Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

W2K - W2k3 SYSVOL problem

Status
Not open for further replies.
iLinkTech

iLinkTech

IS-IT--Management
Nov 28, 2003
133
DE
Hi there, stumped:

We've been on a W2K Adv Server DC for about a year. I'm in the process of upgrading the network to include 2 W2k3 (Std Edition) DC's with a plan to up the domain to W2k3 and then rebuild the W2K box w/ W2k3 as a file server.

Ran ADPREP / forest, domain, etc on the W2K box without error. W2k3 DC joins W2K domain w/o problem. Roles transferred w/o problem. However, SYSVOL is not replicating (found this out after xfering the roles and trying to use GPMC from my workstation - couldn't access GPO).

After fiddling around with it, xferred the roles back to the W2K box, DCPROMO the W2k3 box back to a member server. Once I removed the reference to the now non-existant W2k3 DC, GPMC works fine again - policies can be accessed/modified.

Tried DCPROMO several more times - same issue. I've read through a number of the posts on Tek-Tips regarding this issue and have tried most of the solutions offered (remove DNS from new DC, registry changes, move Infrastructure role off of GC, etc) - none have worked.

DNS appears to be working - I can ping/nslookup each server from the other by FQDN and the "Replicate Now" operation from AD Site and Services does not error out. I finally ran FrsDiag.exe - found a couple of interesting entries:

<SndCsMain: 3464: 868: S0: 07:40:03> :SR: Cmd 0023b578, CxtG c4b4e859, WS ERROR_ACCESS_DENIED, To Concord.mydomain.int Len: (366) [SndFail - rpc call]
<SndCsMain: 3464: 895: S0: 07:40:03> :SR: Cmd 0023b578, CxtG c4b4e859, WS ERROR_ACCESS_DENIED, To Concord.mydomain.int Len: (366) [SndFail - Send Penalty]

These are repeated all over the logs and lead me to think that there is an RPC issue between the servers. Now, with the W2k3 box as a member server, RPC appears to be working fine - used rpcping.exe from the ResKit and got this response:

C:\Program Files\Windows Resource Kits\Tools>rpcping /s dc1.mydomain.int
Completed 1 calls in 1 ms
1000 T/S or 1.000 ms/T

I haven't tried this after a DCPROMO yet because I'm hoping for an answer to the issue before I waste my time promoting/demoting this server all day :(

The only other piece of info that might mean anything is the fact that the domain is still mixed-mode; it doesn't have to be, I just haven't changed it yet - don't know if that would cause this issue.

Any ideas,

Thanks
 
Sort by date Sort by votes
More info -

It appears that there is something in the syslog staging and staging areas folders on the W2k3 server - inside of staging, there is a "domain" folder with 8 files that start with "NTFRS_CMP...".

The staging areas folder has a subdirectory with out domain name and the same files in it. Now, it just so happens that I have 8 GPO's, so it looks like this information is getting to the new server, but SYSVOL will not initialize. The staging and staging areas folders on the W2K DC are empty.

Any takers?

Thanks...
 
Upvote 0 Downvote
Are you getting any errors or warnings in the file replication logs of either server? Not the raw frs logs from frsdiag, but the frs log in event viewer.
 
Upvote 0 Downvote
Hi, thanks for responding:

Yes, I'm getting the following errors:

On the W2K box, I'm getting a 13508 - "FRS is having trouble enabling replication from server2 to server1 for C:\winnt\sysvol\domain using the DNS name server2. FRS will keep trying." This only shows up once after the NtFrs service is restarted.

On the W2k3 box, I'm getting 13565 - "FRS is initializing the system volume with data from another domain controller. Computer SERVER2 cannot become a domain controller until this process is complete." This also only shows up once after NtFrs is restarted.

I know the 13508 says DNS, but I can't find any issue - can ping and nslookup by FQDN either way.

Ran NETDIAG on the W2k3 box, only error was in the Domain membership test - FAILED "[WARNING] The system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.: (no kidding)

Ran DCDIAG and got several errors:

Advertising
"Warning: DsGetDcName returned information for \\server1.mydomain.int when we were trying to reach server2.
Server not responding or is not considered suitable.
....................SERVER2 failed test Advertising


FrsEvent
There are warnings or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... SERVER2 failed test frsevent


Repadmin /showreps does not return any errors and I can manipulate objects in AD on the W2k3 server, so that part is working.

Thanks again for looking at this...
 
Upvote 0 Downvote
Well, it looks like we have this resolved; I say "we" because I ended up having to call PSS. I will say that the service I received was excellent - 4 1/2 hours on the phone with a very patient support tech.

It looks like there may be a problem with the OS installation on my w2k3 server which was preventing replication. The fix ended up being the manual addition of several junction points within the SYSVOL folder and changing the BurFlags key in HKLM\SYSTEM\CCS\Services\NtFrs\Parameters\Process on Startup - to "D4" (Hex) on the W2K DC and to "D2" on the W2k3 DC.

The result was an immediate replication from the W2K box to the W2k3 box and continued replication thereafter. GPO's are accessible on the W2k3 box and I now see EventID 13516 on the W2k3 DC.

A number of MSOFT tools were used to look for problems on this DC, including DCDiag, NetDiag, repadmin, and eventually, the MS Reporting tool (MPS_REPORTS - This tool is a composite of other diagnostic tools and compiles the results into a series of log files that can be reviewed to find issues.

In response to mlichstein's last post; the FRS issue actually showed up in the MPS report and PSS provided a config file to use w/ ldifde. Now it didn't outwardly do anything (0 objects copies successfully), but PSS thought that perhaps there was some corruption in one or more of these objects and the ldifde file corrected the issue.

Anyway, at the moment, all appears to be well. I'll be adding an additional W2k3 DC soon, so time will tell if the fix will stick.

Thanks for the assistance...
 
Upvote 0 Downvote
Hi there!
I'm wondering if you could provide some more information as I have encountered the exact same scenario, ie added a w2k3 server to an existing w2k domain etc etc. Right down to the WS ERROR_ACCESS_DENIED error message. I've been trying to fix this for 2 weeks :-(.
 
Upvote 0 Downvote
Read over this KB:


It might get you started - you may also need to look into the KB that mlichstein posted above, in case you have some damaged / corrupted objects.

In case you haven't done it, remember that the AD Schema needs to be modified before you can add a W2k3 DC to a W2K domain:

- look about 1/2 way down the page for the ADPREP info.


Hope this helps...
 
Upvote 0 Downvote
Hi,

Thanks for the quick reply. I did the adprep with no errors before adding the new server. I've been through FRS schema doc a few times too. It's a struggle but it is my guess that something is corrupted, just damn hard to work out what and where :-( ... i guess i'll keep on hunting ....

 
Upvote 0 Downvote
Yeah, its a pain - I've currently got a W2K server that is locking up for no apparent reason - it just stops; no excessive processor usage, no nothing. I'm looking at the RAID controller as a possible suspect, but I just don't know at this point.

Do try the BurFlags KB; it is what kickstarted my replication and it's been fine since then.


Hope this helps...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
938
suncit
suncit
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
295
maybeimaleo
maybeimaleo
MoJHK
  • Locked
  • Question
ESXI server upload problem
Replies
3
Views
303
hairlessupportmonkey
hairlessupportmonkey
axilleas
  • Locked
  • Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
496
technome
technome

Part and Inventory Search

Sponsor

Back
Top