Dc not Functioning Properly.

[Guest]

Hi,
Iam having two win2000 Dcs(Seperated by WAN Link) in my Site, one of my Dc
is not functioning as a Domain Controller. There is no Sysvol and Netlogon
share. I shared the \winnt\SYSVOL\sysvol folder manualy, but the share was
automatically removed within a week. I ran netdiag utily and it fails in
Domain Membership Test. Iam getting 13508 (FRS) Warning without any 13509 id.
Plz advice to recover from this problem.

 

[ptwilliams]

Is demoting this and starting again an option? If so, do that. ;-)

Otherwise, point the remote DC to the working one for DNS (assuming the DC
in the main office is your DNS server) and restart netlogon after ensuring
that you've not disabled and/ or stopped the DHCP Client Service.

In doing this the netlogon process will trigger the DHCP Client Service to
register SRV records in DNS. You will also now be able to resolve the other
DC.

Try replicating and waiting. Then look at this:
-- http://support.microsoft.com/?id=257338


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[Guest]

Both the Dcs are AD integrated DNS servers, and both have "A" records and
"Ptr" records and both can contact through FQDN names. I have also tried
restarting Netlogon and frs services, but it doesnt works. i have tried the
options in the microsoft support Link and all the tests are successful. Is
there any way to recreate the Sysvol share. Iam getting failure result in
Domain Membership Test(Netdiag).Also the Dc is not advertising.

 

[Paul Bergson]

dcdiag /e /c /v /s:server name /f:c:\dcdiag.log

when complete look at the dcdiag.log log


"C:\program files\support tools\netdiag" /v /l

when complete look at the netdiag.log file


"C:\program files\support tools\repadmin" /replsum /bysrc /bydest
/sort:delta > c:\repadmin.log

"C:\program files\support tools\repadmin" /showreps server name >>
c:\repadmin.log

When complete look at repadmin.log

This should give you some details about failures




These links might provide some additional info to help provide details about
the tools
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q265706
http://support.microsoft.com/kb/229896

Server tools should be available on your installation cd at d:\support\tools


--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

The existence of A and PTR records simply proves that name-to-IP or
IP-to-name resolution works. Directory services are located through SRV
records, which these tests do not prove.

The following will prove if DNS is working or not:

C:\>nslookup

set type=srv
_ldap._tcp.dc._msdcs.domain-name

OR

C:\>netdiag /test:dns


With regards to generating the SYSVOL, lets ensure that DNS *IS* fine first...

We'll then look at how you can recreate SYSVOL.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[Guest]

Dear Paul,
I have tested my DNS with Nslookup for _ldap._tcp.dc._msdcs.domain-name srv
record, and it sounds good, also netdiag /test:dns is also completing without
any errors.Hope my DNS is working properly.Mr Paul Bergson suggested for
Dcdiag and netdiag utilities and i found some errors on it, i have pasted the
error below.

Domain name - Mydomain
DC1 - Working DC
DC2 - Problematic DC

dcdiag /e /c /v /sC2 /f:c:\dcdiag.log

Starting test: Advertising
Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
when we were trying to reach DC2.
Server is not responding or is not considered suitable.
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
......................... DC2 failed test Advertising

netdiag /v /l

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local machine. This machine is not working properly as a DC.
Machine is a . . . . . . . . . : Domain Controller
Netbios Domain name. . . . . . : Mydomain
Dns domain name. . . . . . . . : Mydomain.com
Dns forest name. . . . . . . . : Mydomain.com
Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
Logon User . . . . . . . . . . : balakrb1
Logon Domain . . . . . . . . . : Mydomain

result shows Failure in Domain Membership and Advertising tests.
Waiting for ur reply with patience.
Regards
Baskaran B

 

[Guest]

Dear Paul Bergson,

I have tried the dcdiag and netdiag utilities and found some errors, i have
pasted the errors below,

Domain - Mydomain
Working Dc - DC1
Problematic Dc - DC2

dcdiag /e /c /v /sC2 /f:c:\dcdiag.log

Starting test: Advertising
Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
when we were trying to reach DC2.
Server is not responding or is not considered suitable.
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
......................... DC2 failed test Advertising

netdiag /v /l

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local machine. This machine is not working properly as a DC.
Machine is a . . . . . . . . . : Domain Controller
Netbios Domain name. . . . . . : Mydomain
Dns domain name. . . . . . . . : Mydomain.com
Dns forest name. . . . . . . . : Mydomain.com
Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
Logon User . . . . . . . . . . : balakrb1
Logon Domain . . . . . . . . . : Mydomain

i have also checked Repadmin and it didnt show any errors, i also paste the
repadmin report,

repadmin" /showreps DC2 >> c:\repadmin2.log

Mydomain\DC2
DSA Options : (none)
objectGuid : 9a1a783a-903d-4fbb-9c41-f48861e06891
invocationID: c610e3c5-0293-4312-b961-c62ae992ea9f

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
Last attempt @ 2005-03-16 13:17.30 was successful.

CN=Configuration,DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
Last attempt @ 2005-03-16 13:18.01 was successful.

DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
Last attempt @ 2005-03-16 13:17.30 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

CN=Configuration,DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

Waiting for ur reply with patience
Regards
Baskaran B

 

[Guest]

OK, let's try a non-authorative restore of SYSVOL...

On the troublesome DC, drill down to this registry key (regedit):

HKLM\ SYSTEM\ CurrentControlSet\ Services\ NtFrs\ Parameters\
Backup/Restore\ Process at Startup

And set the BurFlags value to D2 (Hex)


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Dear Paul,
I have tested my DNS with Nslookup for _ldap._tcp.dc._msdcs.domain-name srv
record, and it sounds good, also netdiag /test:dns is also completing without
any errors.Hope my DNS is working properly.Mr Paul Bergson suggested for
Dcdiag and netdiag utilities and i found some errors on it, i have pasted the
error below.

Domain name - Mydomain
DC1 - Working DC
DC2 - Problematic DC

dcdiag /e /c /v /sC2 /f:c:\dcdiag.log

Starting test: Advertising
Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
when we were trying to reach DC2.
Server is not responding or is not considered suitable.
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
......................... DC2 failed test Advertising

netdiag /v /l

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local machine. This machine is not working properly as a DC.
Machine is a . . . . . . . . . : Domain Controller
Netbios Domain name. . . . . . : Mydomain
Dns domain name. . . . . . . . : Mydomain.com
Dns forest name. . . . . . . . : Mydomain.com
Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
Logon User . . . . . . . . . . : balakrb1
Logon Domain . . . . . . . . . : Mydomain

result shows Failure in Domain Membership and Advertising tests.
Waiting for ur reply with patience.
Regards
Baskaran B

The existence of A and PTR records simply proves that name-to-IP or
IP-to-name resolution works. Directory services are located through SRV
records, which these tests do not prove.

The following will prove if DNS is working or not:

C:\>nslookup

OR

C:\>netdiag /test:dns


With regards to generating the SYSVOL, lets ensure that DNS *IS* fine first...

We'll then look at how you can recreate SYSVOL.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[Paul Bergson]

PT has you going I don't want to create two separate threads. It appears to
show a sysvol problem and he has you doing the right stuff. He is very
knowledgeable.

Best of luck.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

Dear Paul Bergson,

I have tried the dcdiag and netdiag utilities and found some errors, i have
pasted the errors below,

Domain - Mydomain
Working Dc - DC1
Problematic Dc - DC2

dcdiag /e /c /v /sC2 /f:c:\dcdiag.log

Starting test: Advertising
Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
when we were trying to reach DC2.
Server is not responding or is not considered suitable.
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
......................... DC2 failed test Advertising

netdiag /v /l

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local machine. This machine is not working properly as a DC.
Machine is a . . . . . . . . . : Domain Controller
Netbios Domain name. . . . . . : Mydomain
Dns domain name. . . . . . . . : Mydomain.com
Dns forest name. . . . . . . . : Mydomain.com
Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
Logon User . . . . . . . . . . : balakrb1
Logon Domain . . . . . . . . . : Mydomain

i have also checked Repadmin and it didnt show any errors, i also paste the
repadmin report,

repadmin" /showreps DC2 >> c:\repadmin2.log

Mydomain\DC2
DSA Options : (none)
objectGuid : 9a1a783a-903d-4fbb-9c41-f48861e06891
invocationID: c610e3c5-0293-4312-b961-c62ae992ea9f

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
Last attempt @ 2005-03-16 13:17.30 was successful.

CN=Configuration,DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
Last attempt @ 2005-03-16 13:18.01 was successful.

DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
Last attempt @ 2005-03-16 13:17.30 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

CN=Configuration,DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

DC=Mydomain,DC=com
Mydomain\DC1 via RPC
objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

Waiting for ur reply with patience
Regards
Baskaran B

dcdiag /e /c /v /s:server name /f:c:\dcdiag.log

when complete look at the dcdiag.log log


"C:\program files\support tools\netdiag" /v /l

when complete look at the netdiag.log file


"C:\program files\support tools\repadmin" /replsum /bysrc /bydest
/sort:delta > c:\repadmin.log

"C:\program files\support tools\repadmin" /showreps server name >>
c:\repadmin.log

When complete look at repadmin.log

This should give you some details about failures




These links might provide some additional info to help provide details about
the tools
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q265706
http://support.microsoft.com/kb/229896

Server tools should be available on your installation cd at d:\support\tools


--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



tried
the the
DC Service
to the
other

 

[Guest]

Hi Ptwilliams,
After doing this in the troublesome dc, should i restart it?
will the sysvol share and netlogon share will recreate?
should i revert back the registry change once the shares get recreated? or
any thing else should i do ..
wiating for ur reply..

Regards
Baskaran B

OK, let's try a non-authorative restore of SYSVOL...

