Dfs initial replication
Hi,
I was wondering whether you can allow users to access the target of an initial replication while the replication is still going. If so, how will dfs cope with changes and deletions on that share? Will it use USNJournal? What's the risk of
a journal wrap destroying data if a lot of changes are made while initial replication is running?
Also, if something should go wrong with that initial replication how would one recover from that failure? I assume just rebuilding the replication group will make a huge mess in such case?
Thanks in advance for your response!
S.
MCP/MCSA/MCTS/MCITP
You might find this helpful:
http://blogs.technet.com/b/askds/archive/2007/10/05/top-10-common-causes-of-slow-replication-with-dfsr.aspx?PageIndex=15
As Ned says in #10, it's ideal to perform initial sync during a change window. As they files are changed it will likely only lead to a larger replication backlog, however the changes will be kept track of in the change journal. If initial sync
never really makes it over the mountain you may just need to increase the staging area:
http://blogs.technet.com/b/askds/archive/2011/07/13/how-to-determine-the-minimum-staging-area-dfsr-needs-for-a-replicated-folder.aspx
However, in a perfect world if we're talking about synching a lot of data it's always best to pre-seed the data from Node1 to Node2 with Robocopy or Windows Server Backup. Here's the case for pre-seeding versus not:
http://blogs.technet.com/b/askds/archive/2008/02/12/get-out-and-push-getting-the-most-out-of-dfsr-pre-staging.aspx
If, as you say, initial replication never seems to make it over the hump and adjustments to the staging area don't help, you might consider stopping replication and pre-seeding the data. This means the replication service will have less to do because
you've done all the work up front with robocopy or Windows Server Backu:.
http://blogs.technet.com/b/askds/archive/2010/09/07/replacing-dfsr-member-hardware-or-os-part-2-pre-seeding.aspx
Hope this helps clear things up a bit.
Similar Messages
-
We are setting up 3 replication groups, 1 which we are able to do over the LAN and the other 2 which need to be performed over the WAN (10mb IPSec VPN at each site).
The local data set which is 2TB replicated fine in about 2 days.
The 2 WAN data sets have exhibited strange behaviour. They start off quick, then basically hit a block and continue to replicate but very slowly (500mb-1gb/day).
The first one got up to 220gb, then slowed right down. The second one got up to 45gb, then slowed right down.
Hub: Server 2008 R2
Client: Server 2012 R2
The staging quota should be OK as I am not getting any errors in the DFSR log about hitting the high watermark.
If I look at the logs in C:\Windows\debug I constantly see this error:
+ [Error:9027(0x2343) Meet::InstallStep meet.cpp:1879 12296 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) Meet::Download meet.cpp:2296 12296 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) InConnection::TransportRdcGet inconnection.cpp:4423 12296 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RdcGet downstreamtransport.cpp:5265 12296 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) RpcFinalizeContext downstreamtransport.cpp:1147 12296 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RdcGet downstreamtransport.cpp:5192 12296 C A failure was reported by the remote partner]
+ [Error:9078(0x2376) DownstreamTransport::RdcGet downstreamtransport.cpp:5192 12296 C All server file transfer contexts are currently busy]
I have had a look through http://blogs.technet.com/b/askds/archive/2007/10/05/top-10-common-causes-of-slow-replication-with-dfsr.aspx however
none of the points seem to apply.
I've noted this solution also, that also suggests possible VPN issues http://social.technet.microsoft.com/Forums/windowsserver/en-US/eeaa60c7-0480-4ae9-b367-4cb9676fabd0/dfsr-event-5014-dfs-replication-service-is-stopping-communication?forum=winserverDS -
I know it references Meraki's VPN setup (which funnily enough we are moving to shortly, but we're just using Cisco IPSec VPN right now via Cisco Routers), but perhaps that may also have some sort of idea as to what the issue may be?
I'm inclined to think though it's definitely something relating to RPC (happy to be proven wrong though!) as if I copy the same data over the WAN using robocopy or even Explorer, it can do 550gb no problems in 3 days.Hi,
Please test to create a new replication group, create small files in folder and waiting for the initial replication to be finished.
