Server 2008 DFS Replication Issues

windows-server-2008 active-directory domain-controller dfs-r file-replication-services
22,012

Regarding FRS for SYSVOL replication - was this domain upgraded from 2003? SYSVOL may still be using FRS for replication unless you migrated it to DFS-R replication post-upgrade.

You can use the SYSVOL Replication Migration Guide to move it from FRS to DFS-R

Regarding the firewall, just because they are on the same local network, the local windows firewall may be blocking connection as well.

Share:
22,012

Related videos on Youtube

Jeff
Author by

Jeff

Updated on September 18, 2022

Comments

  • Jeff
    Jeff almost 2 years

    I have two domain controllers on my network, win2k8dc1 and win2k8dc2.

    I am running into event log errors that DFS replication is not able to communicate with the replication partner. This event is logged on DC2:

    The DFS Replication service failed to communicate with partner WIN2K8DC1 for replication group Domain System Volume. The partner did not recognize the connection or the replication group configuration.
    Partner DNS Address: WIN2K8DC1.JEWELS.LOCAL Optional data if available: Partner WINS Address: WIN2K8DC1 Partner IP Address: 192.168.1.254 The service will retry the connection periodically. Additional Information: Error: 9026 (The connection is invalid) Connection ID: F26BEC3F-1EB7-4002-BE66-6204485CDC8C Replication Group ID: E0260157-9085-41F7-8912-F1A02026A0A5

    These errors are not being generated on DC1. Both machines are able to ping by ip, fqdn, and a records.

    Active directory seems to replicate perfectly fine. If an object or ou is created on one server it is replicated to the second. DNS replication seems to be fine as well.

    Running DCDIAG I received the following errors:

    Starting test: DFSREvent

The DFS Replication Event Log. 
There are warning or error events within the last 24 hours after the

SYSVOL has been shared.  Failing SYSVOL replication problems may cause

Group Policy problems. 
An error event occurred.  EventID: 0xC0001394

Time Generated: 01/04/2012   17:00:45
Event String:

The DFS Replication service failed to communicate with partner WIN2K8DC2 for replication group Domain System Volume. The partner did not recognize the connection or the replication group configuration. 

Partner DNS Address: WIN2K8DC2.JEWELS.LOCAL

Optional data if available: 
Partner WINS Address: WIN2K8DC2 
Partner IP Address: 192.168.1.253 

The service will retry the connection periodically. 

Additional Information: 
Error: 9026 (The connection is invalid) 
Connection ID: 04854E9E-07E3-4A3E-BA6C-F3FBAB67B21F 
Replication Group ID: E0260157-9085-41F7-8912-F1A02026A0A5
An error event occurred.  EventID: 0xC0001394
Time Generated: 01/05/2012   03:00:42
......................... WIN2K8DC1 failed test DFSREvent

    I checked the attributes for domain controller: msDFSR-ComputerReferenceBL. Each DC has a value where the CN equals itself. The msDFSR-MemberReferenceBL value is null. I can not manually edit either of these two values.

    Another error in the DCDIAG output is the NCSecDesc test, which when researched said to ignore if I do not use RODC. Both servers fail this test.

    Both servers have a DCOM error reporting that DCOM was unable to communicate with the computer using any configured protocols. I can ping the IPs of out forwarders however..

    All DNS test results PASSED with dcdiag.

    The dcdiag attributes that I ran are: dcdiag /v /c /d /e /s:win2k8dc1 > c:\dcdiag.txt and the same on win2k8dc2.

