Hi,
I discovered some replications issues on one of my DCs a couple of days ago, the SYSVOL and NETLOGON shares as not displayed/shared. In my setup im using Server 2012 Standard on all Domain Controllers. All servers are running on a ESXi 5 host in the same
subnet, with firewalls disabled.
DC001 - main DC with all FSMO roles. (10.0.1.20)
DC002 - the server i discovered the replication issues on. (10.0.1.21)
DC003 - a fresh Server 2012 install with all updates promoted as DC. (10.0.1.22)
001 which is also the dc that the domain was created on, has both the SYSVOL and the NETLOGON share. The other two do not have these shares as confirmed by "net share". Bearing in mind that 002 has been rejoined to the domain less that 24 hours ago,
and that 003 (did not exist in the domain before) has been freshly setup and promoted to the domain also less than 24 hours ago. Im going to let them sync for a little while longer before attempting anything. I haven't seen any error messages on
any of the DC's for over 4 hours now. But if i run dcdiag it reports errors. Output is given bellow:
All 3 domain controllers have the same DNS server list. The primary DNS is set to DC001 on all domain controllers. I have made no attempt to move any FSMO roles since this domain was setup. All DC's are on the same subnet and i have attempted to disable the
Windows Firewall to see if it helps.
Here is some output, all tested from DC001.
repadmin /showrepl - displays no errors.
repadmin /replsummary - dispalys no errors
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc001
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: xxx\DC001
Starting test: Connectivity
......................... DC001 passed test Connectivity
Testing server: xxx\DC003
Starting test: Connectivity
......................... DC003 passed test Connectivity
Testing server: xxx\DC002
Starting test: Connectivity
......................... DC002 passed test Connectivity
Doing primary tests
Testing server: xxx\DC001
Starting test: Advertising
......................... DC001 passed test Advertising
Starting test: FrsEvent
......................... DC001 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... DC001 failed test DFSREvent
Starting test: SysVolCheck
......................... DC001 passed test SysVolCheck
Starting test: KccEvent
......................... DC001 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC001 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC001 passed test MachineAccount
Starting test: NCSecDesc
......................... DC001 passed test NCSecDesc
Starting test: NetLogons
......................... DC001 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC001 passed test ObjectsReplicated
Starting test: Replications
......................... DC001 passed test Replications
Starting test: RidManager
......................... DC001 passed test RidManager
Starting test: Services
......................... DC001 passed test Services
Starting test: SystemLog
......................... DC001 passed test SystemLog
Starting test: VerifyReferences
......................... DC001 passed test VerifyReferences
Testing server: xxx\DC003
Starting test: Advertising
Warning: DsGetDcName returned information for \\dc001.xxx.net, when we were trying to reach
DC003.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... DC003 failed test Advertising
Starting test: FrsEvent
......................... DC003 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... DC003 failed test DFSREvent
Starting test: SysVolCheck
......................... DC003 passed test SysVolCheck
Starting test: KccEvent
......................... DC003 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC003 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC003 passed test MachineAccount
Starting test: NCSecDesc
......................... DC003 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC003\netlogon)
[DC003] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... DC003 failed test NetLogons
Starting test: ObjectsReplicated
......................... DC003 passed test ObjectsReplicated
Starting test: Replications
......................... DC003 passed test Replications
Starting test: RidManager
......................... DC003 passed test RidManager
Starting test: Services
......................... DC003 passed test Services
Starting test: SystemLog
......................... DC003 passed test SystemLog
Starting test: VerifyReferences
......................... DC003 passed test VerifyReferences
Testing server: xxx\DC002
Starting test: Advertising
Warning: DsGetDcName returned information for \\dc001.xxx.net, when we were trying to reach
DC002.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... DC002 failed test Advertising
Starting test: FrsEvent
......................... DC002 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... DC002 failed test DFSREvent
Starting test: SysVolCheck
......................... DC002 passed test SysVolCheck
Starting test: KccEvent
......................... DC002 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC002 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC002 passed test MachineAccount
Starting test: NCSecDesc
......................... DC002 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC002\netlogon)
[DC002] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... DC002 failed test NetLogons
Starting test: ObjectsReplicated
......................... DC002 passed test ObjectsReplicated
Starting test: Replications
......................... DC002 passed test Replications
Starting test: RidManager
......................... DC002 passed test RidManager
Starting test: Services
......................... DC002 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000164A
Time Generated: 03/31/2013 21:27:38
Event String:
The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\xxx.net\SCRIPTS. The followin
g error occurred:
......................... DC002 failed test SystemLog
Starting test: VerifyReferences
......................... DC002 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : xxx
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Running enterprise tests on : xxx.net
Starting test: LocatorCheck
......................... xxx.net passed test LocatorCheck
Starting test: Intersite
......................... xxx.net passed test Intersite
Im also seeing the following error:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS
data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet
Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
After this i get:
The DNS server has finished the background loading and signing of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.
So im assuming that there are no DNS related issues.
http://support.microsoft.com/kb/290762
http://support.microsoft.com/kb/2218556