Hello.
I have a home lab with AD domain called tnx.cz. I have single DC called DC02 (Windows Server 2012). I needed to install new DC called DC03 (Windows Server 2012). I have done it many time, never run into trouble. This time everything went OK, but at the end the new DC03 was not sharing NETLOGON and SYSVOL. Replication worked according repadmin. DNS was working, the new server was serving clients OK. But when I shutdown the old DC02, the domain stopped working. Instead of network called tnx.cz computers showed Network 2 or something like this. I have removed the DC03 (moved FSMO back, done correct demotion, uninstalled od ADDS, DNS) and started again. Before I started adding new DC, I have walked through the DNS and checked every single record in whole tree. I have also ran BPA for ADDS and DNS before installing. No significant errors or warnings. (Not counting warnings that I have single DC, or that I should use localhost as the DNS server in tcpip settings on DC, but not the first.) I have used Windows Server 2012 R2 this time for the installation of new DC, but the result was the same.
Replications seem to be working.
Results of repadmin /showrepl from DC02:
C:\Users\Administrator.TNX>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
home\DC02
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
DSA invocationID: bceb8b7d-f5e7-45ee-b5fd-f36b9c601d37
==== INBOUND NEIGHBORS ======================================
DC=tnx,DC=cz
home\DC03 via RPC
DSA object GUID: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
Last attempt @ 2013-12-03 09:56:52 was successful.
CN=Configuration,DC=tnx,DC=cz
home\DC03 via RPC
DSA object GUID: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
Last attempt @ 2013-12-03 09:56:52 was successful.
CN=Schema,CN=Configuration,DC=tnx,DC=cz
home\DC03 via RPC
DSA object GUID: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
Last attempt @ 2013-12-03 09:56:52 was successful.
DC=ForestDnsZones,DC=tnx,DC=cz
home\DC03 via RPC
DSA object GUID: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
Last attempt @ 2013-12-03 09:56:52 was successful.
DC=DomainDnsZones,DC=tnx,DC=cz
home\DC03 via RPC
DSA object GUID: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
Last attempt @ 2013-12-03 09:56:52 was successful.
Results of repadmin /showrepl from DC03:
C:\Users\Administrator.TNX>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
home\DC03
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 2f0862c7-11ca-48b5-82a4-587b9b6bd982
DSA invocationID: cb1960e2-9fed-45d5-8539-bad3bbca3981
==== INBOUND NEIGHBORS ======================================
DC=tnx,DC=cz
home\DC02 via RPC
DSA object GUID: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
Last attempt @ 2013-12-03 10:25:56 was successful.
CN=Configuration,DC=tnx,DC=cz
home\DC02 via RPC
DSA object GUID: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
Last attempt @ 2013-12-03 09:50:00 was successful.
CN=Schema,CN=Configuration,DC=tnx,DC=cz
home\DC02 via RPC
DSA object GUID: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
Last attempt @ 2013-12-03 09:50:00 was successful.
DC=ForestDnsZones,DC=tnx,DC=cz
home\DC02 via RPC
DSA object GUID: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
Last attempt @ 2013-12-03 09:50:00 was successful.
DC=DomainDnsZones,DC=tnx,DC=cz
home\DC02 via RPC
DSA object GUID: 5a572dc6-2ed9-44c1-834f-70661d4c0d0a
Last attempt @ 2013-12-03 09:50:00 was successful.
But the DCDIAG shows errors.
