×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

DC not working properly

DC not working properly

DC not working properly

(OP)
Recently installed WK3 DC in a branch office connected with a T1 internet connecting using a Cisco PIX Lan-to-Lan VPN tunnel back to the home office. This be a DC for the site with DNS. After running dcpromo no issues seem to occur. Found AD, DNS, etc and copied AD from the home office. Post installations test indicated the following:

>NetDiag: (only 1 failed)
Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.

>net share
on the new DC there isnt a SYSVOL share

>successful ping from each DC

>clients in the branch office are not authenticating to the DC at that site but are authenticated by the server in the home office

>FSMO operations role is an upgraded W2K3 server from NT4 PDC and is the PDC emulator. I read that this can cause problems with only fix to move the role to the new DC so the entire sysvol is replicated. Is this true?

Any ideas? I have tried demoting it back to a standalone, removing DNS, adding DNS, but netdiag still fails with the same error (indicated above). I did read that IPSec can cause problems with NT trusts but this doenst appear to be a trust issue. Also, there is >G of disk space on DCs.

My understanding is the DC wont assume the role of being a DC until the entire SYSVOL is replicated.

Any input is greatly appreciated.


RE: DC not working properly

Have you tried to monitor AD using the ReplAdmin or the GUI interface?

Try DCDiag, what are the results there?

RE: DC not working properly

(OP)
See Logs and information below. Thanks for your response.


     Starting test: Advertising
        Warning: DsGetDcName returned information for \\server1.domainname.local,
when we were trying to reach server2.
        Server is not responding or is not considered suitable.
        ......................... server1 failed test Advertising


  Starting test: frsevent
     There are warning or error events within the last 24 hours after the
     SYSVOL has been shared.  Failing SYSVOL replication problems may cause
     Group Policy problems.
     ......................... DALDSIDC1 failed test frsevent


*****************
FRS event:

File Replication Service is initializing the system volume with data from another

domain controller. Computer DALDSIDC1 cannot become a domain controller until this

process is complete. The system volume will then be shared as SYSVOL.
 
To check for the SYSVOL share, at the command prompt, type:
net share
 
When File Replication Service completes the initialization process, the SYSVOL

share will appear.
 
The initialization of the system volume can take some time. The time is dependent

on the amount of data in the system volume, the availability of other domain

controllers, and the replication interval between domain controllers.


****************
NtFrs Debug:

++ ERROR - NtCreateFile failed :  NTStatus: STATUS_OBJECT_NAME_NOT_FOUND

<FrsHashCalcString:        


**************
<from server1 frs debug log>

ERROR - NtCreateFile failed :  NTStatus: STATUS_OPLOCK_NOT_GRANTED



The first server is an upgraded NT-w2k3 server and it is a mix-mode environment. I understand that the DC will not assume the DC role until all the sysvol has replicated. I am able to open ad users/computers from any DC. nslookups ok. ping ok. trusts ok. I used a sniffer and noticed the oplock errors. Any ideas what would be causing this? The same issue is in multiple branch offices which lead me to believe the problem is the first AD controller. I did verify permissions on all DCs and they appeared correct. Any input would be apprecitated. I have used many of the MS docs on troubleshooting replication but none have corrected the issue.

RE: DC not working properly

Did you manage to resolve this problem?  I am struggling with what appears to be the exact same issue.

RE: DC not working properly

I believe your problem is DNS related make sure your DNS is setup correctly to allow secure and non secure updates. also look in sited and servers to check communication.
I hope this helps.

dowsley

RE: DC not working properly

(OP)
yes, i was finally able to resolve the issue. It wasnt a DNS issue. I was having two issues that caused FRS to fail. I wasnt having problems with DS because AD was replication w/o issue. RPC end point mapper had an port occupied which was cleared with stopping the service, set to manual, reboot, then restarted it after reboot. The other issue was an issue with kerberos secure channel. To fix that. reset the password on one DC using the netdom resetpwd command. the stop the kdc service on all DCs. I changed the PDC emulator's kdc service to manual then rebooted. login took ~7minutes because it was attempting to use kdc service. after login, restarted the service. frs replication then resumed as normal. I then went to each DC and restarted the kdc service. I made sure replication was working by creating a fromSERVERname.txt file on each DC in the scripts folder and verified each DC received each of them.

if you are able to open AD sites and services and <right-click> and replcate NOW then most likely if no errors occur it is not a DNS issue. If you are having a FRS issue I suggest using the FRSdiag tool.

http://www.microsoft.com/downloads/details.aspx?FamilyI...

hope that helps. let me know. it was a major pain for me.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close