Sysvol share disapears repeatedly
I have been having an issue in our main production domain where the Sysvol shares will disappear on 2 of our 3 DCs. The files still exists but Sysvol and Netlogon will no longer be shared. I have run a force sync on a couple of occasions now as listed
here https://support.microsoft.com/kb/2218556?wa=wsignin1.0 However, this fixes the issue for about a day. When I check back in on the DCS they have a replication state of 2 or initial sync. What is frustrating is that all replication succeeds and appears
normal when using DCDiag and repadmin. However I am unable to even open a GPO on any DC in that domain. It gives the error Network Name not found. I have been looking this over for awhile and would really like to know if anyone has experienced anything similar
or has suggestions on what to check next.
D2 and D4 is used with FRS service. I mentioned them because I did not know what your operating systems are. Since you are using 2012 Windows Sever, the SYSVOL replication is done using DFSR. So in that case it is different. Down times will not be big. The
first time I did it, I planned to do it on weekend, it took 1 hour or less though. But who knows, it is wise to be on the safe side. Look at the below articles:
How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
SYSVOL and Group Policy out of Sync
on Server 2012 R2 DCs using DFSR
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?
Similar Messages
-
Hi!
I recently took over management of a Windows 2003 domain that had only one domain controller. I was building a second DC for redundancy and discovered that the SYSVOL share on the original DC is in "JRNL_WRAP_ERROR" after the SYSVOL and NETLOGON
share would not create on the new DC. This error goes back as far as the log goes back so I don't know how long it has been in this state.
The message in the event log states to enable "Enable Journal Wrap Automatic Restore" but I found a KB article that says to use the BurFlags key instead. http://support.microsoft.com/kb/290762
Should I run an authoritative restore since I don't have another domain controller with a good SYSVOL?
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication
Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\Services\NtFrs\Parameters"
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.> The message in the event log states to enable "Enable Journal Wrap
> Automatic Restore" but I found a KB article that says to use the
> BurFlags key instead.
http://support.microsoft.com/kb/290762
>
> Should I run an authoritative restore since I don't have another domain
> controller with a good SYSVOL?
The automatic restore process AFAIK will initiate a D2 restore. And if
there's no other DC, sysvol might be gone.
I really would prefer to have control - this means I would do a D4.
Absolutely I would :)
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
We had a major storm over the weekend which caused an unexpected shutdown.
I am having an issue with one of my domain controller with Event ID 13568
The domain controller which is running Windows Server 2012 was added successfully just a couple of days ago.
I do not have a full backup of the server yet.
It only has a GC role on it.
What are the things I should look out for before I attempt to Enable Journal Wrap Automatic Restore and set it to 1?
Would it be safer to just demote the server and start from scratch?
Thank you all for reading!
Mladen
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this
error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs"
followed by "net start ntfrs" to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from
making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\Services\NtFrs\Parameters"
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.I set Enable Journal Wrap Automatic Restore to 1 and it was
successful.
I will monitor it to make sure it does not occur again.
Thanks everyone on your replies
Mladen -
Yesterday we were forced to perform a non-authoritative sync of the SYSVOL folder as replication had stopped because one of the DCs had been disconnected from it's replication partner for more than 60 days (caused by a unexpected shutdown and we did not
pick up on the fact replication had stopped until now).
I performed the non-authoritative sync of the SYSVOL folder and now the folder is in state 2
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
and has been for more than 12 hours. The DFS replication health report, reports "This member is waiting for initial replication for replicated folder SYSVOL Share".
How long should it take and is there anyway to force it so that replication can resume?I'm fairly sure it's not tombstoned. Here is the DCDIAG output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RC-CURDC-02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RC-CURDC-02
Starting test: Connectivity
......................... RC-CURDC-02 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RC-CURDC-02
Starting test: Advertising
......................... RC-CURDC-02 passed test Advertising
Starting test: FrsEvent
......................... RC-CURDC-02 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... RC-CURDC-02 passed test DFSREvent
Starting test: SysVolCheck
......................... RC-CURDC-02 passed test SysVolCheck
Starting test: KccEvent
......................... RC-CURDC-02 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RC-CURDC-02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RC-CURDC-02 passed test MachineAccount
Starting test: NCSecDesc
......................... RC-CURDC-02 passed test NCSecDesc
Starting test: NetLogons
......................... RC-CURDC-02 passed test NetLogons
Starting test: ObjectsReplicated
......................... RC-CURDC-02 passed test ObjectsReplicated
Starting test: Replications
......................... RC-CURDC-02 passed test Replications
Starting test: RidManager
......................... RC-CURDC-02 passed test RidManager
Starting test: Services
......................... RC-CURDC-02 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003FC
Time Generated: 06/12/2014 18:26:05
Event String:
Scope, 10.59.96.64, is 83 percent full with only 7 IP addresses remaining.
A warning event occurred. EventID: 0x000003FC
Time Generated: 06/12/2014 18:26:05
Event String:
Scope, 10.59.98.0, is 95 percent full with only 5 IP addresses remaining.
A warning event occurred. EventID: 0x00000560
Time Generated: 06/12/2014 18:26:05
Event String:
IP address range of scope 10.59.96.64 is 83 percent full with only 7 IP addresses available.
A warning event occurred. EventID: 0x00000560
Time Generated: 06/12/2014 18:26:05
Event String:
IP address range of scope 10.59.98.0 is 95 percent full with only 5 IP addresses available.
