(2014-07-31) Fixing AD/SYSVOL Replication And Reconnecting A Disconnected AD Domain (Part 5)

PART 4 is here.

WARNING/DISCLAIMER: I provide this information on a FYI basis. Be very very very careful in actually doing these steps on your production systems as it may brake or destroy your AD domain or AD forest. You are fully responsible for any steps you use from this blog post. If you do not understand what you are doing, either hire someone who does, or call Microsoft for support!

After promoting the second RWDC for the child AD domain ‘CHILD.ADCORP.LAB’ I noticed, it was taking some time to have the SYSVOL replicated to that new RWDC. While the SYSVOL is not replicated, the RWDC will not advertise itself. And if it does not advertise itself, it is basically useless! Let start by checking the event viewer on both RWDCs, the source and the destination RWDC.

On the destination RWDC ‘C1FSRWDC2.CHILD.ADCORP.LAB’ (the one receiving) you may see the following event IDs:

Figure 1: Event ID 4614 For DFSR Service Initializing The SYSVOL And Waiting For Initial Replication

–

The DFS Replication service initialized SYSVOL at local path D:\AD\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner C1FSRWDC1.CHILD.ADCORP.LAB. If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
 
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: E59797D1-0652-4D1F-8ACF-4AB0D2DA8632
Replication Group Name: Domain System Volume
Replication Group ID: 1CED6656-CE5C-43B6-9F18-288417F99AF5
Member ID: 79EAC8E2-CD53-4136-843E-AB4CDEB2A0C5
Read-Only: 0

Figure 2: Event ID 5012 For DFSR Service On ‘C1FSRWDC2.CHILD.ADCORP.LAB’ Not Being Able To Communicate With ‘C1FSRWDC1.CHILD.ADCORP.LAB’

–

The DFS Replication service failed to communicate with partner C1FSRWDC1 for replication group Domain System Volume. The partner did not recognize the connection or the replication group configuration.
 
Partner DNS Address: C1FSRWDC1.CHILD.ADCORP.LAB
 
Optional data if available:
Partner WINS Address: C1FSRWDC1
Partner IP Address: 10.1.1.11
 
 
The service will retry the connection periodically.
 
Additional Information:
Error: 9026 (The connection is invalid)
Connection ID: AF63F561-E219-4792-8473-754A85D9ECF9
Replication Group ID: 1CED6656-CE5C-43B6-9F18-288417F99AF5

Figure 3: Event ID 4612 For DFSR Service Initializing The SYSVOL And Waiting For Initial Replication

–

The DFS Replication service initialized SYSVOL at local path D:\AD\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner C1FSRWDC1.CHILD.ADCORP.LAB. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
 
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: E59797D1-0652-4D1F-8ACF-4AB0D2DA8632
Replication Group Name: Domain System Volume
Replication Group ID: AF63F561-E219-4792-8473-754A85D9ECF9
Member ID: 79EAC8E2-CD53-4136-843E-AB4CDEB2A0C5
Read-Only: 0

Figure 4: Event ID 5002 For DFSR Service On ‘C1FSRWDC2.CHILD.ADCORP.LAB’ Not Being Able To Communicate With ‘C1FSRWDC1.CHILD.ADCORP.LAB’

–

On the source RWDC ‘C1FSRWDC1.CHILD.ADCORP.LAB’ (the one sending) you will not see any event ID, and it appears as if everything is OK, but it is not! Let’s have a look at how each server sees its own configuration and execute DFSRDIAG DUMPADCFG on each RWDC.

Figure 5: The AD Configuration For ‘C1FSRWDC1.CHILD.ADCORP.LAB’

–

Figure 6: The AD Configuration For ‘C1FSRWDC2.CHILD.ADCORP.LAB’

–

Wow, that a difference! Something is wrong definitely wrong here. Using ADSIEDIT it can be seen that ‘C1FSRWDC1.CHILD.ADCORP.LAB’ is missing the objects ‘CN=DFSR-LocalSettings’, ‘CN=Domain System Volume’ and ‘CN=SYSVOL Subscription’. Somehow these got deleted as these were available as deleted objects.

–

PART 6 continues here.

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————