    FRSDiag utility returned the following error on DC1:

    Checking for errors in debug logs ...
    ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                     3580:   904: S0: 12:33:01> :SR: Cmd 00388bb0, CxtG f26bec3f, WS ERROR_ACCESS_DENIED, To   WIN2K8DC1.JEWELS.LOCAL Len:  (544) [SndFail - Send Penalty]
    ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                      260:   877: S0: 12:33:01> :SR: Cmd 00388130, CxtG 04854e9e, WS ERROR_ACCESS_DENIED, To   WIN2K8DC1.JEWELS.LOCAL Len:  (376) [SndFail - rpc call]
    ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                      260:   904: S0: 12:33:01> :SR: Cmd 00388130, CxtG 04854e9e, WS ERROR_ACCESS_DENIED, To   WIN2K8DC1.JEWELS.LOCAL Len:  (376) [SndFail - Send Penalty]

    Found 8 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above

 ......... failed with 8 error entries

    When trying to run FRSDiag from DC1 against DC2 I get the following error:

       Processing ntfrsutl ds....NTFRSUTL ERROR - Cannot RPC to computer, win2k8dc2; 000006d9 (1753)... Make sure you are logged on as a Domain Admin! Skipping!

    I am starting to getting stumped, as this is getting over my head. Wanted to check here before I proceed with the next step and contact the MS AD tech support..

    Additions: UAC is off. No firewall is on either server. The functionality level is windows server 2008.

    dfsrdiag dumpadcfg output:

    LDAP Bind   : WIN2K8DC1.JEWELS.LOCAL
SitesDn     : cn=sites,cn=configuration,dc=jewels,dc=local
ServicesDn  : cn=services,cn=configuration,dc=jewels,dc=local
SystemDn    : cn=system,DC=JEWELS,DC=LOCAL
DefaultNcDn : DC=JEWELS,DC=LOCAL
ComputersDn : cn=computers,DC=JEWELS,DC=LOCAL
DomainCtlDn : ou=domain controllers,DC=JEWELS,DC=LOCAL
SchemaDn    : CN=Schema,CN=Configuration,DC=JEWELS,DC=LOCAL

COMPUTER: WIN2K8DC1
  DN            : cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local
  GUID          : 53A64969-227C-40AA-BD93-3C46782765DA
  DNS           : win2k8dc1.jewels.local
  Server BL     : cn=win2k8dc1,cn=servers,cn=default-first-site-name,cn=sites,cn
=configuration,dc=jewels,dc=local
  Server Ref    : (null)
  USN Changed   : 5682458
  When Created  : Tuesday, August 10, 2010 3:02:33 PM
  When Changed  : Wednesday, January 04, 2012 6:30:57 PM

  LOCAL SETTINGS: DFSR-LOCALSETTINGS
    DN            : cn=dfsr-localsettings,cn=win2k8dc1,ou=domain controllers,dc=
jewels,dc=local
    GUID          : 6EE6D3C7-09C4-4A9E-BFCF-A4D5CE129320
    Version       : 1.0.0.0
    USN Changed   : 5685331
    When Created  : Wednesday, January 04, 2012 8:58:32 PM
    When Changed  : Wednesday, January 04, 2012 9:00:49 PM

    SUBSCRIBER: DOMAIN SYSTEM VOLUME
      DN            : cn=domain system volume,cn=dfsr-localsettings,cn=win2k8dc1
,ou=domain controllers,dc=jewels,dc=local
      GUID          : 2C9380BE-39BE-49C9-87CA-82AA8483A5C8
      Member Ref    : cn=win2k8dc1,cn=topology,cn=domain system volume,cn=dfsr-g
lobalsettings,cn=system,dc=jewels,dc=local
      USN Changed   : 5685297
      When Created  : Wednesday, January 04, 2012 8:58:33 PM
      When Changed  : Wednesday, January 04, 2012 8:58:33 PM

      SUBSCRIPTION: SYSVOL SUBSCRIPTION
        DN            : cn=sysvol subscription,cn=domain system volume,cn=dfsr-l
ocalsettings,cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local
        GUID          : 3A9F879D-CB16-4484-8F22-703B8ACF3B11
        ContentSetGuid: 0E31CFFA-FCD2-4A5D-8739-9277B0EF8478
        Root Path     : c:\windows\sysvol_dfsr\domain
        Root Size     : (null) (MB)
        Staging Path  : (null)
        Staging Size  : (null) (MB)
        Conflict Path : (null)
        Conflict Size : (null) (MB)
        USN Changed   : 5685489
        When Created  : Wednesday, January 04, 2012 8:58:33 PM
        When Changed  : Wednesday, January 04, 2012 9:05:34 PM