A warning event occurred. EventID: 0x000016AF
Time Generated: 06/12/2014 18:39:43
Event String:
During the past 4.23 hours there have been 95 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined
sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please
consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log'
and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text
'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize';
the default is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
......................... RC-CURDC-02 passed test SystemLog
Starting test: VerifyReferences
......................... RC-CURDC-02 passed test VerifyReferences
Running partition tests on : curriculum
Starting test: CheckSDRefDom
......................... curriculum passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... curriculum passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running enterprise tests on : riddlesdown.local
Starting test: LocatorCheck
......................... riddlesdown.local passed test LocatorCheck
Starting test: Intersite
......................... riddlesdown.local passed test Intersite
Eveything is passing, except for the bits about the SystemLog and DFRS, all seems good to me.
Event 2213 is in the logs. I will look and changing the MaxOfflineTimeInDays and see if that gets it going. -
Direct Access Troubleshooting: Failed to connect to domain sysvol share
Hi, I've been setting up DirectAccess on windows server 2012 r2, using the single interface setup and have successfully connected to the intranet passing all important troubleshooting tests.
Now when troubleshooting the internet connection I am facing the following error:
Failed to connect to domain sysvol share
Here is the stack trace:
7/11/2014 12:46:18μμ[P:1340T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: Added ChildNode CertTestsNodeChild3.
7/11/2014 12:46:18μμ[P:1340T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: RootNode CertTestsNode found at index 4.
7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: TheRootNode CertTestsNode has already 4 ChildNodes.
7/11/2014 12:46:18μμ[P:1340 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.InfraTunnelChecker] Info: Enter CheckSysvolShare - check the availability of the domain sysvol share.
7/11/2014 12:46:18μμ[P:1340 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.InfraTunnelChecker] Info: Trying to enumerate \\premiernic.com\sysvol\premiernic.com\Policies.
7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: AddedChildNode CertTestsNodeChild4.
7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: RootNode CertTestsNode found at index 4.
7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: The RootNode CertTestsNode has already 5 ChildNodes.
7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: AddedChildNode CertTestsNodeChild5.
7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: About to add a new RootNode to the TreeView object.
7/11/2014 12:46:18μμ[P:1340 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.InfraTunnelChecker] ERROR: AnException occurred while connecting to the domain sysvol share. Message: The network path was not found.
7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: Added new RootNode: InfraTunnelTestsNode. The list has now 6 nodes.
7/11/2014 12:46:18μμ[P:1340 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] Info: Finished running IPsec Infrastructure Tunnel tests.
To troubleshoot I run:
"netsh dns show state"
- machine location correctly shows as outside corporate network
"netsh namespace show effectivepolicy"
- neither entries show Certification Authority.
- .premiernic.com lists ipv6 addresses for DNS servers, cy-da-01.premiernic.com does not
- proxy settings are correct
- in both cases IPSec is disabled
"ipconfig /all"
- Shows Teredo Tunneling used as ipv6 transition technology
"nltest /dsget:
- getting dc name failed, no such domain
Anyone got any ideas what may be going wrong?Hi Steven, thanks for your answer.
When connected to the internet, i can ping the IPV6 DNS server addresses. When I try nslookup <aninternalFQDN> <IPV6DNS> i get a time-out. Same applies when testing the same commands from DirectAccess server.
Note that now, when looking at operation status, I see DNS as not operational and not responding to requests.
Finally, I check my server security logs for IPSec and find the following error (code 4653).
IPSec Main Negotiation failed
Failure location: Local computer
Failure reason: No Policy Configured
Verifying the infrastructure tunnel
Following the guide provided in the link, i first check whether the client can successfully create the tunnel. As expected I am able to see all the expected client policies in connection security rules(pt.3).
However, when I look at Monitoring \ Connection Security (pt.4) i don't see DirectAccess Policy-ClientToDnsDc (but
I do see directaccess policy-ClientToDNS64NAT64PrefixExemption).
I then run netsh
advfirewall monitor show currentprofile where I only see my public profile with my ISP settings, which to my understanding is correct.
When I run netsh advfirewall monitor show mmsa main mode shows computer cert and user ntlm for auth.
When I run netsh advfirewall monitor show qmsa quick mode shows remote address as expected.
When I run nltest /dsgetdc: /force on client machine i get "getting dc name failed", however from my directaccess server to dc command completes successfully.
Verifying the intranet tunnel
When running net view \\IntranetFileServer I
see an offline share (would be online if accessible). Web interface wont load for the same system.
When running netsh advfirewall monitor show mmsa and qmsa everything is as expected.
Conclusions
Couldn't find anything in either server firewall rules or gateway that would be blocking dns.
I think the culprit is the following:
IPSec negotiation failed - no policy found (on server)
Missing DirectAccess Policy - ClientToDnsDc
I've done a couple of gpupdates on both client and server, and double checked gpresult. Nothing seems out of order, except no refernce to to clienttodnsdc. Still nothing.
Anybody? -
Netlogon and SYSVOL shares are not created after DCPROMO in Windows 2012
Hi
When i run a dcpromo on my windows 2012 server (all dc's are windows 2012)
On the new domain controller i don't have sysvol or netlogon share.
All the sugestions i found in social refer to FRS but in server 2012 DFS is used, no idea how to troubel shoot this problem.
All dcdiag on all DC before promo where clean
dcidag on srv01 the new dc shows:
Doing initial required tests
Testing server: Bas\SRV01
Starting test: Connectivity
......................... SRV01 passed test Connectivity
Doing primary tests
Testing server: Bas\SRV01
Starting test: Advertising
Warning: DsGetDcName returned information for
\\SRV09.dikkenberg.local, when we were trying to reach SRV01.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... SRV01 failed test Advertising
Starting test: FrsEvent
......................... SRV01 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SRV01 passed test DFSREvent
Starting test: SysVolCheck
......................... SRV01 passed test SysVolCheck
Starting test: KccEvent
......................... SRV01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SRV01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SRV01 passed test MachineAccount
Starting test: NCSecDesc
......................... SRV01 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SRV01\netlogon)
[SRV01] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... SRV01 failed test NetLogons
Starting test: ObjectsReplicated
......................... SRV01 passed test ObjectsReplicated
Starting test: Replications
......................... SRV01 passed test Replications
Starting test: RidManager
......................... SRV01 passed test RidManager
Starting test: Services
......................... SRV01 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/26/2013 21:55:22
Event String:
The WinRM service is not listening for WS-Management requests.
