Dc not Functioning Properly.

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,
Iam having two win2000 Dcs(Seperated by WAN Link) in my Site, one of my Dc
is not functioning as a Domain Controller. There is no Sysvol and Netlogon
share. I shared the \winnt\SYSVOL\sysvol folder manualy, but the share was
automatically removed within a week. I ran netdiag utily and it fails in
Domain Membership Test. Iam getting 13508 (FRS) Warning without any 13509 id.
Plz advice to recover from this problem.
18 answers Last reply
More about functioning properly
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Is demoting this and starting again an option? If so, do that. ;-)

    Otherwise, point the remote DC to the working one for DNS (assuming the DC
    in the main office is your DNS server) and restart netlogon after ensuring
    that you've not disabled and/ or stopped the DHCP Client Service.

    In doing this the netlogon process will trigger the DHCP Client Service to
    register SRV records in DNS. You will also now be able to resolve the other
    DC.

    Try replicating and waiting. Then look at this:
    -- http://support.microsoft.com/?id=257338


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Both the Dcs are AD integrated DNS servers, and both have "A" records and
    "Ptr" records and both can contact through FQDN names. I have also tried
    restarting Netlogon and frs services, but it doesnt works. i have tried the
    options in the microsoft support Link and all the tests are successful. Is
    there any way to recreate the Sysvol share. Iam getting failure result in
    Domain Membership Test(Netdiag).Also the Dc is not advertising.

    "ptwilliams" wrote:

    > Is demoting this and starting again an option? If so, do that. ;-)
    >
    > Otherwise, point the remote DC to the working one for DNS (assuming the DC
    > in the main office is your DNS server) and restart netlogon after ensuring
    > that you've not disabled and/ or stopped the DHCP Client Service.
    >
    > In doing this the netlogon process will trigger the DHCP Client Service to
    > register SRV records in DNS. You will also now be able to resolve the other
    > DC.
    >
    > Try replicating and waiting. Then look at this:
    > -- http://support.microsoft.com/?id=257338
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    dcdiag /e /c /v /s:server name /f:c:\dcdiag.log

    when complete look at the dcdiag.log log


    "C:\program files\support tools\netdiag" /v /l

    when complete look at the netdiag.log file


    "C:\program files\support tools\repadmin" /replsum /bysrc /bydest
    /sort:delta > c:\repadmin.log

    "C:\program files\support tools\repadmin" /showreps server name >>
    c:\repadmin.log

    When complete look at repadmin.log

    This should give you some details about failures


    These links might provide some additional info to help provide details about
    the tools
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q265706
    http://support.microsoft.com/kb/229896

    Server tools should be available on your installation cd at d:\support\tools


    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Baskaran B" <BaskaranB@discussions.microsoft.com> wrote in message
    news:AE35A7AE-577F-466C-8678-B7E748A46703@microsoft.com...
    > Both the Dcs are AD integrated DNS servers, and both have "A" records and
    > "Ptr" records and both can contact through FQDN names. I have also tried
    > restarting Netlogon and frs services, but it doesnt works. i have tried
    the
    > options in the microsoft support Link and all the tests are successful. Is
    > there any way to recreate the Sysvol share. Iam getting failure result in
    > Domain Membership Test(Netdiag).Also the Dc is not advertising.
    >
    > "ptwilliams" wrote:
    >
    > > Is demoting this and starting again an option? If so, do that. ;-)
    > >
    > > Otherwise, point the remote DC to the working one for DNS (assuming the
    DC
    > > in the main office is your DNS server) and restart netlogon after
    ensuring
    > > that you've not disabled and/ or stopped the DHCP Client Service.
    > >
    > > In doing this the netlogon process will trigger the DHCP Client Service
    to
    > > register SRV records in DNS. You will also now be able to resolve the
    other
    > > DC.
    > >
    > > Try replicating and waiting. Then look at this:
    > > -- http://support.microsoft.com/?id=257338
    > >
    > >
    > > --
    > >
    > > Paul Williams
    > >
    > > http://www.msresource.net/
    > > http://forums.msresource.net/
    > >
    > >
    > >
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    The existence of A and PTR records simply proves that name-to-IP or
    IP-to-name resolution works. Directory services are located through SRV
    records, which these tests do not prove.