Once it finished, try to put a large file which need to be replicated and see if it will still stopped in several GB.
Meanwhile please understand that generally we recommended to do a pre-staging with robocopy or backup-restore instead of waiting for the initial replication.
If you have any feedback on our support, please send to [email protected] -
Yesterday we were forced to perform a non-authoritative sync of the SYSVOL folder as replication had stopped because one of the DCs had been disconnected from it's replication partner for more than 60 days (caused by a unexpected shutdown and we did not
pick up on the fact replication had stopped until now).
I performed the non-authoritative sync of the SYSVOL folder and now the folder is in state 2
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
and has been for more than 12 hours. The DFS replication health report, reports "This member is waiting for initial replication for replicated folder SYSVOL Share".
How long should it take and is there anyway to force it so that replication can resume?I'm fairly sure it's not tombstoned. Here is the DCDIAG output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RC-CURDC-02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RC-CURDC-02
Starting test: Connectivity
......................... RC-CURDC-02 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RC-CURDC-02
Starting test: Advertising
......................... RC-CURDC-02 passed test Advertising
Starting test: FrsEvent
......................... RC-CURDC-02 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... RC-CURDC-02 passed test DFSREvent
Starting test: SysVolCheck
......................... RC-CURDC-02 passed test SysVolCheck
Starting test: KccEvent
......................... RC-CURDC-02 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RC-CURDC-02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RC-CURDC-02 passed test MachineAccount
Starting test: NCSecDesc
......................... RC-CURDC-02 passed test NCSecDesc
Starting test: NetLogons
......................... RC-CURDC-02 passed test NetLogons
Starting test: ObjectsReplicated
......................... RC-CURDC-02 passed test ObjectsReplicated
Starting test: Replications
......................... RC-CURDC-02 passed test Replications
Starting test: RidManager
......................... RC-CURDC-02 passed test RidManager
Starting test: Services
......................... RC-CURDC-02 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003FC
Time Generated: 06/12/2014 18:26:05
Event String:
Scope, 10.59.96.64, is 83 percent full with only 7 IP addresses remaining.
A warning event occurred. EventID: 0x000003FC
Time Generated: 06/12/2014 18:26:05
Event String:
Scope, 10.59.98.0, is 95 percent full with only 5 IP addresses remaining.
A warning event occurred. EventID: 0x00000560
Time Generated: 06/12/2014 18:26:05
Event String:
IP address range of scope 10.59.96.64 is 83 percent full with only 7 IP addresses available.
A warning event occurred. EventID: 0x00000560
Time Generated: 06/12/2014 18:26:05
Event String:
IP address range of scope 10.59.98.0 is 95 percent full with only 5 IP addresses available.
A warning event occurred. EventID: 0x000016AF
Time Generated: 06/12/2014 18:39:43
Event String:
During the past 4.23 hours there have been 95 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined
sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please
consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log'
and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text
'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize';
the default is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
......................... RC-CURDC-02 passed test SystemLog
Starting test: VerifyReferences
......................... RC-CURDC-02 passed test VerifyReferences
Running partition tests on : curriculum
Starting test: CheckSDRefDom
......................... curriculum passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... curriculum passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running enterprise tests on : riddlesdown.local
Starting test: LocatorCheck
......................... riddlesdown.local passed test LocatorCheck
Starting test: Intersite
......................... riddlesdown.local passed test Intersite
Eveything is passing, except for the bits about the SystemLog and DFRS, all seems good to me.
Event 2213 is in the logs. I will look and changing the MaxOfflineTimeInDays and see if that gets it going. -
How to do an initial replication from R/3 to SRM 6.0?
Hello everyone,
We are working in a implementation of SRM with R/3. My question is about how I can replicate the existing information in R/3 (PR, PO, Invoices, etc) to SRM (as an initial replication). Especially, I wonder if the documents that are in process have to be finished in R/3 or they can be finished in SRM.