DCDIAG from DC02:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: home\DC02
Starting test: Connectivity
......................... DC02 passed test Connectivity
Doing primary tests
Testing server: home\DC02
Starting test: Advertising
......................... DC02 passed test Advertising
Starting test: FrsEvent
......................... DC02 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC02 failed test DFSREvent
Starting test: SysVolCheck
......................... DC02 passed test SysVolCheck
Starting test: KccEvent
......................... DC02 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC02 passed test MachineAccount
Starting test: NCSecDesc
......................... DC02 passed test NCSecDesc
Starting test: NetLogons
......................... DC02 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC02 passed test ObjectsReplicated
Starting test: Replications
......................... DC02 passed test Replications
Starting test: RidManager
......................... DC02 passed test RidManager
Starting test: Services
......................... DC02 passed test Services
Starting test: SystemLog
......................... DC02 passed test SystemLog
Starting test: VerifyReferences
......................... DC02 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : tnx
Starting test: CheckSDRefDom
......................... tnx passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... tnx passed test CrossRefValidation
Running enterprise tests on : tnx.cz
Starting test: LocatorCheck
......................... tnx.cz passed test LocatorCheck
Starting test: Intersite
......................... tnx.cz passed test Intersite
DCDIAG from DC03:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc03
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: home\DC03
Starting test: Connectivity
......................... DC03 passed test Connectivity
Doing primary tests
Testing server: home\DC03
Starting test: Advertising
Warning: DsGetDcName returned information for \\DC02.tnx.cz, when we
were trying to reach DC03.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... DC03 failed test Advertising
Starting test: FrsEvent
......................... DC03 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC03 failed test DFSREvent
Starting test: SysVolCheck
......................... DC03 passed test SysVolCheck
Starting test: KccEvent
......................... DC03 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC03 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC03 passed test MachineAccount
Starting test: NCSecDesc
......................... DC03 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC03\netlogon)
[DC03] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... DC03 failed test NetLogons
Starting test: ObjectsReplicated
......................... DC03 passed test ObjectsReplicated
Starting test: Replications
......................... DC03 passed test Replications
Starting test: RidManager
......................... DC03 passed test RidManager
Starting test: Services
DFSR Service is stopped on [DC03]
......................... DC03 failed test Services
Starting test: SystemLog
......................... DC03 passed test SystemLog
Starting test: VerifyReferences
......................... DC03 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : tnx
Starting test: CheckSDRefDom
......................... tnx passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... tnx passed test CrossRefValidation
Running enterprise tests on : tnx.cz
Starting test: LocatorCheck
......................... tnx.cz passed test LocatorCheck
Starting test: Intersite
......................... tnx.cz passed test Intersite
There are some warnings and errors in logs, but they are quite confusing to me:
-----
There is an error on DC03 in DFS Replication log:
The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC02.tnx.cz.
If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization
state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This
can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 5C759754-F9F4-4EDA-B262-B2E86BF6487F
Replication Group Name: Domain System Volume
Replication Group ID: CB8E010A-2891-495E-B1D5-C8128B4EAA52
Member ID: FA76F872-92C5-454B-875B-CA1A1DF414FE
Read-Only: 0
-----
Later there is information in DFS Replication log saying:
The DFS Replication service successfully established an inbound connection with partner DC02 for replication group Domain System Volume.
Additional Information:
Connection Address Used: DC02.tnx.cz
Connection ID: CB8E010A-2891-495E-B1D5-C8128B4EAA52
Replication Group ID: 106FA20D-096B-4C4C-87C9-5F58355B7165
-----
DNS Server log on DC03 says:
The DNS server has finished the background loading and signing of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.
-----
On DC02:
Error in DFS Replication log:
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 362 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter
(60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh
data from other members of the replication group.
Additional Information:
Error: 9061 (The replicated folder has been offline for too long.)
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 5C759754-F9F4-4EDA-B262-B2E86BF6487F
Replication Group Name: Domain System Volume
Replication Group ID: 106FA20D-096B-4C4C-87C9-5F58355B7165
Member ID: 0FBB30B0-D9C5-401A-897E-2129D3230429
-----
Later information in the DFS Replication log:
The DFS Replication service has detected that at least one connection is configured for replication group Domain System Volume.
Additional Information:
Replication Group ID: 106FA20D-096B-4C4C-87C9-5F58355B7165
Member ID: 0FBB30B0-D9C5-401A-897E-2129D3230429
-----
There is an information in the log describing what should I do. "To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group. " But I do not have DNS management snapin in my DC for MMC. Should I install it to continue? Is the error relevant in this case? I just do not understand why it says it was disconnected from replication when it was the only DC in domain.
Can you advice, please?
Thank you
Best regards
Jan Kovar
honza@tnx.cz