An error event occurred. EventID: 0x00001001
Time Generated: 02/26/2013 21:58:10
Event String:
The machine SRV01 attempted to join the domain dikkenberg.local but
failed. The error code was 1332.
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/26/2013 22:00:04
Event String:
The WinRM service is not listening for WS-Management requests.
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/26/2013 22:08:43
Event String:
The WinRM service is not listening for WS-Management requests.
A warning event occurred. EventID: 0x0000008E
Time Generated: 02/26/2013 22:10:22
Event String:
The time service has stopped advertising as a time source because th
e local clock is not synchronized.
A warning event occurred. EventID: 0x00001796
Time Generated: 02/26/2013 22:24:05
Event String:
Microsoft Windows Server has detected that NTLM authentication is pr
esently being used between clients and this server. This event occurs once per b
oot of the server on the first time a client uses NTLM with this server.
......................... SRV01 failed test SystemLog
Starting test: VerifyReferences
......................... SRV01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : dikkenberg
Starting test: CheckSDRefDom
......................... dikkenberg passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... dikkenberg passed test CrossRefValidation
Running enterprise tests on : dikkenberg.local
Starting test: LocatorCheck
......................... dikkenberg.local passed test LocatorCheck
Starting test: Intersite
......................... dikkenberg.local passed test Intersite
C:\Users\administrator.DIKKENBERG>
Dcdiag on good dc:
Performing initial setup:
Trying to find home server...
Home Server = SRV09
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Bas\SRV09
Starting test: Connectivity
......................... SRV09 passed test Connectivity
Doing primary tests
Testing server: Bas\SRV09
Starting test: Advertising
......................... SRV09 passed test Advertising
Starting test: FrsEvent
......................... SRV09 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SRV09 passed test DFSREvent
Starting test: SysVolCheck
......................... SRV09 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 02/26/2013 22:42:36
Event String:
The security of this directory server can be significantly enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest)
LDAP binds that do not request signing (integrity verification) and LDAP simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. E
ven if no clients are using such binds, configuring the server to reject them wi
ll improve the security of this server.
......................... SRV09 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SRV09 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SRV09 passed test MachineAccount
Starting test: NCSecDesc
......................... SRV09 passed test NCSecDesc
Starting test: NetLogons
......................... SRV09 passed test NetLogons
Starting test: ObjectsReplicated
......................... SRV09 passed test ObjectsReplicated
Starting test: Replications
......................... SRV09 passed test Replications
Starting test: RidManager
......................... SRV09 passed test RidManager
Starting test: Services
......................... SRV09 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000457
Time Generated: 02/26/2013 21:57:13
Event String:
Driver Samsung CLP-320 Series required for printer Samsung CLP-320 S
eries is unknown. Contact the administrator to install the driver before you log
in again.
An error event occurred. EventID: 0x00000457
Time Generated: 02/26/2013 21:57:13
Event String:
Driver DYMO LabelWriter 400 Turbo required for printer DYMO LabelWri
ter 400 Turbo is unknown. Contact the administrator to install the driver before
you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 02/26/2013 21:57:13
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Verz
enden naar OneNote 2013 is unknown. Contact the administrator to install the dri
ver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 02/26/2013 21:57:14
Event String:
Driver Microsoft XPS Document Writer required for printer Microsoft
XPS Document Writer is unknown. Contact the administrator to install the driver
before you log in again.
A warning event occurred. EventID: 0x000016AF
Time Generated: 02/26/2013 22:34:50
Event String:
During the past 4.24 hours there have been 20 connections to this Do
main Controller from client machines whose IP addresses don't map to any of the
existing sites in the enterprise. Those clients, therefore, have undefined sites
and may connect to any Domain Controller including those that are in far distan
t locations from the clients. A client's site is determined by the mapping of it
s subnet to one of the existing sites. To move the above clients to one of the s
ites, please consider creating subnet object(s) covering the above IP addresses
with mapping to one of the existing sites. The names and IP addresses of the cl
ients in question have been logged on this computer in the following log file '%
SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\
debug\netlogon.bak' created if the former log becomes full. The log(s) may conta
in additional unrelated debugging information. To filter out the needed informat
ion, please search for lines which contain text 'NO_CLIENT_SITE:'. The first wor
d after this string is the client name and the second word is the client IP addr
ess. The maximum size of the log(s) is controlled by the following registry DWOR
D value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameter
s\LogFileMaxSize'; the default is 20000000 bytes. The current maximum size is 2
0000000 bytes. To set a different maximum size, create the above registry value
and set the desired maximum size in bytes.
A warning event occurred. EventID: 0x0000000B
Time Generated: 02/26/2013 22:42:06
Event String:
Custom dynamic link libraries are being loaded for every application
. The system administrator should review the list of libraries to ensure they ar
e related to trusted applications. Please visit http://support.microsoft.com/kb/
197571 for more information.
A warning event occurred. EventID: 0x000727AA
Time Generated: 02/26/2013 22:43:09
Event String:
The WinRM service failed to create the following SPNs: WSMAN/SRV09.d
ikkenberg.local; WSMAN/SRV09.
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/26/2013 22:43:11
Event String:
Name resolution for the name _msdcs.dikkenberg.local timed out after
none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/26/2013 22:43:11
Event String:
Name resolution for the name dikkenberg.local timed out after none o
f the configured DNS servers responded.