    The following will prove if DNS is working or not:

    C:\>nslookup
    >set type=srv
    >_ldap._tcp.dc._msdcs.domain-name

    OR

    C:\>netdiag /test:dns


    With regards to generating the SYSVOL, lets ensure that DNS *IS* fine first...

    We'll then look at how you can recreate SYSVOL.


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Dear Paul,
    I have tested my DNS with Nslookup for _ldap._tcp.dc._msdcs.domain-name srv
    record, and it sounds good, also netdiag /test:dns is also completing without
    any errors.Hope my DNS is working properly.Mr Paul Bergson suggested for
    Dcdiag and netdiag utilities and i found some errors on it, i have pasted the
    error below.

    Domain name - Mydomain
    DC1 - Working DC
    DC2 - Problematic DC

    dcdiag /e /c /v /s:DC2 /f:c:\dcdiag.log

    Starting test: Advertising
    Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
    when we were trying to reach DC2.
    Server is not responding or is not considered suitable.
    The DC DC2 is advertising itself as a DC and having a DS.
    The DC DC2 is advertising as an LDAP server
    The DC DC2 is advertising as having a writeable directory
    The DC DC2 is advertising as a Key Distribution Center
    The DC DC2 is advertising as a time server
    ......................... DC2 failed test Advertising

    netdiag /v /l

    Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the
    local machine. This machine is not working properly as a DC.
    Machine is a . . . . . . . . . : Domain Controller
    Netbios Domain name. . . . . . : Mydomain
    Dns domain name. . . . . . . . : Mydomain.com
    Dns forest name. . . . . . . . : Mydomain.com
    Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
    Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
    Logon User . . . . . . . . . . : balakrb1
    Logon Domain . . . . . . . . . : Mydomain

    result shows Failure in Domain Membership and Advertising tests.
    Waiting for ur reply with patience.
    Regards
    Baskaran B

    "ptwilliams" wrote:

    > The existence of A and PTR records simply proves that name-to-IP or
    > IP-to-name resolution works. Directory services are located through SRV
    > records, which these tests do not prove.
    >
    > The following will prove if DNS is working or not:
    >
    > C:\>nslookup
    > >set type=srv
    > >_ldap._tcp.dc._msdcs.domain-name
    >
    > OR
    >
    > C:\>netdiag /test:dns
    >
    >
    > With regards to generating the SYSVOL, lets ensure that DNS *IS* fine first...
    >
    > We'll then look at how you can recreate SYSVOL.
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
  6. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Dear Paul Bergson,

    I have tried the dcdiag and netdiag utilities and found some errors, i have
    pasted the errors below,

    Domain - Mydomain
    Working Dc - DC1
    Problematic Dc - DC2

    dcdiag /e /c /v /s:DC2 /f:c:\dcdiag.log

    Starting test: Advertising
    Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
    when we were trying to reach DC2.
    Server is not responding or is not considered suitable.
    The DC DC2 is advertising itself as a DC and having a DS.
    The DC DC2 is advertising as an LDAP server
    The DC DC2 is advertising as having a writeable directory
    The DC DC2 is advertising as a Key Distribution Center
    The DC DC2 is advertising as a time server
    ......................... DC2 failed test Advertising

    netdiag /v /l

    Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the
    local machine. This machine is not working properly as a DC.
    Machine is a . . . . . . . . . : Domain Controller
    Netbios Domain name. . . . . . : Mydomain
    Dns domain name. . . . . . . . : Mydomain.com
    Dns forest name. . . . . . . . : Mydomain.com
    Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
    Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
    Logon User . . . . . . . . . . : balakrb1
    Logon Domain . . . . . . . . . : Mydomain

    i have also checked Repadmin and it didnt show any errors, i also paste the
    repadmin report,

    repadmin" /showreps DC2 >> c:\repadmin2.log

    Mydomain\DC2
    DSA Options : (none)
    objectGuid : 9a1a783a-903d-4fbb-9c41-f48861e06891
    invocationID: c610e3c5-0293-4312-b961-c62ae992ea9f

    ==== INBOUND NEIGHBORS ======================================

    CN=Schema,CN=Configuration,DC=Mydomain,DC=com
    Mydomain\DC1 via RPC
    objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    Last attempt @ 2005-03-16 13:17.30 was successful.