Thanks
IváHi Ivan,
In addition to what Masa and Claudia has informed,
mainly the Material Master, Vendor Master, Plants, Storage locations, UOM, Currencies will get transferred from R/3 to SRM irrespective of your implementation scenario (i.e Classic or Extended classic ).
In case you work on classic scenario, the main document (leading document) P.O will be in R/3.
In case of Extended classic scenario, the leading document P.O is in SRM and a copy will be created in R/3 but is not changeable in R/3.
You can have G.R (confirmation) and invoice in both the systems. In case you create in SRM a copy will be created in R/3. In case you create in R/3 the status gets updated in SRM.
Hope this makes you more clear.
Award points for helpful answers.
Rgds,
Teja -
2008 R2 AD ... Specified replication partner, can I change this later during initial replication
Hello - Healthy single forest, single domain with 100+ DC's. Today, added new DC to the forest/domain and selected another DC in it's same site as it's replication partner during dcpromo, initial replication. Turns out this other DC is in the
same site, but in an OLD building that we are getting rid of and the link between the old and new is not good at all. It's already done critical replication, now just progressing with initial full replication, but it's taking a LONG time (days).
Is there any way for me to switch the new DC to finish it's initial replication with another DC, that's on a much better network link? (Or am I stuck as is with the extremely slow link?) I would prefer to not kill this and do metadata cleanup if
possible, prefer to sync w/another DC. Thank you.Hello,
If the connectivity is unstable, you will have problems in AD replication.
You can use IFM to avoid replicating much information: http://blogs.technet.com/b/activedirectoryua/archive/2009/01/19/installing-from-media-ifm.aspx
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft
Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer -
Internet Sales Catalog Initial Replication issues - SAP CRM 5.2
Hi Gurus,
we are experiencing an issue during the configuration of the E-Commerce Internet Sales (ISA) for SAP CRM 5.2. In particular we are getting an error during the initial replication of our catalog to the TREX server (up and running on the same machine as the CRM server itself). The transaction is COMM_PCAT_IMS_INIT.
The error gives the message "No Staging Customizing Data Available (Message no. COM_PCAT_IMS001)". We have already checked all relevant RFC connections (FTP, HTTP and the TREX one), finding them correctly set. We also checked the target for publishing the catalog (in SPRO), setup with anonymous SAPFTP connection.
Can anyone help us resolving this issue?
Thanks in advance
Reward points if helps!Hi Steffano,
Am also facing the same problem did you resolved it ? If please can tell me how did you resolved it .I would appreciate and reward points if you can resolve it .
You can send me a mail to [email protected]
Thanks
RR -
Manual replication after initial replication
Hi,
I have a Hyper-V server with multiple VM's replicating over VPN to a replica Hyper-V server. I have it setup to replicate every 5 minutes. All is well. One of the VM's on my Hyper-V server is a backup server. I have backup software
that I install on a client's server or workstation that backs up locally and then uploads the backup over the internet to my backup server [I can seed the software's initial backup manually much like the initial replication of the Hyper-V replica].
So when I sign up a new client and setup the backup, I could have upwards of 60GB or so of data that gets written to the backup server VM. When I do this it can take a week for the replication to finish when there has been 60GB of data added to the
VM. Is there a way to pause replication, and manualy export a replication to an external HD, then import the replacation to the replication server, then resume replication? like when we do the first replication manually to a remote server?
Or am I going to have to remove replication [on both servers], delete the replica VM, then enable replication again and do a manual initial replication?
Thanks for any input!!
RobHello,
I appreciate your input. All of my VM's are backed up with Data Protection manager. My question wasn't about back up. It was how I can manually replicate after initial replication. you said two things above. 1] Only the initial
replication can use external HD, then 2] export the VM to replica site manually.
How do I accomplish "then export the VM to replica site manually" and then resume normal
replication?
Thanks
Rob -
Different between initial replication and delta replication
Hi,
What is different between initial replication and delta replication of the catalog to B2B?
