VMware Cloud Community
JSpurr
Contributor
Contributor

Virtualized DC not replicating SYSVOL and NETLOGON shares

I have 2 domain controllers at my company. ECDC1 is the PDC and ECDC2 is the BDC. ECDC2 is also our file and print server and this is the DC that I virtualized. Active Directory changes appear to be replicating as far as adding and removing users. The problem is with the SYSVOL and NETLOGON shares. They do not seem to be replicating. Is there any solution for this? I really don't want to demote DC2 and then try to permote it again. I don't see anything in the event log on ECDC1 but the virtualized ECDC2 shows the following:

EVENT ID: 13508

Source: NtFrs

Computer: DC2

Description:

The File Replication Service is having trouble enabling replication from ECDC1 to ECDC2 for c:\windows\sysvol\domain using the DNS name ECDC1.companyname.com. FRS will keep retrying.

Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name ECDC1.companyname.com from this computer.

[2] FRS is not running on ECDC1.companyname.com.

[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp

.

Thank you in advance for any help and/or advice that anyone can provide...

Tags (1)
Reply
0 Kudos
7 Replies
bulletprooffool
Champion
Champion

Almost all AD replication issues are as a result of DNS in some way.

If you have confirmed all of this is 100%, then you may want to consider getting the controller to rebuild Sysvol and Netlogon.

here is a guide:

http://support.microsoft.com/kb/290762

One day I will virtualise myself . . .
Reply
0 Kudos
DCjay
Enthusiast
Enthusiast

Hello,

This definetly a s windows related troubleshooting. Recommend using the link above to fix the replication on you AD.

Jay

Reply
0 Kudos
a_p_
Leadership
Leadership

The last time I had solve an issue with FRS, I found Microsoft's FRSDiag to be a very valuable tool to determine what's going on.

André

Reply
0 Kudos
JSpurr
Contributor
Contributor

Ran FRSDiag. Below is the results that was returned.

------------------------------------------------------------

FRSDiag v1.7 on 3/2/2011 9:42:04 AM

.\ECFS1 on 2011-03-02 at 9.42.04 AM

------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....

NtFrs 3/1/2011 8:35:31 AM Warning 13508 The File Replication Service is having trouble enabling replication from ECADDC to ECFS1 for c:\windows\sysvol\domain using the DNS name ECADDC.easternconnection.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name ECADDC.easternconnection.com from this computer. [2] FRS is not running on ECADDC.easternconnection.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 3/1/2011 8:33:49 AM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer ECFS1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 2/28/2011 8:05:09 PM Warning 13508 The File Replication Service is having trouble enabling replication from ECADDC to ECFS1 for c:\windows\sysvol\domain using the DNS name ECADDC.easternconnection.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name ECADDC.easternconnection.com from this computer. [2] FRS is not running on ECADDC.easternconnection.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 2/27/2011 5:31:33 PM Warning 13508 The File Replication Service is having trouble enabling replication from ECADDC to ECFS1 for c:\windows\sysvol\domain using the DNS name ECADDC.easternconnection.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name ECADDC.easternconnection.com from this computer. [2] FRS is not running on ECADDC.easternconnection.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 2/25/2011 3:32:08 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer ECFS1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 2/25/2011 3:01:17 PM Warning 13520 The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner. In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other replicating partner. Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

NtFrs 2/25/2011 3:01:14 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer ECFS1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 2/25/2011 2:49:46 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer ECFS1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 2/25/2011 2:37:18 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer ECFS1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 2/25/2011 2:31:43 PM Warning 13520 The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner. In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other replicating partner. Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

NtFrs 2/25/2011 2:31:40 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer ECFS1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 2/25/2011 2:18:55 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer ECFS1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 2/25/2011 1:53:32 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer ECFS1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!

......... failed 11

Checking for errors in Directory Service Event Log .... passed

Checking for minimum FRS version requirement ... passed

Checking for errors/warnings in ntfrsutl ds ... passed

Checking for Replica Set configuration triggers... passed

Checking for suspicious file Backlog size...

ERROR : File Backlog TO server "EC_ADM\ECADDC$" is : 3438 :: Unless this is due to your schedule, this is a problem!

failed with 1 error(s) and 0 warning(s)

Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed

Checking for suspicious inlog entries ... passed

Checking for suspicious outlog entries ... passed

Checking for appropriate staging area size ... passed

Checking for errors in debug logs ...

ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3552: 877: S0: 09:21:20> :SR: Cmd 011165f0, CxtG d31ef0eb, WS ERROR_ACCESS_DENIED, To ECADDC.easternconnection.com Len: (362) [SndFail - rpc call]

ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 4532: 877: S0: 09:30:51> :SR: Cmd 0119d4d8, CxtG d31ef0eb, WS ERROR_ACCESS_DENIED, To ECADDC.easternconnection.com Len: (362) [SndFail - rpc call]

ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 4532: 904: S0: 09:30:51> :SR: Cmd 0119d4d8, CxtG d31ef0eb, WS ERROR_ACCESS_DENIED, To ECADDC.easternconnection.com Len: (362) [SndFail - Send Penalty]

ERROR on NtFrs_0001.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 6088: 884: S0: 15:32:09> :SR: Cmd 010f2818, CxtG d31ef0eb, WS EPT_S_NOT_REGISTERED, To ECADDC.easternconnection.com Len: (362) [SndFail - rpc exception]

ERROR on NtFrs_0001.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 6088: 883: S0: 15:32:19> ++ ERROR - EXCEPTION (000006d9) : WStatus: EPT_S_NOT_REGISTERED

ERROR on NtFrs_0001.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 6088: 884: S0: 15:32:19> :SR: Cmd 010d9810, CxtG d31ef0eb, WS EPT_S_NOT_REGISTERED, To ECADDC.easternconnection.com Len: (362) [SndFail - rpc exception]

Found 1232 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above

Found 4 EPT_S_NOT_REGISTERED error(s)! Latest ones (up to 3) listed above

......... failed with 1236 error entries

Checking NtFrs Service (and dependent services) state...passed

Checking NtFrs related Registry Keys for possible problems...

SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Enable Journal Wrap Automatic Restore = 1 :: ERROR: Enabling Journal Wrap Automatic Restore is NOT recommended in post-SP2 version of FRS. Please see KB.292438 (Troubleshooting Journal_Wrap Errors on Sysvol and DFS Replica Sets) for further information!

SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady = 0 :: ERROR: SysvolReady is not set to 1 :: SYSVOL is likely not Sharing! This key should NOT be changed manually but this should be addressed! See article KB.327781 (How to Troubleshoot Missing SYSVOL and NETLOGON Shares on Windows Server) for further information!

failed with 2 error(s) and 0 warning(s)

Checking Repadmin Showreps for errors...passed

 

Final Result = failed with 1250 error(s)

Reply
0 Kudos
a_p_
Leadership
Leadership

It looks like someone already tried to "repair" this issue. I'd suggest you read the MS KB articles mentioned in the log very carefully and make sure this is exactly what you see before modifying anything. FRSDiag should also have created several log files which could give you any hints on what's wrong. Make sure you run FRSDiag on all DC's and compare the results to find out which DC causes the issue.

from your log:

SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Enable Journal Wrap Automatic Restore = 1 :: ERROR: Enabling Journal Wrap Automatic Restore is NOT recommended in post-SP2 version of FRS. Please see KB.292438 (Troubleshooting Journal_Wrap Errors on Sysvol and DFS Replica Sets) for further information!

SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady = 0 :: ERROR: SysvolReady is not set to 1 :: SYSVOL is likely not Sharing! This key should NOT be changed manually but this should be addressed! See article KB.327781 (How to Troubleshoot Missing SYSVOL and NETLOGON Shares on Windows Server) for further information!


André

JSpurr
Contributor
Contributor

All set. I ended up demoting the dc and the re-promoting it back to a secondary domain controller. Once I did that, I rebuilt the Syslog and Netlogon shares.

Reply
0 Kudos
rickardnobel
Champion
Champion

A good command to run is:

repadmin /showrepl DC1

repadmin /showrepl DC2 (replace with your dc name)

This shows the state of general AD database replication.

A quick and easy way to test SYSVOL replication is to drop a file in e.g. the SCRIPTS subfolder on one DC and make sure it appears on the other. Then rename it or something and make sure the change goes back to the first VM.

My VMware blog: www.rickardnobel.se
Reply
0 Kudos