    CN=Configuration,DC=Mydomain,DC=com
    Mydomain\DC1 via RPC
    objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    Last attempt @ 2005-03-16 13:18.01 was successful.

    DC=Mydomain,DC=com
    Mydomain\DC1 via RPC
    objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    Last attempt @ 2005-03-16 13:17.30 was successful.

    ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

    CN=Schema,CN=Configuration,DC=Mydomain,DC=com
    Mydomain\DC1 via RPC
    objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

    CN=Configuration,DC=Mydomain,DC=com
    Mydomain\DC1 via RPC
    objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

    DC=Mydomain,DC=com
    Mydomain\DC1 via RPC
    objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1

    Waiting for ur reply with patience
    Regards
    Baskaran B

    "Paul Bergson" wrote:

    > dcdiag /e /c /v /s:server name /f:c:\dcdiag.log
    >
    > when complete look at the dcdiag.log log
    >
    >
    > "C:\program files\support tools\netdiag" /v /l
    >
    > when complete look at the netdiag.log file
    >
    >
    > "C:\program files\support tools\repadmin" /replsum /bysrc /bydest
    > /sort:delta > c:\repadmin.log
    >
    > "C:\program files\support tools\repadmin" /showreps server name >>
    > c:\repadmin.log
    >
    > When complete look at repadmin.log
    >
    > This should give you some details about failures
    >
    >
    >
    >
    > These links might provide some additional info to help provide details about
    > the tools
    > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q265706
    > http://support.microsoft.com/kb/229896
    >
    > Server tools should be available on your installation cd at d:\support\tools
    >
    >
    > --
    >
    > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    > "Baskaran B" <BaskaranB@discussions.microsoft.com> wrote in message
    > news:AE35A7AE-577F-466C-8678-B7E748A46703@microsoft.com...
    > > Both the Dcs are AD integrated DNS servers, and both have "A" records and
    > > "Ptr" records and both can contact through FQDN names. I have also tried
    > > restarting Netlogon and frs services, but it doesnt works. i have tried
    > the
    > > options in the microsoft support Link and all the tests are successful. Is
    > > there any way to recreate the Sysvol share. Iam getting failure result in
    > > Domain Membership Test(Netdiag).Also the Dc is not advertising.
    > >
    > > "ptwilliams" wrote:
    > >
    > > > Is demoting this and starting again an option? If so, do that. ;-)
    > > >
    > > > Otherwise, point the remote DC to the working one for DNS (assuming the
    > DC
    > > > in the main office is your DNS server) and restart netlogon after
    > ensuring
    > > > that you've not disabled and/ or stopped the DHCP Client Service.
    > > >
    > > > In doing this the netlogon process will trigger the DHCP Client Service
    > to
    > > > register SRV records in DNS. You will also now be able to resolve the
    > other
    > > > DC.
    > > >
    > > > Try replicating and waiting. Then look at this:
    > > > -- http://support.microsoft.com/?id=257338
    > > >
    > > >
    > > > --
    > > >
    > > > Paul Williams
    > > >
    > > > http://www.msresource.net/
    > > > http://forums.msresource.net/
    > > >
    > > >
    > > >
    >
    >
    >
  7. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    OK, let's try a non-authorative restore of SYSVOL...