Denis KhveshchenikInitial replication will replicate the full catalog
Delta replication - The replication will be based on teh change pointer that have been updated, so only the items that have been changed since the last initial replication will be replicated. This should result in a quicker replication time. -
Initial Replication fu00FCr Equipments in MAM30
Bei der Durchführung der initialen Replikation von Equipments treten bei grossen Datenmengen (>10000) immer wieder Konsistenzproblmeme auf (Fehler R/3 duplicate keys etc.), obwohl GET_DETAIL für SyncBO 031 fehlerfreie Daten liefert.
Dahingehend meine Fragen:
1.) Woran kann dies liegen?
2.) Ich habe mit den Einstellungen bezüglich paralleler Replication (Maximale Anzahl der Jobs, Paketgröße) experimentiert, jedoch ohne Erfolg (Fehler tritt auch dann auf, wenn nur 1 Job die Replikation durchführt). Kann jemand seine Erfahrungen dahingehend berichten?
Danke für eure Hilfe bereits im VorausHi Dietmar,
you mix two things. On one hand you have replication, the other hting is synchronisation.
The replication takes the complete list of items and transferes them to the middleware. If you have server driven stuff like equipments, you can live in most scenarios without the initial replication, but it is better to have the data already available in the middleware. Whenever an item chenges now in the middleware, you copy that change via MEREP_DELTABO table to the middleware. This process takes a few minutes in general. The number of items you replicate you can shrink in transaction SPRO on the middleware.
Ok, from that perspective, getting the 10.000 items via replication to the middleware is correct.
The sync now should only sync the items from middleware to the mobile device, necessary on the mobile device to work. So in that case, just the single equipment will be shipped down to the device if all orders point to the same item.
If you have the problem, that all items are shipped, you have a config error in SPRO in the backend. Easy thing, but most people do it wrong in the first place.
Anyway, I hope this small explanation helped.
Regards,
Oliver
[www.placeworkers.com] -
For the initial replication of product catalog (transaction : COMM_PCAT_IMS_INIT), the RFC destination is shown as a mandatory field.
I am not able to get any help from the Best practice documents as it dont have any details about the same.
I have created the SSR and Publishing Computer ID, but not sure wht is the RFC destination could be. Is it the Trex destination or the webserver FTP destination.
regards
SubhasisPublishing computer ID is not mandatory for the initial publishing of the catalog, Initial publishing can be done without any reference to the Publishing Computer. Publishing computer refers to the image / document server where you want to store the mime objects.
If you are not publishing any mime objects, there is no need to define any Publishing targets
Easwar Ram
http://www.parxlns.com -
DNS is waiting for AD to signal the initial replication has completed
Hello,
First off, thank you for your help in advanced. Any help you can offer would be appreciated, and let me know if there's more information you need
me to provide, or utilities to run.
I have just joined a Server 2012 R2 DC to my Server 2008 R2 domain. Topology is it only had one DC previously, the 2008 R2, running AD/DNS/DHCP.
I ran the forest prep & domain prep on the 2008 R2 domain controller, then ran a dcpromo on the 2012 R2. From there, I migrated the FSMO roles over to the 2012 R2 server using ntdsutil.exe. The ultimate goal is to retire the 2008 R2 DC and
bring on line a 2nd 2012 R2 DC for this domain.
My Issues
Windows 7 client PC's do not always resolve/pass traffic to the Server 2012 R2 server, sometimes I need to ping
the server by IP before it will resolve, other times if I just repeatedly double click on the shared folder mapped to the Server 2012 R2 DC it will work eventually. This is intermittent/random,
and not always repeatable with any specific procedures. Sometimes the user will be working, then all of the sudden they can't resolve DNS to the internet, nor internally.
I am getting the following errors in the event log on my 2012 R2 DC
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 3/16/2014 8:02:34 PM
Event ID: 4013
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: HSSserver.carman.local
Description:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start
until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there
is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will
be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:56:17 PM
Event ID: 2092
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: HSSserver.carman.local
Description:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has
not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Partitions,CN=Configuration,DC=carman,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity,
DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This
may be done using the steps provided in KB articles 255504 and 324801 on.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:56:17 PM
Event ID: 2092
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: HSSserver.carman.local
Description:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has
not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Schema,CN=Configuration,DC=carman,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity,
DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This
may be done using the steps provided in KB articles 255504 and 324801 on
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Log Name: DFS Replication
Source: DFSR
Date: 3/16/2014 11:21:43 PM
Event ID: 5014
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: HSSserver.carman.local
Description:
The DFS Replication service is stopping communication with partner CARMANSERVER for replication group Domain System Volume due to an error. The service will retry the connection periodically.
