I dcpromo-ed to demote their windows 2003 DC properly , but I noticed the sysvol is not replicating properly so did they. the only replication was at the time I dcpromo-ed another windows 2008 R2 as DC. many other guys worked on their system from time to time, I am the guy de-commisoned their last 2003 DC. so I have to fix it.
there wasn't any error in the logs.
the functional level is still at windows 2003. so the AD still uses NTFRS to do the replication.
(in windows 2008 function level, it uses DFS to replicate)
the first clue is the cmd
NTFRSUTL FS
it shows my promo-ed DC is fine, but the PDC is NOT a member of any replication set.
but dssite shows everything is perfect...
well , I have to manually repair it, this link is a good reference
http://www.shantilal.net/technotes/1.html
and I quote here
3) Run it -> ADSIEDIT.MSC
4) Open the tab "DOMAIN"
5) Open the tab "DC=name, DC=of, DC=domain"
6) Open "OU=Domain Controllers"
7) Expand both servers, you will notice that the server that is reported as "Not beeing member of any replica set" will have no "CN=NTFRS Subscriptions" while the other server will have it.
8) Right click on the tab "CN=NTFRS Subscriptions" of the server that has no subscription and select NEW OBJECT
9) Select nTFRSSubscriber
10) You will be prompted for a CN value, check in the other server what´s the name, though usually it will be "CN=Domain System Volume (SYSVOL share)"
11) You will also be prompted for
fRSStagingPath = C:\WINDOWS\SYSVOL\staging\domain
again, in my case its windows 2008 R2, I need edit/check two locations 1/ domain controller OU 2/system node - file replication service
http://support.microsoft.com/kb/312862
use adsiedit.msc to edit DC in the OU domain controllers and there is another place for edit, it is under systems - frs node,
you will compare the good DC's properties with the problematic one, then re-create entries and attributes.
one problem I got is I kept getting error while trying to create entries. it suddenly come right. probably I need create the main entry first , then modify attributes later
in the process , I have to say I am disappointed at repadmin tool, it doesn't reveal any clue.
http://support.microsoft.com/kb/257338
http://www.eventid.net/display.asp?eventid=13508&eventno=349&source=ntfrs&phase=1
after I put those entries in , the sysvol on the PDC suddenly got changed to NtFrs_PreExisting___See_EventLog
oh dear, my hair stands on end.
I put it back by referrring to
http://support.microsoft.com/kb/290762/en-us
http://www.compit.se/?p=131
I just copy and paste here (and I quote)
On both servers do step 1 – 7
1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double-click BurFlags.
8. In the Edit DWORD Value dialog box, type D2 on one of the servers and on the other server type D4 then click OK.
9. Quit Registry Editor.
10. On the server where you edited the BurFlags DWORD to D4 copy the folders in the folder NtFrs_PreExisting___See_EventLog to C:\WINDOWS\SYSVOL\sysvol\yourdomain.local
11. In the Command box on the server where you set the DWORD to D4, type net start ntfrs. When the service has started go to your other server and type net start ntfrs.
11. Quit the Command box.
12. Check the eventlog for messages.
http://support.microsoft.com/kb/312862
well, I restored sysvol on the PDC, but there is still no replication, there is an error logged on the PDC like DNS problem preventing replication something like that...
go back to basics run dcdiag /fix (there is no netdiag in w2008 ?)
the result showed there is a problem with one of the replica members, one of the attributes not right.
( this error is not showing up when I started working on this problem initially)
that's good, gave me something to work on
again use adsiedit to check domain controllers in the domain controller's OU, and system node FRS
again compare attributes between domain controllers
I spotted a problem and correct it, whether it is a typo or auto-generated error I dont know.
the sysvol started replicating ,
phew ....
what a long day....
there is a group policy error in gpmc.msc ... its about the policy files on sysvol is not the same as in AD. click ok to make it the same
comment
:
I got an impression after reading through MS documents, that a demoted DC should still remain in dssite ... even if its gone. just dont break the cycle...
oh dear can you ever delete those old DCs
I would have thought properly demoted DCs should disappear without problem.
there wasn't any error in the logs.
the functional level is still at windows 2003. so the AD still uses NTFRS to do the replication.