A warning event occurred. EventID: 0x0000000C
Time Generated: 02/26/2013 22:43:13
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
A warning event occurred. EventID: 0x00001796
Time Generated: 02/26/2013 22:43:50
Event String:
Microsoft Windows Server has detected that NTLM authentication is pr
esently being used between clients and this server. This event occurs once per b
oot of the server on the first time a client uses NTLM with this server.
An error event occurred. EventID: 0x00000457
Time Generated: 02/26/2013 22:44:12
Event String:
Driver Samsung CLP-320 Series required for printer Samsung CLP-320 S
eries is unknown. Contact the administrator to install the driver before you log
in again.
An error event occurred. EventID: 0x00000457
Time Generated: 02/26/2013 22:44:16
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Verz
enden naar OneNote 2013 is unknown. Contact the administrator to install the dri
ver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 02/26/2013 22:44:16
Event String:
Driver DYMO LabelWriter 400 Turbo required for printer DYMO LabelWri
ter 400 Turbo is unknown. Contact the administrator to install the driver before
you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 02/26/2013 22:44:17
Event String:
Driver Microsoft XPS Document Writer required for printer Microsoft
XPS Document Writer is unknown. Contact the administrator to install the driver
before you log in again.
......................... SRV09 failed test SystemLog
Starting test: VerifyReferences
......................... SRV09 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : dikkenberg
Starting test: CheckSDRefDom
......................... dikkenberg passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... dikkenberg passed test CrossRefValidation
Running enterprise tests on : dikkenberg.local
Starting test: LocatorCheck
......................... dikkenberg.local passed test LocatorCheck
Starting test: Intersite
......................... dikkenberg.local passed test Intersite
With kind regards, Bas van den DikkenbergDoing primary tests
Testing server: Bas\SRV01
Starting test: Advertising
Warning: DsGetDcName returned information for
\\SRV09.dikkenberg.local, when we were trying to reach SRV01.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... SRV01 failed test Advertising
"SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE"
this error means that the DC is in USN rollback state.
srv01 is not usn rollback see:
test from other DC:
Doing primary tests
Testing server: Ouders\SRV10
Starting test: Advertising
......................... SRV10 passed test Advertising
Starting test: FrsEvent
......................... SRV10 passed test FrsEvent
Test from srv09:
Doing primary tests
Testing server: Bas\SRV09
Starting test: Advertising
......................... SRV09 passed test Advertising
Starting test: FrsEvent
......................... SRV09 passed test FrsEvent
With kind regards, Bas van den Dikkenberg -
Mavericks network shares disapear
We are having major issues with out Network shares. They are not only slow enough to cause productivity issues with in our entire Mac users running Mavericks, Drives and folders are disappearing from within the mounted drives. Have tried various work arounds to no avail...Please need help with this. I have been all over the internet and it seems that this is an issue for a lot of people, and no one really has any answers.
It seems that I found a workaround for the problem (it is still a bug in my opinion):
here is my mounting-script that works well:
delay 2
tell application "Finder" to open home
tell application "Finder"
try
mount volume "afp://username:password@mynas/share1"
delay 1
mount volume "afp://username:password@mynas/share2"
end try
end tell
tell application "Finder" to close home
I have it in the login-items.
It basicly does the following: Open the finder with the home-view. Then mount the two shares. After that closes the finder window.
(Replace username:password with the credentials needed to mount the share, "mynas" with the name or adress of the server and "share1", "share2" with the acutal name of the share.)
The 2 seconds delay at the beginning is not really needed I suppose but since the script works I'll leave it there.
In order to see the shares in the favorites section of the finders sidebar you have to drag them there once by hand. Afterwards they will show up there everytime the particular share is mounted.
The trick is to open the finder window before the shares are mounted. When the script does this they will appear in the sidebar. I think there is the problem. When the script mounts the share without displaying the finder window, they will not show up in the sidebar. It is a bug introduced with ML. -
Good Evening experts,
I have a Windows 2003 Standard DC which will soon be replaced with a Windows 2008 DC. I have given the 2008 box the DC role but I have noticed neither the sysvol nor netlogon share have appeared on the new DC. When I looked into this further,
I found this error on the 2003 server:
"The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. Replica set name
is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" Replica root path is : "c:\windows\sysvol\domain" Replica root volume is : "\\.\C:" A Replica set hits JRNL_WRAP_ERROR when the record that it
is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons. [1] Volume "\\.\C:" has been formatted. [2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal. [4] File Replication Service was not running on this computer for a long time. [5]
File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:". Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically
recover from this error state. [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs"
to restart the File Replication Service. [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set. WARNING: During the recovery process data in
the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
I don't have another DC to pull the sysvol/netlogon details from and wanted some advice.
BudBHeld,
Cheers for your reply, I was going to go down this road but wanted to ensure I was on the correct path. In addition, this particular domain is part of an overall forest but the other child domains are fine, its just this one that won't replicate.
Do I need to do anything on the domains in the other child domains or just what you had specified above? cheers
Dinesh,
Polices and Script folder is still there. Cheers
Bud
You only need to modify one of the DC in the problem domain. There is noting to be done in all other domains which are working fine. BTW, Sysvol/Netlogon shares are not replicated to other domains.
Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R
(2010-08-12) Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 1)
(2010-08-12) Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 2)
(2010-08-12) Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 3)
(2011-06-22) Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 4)
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Monitor Sysvol and netlogon Share availability on domain controllers
I need to monitor availability of sysvol and Netlogon shares on all our domain controllers around 20 in all.
What is the best way for us to do that.
