We are supporting a small office with an existing Server 2012 Standard DC. Yesterday I installed a secondary Server 2012 R2 and configured it as a secondary DC. The promotion went fine without any errors; however after the reboot the SYSVOL and NETLOGON shares do not appear. The DFS Replication event logs show the following after rebooting both servers:
The DFS Replication service successfully established an inbound connection with partner HCAPSRVR2 for replication group Domain System Volume.
Additional Information:
Connection Address Used: HCAPSRVR2.DC.HCAPSRVR2
Connection ID: 6257418B-2FEC-43BA-A9B2-DF16376C1486
Replication Group ID: 001EB651-3C9A-48B6-83EC-51672C075199
This event was logged last night and nothing has shown up since then. I ran a dcdiag on the new DC and it shows this:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = HCAPSRVR3
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HCAPSRVR3
Starting test: Connectivity
......................... HCAPSRVR3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HCAPSRVR3
Starting test: Advertising
Warning: DsGetDcName returned information for
\\HCAPSRVR2.DC.HCAPSRVR2, when we were trying to reach HCAPSRVR3.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... HCAPSRVR3 failed test Advertising
Starting test: FrsEvent
......................... HCAPSRVR3 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... HCAPSRVR3 failed test DFSREvent
Starting test: SysVolCheck
......................... HCAPSRVR3 passed test SysVolCheck
Starting test: KccEvent
......................... HCAPSRVR3 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... HCAPSRVR3 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... HCAPSRVR3 passed test MachineAccount
Starting test: NCSecDesc
......................... HCAPSRVR3 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\HCAPSRVR3\netlogon)
[HCAPSRVR3] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... HCAPSRVR3 failed test NetLogons
Starting test: ObjectsReplicated
......................... HCAPSRVR3 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,HCAPSRVR3] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Replication access was denied."
......................... HCAPSRVR3 failed test Replications
Starting test: RidManager
......................... HCAPSRVR3 passed test RidManager
Starting test: Services
Could not open NTDS Service on HCAPSRVR3, error 0x5
"Access is denied."
......................... HCAPSRVR3 failed test Services
Starting test: SystemLog
......................... HCAPSRVR3 passed test SystemLog
Starting test: VerifyReferences
......................... HCAPSRVR3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Yesterday I demoted the DC and then tried to promote it again, same result. I also tried going into adsiedit and following these steps:
http://kpytko.pl/2013/12/12/non-authoritative-sysvol-restore-dfs-r/
Any pointers would be greatly appreciated.
K Haroldsen