GLOBAL SETTINGS: DFSR-GLOBALSETTINGS
  DN            : cn=dfsr-globalsettings,cn=system,dc=jewels,dc=local
  GUID          : 30E9760E-6020-4DFD-A975-134F2C809A4D
  USN Changed   : 5685310
  When Created  : Wednesday, January 04, 2012 8:57:53 PM
  When Changed  : Wednesday, January 04, 2012 8:59:39 PM

  REPLICATION GROUP: DOMAIN SYSTEM VOLUME
    DN            : cn=domain system volume,cn=dfsr-globalsettings,cn=system,dc=
jewels,dc=local
    GUID          : E0260157-9085-41F7-8912-F1A02026A0A5
    Type          : 1 (SYSVOL)
    USN Changed   : 5685278
    When Created  : Wednesday, January 04, 2012 8:57:53 PM
    When Changed  : Wednesday, January 04, 2012 8:57:53 PM

    CONTENT: CONTENT
      DN            : cn=content,cn=domain system volume,cn=dfsr-globalsettings,
cn=system,dc=jewels,dc=local
      GUID          : 776B3EE9-6FF6-4929-A0B5-DC1256C330FE
      USN Changed   : 5685279
      When Created  : Wednesday, January 04, 2012 8:57:53 PM
      When Changed  : Wednesday, January 04, 2012 8:57:53 PM

      CONTENT SET: SYSVOL SHARE
        DN            : cn=sysvol share,cn=content,cn=domain system volume,cn=df
sr-globalsettings,cn=system,dc=jewels,dc=local
        GUID          : 0E31CFFA-FCD2-4A5D-8739-9277B0EF8478
        File Filter   : (null)
        Compression Excl : (null)
        Dir Filter    : DO_NOT_REMOVE_NtFrs_PreInstall_Directory,NtFrs_PreExisti
ng___See_EventLog
        USN Changed   : 5685280
        When Created  : Wednesday, January 04, 2012 8:57:53 PM
        When Changed  : Wednesday, January 04, 2012 8:57:53 PM

    TOPOLOGY: TOPOLOGY
      DN            : cn=topology,cn=domain system volume,cn=dfsr-globalsettings
,cn=system,dc=jewels,dc=local
      GUID          : DB1E6BF2-9745-4B04-AD15-19E559502D4B
      USN Changed   : 5685281
      When Created  : Wednesday, January 04, 2012 8:57:53 PM
      When Changed  : Wednesday, January 04, 2012 8:57:53 PM

      MEMBER: WIN2K8DC1
        DN            : cn=win2k8dc1,cn=topology,cn=domain system volume,cn=dfsr
-globalsettings,cn=system,dc=jewels,dc=local
        GUID          : BCAFE60C-2DFF-4BC0-85A4-22F66C96B043
        Server Ref    : cn=ntds settings,cn=win2k8dc1,cn=servers,cn=default-firs
t-site-name,cn=sites,cn=configuration,dc=jewels,dc=local
        Computer Ref  : cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local
        Keywords      : (null)
        Computer DNS  : win2k8dc1.jewels.local
        USN Changed   : 5685293
        When Created  : Wednesday, January 04, 2012 8:58:32 PM
        When Changed  : Wednesday, January 04, 2012 8:58:32 PM

        CXTION: D0736C4D-B39D-4521-B4AF-5D8B7E627280
          DN            : cn=d0736c4d-b39d-4521-b4af-5d8b7e627280,cn=ntds settin
gs,cn=win2k8dc1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,
dc=jewels,dc=local
          GUID          : 04854E9E-07E3-4A3E-BA6C-F3FBAB67B21F
          Inbound       : true
          Partner DN    : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=df
sr-globalsettings,cn=system,dc=jewels,dc=local
          USN Changed   : 2830713
          When Created  : Wednesday, April 13, 2011 8:12:57 PM
          When Changed  : Friday, August 19, 2011 1:02:17 PM