Additional Information:
Error: 1726 (The remote procedure call failed.)
Connection ID: 020D5B10-4876-4888-9214-45E3D8B3206D
Replication Group ID: 8A8ADB84-CB25-495E-8C28-AE9FD1761E85
From the Server 2008 R2 DC, I get the following errors/warnings in my event log:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:02:45 PM
Event ID: 2088
Task Category: DS RPC Client
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: CARMANSERVER.carman.local
Description:
Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy,
users and computers and their passwords, Active Directory Domain Services successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory Domain Services forest,
including logon authentication or access to network resources.
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
HSSserver.carman.local
Failing DNS host name:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following
diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
User Action:
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source
domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view <DC
name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered,
using the DNS Enhanced version of DCDIAG.EXE available on
dcdiag /test:dns
4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the
destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type was found.
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 3/16/2014 8:02:19 PM
Event ID: 4013
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start
until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there
is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be
logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 3/16/2014 8:01:55 PM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: CARMANSERVER.carman.local
Description:
Name resolution for the name _ldap._tcp.dc._msdcs.carman.local timed out after none of the configured DNS servers responded.
Log Name: System
Source: NETLOGON
Date: 3/16/2014 8:02:07 PM
Event ID: 3096
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The primary Domain Controller for this domain could not be located.
Log Name: System
Source: Microsoft-Windows-WinRM
Date: 3/16/2014 8:05:08 PM
Event ID: 10154
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The WinRM service failed to create the following SPNs: WSMAN/CARMANSERVER.carman.local; WSMAN/CARMANSERVER.
Additional Data
The error received was 8344: %%8344.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/16/2014 10:50:55 PM
Event ID: 10009
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
DCOM was unable to communicate with the computer 208.67.222.222 using any of the configured protocolsSorry, the forum limited me to only 60000 characters per post, so here is some more detailed information:
Here's some initial diags/info from my server 2012 DC:
c:\windows\system32\dcdiag /test:DNS /v /e
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine HSSserver, is a Directory Server.
Home Server = HSSserver
* Connecting to directory service on server HSSserver.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=carman,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=carman,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=CARMANSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=HSSSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CARMANSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
The clock difference between the home server HSSSERVER and target
server CARMANSERVER is greater than one minute. This may cause
Kerberos authentication failures. Please check that the time service
is working properly. You may need to resynchonize the time between
these servers.
......................... CARMANSERVER passed test Connectivity
Testing server: Default-First-Site-Name\HSSSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... HSSSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CARMANSERVER
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\HSSSERVER
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
Starting test: DNS
See DNS test in enterprise tests section
for results
......................... HSSSERVER passed test DNS
See DNS test in enterprise tests section for results
......................... CARMANSERVER passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : carman
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : carman.local
Starting test: DNS
Test results for domain controllers:
DC: HSSserver.carman.local
Domain: carman.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2012 R2 Standard
(Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is F0:1F:AF:E1:D1:C4
IP Address is static
IP address: 192.168.17.7, fe80::35d3:8713:ce0a:3680
DNS servers:
192.168.17.7
(HSSSERVER) [Valid]
192.168.17.5 (carmanserver.carman.local.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
208.67.220.220 (<name unavailable>) [Valid]
208.67.222.222 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: carman.local.
Delegated domain name: _msdcs.carman.local.