I have seen scripts that monitor share availability but that would mean i create 40 such 2 times script monitors , that is too much of manual work..
Any advice.I looked into the discovered Inventory (SysVol for windows 2008) I see all theobjects
But the path shows as dc01.domain.com\dc01\sysvol
However we never get notified when the sysvol share is inaccessible.
We have had a number of cases when the DC is online but somehow we cant access the sysvol share
We need a monitor to alert us in such a case;
I modified the our script to include %computername% and targeted it to all dC's group,
Dim oAPI, oBag
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()
Set objFSO = CreateObject("Scripting.FileSystemObject")
strFile = "\\%computername%\sysvol\"
If objFSO.FolderExists(strFile) Then
Call oBag.AddValue("Status","Exist")
Call oAPI.Return(oBag)
Else
Call oBag.AddValue("Status","NotExist")
Call oAPI.Return(oBag)
End If
However the monitor alerted critical immediately.
How should the monitor be.
I though if i put \\%computername%\sysvol\ in the script and send it to all the DC's group then it will start monitoring as \\dc01\sysvol etc -
Sysvol is not visible in my last domain controller
Hi everybody, I need some help with my last domain controller I had 2 DC's the one that had the fsmo roles crashed and after that I peform a Seizing of the roles and proceed to promote another DC after that DC was promoted I checked the SYSVOL and NetLOGON
shares and they were are not, I wait for 24 ours and after that checked the event log of recovered DC and I sow the 13568 Event ID from NTFRS service, that event recommended to configure the registry with the "Enable Journal Wrap Automatic Restore"
to "1", after that I restart NTFRS service and the SYSVOL and Netlogon Shares disapear, Now users can't logon and I can see the GPOS, What I should do?
Thanks in Advance.
Felxs
FelxMake sure you perform a metadata cleanup
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/06/09/active-directory-cleanup-the-most-common-question-i-see.aspx
Followed by diagnostics to ensure things are looking good
http://blogs.dirteam.com/ControlPanel/Blogs/postlist.aspx?PageIndex=4
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
SBS2011 Recovered from Missing SYSVOL and NETLOGON; looking for original cause - not restore related
Call from client that they couldn't login to their shares. Connected to the server and found SYSVOL and NETLOGON missing. This has happened 3 times on this server 2014-01-06, 2014-03-26, and 2014-06-04. Although I have documentation and can restore quickly,
preventing is out primary goal.
What are the situation is which tis might happen and possible event log items that can give us a warning that this may take place.Searched more for SYSVOL NETLOGON Repeat. I excluded the C:\Windows\sysvol directory from Anti-virus scan to prevent locks. Links are below.Thank you,
Jefferson Eckert
Systems Engineer | Inline Computer & Communications
509.783.5450 ext 158 | [email protected] | http://www.inlinecomputer.com
Please consider the environment before printing this email
http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx
Since the PDC server was in Journal Wrap errors state and new DC was not having sysvol share avaialbe to fix the issue you need to first take the backup of sysvol and perfrom D4(authorative restore) and D2(non authorative restore) to fix the issue.http://support.microsoft.com/kb/290762/
Also your first step should be finding why JRNL_WRAP_ERROR error has occurred. Normally, JRNL_WRAP_ERROR occurs due to drive/partition being corrupted, antivirus locking and corrupting the file during sysvol scan, heavy size of the files inside
sysvol and netlogon shares.
Run chkdsk in read only mode for any errors and if issue reported take the backup of server and run chkdsk/f.Exclude the sysvol/nrtds/sysvol from AV scan too.To fix the Journal wrap perfrom authorative restore assuming you have single DC.See below link too.
what-happens-in-a-journal-:http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx
Since you have restored the DC to previous state check the health of DC by running dcdiag /q and also check event log for any errors and warning and post the same if any.
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator |
My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Proposed as answer by
VenkatSP<abbr class="affil"></abbr> Tuesday, November 20, 2012 2:02 AM -
AD Replication issues, SYSVOL / NETLOGON not replicating
Hello Experts!
We have a client that recently called us for some assistance. The IT department had a new virtual environment stood up. They Created 3 new VMs and promoted them all to domain controllers. The current domain and forest functional levels are (and were) Server
2003. There were two existing domain controllers, both Server 2003. The new domain controllers are Server 2012 R2. After promoting the 3 new servers to DC’s, they demoted one of the old DC’s. Then they transferred FSMO roles to a new 2012 R2 DC. When they
went to demote the last server 2003 DC, it was giving them the error that it is the last DC in the domain. That’s when we were called to assist. I have since demoted 2 of the 3 new 2012 R2 DCs and transferred all FSMO roles back to the Server 2003 DC.