(in windows 2008 function level, it uses DFS to replicate)
the first clue is the cmd
NTFRSUTL FS
it shows my promo-ed DC is fine, but the PDC is NOT a member of any replication set.
but dssite shows everything is perfect...
well , I have to manually repair it, this link is a good reference
http://www.shantilal.net/technotes/1.html
and I quote here
3) Run it -> ADSIEDIT.MSC
4) Open the tab "DOMAIN"
5) Open the tab "DC=name, DC=of, DC=domain"
6) Open "OU=Domain Controllers"
7) Expand both servers, you will notice that the server that is reported as "Not beeing member of any replica set" will have no "CN=NTFRS Subscriptions" while the other server will have it.
8) Right click on the tab "CN=NTFRS Subscriptions" of the server that has no subscription and select NEW OBJECT
9) Select nTFRSSubscriber
10) You will be prompted for a CN value, check in the other server what´s the name, though usually it will be "CN=Domain System Volume (SYSVOL share)"
11) You will also be prompted for
fRSStagingPath = C:\WINDOWS\SYSVOL\staging\domain
again, in my case its windows 2008 R2, I need edit/check two locations 1/ domain controller OU 2/system node - file replication service
http://support.microsoft.com/kb/312862
use adsiedit.msc to edit DC in the OU domain controllers and there is another place for edit, it is under systems - frs node,
you will compare the good DC's properties with the problematic one, then re-create entries and attributes.
one problem I got is I kept getting error while trying to create entries. it suddenly come right. probably I need create the main entry first , then modify attributes later
in the process , I have to say I am disappointed at repadmin tool, it doesn't reveal any clue.
http://support.microsoft.com/kb/257338
http://www.eventid.net/display.asp?eventid=13508&eventno=349&source=ntfrs&phase=1
after I put those entries in , the sysvol on the PDC suddenly got changed to NtFrs_PreExisting___See_EventLog
oh dear, my hair stands on end.
I put it back by referrring to
http://support.microsoft.com/kb/290762/en-us
http://www.compit.se/?p=131
I just copy and paste here (and I quote)
On both servers do step 1 – 7
1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double-click BurFlags.
8. In the Edit DWORD Value dialog box, type D2 on one of the servers and on the other server type D4 then click OK.
9. Quit Registry Editor.
10. On the server where you edited the BurFlags DWORD to D4 copy the folders in the folder NtFrs_PreExisting___See_EventLog to C:\WINDOWS\SYSVOL\sysvol\yourdomain.local
11. In the Command box on the server where you set the DWORD to D4, type net start ntfrs. When the service has started go to your other server and type net start ntfrs.
11. Quit the Command box.
12. Check the eventlog for messages.
http://support.microsoft.com/kb/312862
well, I restored sysvol on the PDC, but there is still no replication, there is an error logged on the PDC like DNS problem preventing replication something like that...
go back to basics run dcdiag /fix (there is no netdiag in w2008 ?)
the result showed there is a problem with one of the replica members, one of the attributes not right.
( this error is not showing up when I started working on this problem initially)
that's good, gave me something to work on
again use adsiedit to check domain controllers in the domain controller's OU, and system node FRS
again compare attributes between domain controllers
I spotted a problem and correct it, whether it is a typo or auto-generated error I dont know.
the sysvol started replicating ,
phew ....
what a long day....
there is a group policy error in gpmc.msc ... its about the policy files on sysvol is not the same as in AD. click ok to make it the same
comment
:
I got an impression after reading through MS documents, that a demoted DC should still remain in dssite ... even if its gone. just dont break the cycle...
oh dear can you ever delete those old DCs
I would have thought properly demoted DCs should disappear without problem.
No comments:
Post a Comment