RE: Windows Server 2003 service pack 1 issues

Bart, that worked!!!! I can't thank you enough. It's just my nature to ask
though, do we know why this happened? Is it a service pack 1 issue? I've
done a number of AD installs with 2000 and 2003 and have never seen this
before. Again thanks! I used solution 1 by the way.

"Bart K" wrote:

> Mark,
>
> You can do a few things to recover from this problem depending on the
> scenario.
>
> SCENARIO1: You only want the new DC and are decomissioning old domain
> controller right away:
>
> - Open registry editor and navigate to
> HKLM\System\CCS\Services\Netlogon\Parameters
> - Locate the SysvolReady DWORD and change status from 0 to 1 (This is the
> value that NETLOGON service uses to determine if the SYSVOL has been
> replicated and if it is ready to be shared out)
> - Restart NETLOGON service (SYSVOL should now be shared out but it will be
> empty)
> - You can run RECREATEDEFPOL on the new DC (this command will recreate the
> Default Domain and Default Domain Controllers Policy - of course with default
> settings)
> - Transfer FSMO roles, make the new DC a GC and demote the old DC
>
> NOTE: You will need to recreate any other GPOs and if you use Exchange make
> sure you give the ENTERPRISE EXCHANGE SERVERS group the Manage Auditing and
> Security Logs user right in the newly created Default Domain Policy
>
> SCENARIO2: YOU WANT TO KEEP THE OLD DC
>
> - This is where it can get tricky and there is no simple / guaranteed answer
> but start with the following:
>
> 1) Obviously you can ping and access shares back and forth, otherwise AD
> replication would not work
>
> 2) Another common problem is that your old DC may be in a state called
> Journal Wrap JNRL_WRAP. If it is in fact in this condition, no FRS
> replication will occur. An easy way is to look at the NTFRS event log on the
> old server and see what event is the event at the top of the list. (Restart
> service and see if you get a 13516). If you are in fact in a JRNL_WRAP, to
> recover this server from this condition, do the following:
>
> a) Open regedit and navigate to:
> HKLM\System\CCS\Services\NTFRS\Parameters\Process at Starup (not sure if
> this is 100% correct as I do not have a DC in front of me, however the key is
> called Process at Startup an it resides below the ...Services\NTFRS key).
> Once you find it you will see a BURFLAGS value. Set this to D4. Restart the
> NTFRS service and wait until you get an event ID 13516. Once this is done you
> can restart the NTFRS service on the new DC and replication should occur,
> however...
>
> 2) Run DCDIAG /V on the new DC and look for errors / warnings regarding FRS
> (some of the tests will notify you that you have missing NTFRS subscription /
> subscriber objects in AD)
>
> 3) Using ADSIEDIT inspect the objects under the domain controllers' computer
> accounts... You should see if there is a NTFRSsubscription container and you
> will have some more objects underneath those... compare them between the two
> computer accounts
>
> 4) Run FRSDIAG (available from MS - google it) on both computers and review
> the logs. They are quite large and intimidating, however start with
> everything but the debug logs as they will probably not mean anything to you.
> If you need help reviewing the logs let me know.
>
> "Mark Cannet" wrote:
>
> > I had a windows 2000 domain for a small network. 1 2000 domain controller
> > with AD integrated DNS. That was an older server so we purchased a new Dell
> > Server with Windows 2003 w/ SPK1. I put the 2003 CD into the 2000 Server and
> > ran adprep /forestprep and domain prep. I then ran DCPromo on the 2003
> > server joined the domain I attempted to move the 5 FSMO roles over to the new
> > server as I planned on removing the original 2000 server from the network. I
> > don't know what the issue is but the new 2003 server never got the logon
> > scripts and policy folder within the sysvol folder from the 2000 server. I
> > then upgraded the 2000 server to 2003 still no sysvol replication. AD
> > replicated fine. Infact the new Dell server never even setup the netlogon
> > share. I manually shared the sysvol\...\scripts folder as NETLOGON. The new
> > server won't even authenticate users. Is there any known issues with service
> > pack 1? So if I shutdown the older server the network pretty much
> > shutsdowns. Please help!!
.

Relevant Pages

  • Re: FRS Error "QKEY != Quadzero" W2k3
    ... The ntfrs service runs for about 25 min. before it crashes ... because the replication takes some days for re-sync. ... >server to non-authoritative. ... >> staging folder has a lot of files to synch. ...
    (microsoft.public.windows.server.general)
  • RE: Peterborough FRS problem
    ... My Peterborough server is reporting 13568 erros in the Repliaction log. ... Stop the NTFRS Service ... Monitor the File Replication Service Event Logs for events: ... pulling a freash copy of the SYSVOL from a replication partner. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Windows Server 2003 service pack 1 issues
    ... For the most part here is a brief rundown on FRS... ... If FRS replication is broken you will get a journal wrap condition once the ... without looking at the events logs and FRS Diag logs. ... >> old server and see what event is the event at the top of the list. ...
    (microsoft.public.windows.server.active_directory)
  • RE: isa 2004 & external website access issue
    ... emailed the logs to you as requested. ... each web server has its own public IP ... > headers in ISA Server ... > 'Microsoft Firewall' service. ...
    (microsoft.public.windows.server.sbs)
  • RE: Exchange Server
    ... I researched your logs and found the MSExchangeTransport events 4006, 969, ... Right click Default SMTP Virtual Server and select Properties. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
Loading