I have been running some tools to try and gather data. Here is the DCDIAG from the last Server 2003 DC:
C:\Documents and Settings\user>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: domainname\server2003server
Starting test: Connectivity
......................... server2003server passed test Connectivity
Doing primary tests
Testing server: domainname\server2003server
Starting test: Replications
......................... server2003server passed test Replications
Starting test: NCSecDesc
......................... server2003server passed test NCSecDesc
Starting test: NetLogons
......................... server2003server passed test NetLogons
Starting test: Advertising
......................... server2003server passed test Advertising
Starting test: KnowsOfRoleHolders
......................... server2003server passed test KnowsOfRoleHolders
Starting test: RidManager
......................... server2003server passed test RidManager
Starting test: MachineAccount
......................... server2003server passed test MachineAccount
Starting test: Services
......................... server2003server passed test Services
Starting test: ObjectsReplicated
......................... server2003server passed test ObjectsReplicated
Starting test: frssysvol
......................... server2003server passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... server2003server failed test frsevent
Starting test: kccevent
......................... server2003server passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000410B
Time Generated: 02/18/2015 19:27:04
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 19:28:22
Event String: Component: System Information Agent
An Error Event occured. EventID: 0xC00110CD
Time Generated: 02/18/2015 19:28:22
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 19:28:22
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0xC0060024
Time Generated: 02/18/2015 19:28:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002720
Time Generated: 02/18/2015 19:32:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 02/18/2015 14:33:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:33:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:33:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410B
Time Generated: 02/18/2015 14:36:18
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 14:38:48
Event String: Component: System Information Agent
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 14:38:48
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0xC4350505
Time Generated: 02/18/2015 14:38:54
Event String: NIC Agent: Connectivity has been lost for the NIC
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:39:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:39:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0xC25A001D
Time Generated: 02/18/2015 14:42:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:42:22
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:42:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 14:48:03
Event String: Component: System Information Agent
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 14:48:03
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 02/18/2015 14:55:30
Event String: The kerberos client received a
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:39
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
......................... server2003server failed test systemlog
Starting test: VerifyReferences
Some objects relating to the DC server2003server have problems:
[1] Problem: Missing Expected Value
Base Object:
CN= server2003server,OU=Domain Controllers,DC=domainname,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN= server2003server,CN=Servers,CN=domainname,CN=Sites,CN=C
onfiguration,DC=domainname,DC=com
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... server2003server failed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domainname
Starting test: CrossRefValidation
......................... domainname passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Running enterprise tests on : domainname.com
Starting test: Intersite
......................... domainname.com passed test Intersite
Starting test: FsmoCheck
......................... domainname.com passed test FsmoCheck
C:\Documents and Settings\user>
Now the DCDIAG for the Server 2012 R2 DC.
2012R2DC
PS C:\Users\user > dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = 2012R2DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: domainname\2012R2DC
Starting test: Connectivity
......................... 2012R2DC
passed test Connectivity
Doing primary tests
Testing server: domainname\2012R2DC
Starting test: Advertising
Warning: DsGetDcName returned information for \\server2003server.domainname.com, when we were trying to reach 2012R2DC.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... 2012R2DC
failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... 2012R2DC
passed test FrsEvent
Starting test: DFSREvent
......................... 2012R2DC passed test DFSREvent
Starting test: SysVolCheck
......................... 2012R2DC passed test SysVolCheck
Starting test: KccEvent
......................... 2012R2DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... 2012R2DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... 2012R2DC passed test MachineAccount
Starting test: NCSecDesc
......................... 2012R2DC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\2012R2DC \netlogon)
[2012R2DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... 2012R2DC failed test NetLogons
Starting test: ObjectsReplicated
......................... 2012R2DC passed test ObjectsReplicated
Starting test: Replications
[Replications Check, 2012R2DC] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105
"Replication access was denied."
......................... 2012R2DC failed test Replications
Starting test: RidManager
......................... 2012R2DC passed test RidManager
Starting test: Services
Could not open NTDS Service on 2012R2DC, error 0x5 "Access is denied."
......................... 2012R2DC failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 02/18/2015 14:39:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/18/2015 14:44:34
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x40000004
Time Generated: 02/18/2015 14:47:09
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server cr-dc3$. The target name used was C
RDC02$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when t
he target server principal name (SPN) is registered on an account other than the account the target service is using. En
sure that the target SPN is only registered on the account used by the server. This error can also happen if the target
service account password is different than what is configured on the Kerberos Key Distribution Center for that target se
rvice. Ensure that the service on the server and the KDC are both configured to use the same password. If the server nam
e is not fully qualified, and the target domain (domainname.COM) is different from the client domain (domainname.COM),
check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify
the server.
......................... 2012R2DC failed test SystemLog
Starting test: VerifyReferences
......................... 2012R2DC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domainname
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domainname passed test CrossRefValidation
Running enterprise tests on : domainname.com
Starting test: LocatorCheck
......................... domainname.com passed test LocatorCheck
Starting test: Intersite
......................... domainname.com passed test Intersite
PS C:\Users\user>
From here I can see SYSVOL and NETLOGON are not replicating from server2003server. When I log on to server2003server and run ‘net share’ the SYSVOL and NETLOGON shares are shared. But, when I do the same on 2012R2DC there are no NETLOGON or SYSVOL shares.
I see ntfrs issues. So I ran ntfrsutl ds on server2003server and the results are here:
C:\Documents and Settings\user>ntfrsutl ds
NTFRS CONFIGURATION IN THE DS
SUBSTITUTE DCINFO FOR DC
FRS DomainControllerName: (null)
Computer Name : SERVER2003SERVER
Computer DNS Name : SERVER2003SERVER.domainname.com
BINDING TO THE DS:
ldap_connect : SERVER2003SERVER.domainname.com
DsBind : SERVER2003SERVER.domainname.com
NAMING CONTEXTS:
SitesDn : CN=Sites,cn=configuration,dc= domainname,dc=com
ServicesDn : CN=Services,cn=configuration,dc= domainname,dc=com
DefaultNcDn: DC= domainname,DC=com
ComputersDn: CN=Computers,DC= domainname,DC=com
DomainCtlDn: OU=Domain Controllers,DC= domainname,DC=com
Fqdn : CN= SERVER2003SERVER,OU=Domain Controllers,DC= domainname,DC=com
Searching : Fqdn
COMPUTER: SERVER2003SERVER
DN : cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : d3cfdf56-a013-40ab-a2e9ffc3d88896bd
UAC : 0x00082000
Server BL : CN= SERVER2003SERVER,CN=Servers,CN=domainname,CN=Sites,CN=Configuration,D
C= SERVER2003SERVER,DC=com
Settings : cn=ntds settings,cn= SERVER2003SERVER,cn=servers,cn= domainname,cn=sites,c
n=configuration,dc= domainname,dc=com
DNS Name : SERVER2003SERVER. domainname.com
WhenCreated : 5/29/2007 10:36:30 Eastern Standard Time Eastern Daylight Time
[300]
WhenChanged : 2/17/2015 11:21:58 Eastern Standard Time Eastern Daylight Time
[300]
SUBSCRIPTION: NTFRS SUBSCRIPTIONS
DN : cn=ntfrs subscriptions,cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : 5d0ca299-209d-4814-ae6d7acd9209e10a
Working : c:\windows\ntfrs
Actual Working: c:\windows\ntfrs
WhenCreated : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
WhenChanged : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
SUBSCRIBER: DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
DN : cn=domain system volume (sysvol share),cn=ntfrs subscriptions,cn
= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : fb56d707-3c40-429f-bd7c63d227b9fb5d
Member Ref: (null)
Root : c:\windows\sysvol\domain
Stage : c:\windows\sysvol\staging\domain
WhenCreated : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
WhenChanged : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
SERVER2003SERVER IS NOT A MEMBER OF ANY SET!
