Windows 2003 Domain replication issue

[chicagotech]

• Our client is running Windows 2003 DC. They have added another Windows 2003 as second DC. However the replication doesn’t work with Event ID
Event ID: 13559
Date: 4/1/2012
Time: 12:31:43 AM
User: N/A
Computer: SERVER4
Description:
The File Replication Service has detected that the replica root path has changed from "c:\windows\sysvol\domain" to "c:\windows\sysvol\domain". If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path.
This was detected for the following replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file.
[1] At the first poll which will occur in 60 minutes this computer will be deleted from the replica set.
[2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.
Then I tried to add NTFRS_CMD_FILE_MOVE_ROOT on the DC2but that doesn't fix it.
I tried to demoted the DC2 to re-promote it. Now, it get Event ID 13559 on DC1 and Event ID 13508 on DC2.
I think it is DNS issue because dcdiag /test:dns show this error:
On DC1:
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: domain.com
server2 PASS PASS FAIL PASS PASS PASS n/a
......................... mydomain.comfailed test DNS
On DC2:
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
......................... mydomain.compassed test DNS

[chicagotech]

if you have demoted the DC, did you reinstall it BEFORE promoting it again?

Did you also assure that ALL references from the demoted and removed server are deleted in AD UC, AD sites and services and DNS zones and zone properties?

Did you also check the AD database that it was really removed complete with http://support.microsoft.com/kb/216498?

Even it was mentioned to ask here in the General forum please add always the link here so others can see what already was asked suggested and uploaded from your as error files to prevent multiple times the same questions and suggestions: http://social.technet.microsoft.com/For ... 3b981feb8f


--------------------------------------------------------------------------------

[chicagotech]

I may fix the DNS issue by add ISP DNS to forwarder. I am monitoring the replication now. Thanks.
--------------------------------------------------------------------------------

[chicagotech]

• Sorry, it doesn't fix the problem. The netlogon and sysvol don't show as shared and still get those Event ID: 13559 and Event ID: 13565
I Demoted the DC2 again and followed the article to clear the DC2. Here is the result:
C:\Documents and Settings\blin>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: connections
server connections: connect to server server2
Binding to server2 ...
Connected to server2 using credentials of locally logged on user.
metadata cleanup: select operation target
select operation target: list domains
Found 1 domain(s)
0 - DC=mydomain,DC=com
select operation target: select domain 0
No current site
Domain - DC=mydomain,DC=com
No current server
No current Naming Context
select operation target: list sites
Found 1 site(s)
0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
select operation target: select site 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
Domain - DC=mydomain,DC=com
No current server
No current Naming Context
select operation target: list servers in site
Found 1 server(s)
0 - CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=mydomain,DC=com
select operation target:
It doesn't find DC2 server, can I assume it is clear?

[chicagotech]

The metadata cleanup consists of two steps:

•Step 1: Deleting the DC account (You can do this using dsa.msc. I will assume that this is okay for you now)
•Step 2: Delete the NTDS Settings of the DC using dssite.msc and then delete the DC account
More here: http://technet.microsoft.com/en-us/libr ... 10%29.aspx

Please also run netdom query fsmo command to check that the old DC is not the holder of an FSMO role which have not been transfered.

To check that all is okay with your DCs, run dcdiag on all DCs you have and check the output.

Please inform us if you have any problems remaining.


--------------------------------------------------------------------------------

[chicagotech]

Seems DC2 Reference does not exists in the domain.

Make sure all the DNS entry reference of DC2 Is cleard from your domain.Check in below location.

•Each & every sub folder inside _msdcs folder in DNS
•Name server tab in DNS
•Host records in DNS
Once you made sure about DC2 Reference are deleted from DNS , Go ahead and promote the DC2 back using DCpromo. Wait for some time to falicitate replication.

If you still see Sysvol and netlogon folders are not shared then you can perform non-authorative restore of it.

Refer below link to understand this better.

http://www.windowstricks.in/2009/11/for ... ation.html

http://support.microsoft.com/kb/947022

http://social.technet.microsoft.com/wik ... ctory.aspx

[chicagotech]

You were getting event id 13559 to fix the issue you needed to create file NTFRS_CMD_FILE_MOVE_ROOT with no extention in c:\windows\sysvol\domain and restart FRS service.This might have fixed the issue(In the event itself the resolution was given) however since you have demoted the DC and run metadata cleanup ensure that the instances of the server is removed from DNS,AD sites and services,etc.Refer below link for the same.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
http://msmvps.com/blogs/acefekay/archiv ... oller.aspx

http://sandeshdubey.wordpress.com/2011/ ... ontroller/

[chicagotech]

authorative restore fixes the problem. Thankk you.
--------------------------------------------------------------------------------

[blin]

This is to confirm these steps fix the problem.
1. Stop FRS on all DCs.
2. Start Registry Editor (Regedt32.exe).
3. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore/Process at Startup
4. On the Edit menu, click Add Value, and then add the following registry value:
Value name: BurFlags
Data type: REG_DWORD
Radix: Hexadecimal
Value data: D2 ("nonauthoritative mode restore (D2)" value on the failing domain controller)
Value data: D4 (the "authoritative mode restore (D4)" value on the working domain controller).
5. Quit Registry Editor.
6. Restart FRS on all DCs.