        CXTION: C21C575F-EEB2-44E9-A464-85E4833963B5
          DN            : cn=c21c575f-eeb2-44e9-a464-85e4833963b5,cn=ntds settin
gs,cn=win2k8dc2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,
dc=jewels,dc=local
          GUID          : F26BEC3F-1EB7-4002-BE66-6204485CDC8C
          Inbound       : false
          Partner DN    : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=df
sr-globalsettings,cn=system,dc=jewels,dc=local
          USN Changed   : 4927588
          When Created  : Wednesday, April 13, 2011 8:12:40 PM
          When Changed  : Tuesday, December 13, 2011 9:41:33 PM

      MEMBER: WIN2K8DC2
        DN            : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=dfsr
-globalsettings,cn=system,dc=jewels,dc=local
        GUID          : 1AF9DFAD-9793-4B3D-BE1B-5A497857C4E6
        Server Ref    : cn=ntds settings,cn=win2k8dc2,cn=servers,cn=default-firs
t-site-name,cn=sites,cn=configuration,dc=jewels,dc=local
        Computer Ref  : cn=win2k8dc2,ou=domain controllers,dc=jewels,dc=local
        Keywords      : (null)
        Computer DNS  : win2k8dc2.jewels.local
        USN Changed   : 5685434
        When Created  : Wednesday, January 04, 2012 9:01:29 PM
        When Changed  : Wednesday, January 04, 2012 9:01:45 PM

Operation Succeeded
    • the-wabbit
      the-wabbit over 12 years
      Did you try stopping the firewall on both machines for testing purposes? Also make sure you are running tests either in an elevated command prompt or have UAC disabled. BTW: what is the domain functional level? If you are running in a domain functional level of Windows Server 2003 or earlier, SYSVOL is replicated via ntfrs rather than DFS-R
    • Jeff
      Jeff over 12 years
      @syneticon-dj UAC is disabled, no firewall is on either server & they are on the same local network. The domain functional level is Windows Server 2008.
    • the-wabbit
      the-wabbit over 12 years
      In this case the ntfrs errors are not surprising. Have you also configured the servers to reside within the same AD site? Try dfsrdiag pollad and then running the dfsrdiag proptest / dfsrdiag propreport tests. Also, the output of dfsrdiag dumpad might be of interest.
    • Jeff
      Jeff over 12 years
      @syneticon-dj I did run dfrsdiag pollad against both servers, I will try to proptest and propreport along with dumpad and post the results.
    • Jeff
      Jeff over 12 years
      @syneticon-dj dumpadcfg is added to the original question
    • Jeff
      Jeff over 12 years
      I also get access is denied to configuration folder whenever I try dfsrdiag proptext /rgname:"domain system volumne" /rfname:"sysvol". Error: replicated folder <sysvol> not found. err: -2147217406 operation failed.
    • Rex
      Rex about 12 years
      regarding FRS for SYSVOL replication - was this domain upgraded from 2003? SYSVOL may still be using FRS for replication unless you migrated it to DFS-R replication post-upgrade. -- Regarding the firewall, just because they are on the same local network, the local windows firewall may be blocking connection as well.
    • Jeff Miles
      Jeff Miles about 12 years
      Have you tried running a DFSR Diagnostic report? Open the DFS Management control, expand to the "Domain System Volume" replication group, and then run a diagnostic report from the right pane. I sometimes find this produces more information not seen in other tools.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

DCDIAG VerifyEnterpriseReferences test failed on PDC
DFS Replication complaining about being disconnected, but there is only one DC
No longer able to edit scripts in SYSVOL/domain/scripts on Server 2008
processing of Group Policy failed only on 2008 Servers and Name Resolution failure on the current domain controller
Domain Controller/Active Directory Time is 5 minutes slow
GPO Printer Deployment Ordering greyed out
Adding another domain controller to a small 2008R2 network: steps I am missing(?)
How to change the default domain controller when querying AD in a different site?
Cannot connect to Active Directory Domain Controller
DFS 2008 (Distributed File System) Console Error