    On the troublesome DC, drill down to this registry key (regedit):

    HKLM\ SYSTEM\ CurrentControlSet\ Services\ NtFrs\ Parameters\
    Backup/Restore\ Process at Startup

    And set the BurFlags value to D2 (Hex)


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/


    "Baskaran B" wrote:

    > Dear Paul,
    > I have tested my DNS with Nslookup for _ldap._tcp.dc._msdcs.domain-name srv
    > record, and it sounds good, also netdiag /test:dns is also completing without
    > any errors.Hope my DNS is working properly.Mr Paul Bergson suggested for
    > Dcdiag and netdiag utilities and i found some errors on it, i have pasted the
    > error below.
    >
    > Domain name - Mydomain
    > DC1 - Working DC
    > DC2 - Problematic DC
    >
    > dcdiag /e /c /v /s:DC2 /f:c:\dcdiag.log
    >
    > Starting test: Advertising
    > Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
    > when we were trying to reach DC2.
    > Server is not responding or is not considered suitable.
    > The DC DC2 is advertising itself as a DC and having a DS.
    > The DC DC2 is advertising as an LDAP server
    > The DC DC2 is advertising as having a writeable directory
    > The DC DC2 is advertising as a Key Distribution Center
    > The DC DC2 is advertising as a time server
    > ......................... DC2 failed test Advertising
    >
    > netdiag /v /l
    >
    > Domain membership test . . . . . . : Failed
    > [WARNING] Ths system volume has not been completely replicated to the
    > local machine. This machine is not working properly as a DC.
    > Machine is a . . . . . . . . . : Domain Controller
    > Netbios Domain name. . . . . . : Mydomain
    > Dns domain name. . . . . . . . : Mydomain.com
    > Dns forest name. . . . . . . . : Mydomain.com
    > Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
    > Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
    > Logon User . . . . . . . . . . : balakrb1
    > Logon Domain . . . . . . . . . : Mydomain
    >
    > result shows Failure in Domain Membership and Advertising tests.
    > Waiting for ur reply with patience.
    > Regards
    > Baskaran B
    >
    > "ptwilliams" wrote:
    >
    > > The existence of A and PTR records simply proves that name-to-IP or
    > > IP-to-name resolution works. Directory services are located through SRV
    > > records, which these tests do not prove.
    > >
    > > The following will prove if DNS is working or not:
    > >
    > > C:\>nslookup
    > > >set type=srv
    > > >_ldap._tcp.dc._msdcs.domain-name
    > >
    > > OR
    > >
    > > C:\>netdiag /test:dns
    > >
    > >
    > > With regards to generating the SYSVOL, lets ensure that DNS *IS* fine first...
    > >
    > > We'll then look at how you can recreate SYSVOL.
    > >
    > >
    > > --
    > >
    > > Paul Williams
    > >
    > > http://www.msresource.net/
    > > http://forums.msresource.net/
    > >
  8. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    PT has you going I don't want to create two separate threads. It appears to
    show a sysvol problem and he has you doing the right stuff. He is very
    knowledgeable.

    Best of luck.

    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Baskaran B" <BaskaranB@discussions.microsoft.com> wrote in message
    news:46F9C69E-89A8-4BC6-8F19-717384293053@microsoft.com...
    > Dear Paul Bergson,
    >
    > I have tried the dcdiag and netdiag utilities and found some errors, i
    have
    > pasted the errors below,
    >
    > Domain - Mydomain
    > Working Dc - DC1
    > Problematic Dc - DC2
    >
    > dcdiag /e /c /v /s:DC2 /f:c:\dcdiag.log
    >
    > Starting test: Advertising
    > Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
    > when we were trying to reach DC2.
    > Server is not responding or is not considered suitable.
    > The DC DC2 is advertising itself as a DC and having a DS.
    > The DC DC2 is advertising as an LDAP server
    > The DC DC2 is advertising as having a writeable directory
    > The DC DC2 is advertising as a Key Distribution Center
    > The DC DC2 is advertising as a time server
    > ......................... DC2 failed test Advertising
    >
    > netdiag /v /l
    >
    > Domain membership test . . . . . . : Failed
    > [WARNING] Ths system volume has not been completely replicated to the
    > local machine. This machine is not working properly as a DC.
    > Machine is a . . . . . . . . . : Domain Controller
    > Netbios Domain name. . . . . . : Mydomain
    > Dns domain name. . . . . . . . : Mydomain.com
    > Dns forest name. . . . . . . . : Mydomain.com
    > