Synchronization issues

  • Thread starter Thread starter John Collins
  • Start date Start date
J

John Collins

At this site, I have 3 DC's:

DC1 - Win2k3
DC2 - Win2k3
DC3 - Win2k

I can create logon scripts, but they don't replicate.
GPO logon scripts don't work. Period. (tested using Win2k and WinXP Pro
clients).

Only the first line of my logon scripts are processing, if they process at
all.

Any ideas?

Thanks.
 
If you try to sync the DCs in Active Directory Sites and Services, does it
work? Are all the server clocks sync'd?

What do you see in your event logs?
 
Hmmm... DC3 has tons of errors regarding NtFrs....

The first warnings were this: Event ID: 13508
The File Replication Service is having trouble enabling replication from
NEWMAN to JERRY for c:\windows\sysvol\domain using the DNS name
NEWMAN.amherst.k12.va.us. FRS will keep retrying.

Following are some of the reasons you would see this warning.


[1] FRS can not correctly resolve the DNS name NEWMAN.amherst.k12.va.us from
this computer.

[2] FRS is not running on NEWMAN.amherst.k12.va.us.

[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.


This event log message will appear once per connection, After the problem is
fixed you will see another event log message indicating that the connection
has been established.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



It also was kind enough to later give me the following:
Event ID: 13506
The File Replication Service failed a consistency check

(!"ChgOrdInboundRetry: can't retry failed dir cre")

in "ChgOrdInboundRetry:" at line 7651.


The File Replication Service will restart automatically at a later time. If
this problem persists a subsequent entry in this event log describes the
recovery procedure.

For more information about the automatic restart right click on My Computer
and then click on Manage, System Tools, Services, File Replication Service,
and Recovery.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


As well as:
Event ID: 13555
The File Replication Service is in an error state. Files will not replicate
to or from one or all of the replica sets on this computer until the
following recovery steps are performed:


Recovery Steps:


[1] The error state may clear itself if you stop and restart the FRS
service. This can be done by performing the following in a command window:


net stop ntfrs

net start ntfrs


If this fails to clear up the problem then proceed as follows.


[2] For Active Directory Domain Controllers that DO NOT host any DFS
alternates or other replica sets with replication enabled:


If there is at least one other Domain Controller in this domain then restore
the "system state" of this DC from backup (using ntbackup or other
backup-restore utility) and make it non-authoritative.


If there are NO other Domain Controllers in this domain then restore the
"system state" of this DC from backup (using ntbackup or other
backup-restore utility) and choose the Advanced option which marks the
sysvols as primary.


If there are other Domain Controllers in this domain but ALL of them have
this event log message then restore one of them as primary (data files from
primary will replicate everywhere) and the others as non-authoritative.



[3] For Active Directory Domain Controllers that host DFS alternates or
other replica sets with replication enabled:


(3-a) If the Dfs alternates on this DC do not have any other replication
partners then copy the data under that Dfs share to a safe location.

(3-b) If this server is the only Active Directory Domain Controller for this
domain then, before going to (3-c), make sure this server does not have any
inbound or outbound connections to other servers that were formerly Domain
Controllers for this domain but are now off the net (and will never be
coming back online) or have been fresh installed without being demoted. To
delete connections use the Sites and Services snapin and look for

Sites->NAME_OF_SITE->Servers->NAME_OF_SERVER->NTDS Settings->CONNECTIONS.

(3-c) Restore the "system state" of this DC from backup (using ntbackup or
other backup-restore utility) and make it non-authoritative.

(3-d) Copy the data from step (3-a) above to the original location after the
sysvol share is published.



[4] For other Windows servers:


(4-a) If any of the DFS alternates or other replica sets hosted by this
server do not have any other replication partners then copy the data under
its share or replica tree root to a safe location.

(4-b) net stop ntfrs

(4-c) rd /s /q c:\windows\ntfrs\jet

(4-d) net start ntfrs

(4-e) Copy the data from step (4-a) above to the original location after the
service has initialized (5 minutes is a safe waiting time).


Note: If this error message is in the eventlog of all the members of a
particular replica set then perform steps (4-a) and (4-e) above on only one
of the members.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I'm guessing this isn't good. I also have a few of these:
Event ID: 3019
The redirector failed to determine the connection type.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

.... and a few 7031's.....

Let's assume I'm an idiot, and know nothing about all of this, other than
to know that the box isn't replicating. In simple terms, what's the easiest
fix?
 
John,

Not very experienced with a mixture of WIN2003 and WIN2000 DCs. Here are a
couple of troubleshooting techniques that maybe you know about already:

1) Check out eventid.net for the error codes and possible solutions.

http://www.eventid.net/display.asp?eventid=13508&source=

http://www.eventid.net/display.asp?eventid=13506&source=

http://www.eventid.net/display.asp?eventid=13555&source=

http://www.eventid.net/display.asp?eventid=3019&source=

There are also some other tools that you can use. If you install the
WIN2000 Support Tools on all of your WIN2000 Servers ( I know that you are
running WIN2003 on two of the three DCs - I am sure that there is something
similar - maybe the WIN2003 Resource Kit? ) you can run dcdiag /v and
netdiag /v. These two utilities will give you a lot of information.

I am fairly sure that you are on the right track as far as it being an NTFRS
issue. However, let's take a better look! There are three utilities that
look at NTFRS issues:

FRSDiag - You need .NET Framework 1.1 installed
http://www.microsoft.com/downloads/...8e-8553-4de7-811a-562563eb5ebf&DisplayLang=en

Sonar.exe - again, you need .NET Framework 1.1
http://www.microsoft.com/downloads/...fb-fe09-477c-8148-25ae02cf15d8&DisplayLang=en

Ultrasound.exe - you need a little bit more: .NET Framework 1.1, MDAC 2.6
and MDSE
http://www.microsoft.com/downloads/...b9-c354-4f98-a823-24cc0da73b50&DisplayLang=en


I have not yet looked at these tools. I am going to play with them in a
test environment. I believe that Matjaz has shown me the three utilities
listed above. I am sure that this will help you.

HTH,

Cary

John Collins said:
Hmmm... DC3 has tons of errors regarding NtFrs....

The first warnings were this: Event ID: 13508
The File Replication Service is having trouble enabling replication from
NEWMAN to JERRY for c:\windows\sysvol\domain using the DNS name
NEWMAN.amherst.k12.va.us. FRS will keep retrying.

Following are some of the reasons you would see this warning.


[1] FRS can not correctly resolve the DNS name NEWMAN.amherst.k12.va.us from
this computer.

[2] FRS is not running on NEWMAN.amherst.k12.va.us.

[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.


This event log message will appear once per connection, After the problem is
fixed you will see another event log message indicating that the connection
has been established.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



It also was kind enough to later give me the following:
Event ID: 13506
The File Replication Service failed a consistency check

(!"ChgOrdInboundRetry: can't retry failed dir cre")

in "ChgOrdInboundRetry:" at line 7651.


The File Replication Service will restart automatically at a later time. If
this problem persists a subsequent entry in this event log describes the
recovery procedure.

For more information about the automatic restart right click on My Computer
and then click on Manage, System Tools, Services, File Replication Service,
and Recovery.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


As well as:
Event ID: 13555
The File Replication Service is in an error state. Files will not replicate
to or from one or all of the replica sets on this computer until the
following recovery steps are performed:


Recovery Steps:


[1] The error state may clear itself if you stop and restart the FRS
service. This can be done by performing the following in a command window:


net stop ntfrs

net start ntfrs


If this fails to clear up the problem then proceed as follows.


[2] For Active Directory Domain Controllers that DO NOT host any DFS
alternates or other replica sets with replication enabled:


If there is at least one other Domain Controller in this domain then restore
the "system state" of this DC from backup (using ntbackup or other
backup-restore utility) and make it non-authoritative.


If there are NO other Domain Controllers in this domain then restore the
"system state" of this DC from backup (using ntbackup or other
backup-restore utility) and choose the Advanced option which marks the
sysvols as primary.


If there are other Domain Controllers in this domain but ALL of them have
this event log message then restore one of them as primary (data files from
primary will replicate everywhere) and the others as non-authoritative.



[3] For Active Directory Domain Controllers that host DFS alternates or
other replica sets with replication enabled:


(3-a) If the Dfs alternates on this DC do not have any other replication
partners then copy the data under that Dfs share to a safe location.

(3-b) If this server is the only Active Directory Domain Controller for this
domain then, before going to (3-c), make sure this server does not have any
inbound or outbound connections to other servers that were formerly Domain
Controllers for this domain but are now off the net (and will never be
coming back online) or have been fresh installed without being demoted. To
delete connections use the Sites and Services snapin and look for

Sites->NAME_OF_SITE->Servers->NAME_OF_SERVER->NTDS Settings->CONNECTIONS.

(3-c) Restore the "system state" of this DC from backup (using ntbackup or
other backup-restore utility) and make it non-authoritative.

(3-d) Copy the data from step (3-a) above to the original location after the
sysvol share is published.



[4] For other Windows servers:


(4-a) If any of the DFS alternates or other replica sets hosted by this
server do not have any other replication partners then copy the data under
its share or replica tree root to a safe location.

(4-b) net stop ntfrs

(4-c) rd /s /q c:\windows\ntfrs\jet

(4-d) net start ntfrs

(4-e) Copy the data from step (4-a) above to the original location after the
service has initialized (5 minutes is a safe waiting time).


Note: If this error message is in the eventlog of all the members of a
particular replica set then perform steps (4-a) and (4-e) above on only one
of the members.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I'm guessing this isn't good. I also have a few of these:
Event ID: 3019
The redirector failed to determine the connection type.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

... and a few 7031's.....

Let's assume I'm an idiot, and know nothing about all of this, other than
to know that the box isn't replicating. In simple terms, what's the easiest
fix?
Click to expand...
 
Back
Top