DNS server: carmanserver.carman.local. IP:192.168.17.5 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone carman.local
Test record dcdiag-test-record deleted successfully in zone carman.local
TEST: Records registration (RReg)
Network Adapter
[00000010] Broadcom NetXtreme Gigabit Ethernet:
Matching CNAME record
found at DNS server 192.168.17.7:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.7:
HSSserver.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.e6c304e4-c161-4258-8d51-5a2f20a61c7a.domains._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._udp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kpasswd._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.gc._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.7:
gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_gc._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.pdc._msdcs.carman.local
Matching CNAME record
found at DNS server 192.168.17.5:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.5:
HSSserver.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.e6c304e4-c161-4258-8d51-5a2f20a61c7a.domains._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._udp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kpasswd._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.gc._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.5:
gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_gc._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.pdc._msdcs.carman.local
DC: CARMANSERVER.carman.local
Domain: carman.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard
(Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5716C NetXtreme II
GigE (NDIS VBD Client):
MAC address is A4:BA:DB:12:D1:77
IP Address is static
IP address: 192.168.17.5
DNS servers:
127.0.0.1
(carmanserver.carman.local.) [Valid]
192.168.17.7 (HSSSERVER) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
208.67.220.220 (<name unavailable>) [Valid]
208.67.222.222 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: carman.local.
Delegated domain name: _msdcs.carman.local.
DNS server: carmanserver.carman.local. IP:192.168.17.5 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone carman.local
Test record dcdiag-test-record deleted successfully in zone carman.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5716C NetXtreme II
GigE (NDIS VBD Client): -
Is DFS Initial Sync actually getting anywhere?
Hi,
The other day i had to recreate our DFS name space and replication. One of the servers is running an initial sync and has been for around a week and a half. How long is this supposed to take? Its 2tb over a 10mbps leased line so not that
fast, but it still seems like a very long time.
Is there anyway to see how far its got? if its actually progressing at least would take a load off my mind.
Thanks for the help.
DavidHi,
The other day i had to recreate our DFS name space and replication. One of the servers is running an initial sync and has been for around a week and a half. How long is this supposed to take? Its 2tb over a 10mbps leased line so not that
fast, but it still seems like a very long time.
Is there anyway to see how far its got? if its actually progressing at least would take a load off my mind.
Thanks for the help.
David
2TB over 10 Mbps?! That's insane! Use seeding for DFS to save time & money. See:
DFS Seeding with Robocopy
http://technet.microsoft.com/en-us/library/dn495044.aspx
Good luck!
StarWind VSAN [Virtual SAN] clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts. -
Hi,
I am trying to setup DFS replication on tow servers. I am local admin on the servers but NOT domain account. Is it possible to create Replication group anyway? or should i contact the Domain administrator to the job?
ThanksHi,
We cannot use local administrator to create a dfs replication group. By default, Domain Admins group can create a dfs replication group. You could also delegate to a user or group the ability to create replication groups and the user must add to the local Administrators
group on the namespace server.
For more detailed information, please refer to the article below:
Delegate the Ability to Manage DFS Replication
http://msdn.microsoft.com/en-us/library/cc771465.aspx
Best Regards,
Mandy
If you have any feedback on our support, please click
here .
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
DFSR with two members, both in Initial replication state?
We have in total 3 servers replicating a given folder, one server has its replication in a completely broken state because of some DB error on its volume.
Now, out of two servers for the above replicated folder, both are in Initial repliction, the state '2' as in the output of command - Wmic /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo get replicationgroupname,replicatedfoldername,state
- Not any errors at all in the logs/diags.
Is this supposed to be in this state, under any circumstances? Should I wait for some more time (, in fact this condition existed for almost last two months with backlog counts growing in each direction) ? Or should I rush ahead and designate the server
with latest content as primay?
If I need to do something immediately, what is the best way to do it?Hi,
As you said it is the result of corrupted DFSR database. Try following steps to reset it:
1. Stop and ALSO disable the DFSR service on a server you would like to set it as Primary (called ServerA) (don't just simply stop it)
2. In Windows Explorer open the specific drive
3. Right click on the "System Volume Information" directory and select Properties\Security
Note: You might need to select the option for "Show hidden files, folders or drives" and also uncheck "Hide protected operating system files" in the folders view options to be able to even see the "System Volume Information" directory.
4. Grant your user account that you're logged in with (if a member of Administrators group this will also suffice) "Full Control" to the "System Volume Information" directory.