On the troublesome DC, drill down to this registry key (regedit):

HKLM\ SYSTEM\ CurrentControlSet\ Services\ NtFrs\ Parameters\
Backup/Restore\ Process at Startup

And set the BurFlags value to D2 (Hex)


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Dear Paul,
I have tested my DNS with Nslookup for _ldap._tcp.dc._msdcs.domain-name srv
record, and it sounds good, also netdiag /test:dns is also completing without
any errors.Hope my DNS is working properly.Mr Paul Bergson suggested for
Dcdiag and netdiag utilities and i found some errors on it, i have pasted the
error below.

Domain name - Mydomain
DC1 - Working DC
DC2 - Problematic DC

dcdiag /e /c /v /sC2 /f:c:\dcdiag.log

Starting test: Advertising
Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
when we were trying to reach DC2.
Server is not responding or is not considered suitable.
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
......................... DC2 failed test Advertising

netdiag /v /l

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local machine. This machine is not working properly as a DC.
Machine is a . . . . . . . . . : Domain Controller
Netbios Domain name. . . . . . : Mydomain
Dns domain name. . . . . . . . : Mydomain.com
Dns forest name. . . . . . . . : Mydomain.com
Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
Logon User . . . . . . . . . . : balakrb1
Logon Domain . . . . . . . . . : Mydomain

result shows Failure in Domain Membership and Advertising tests.
Waiting for ur reply with patience.
Regards
Baskaran B

The existence of A and PTR records simply proves that name-to-IP or
IP-to-name resolution works. Directory services are located through SRV
records, which these tests do not prove.

The following will prove if DNS is working or not:

C:\>nslookup
set type=srv
_ldap._tcp.dc._msdcs.domain-name

OR

C:\>netdiag /test:dns


With regards to generating the SYSVOL, lets ensure that DNS *IS* fine first...

We'll then look at how you can recreate SYSVOL.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[ptwilliams]

Sorry, my instructions were a little vague.

Stop NtFrs
Change the reg value
Start NtFrs
Wait ten minutes.
Look at the NtFrs event logs.

Rebooting won't hurt at this point ;-)


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[Guest]

Hi,
I have done the instructions given by u.Following is the observations,
Event id-13565 :FRS initialized System Volume
Event id-13553 :FRS added the computer to replica set
Event id-13554 :FRS added connections to replica set
outbound connection to DC1
inbound connection from DC1

after this i got the usual warning Event 13508: FRS is having trouble
enabling replication ftom DC1.

I have checked for RPC connectivity between the two DCs by RPC Ping utility
and found RPC connectivity fine.
In my working DC, DC1 there is only Sysvol share and there is no Netlogon
share. will this be any problem?
what should i do next?
waiting for ur reply
Regards
Baskaran B

 

[ptwilliams]

Wait a while. Restart NtFrs.

If it's having trouble replicating and we've proved DNS is OK, then it could
well be physical topology issues.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[Guest]

I picked up on this issue after searching on "dsgetdcname". I'm getting the
same error when running DCDIAG. It looks like this was never resolved. I've
followed all the steps in this thread that I can. Any more suggestions?

 

[ptwilliams]

Hi Nick,

Can you please elaborate on your problem, and what issues you are seeing?

 

[Guest]

Glad to. Thanks for picking up on my request.

We are trying to add a domain controller to an existing 2000 domain. There
is currently only one DC on the domain. I believe, although I'm not sure,
that it may have been a domain upgraded from NT 4.0 years ago.

Joining the domain works fine. Promoting to DC seems to be fine but further
investigation reveals that Sysvol/netlogon shares are not replicated and
browsing is sometimes now a problem on the domain (This may be dependent on
what DC authenticates the logon?)

Running DCDIAG reports the errors:

Starting test: Advertising
Warning: DsGetDcName returned information for
\\wilke1.WHQ.wilkecpa.com, when we were trying to reach WILKE2.
Server is not responding or is not considered suitable.
......................... WILKE2 failed test Advertising

Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... WILKE2 passed test frssysvol

Starting test: systemlog
An Error Event occured. EventID: 0xC0001F60
Time Generated: 05/06/2005 11:55:03
Event String: The browser service has failed to retrieve the

......................... WILKE2 failed test systemlog

Note the domain name "whq.wilkecpa.com". Is that alright?

Thanks in advance, looking forward to hearing from you.

 

[ptwilliams]

Hi Nick,

Run netdiag /test:dns

Point the DC at the internal DNS server (usually the DC) and restart
NETLOGON after ensuring that the DNS zone accepts dynamic updates and the
DHCP Client service is running on the DCs.

Does the AD DNS name, and the DNS zone name match? If not, have a look at
this:
-- http://www.msresource.net/content/view/40/46/

 

[Guest]

Thanks for all your help on this. I ended up opening a support call on the
issue. It turned out that I was suffering from NTFRS problems, resulting
from insufficient space on the system partition. We moved SYSVOL to another
partition, fixed NTFRS problems, things are working.

 

[ptwilliams]

Glad to hear it.

All the best!!