C:\Documents and Settings\user>
Also worth noting that when we power down SERVER2003SERVER no computer can contact a logon server.
The last line of this worries me as well. I am going to continue to work on this but I wanted to get these logs to some other eyes in case you have some ideas off the bat. Thanks in advance!I would first recommend to make sure that the new DCs are also global catalogs and to refer to IP setting recommendations I shared here: http://www.ahmedmalek.com/web/fr/home.asp
It is possible to do a non-authoritative restore of SYSVOL to make it appear on the other DCs: https://support.microsoft.com/kb/290762?wa=wsignin1.0
However, you would need to upgrade to DFSR.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Active Directory Replication Servers (wont replicate SYSVOL and NETLOGON Not showing)
I have my first DC Server (DC1). DC1.DOMAIN.lOCAL, I decided to add another Domain Controller. Made it a secondary DNS Server and also GC. Everything seems to replicate, but its missing NETLOGON and SYSVOL Wont replicate.
Windows 2008 R2Errr 5706
The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\INFGRP.LOCAL\SCRIPTS. The following error occurred:
The system cannot find the file specified.
Event 7009
A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
Event 1058
The processing of Group Policy failed. Windows attempted to read the file \\INFGRP.LOCAL\SysVol\INFGRP.LOCAL\Policies\{55DE4000-0D51-44CD-92A1-30F286B2BC86}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until
this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
All Critical
This domain controller has migrated to using the DFS Replication service to replicate the SYSVOL share. Use of the File Replication Service for replication of non-SYSVOL content sets has been deprecated and therefore, the service has been stopped. The DFS
Replication service is recommended for replication of folders, the SYSVOL share on domain controllers and DFS link targets.
Test replication
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine dc, is a DC.
* Connecting to directory service on server dc.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\dc
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... dc passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\dc
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=GRP,DC=LOCAL
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=GRP,DC=LOCAL
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=GRP,DC=LOCAL
Latency information for 8 entries in the vector were ignored.
8 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=GRP,DC=LOCAL
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=GRP,DC=LOCAL
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... dc passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : GRP
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running enterprise tests on : GRP.LOCAL
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
On the second DC (DCR). I see SYSVOL, no files replicated, also theres no NETLOGON. -
Active directory SYSVOL replication issues
Hello.
I have 2 domain controllers, both of them on the same site DC1 & DC2. I have added a new site with a DC3. When I have added DC3 to the domain, I have realized, SYSVOL was not initialized correctly. I went back to DC1 and found out, there's following
error in the event viewer:
Error: 4012 on DC1
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 99 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter
(60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
Error: 2213 on DC2
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication
WMI method to resume replication.
This indicates a DFS replication issue between DC1 & DC2 and probably this would be the reason, why the SYSVOL was not properly initialized on DC3.
How can I restore correct DFS replication between DC1 & DC2? I've read
this article, but it's not clear to me, which of the 2 domain controllers has a good version of SYSVOL + I can not find a decent step-by-step article for reconnecting Windows 2012 domain controller.
Any idea, how I can proceed further here?Here's a complete documentation with resolution of my issue. I have created this documentation for my own purposes in our WIKI, so I will paste it here (I hope, it will help somebody else in the future):
The Problem
We have bought a new server for our domain. This server (NEWDC01) was promoted to be a domain
controller in the DOMAIN. After the promotion, I have added a single computer to the domain. When I have logged on the client to the domain, I realized, this computer is not using the new domain controller (NEWDC01)
for authentication, but DC02 domain controller instead. This is not intended. Local clients should use local domain controllers for authentication (assuming, the Active directory sites & services are configured properly). Further investigation revealed,
there are some replication errors on OLDDC01 & OLDDC02 servers. First I need to solve these replication errors. Then I can
add the NEWDC01 server to domain properly.
Analysis
There are several errors related to DFSR replication on both domain controllers:
Error: 4012 on OLDDC01
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain.
This server has been disconnected from other partners for 99 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder
until this error is corrected.
Error: 2213 on OLDDC02
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database
is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.
In order to have active directory in a healthy condition, one must ensure, there’s a successful
replication between existing domain controllers up and running. If the replication does not work correctly, you can expect bunch of issues.
group policies and logon scripts are not applied correctly, or as intended
when you want to add a new domain controller to the domain, it will not work as expected (although, you will not see any specific errors after the
server is promoted to be a domain controller)
Active directory backup
I have scheduled an AD backup on OLDDC01 server using the ‘Windows Backup’ solution to make sure,
I can restore the AD / SYSVOL, in case something goes wrong. The backup is scheduled to be executed every day.
