RE: Sysvol contents missing and no NetLogon share
- From: DJH <DJH@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 24 Oct 2007 00:20:01 -0700
Hey,
In the FRS event log, do you have a recent eventID 13516:
"The File Replication Service is no longer preventing the computer DCA from
becoming a domain controller. The system volume has been successfully
initialized and the Netlogon service has been notified that the system volume
is now ready to be shared as SYSVOL."
I thought that the SYSVOL and NETLOGON shares were created once FRS had
succesfully replicated with another DC. So if those shares are missing I
would have thought there were issues with FRS/replication..
I think that the reason there is no Netlogon share under \\DCA\Netlogon isRegardless of where the folder is it would be shared as "Netlogon" so the
because netlogon actually lives underneath the folders of Sysvol?
UNC path would be \\DCA\Netlogon - dcdiag will use a UNC path to verify if
other machines on the network can access it
I'd remove the replication objects under sites/servies -> DC -> NTDS settings
Restart Netlogon/FRS on the problem DC
wait 30 mins - then see if KCC can re-create them
No more errors in dcdiag?
No problems with a netdiag /test:dns ?
Is the virtual server using the same IP as the original physical box?
On DCA, assuming its AD integrated DNS, open up DNS, expand _msdcs.domain
There will be a CNAME record with the DC's GUID
x656556-gffggfgf-bvbvbv-fgffg-rtyttytyty ALIAS (CNAME) DCA.Domain.local
Copy the FQDN of this CNAME, then log onto another DC...lets say its DCB.
From DCB can you resolve this FQDN?
"Mauricio Botero" wrote:
Hello,.
I have about 8 sites with over 20 something DCs and 4 domains. In this one
site that I am having my problem, DomainA has this one Domain controller
(DCA) that just recently was converted from physical to virtual. I know
immediately your gonna think what ever problems your having probably stemmed
from converting a dc (USN rollback). Well I did the P2V while doing some
other stuff to prevent USN Rollback. After the P2V everything was working
fine; Replication, authentication, etc. It's been a week or two, and I got
reports that some clients were failing to apply Group Policy. Traced these
clients trying to get Group Policy from DCA and saw that this DC's SYSVOL
share \\DCA\sysvol was empty, and that there is no NetLogon share as well.
First I attempted to rebuild the sysvol structure using the
NTFRS_CMD_FILE_MOVE_ROOT file creation process. This did not work for me.
Tried stopping FRS, changing the burflags entry to d2, then starting the FRS
again and the log entries were showing results (saying that the membership in
the domain set was resetting, the files were moved to the preexisting folder,
etc); still no contents in the Sysvol share. I forced replication from one of
its inbound replication partners and replication was succcesful.
I think that the reason there is no Netlogon share under \\DCA\Netlogon is
because netlogon actually lives underneath the folders of Sysvol?
Any suggestions? Below are the only failures in the dcdiag on that server
(netdiag gives no errors):
-----------------------------------------------------------------------------------------------------------
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DCA\netlogon)
[DCA] An net use or LsaPolicy operation failed with error 1203, No
network provider accepted the given network path..
-----------------------------------------------------------------------------------------------------------
I also get this error in the system log:
-----------------------------------------------------------------------------------------------------------
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5706
Date: 10/23/2007
Time: 1:49:25 PM
User: N/A
Computer: DCA
Description:
The Netlogon service could not create server share
F:\SYSVOL\sysvol\DomainA.COM\SCRIPTS. The following error occurred:
The system cannot find the path specified.
-----------------------------------------------------------------------------------------------------------
I also get this error in the application log(the frequency of this error is
odd):
-----------------------------------------------------------------------------------------------------------
Event Type: Error
Event Source: SceSrv
Event Category: None
Event ID: 1003
Date: 10/22/2007
Time: 3:05:55 PM
User: N/A
Computer: DCA
Description:
Notification of policy change from LSA/SAM has been retried and failed.
Error 4312 to save policy change for account S-1-5-21-x-x-x-x in the default
GPOs. For more debugging information, please look security\logs\scepol.log
under Windows root.
-----------------------------------------------------------------------------------------------------------
Thanks in advance
- References:
- Sysvol contents missing and no NetLogon share
- From: Mauricio Botero
- Sysvol contents missing and no NetLogon share
- Prev by Date: RE: Provide feedback to DC promotion/replacement
- Next by Date: Relationship between group membership and login speed
- Previous by thread: Sysvol contents missing and no NetLogon share
- Next by thread: RE: Sysvol contents missing and no NetLogon share
- Index(es):
Relevant Pages
|