Note: You may get an error on setting security on some files - this is expected.
5. Open an elevated/Administrative command prompt. Switch to the "<drive letter>:\System Volume Information" directory
6. Type the command "rmdir DFSR /s"
7. Enable and re-start the DFSR service on <ServerA> server
8. We will then set the <ServerA> server as the Primary member with dfsradmin.exe utility –
Dfsradmin Membership Set /RGName:<RG Name> /RFName:<RF Name> /MemName:<Member Name> /IsPrimary:True
Note: Files will be replicated from ServerA to all other targets. So if there is any newer file on other target servers, backup before starting replication.
If you have any feedback on our support, please send to [email protected] -
Best Practice Adding New Target to Namespace and Replication
Hi,
whats the best way to add a new target to Namespace and replication. Goal is to replace a old file Server at the end.
I did the following:
- copied the share with robocopy incl timestamps of files and folders
- created share
- added the new share as a new target as well as meshd member of the replication connection
- disabled the new member in the Namespace, so no one can Access it until dfsr is fully done and initialized
After the the new dfsr Connection was replicated through AD to all 4 Members (3 different site, 1 same site) the
following happend:
dfsr begin and almost every file was in a conflicted and copied over the the Conflict Folder. Almost all timestamps
of the Folders were changed to the current date, but the timestamps of the files not.
Thousands of eventlogs: 4412
The DFS Replication service detected that a file was changed on multiple servers. A conflict resolution algorithm was used to determine the winning file. The losing file was moved to the Conflict and Deleted folder.
Any idea why? Later on i disabled the Connections to the remote Fileservers, but that did not stop it.
My idea was to pre-seed the files with robocopy. So what would be the best way to prevent that for the next share ? Is it a better way to just add the target to a bi-directional Connection to the local Fileserver without adding to DFS-N and without copying
the files before ? Is it better to let DFSR do the hole Initial sync incl Files ?
At the end i have no loss of date but to check almost every file for conflict took Ages to finish.
Thanks a lot,
MarcoHi,
The steps you performed are correct - compare with waiting for DFS initial replication, a manually pre-staging is recommended.
When doing the Robocopy step, wether all attributes are copied such as NTFS permissions?
After robocopy, you can add that folder as a folder target of DFS replication group - you can add it to DFS namespace after replication finished.
And if it is a Windows 2012 R2, you can prestaging DFS database for a better result.
https://social.technet.microsoft.com/Forums/windows/en-US/a06c9d25-ed04-44e9-a1f7-e1506e645d53/forum-faq-how-to-prestaging-dfsr-database-on-windows-server-2012-r2?forum=winserverfiles
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Maybe you are looking for
-
New version of photoshop CC 2014 freezes on my Macbook pro late 2013. GPU related issue?
Since upgrading to newest version through Creative Cloud, Photoshop Freezes at start up: - when launched from LR5 ("modify photo in CC2014"), photoshop launches, photo is displayed, then I get a message that "an incompatibility with the graphics comp
-
I can't open a 32-bit HDR file made with Photoshop HDR in Lightroom.
I can't open a 32-bit HDR file made with Photoshop HDR. I saved the file in Photoshop with the maximum compatibility-option on. In Lightroom the file doesn't show a preview and an exclamation mark in the upper right corner. Anybody an idea why and ho
-
When backing up your iTunes music, how are the files saved?
I am planning to upgrade from 10.3 to 10.4 and don't want to lose all of my music. From what I can tell I have 2 options I can either use a CD (my ibook does not have a DVD-RW, but a DVD) or an external drive. My library size including the podcasts t
-
BW Save System Copy (Dev vs Quality)
Hi , I have one BW system (FWD) connected to ERP (FED). I wanted to Connect FWD to ERP quality (FEQ) to load data. I used transport Connection , SAVE FOR SYSTEM COPY and chose source system FED. In menu Tools - Conversion of Logical System names, i h
-
En ipad air se queda esperando la app iPhoto y no lo puedo ni abrir ni borrar
Se queda en espera iPhoto en ipad air.. No puedo ni abrirlo y quitarlo