Active directory restore
In this particular case, I will talk only about SYSVOL restore. As indicated above, we must get
rid of the DFSR event viewer errors which you can find in event viewer. One of them is indicating, that the JET database was not shut down cleanly and autorecovery was disabled. The other error indicates, the SYSVOL volume is no longer replicated. I am not
sure, what is the reason, why the AD’s in the domain stopped to replicate. Probably it was an unclean server shutdown. The DFSR service stopped to replicate the SYSVOL share and I was not aware about that. When the replication did not run for more than ~99
days, the SYSVOL share was excluded from the DFSR replications.
Find out the most accurate SYSVOL share in the domain
I have compared the content of the SYSVOL directories on both OLDDC01 and OLDDC02 servers: C:\Windows\SYSVOL\domain\Policies.
Both directories have 37 subdirectories. Each subdirectory corresponds to one group policy. This means, that the content is approximately the same, thus I can’t tell, which version is most recent. I do most of the GPO changes on OLDDC01, so I made a conclusion,
that this server contains the most recent version of the SYSVOL share.
There are 2 types of SYSVOL restores, you can do:
Authoritative restore
Non-authoritative restore
Non-authoritative restore
This is a more simple kind of a restore. You can perform this kind of restore, when you are sure,
that one of the domain controllers is authoritative (e.g. you presume, the SYSVOL share is intact and working properly). If you can identify such a working server, you can perform non-authoritative restore of the active directory on a broken domain controller.
Authoritative restore
In this case, you can designate a specific domain controller to be authoritative. You set a special
flag on this server, which will prohibit to overwrite it’s state from another domain controllers, when the replication is enabled on the server again. After you designate one server to be authoritative, you need to update all the another domain controllers
using the non-authoritative procedure.
In this article, you can find, how to perform authoritative vs. non authoritative AD resotre:
http://support.microsoft.com/kb/2218556.
In my case, I was not sure, which of the domain controllers had a more recent copy of AD, so I
have decided to make OLDDC01 authoritative (check the link above). Once this has been done, I have made a non-authoritative update on OLDDC02 server.
Everything was almost ready. The last step, I needed to execute was, I needed to fix the ‘JET’
event viewer error on SRVBK1. In the event log entry on the bottom, you can find following:
Recovery Steps
1. Back up the files in all replicated folders on the volume. Failure to do
so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.
2. To resume the replication for this volume, use the WMI method ResumeReplication
of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig
where volumeGuid="D37A9FC3-8B1D-11E2-93E8-806E6F6E6963" call ResumeReplication
For more information, see http://support.microsoft.com/kb/2663685.
Final words
After I have executed this command, the replication was again started between OLDDC01 and OLDDC02
servers. After I have started up the NEWDC01 server, I have realized, it has automatically replicated the contents of the SYSVOL share - almost immediately after the server was started up. I have again tried to login with the local client into DOMAIN domain
and now I see, that local client is using local Domain controller for authentication.
Everything seems to be OK now. -
Hi
I have a couple of Windows 2012 domain controllers that have stopped replicating their Sysvol folders.
I believe that the issue is with DC2 as it is missing some of the newer policies, despite having a lot more folders listed (these were old policies that have been removed).
The error message listed says
‘The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled.
To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.’
I have run the ResumeReplication which says it was successful. I then get a message that I have exceeded the maximum offline time of 60 days so I increase it with
‘The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 85 days,
which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes
the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group. ‘
I tried to remove server in the DFS Management snap-in but was unable to find the option so ran the command to increase the maximum offline time
wmic.exe /namespace:\\root\microsoftdfs path dfsrMachineConfig Set MaxOfflineTimeInDays=120
I restart the DFSR service and things initially look positive in the Event Viewer until I get an error…
The DFS Replication service stopped replication on the replicated folder at local path C:\Windows\SYSVOL\domain.
Additional Information:
Error: 9073 (Content set initialization is pending journal wrap task to resume journal read)
Running DCDiag appears to be fine with the exception of reporting there are errors in event log.
Can anyone assist with any suggestions on how to recover this without the need to completely rebuild the server. Active Directory seems to be replicating without issue, it’s just the Sysvol share.
Many thanks
SimonHi Simon,
I suggest you start with these links below:
Reconnecting a Domain Controller After a Long-Term Disconnection
http://technet.microsoft.com/en-us/library/cc794960(v=WS.10).aspx
Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
http://technet.microsoft.com/en-us/library/cc949124(v=ws.10).aspx
Restoring and Rebuilding SYSVOL
http://technet.microsoft.com/en-us/library/cc816596(v=WS.10).aspx
Best Regards,
Amy Wang
Maybe you are looking for
-
Should I use the fine-grained auditing?
I need to record the changes (of data) made to serveral tables by users. For example, I have to check the before and after images of the changes and what kind of transactions they do to cause the changes. Sould I program the logging procedure in the
-
Out of memory: Java heap space
Hello, I am working on a project, that simulates large populations, with each individual being a separate Objecta(a couple of kilobytes in size each). Once i reach a bug enough number of those Objects (stored in a Vector), i get Out of memory: Java h
-
Building New SQL Server To Migrate from Old one and need to figure out how I need to license it.
So my head is spinning on setting up a New SQL Server. Current setup is Microsoft Server 2003 Standard and Microsoft SQL Server 2000 Standard. Nothing was maintained with Software assurance. Environment: Database is Limited to 2008 R2 Standard as Hig
-
Regarding String Replacing ....
Hi Friends, I have some problem regarding String replacing. ex. I have following string :: ================================================= This is the java manager the main purpose for the jasper is used to create reports. And the Java language is
-
Can anyone tell me the file location of where System.out.println writes to? Does it only write to the console? We're running BEA 5.1 Server. Thanks!