Hello, everyone. This one has me stumped, and I dare not proceed before I hopefully get some feedback.
Have a Windows Server 2003 R2 SP2 domain controller (BGOSRV1) which is to be replaced by a new box running Windows Server 2008 R2 (BGOSRV2). BGOSRV2 was joined to the domain, then promoted to a DC. It was given the role of Global Catalog, but no FSMO roles. Both domain and forest functional levels were raised on BGOSRV1 to Windows Server 2003 native as well as ADPREP /forestprep and ADPREP /domainprep from the Windows Server 2008 R2 binaries were run on BGOSRV1 prior to the promotion of BGOSRV2.
Everything seemed to be fine after promoting BGOSRV2. SYSVOL replicated over to BGOSRV2, and any AD changes I made on either box were replicated between them as they should, in both directions. Then I did nothing with the boxes for a few weeks while I was away on vacation, so they had plenty of time to get to know each other well... Then, when I added a few logon scripts to SYSVOL on BGOSRV1 and saw them not being replicated over to SYSVOL on BGOSRV2, I started checking.
Apparently right after BGOSRV2 was promoted, BGOSRV1 started to generate events 13562 NtFrs in the File Replication Service log, seemingly once every time the NtFrs service starts. The description is strangely non-descript: "Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller bgosrv1.something.no for FRS replica set configuration information. For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp."
Running DCDIAG /v on BGOSRV1 produces the following (passed tests omitted):
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034FA
Time Generated: 04/15/2010 10:00:53
(Event String could not be retrieved)
......................... BGOSRV1 failed test frsevent
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BGOSRV1,OU=Domain Controllers,DC=something,DC=no and backlink on
CN=BGOSRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=something,DC=no
are correct.
Some objects relating to the DC BGOSRV1 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=BGOSRV1,OU=Domain Controllers,DC=something,DC=no
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=BGOSRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=something,DC=no
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... BGOSRV1 failed test VerifyReferences
Running DCDIAG /v on BGOSRV2 produces no errors, and there are no errors in Event Viewer.
I then thought something had perhaps gone awry during the promotion of BGOSRV2, so I demoted it to a member server again (since it didn't yet play any roles in the network). Demotion of BGOSRV2 seems to have been done okay, but before it finished its demotion, it complained of not being able to delete some dynamic DNS records -- these I deleted in the DNS console on BGOSRV1 manually. (Only the ones pointing to BGOSRV2 as a DC.)
Now, after demotion, the 13562 NtFrs events are still on BGOSRV1 each time the NtFrs service starts. DCDIAG /v produces the same results as above.
With ADSIEdit, I have tried adding the missing (or "<Not Set>") values for the following, as the DCDIAG output complains about:
On CN=BGOSRV1,OU=Domain Controllers,DC=something,DC=no I try to modifyfrsComputerReferenceBL with the value CN=BGOSRV1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=something,DC=no
On CN=NTDS Settings,CN=BGOSRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=something,DC=no I try to modifyserverReferenceBL with the value CN=BGOSRV1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=something,DC=no
Since ADSIEdit presents me with the error "The name reference is invalid." when I try to make either of those changes, I'm starting to wonder if I do things right. Do I try to insert the wrong values? Change them in the wrong places? Change them in the wrong order?
Also, when I look at another Windows Server 2003 DC at completely different site, I notice in ADSIEdit that under Configuration | Sites | <site name> | Servers | <server name> | NTDS Settings there is an nTDSConnection object with a GUID-like name (and text file-like icon, not a folder), but on BGOSRV1 (after demotion of BGOSRV2) there is no such object. Seems something is amiss here as well.
Anyway, since BGOSRV2 seemed okay when it was a DC and that BGOSRV1 is intended to be decomissioned, do these errors mean anything or will have any practical consequences? I mean, if I promote BGOSRV2 again and everything seems fine, everything is replicated and it does its job, do I dare demote and remove BGOSRV1 in the hope that something behind the scenes isn't broken?
Anyone have any clues? Thank you.