Adding a 3rd 2012 DC to 2 working DCs fails to populate SYSVOL and NETLOGON on the new DC

-

hello technet,

have read every thread deals issue technet guys blog in japanese , on ... each instance little different, of them contain lot more errors, , none of them feel right in terms of resolution.  

short story, installed 3rd dc , it’s sysvol , netlogon did not populate.  demoted it, created new vm new name , different ip , same result.  before demote 1 , burn office ground… bottom of issue.  

steps let moment:

i had s2008 based network 2 dcs since 2009.  in last 3 months have replaced  all servers s2012.  first s2012 dc , went well.  then second s2012 dc , went well.  after time, took 2008 dcs off line , good.  upgraded exchange /lync 2007/2010 2013 , smooth.  

all of new servers gen 2 s2012 vms on hyper-v 2012 r2

last week, setup second hyper-v host replication , host 3rd dc.

by way, did not clone vms.  

the new dc promotes ahem, notice sysvol , netlogon did not populate.  now before promoted, ran dnslint on both dcs , passed 100%, ran dcdiag on both dcs , passed.  i ran every possible dcdiag test on new member server before promoting , passed.  so why dfsr fail fly?  

ad objects seem populate onto new dc.  can delete ad object on 1 or add , populates new dc.  but sysvol , netlogon not populating  

repadmin

replication summary start time: 2014-01-07 08:50:17

beginning data collection replication summary, may take awhile:

  ......

source dsa          largest delta    fails/total %%   error

 jefferson                 59m:04s    0 /  10    0

 reagan                    56m:18s    0 /  10    0

 roosevelt                 59m:04s    0 /  10    0

destination dsa     largest delta    fails/total %%   error

 jefferson                 01m:18s    0 /  10    0

 reagan                    59m:05s    0 /  10    0

 roosevelt                 56m:19s    0 /  10    0

(one warning here, got bored planets , opted presidents time, no political preference here =))

roosevelt pdc

jefferson second dc working “ok”

reagan new dc

c:\users\darthvader>domain query fsmo

schema master               jefferson.domain.com

domain naming master        jefferson.domain.com

pdc                         roosevelt.domain.com

rid pool manager            roosevelt.domain.com

infrastructure master       jefferson.domain.com

what setting missing here?  short of setting 4th dc on same hyper-v host… prefer resolve issue because can’t find communication issues between 2 hosts.  both plugged same switch, latest drivers, both have intel quad port nics, , other forms of communication ok between...and other 25 hosts plugged switch communicate ok.  i ran ping , file transfer test , no dropped packets.  

would appreciate before open case msft.   below info want see, sorry if i’m leaving out details or assuming know something, have not slept in few days.

here link dcdiag ipconfig , dnslint reports: reports

thank you.  



success guys,

here other thread on spiceworks

success!!! , boy, hope helps else out. know i'm not first 1 go thru this, have replication netlogon issues different underlying reasons... hope you!

bottom line there corrupted folder under c:\windows\sysvol\domain\policies\ preventing replication happening correctly.

past part here...first, went jefferson , test deleted corrupted object taking ownership of it. before did that, checked inheritance properties of subfolders. subfolders set inherit go.

ran situation, file loaded , being used "system" , not kill process... not take ownership of 100% did on jefferson.

do...in middle of d4 , need reboot! pdc?! had no choice, have backups... go it. rebooted , came code dreaming of step 9: dfsr 4604! proceeded rest of steps , jefferson replicated, , .... 4604 on reagan , net share revealed have been after, sysvol , netlogon shared!

not fixed this, found underlying issue causing problem start with.

if reading or in x years, before go d4/d2 restore:

  1. check dns inside , out, following great advise in thread semicolon recommend leaving ipv6 on... pretty part of our lives these days
  2. check sites , services
  3. check nslookup , if see unknown ??? need go ipv6 , set dns automatically. if server unknown - go dns , setup ptr records dcs
  4. in group policy management click on domain , status tab, click detect @ bottom right , see if have servers replication in progress. if have underlying issue, have gpo out of sync.
  5. recreated gpo , deleted corrupt 1 synced gpo before able perform authoritative restore. problem folder still there , messed me during restore can see previous post
  6. go gp , document gpos. uid , cross reference against folders under c:\windows\sysvol\domain\policies\ , if find orphaned one.. rid of taking ownership of , deleted moon.
  7. go ahead , follow this http://support.microsoft.com/kb/2218556 carefully.
  8. should it... , luck!



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more