96e7ac._msdcs.mydomain.ca
Number of objects examined and verified:
0
Objects that have been deleted and garbage collected on the source domain controller yet still exist on this domain controller have been listed in past event log entries. To permanently delete the lingering objects, restart this procedure without using the
advisory mode option.
How should I interpret the message "number of objects examined and verified 0". Does it mean it just didn't find any object to compare ? (which would be odd IMHO) Or there is another problem ?
Thanks in advance,
Adam -
Replication issue in ABAP to ABAP scenario
Hello,
I have a ABAP to ABAP replication scenario where I am replicating custom and standard tables like MDMA but found below issue.
The replication current action is struck in "Replication (Initial Load)" with Initial load is getting done but not replicating data afterwards.
Also, the tables is keep on switching between "Failed" and "In process" status. I checked the system is sufficient number of jobs.
I found below error message after checking the show error log.
I restarted the replication many times and even created the configuration but no luck.
Please enlighten me to fix this issue...
RegardsHi Tobi,
I removed all the records from target table and replicated again but same result.
Initial load is getting done but not replicating data afterwards. And the table is keep on switching between "Failed" and "In process" status.
Regards -
Value Mapping replication issue
Hi PI Experts,
I am working on the Value mapping replication scenario using Z-table created in R/3 system.
I have configured the value mapping Replication Out Abap proxy.
I am getting the following error :
Audit Log for Message: 4d404b41-39e4-0083-e100-80008b3557e6
Time Stamp Type Description
2011-01-27 07:56:19 Information The message was successfully received by the messaging system. Protocol: XI URL: http://gendevhrcx51.unix.appliarmony.net:54000/MessagingSystem/receive/JPR/XI Credential (User): PIAPPLUSER
2011-01-27 07:56:19 Information Using connection JPR. Trying to put the message into the receive queue.
2011-01-27 07:56:19 Information Message successfully put into the queue.
2011-01-27 07:56:19 Information The message was successfully retrieved from the receive queue.
2011-01-27 07:56:19 Information The message status was set to DLNG.
2011-01-27 07:56:19 Information Java Proxy Runtime (JPR) accepted the message.
2011-01-27 07:56:19 Error JPR could not process the message. Reason: Cannot locate proxy bean ValueMappingApplication.
2011-01-27 07:56:19 Error Delivering the message to the application using connection JPR failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error processing inbound message. Exception: Cannot locate proxy bean ValueMappingApplication.
2011-01-27 07:56:19 Information The message status was set to WAIT.
2011-01-27 07:56:19 Information The asynchronous message was successfully scheduled to be delivered at Thu Jan 27 08:01:19 CET 2011.
I have followed the threads :
1) /people/udo.martens/blog/2009/04/03/value-mapping-replication-scenario
2) ValueMappingReplication in PI 7.1
3) How to Perform Value Mapping u2013 A Walkthrough -> Sarath Chandra Kandadai
which had similar issue but could not make any headway.
Questions :
1) Are there any specific PIAPPLUSER authorizations required ,I have configured the CC as per the 3rd thread.
2) There is an issue with SLD access when I look at the JPR monitoring,could be the possible reason.
SLD access SLD host:port = gendevhrcx51:54000
Error getting JPR configuration from SLD. Exception: No entity of class SAP_BusinessSystem for DHX.SystemHome.gendevhrcx51 found
No access to get JPR configuration
I have refered to the Note : 809420 and asked the basis team to look into this.
I am running out of ideas ,request you guys to help on this issue.
Thanks
-AlokHi Alok,
i have similar error. Here the error:
30.12.2013 20:40:17.789
Information
Java Proxy Runtime (JPR) accepted the message.
30.12.2013 20:40:17.871
Error
JPR could not process the message. Reason: No remote bean found for reference of class com.sun.proxy.$Proxy352.
30.12.2013 20:40:17.876
Error
Delivering the message to the application using connection JPR failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error processing inbound message. Exception: No remote bean found for reference of class com.sun.proxy.$Proxy352.
30.12.2013 20:40:17.911
Information
The asynchronous message was successfully scheduled to be delivered at Mon Dec 30 20:45:17 CET 2013.
I have registered the inbound interfaces:
http://sap.com/xi/XI/System#ValueMappingReplication = localejbs/sap.com/com.sap.xi.services/ValueMappingApplication:valueMappingReplication
http://sap.com/xi/XI/System#ValueMappingReplicationSynchronous = localejbs/sap.com/com.sap.xi.services/ValueMappingApplicationSynchronous:valueMappingReplicationSynchronous
2 interfaces found
But somehow the bean is not found and gave me the error :
JPR could not process the message. Reason: No remote bean found for reference of class com.sun.proxy.$Proxy352.
Can you tell me in detail what you have done to resolve the problem? I send the test data from soapui using the outbound interface ValueMappingReplicationOut provided by the content in SAP BASIS 7.11.
Thanks,
Ly-Na
Maybe you are looking for
-
Transferring songs from one computer to another without erasing anything
I've read everything here that pertains and don't see my exact problem. I did not realize when I got this iPod the problems involved in using more than one computer, and as a result, I have songs on three computers that I'd like to get into my iPod w
-
Scripts/multiple queries in one CF Query block in Oracle
Greetings: I am primarily an MS SQL programmer and I am wondering how to run multiple query statements inside a single cfquery block. For example, on MS SQL I can do multiple delete statements, or an update and select within one cfquery block, but I
-
Need Help for SAP Solution Managr 4.0 installation & configuration
Hi, Please help me to install & configure Solution Manager 4.0.Provide some technical document in PDF as well as Doc. Format.I am very thankfull for all response ragarding the same. Regards Gyan
-
"Do not include a break inside the TD tag" is ignored
In Edit | Preferences | Code Format in DW CS5, the setting "Do not include a break inside the TD tag" is ticked but DW is still putting a line break in the tag like this... <td> </td> Any idea why the setting is being ignored? Malcolm
-
Whenever I resize a window whenever I'm checking out a branch using bzr, I automatically stops checking out the branch. I'm using xmonad. I get the following error: bzr: ERROR: [Errno 4] Interrupted system call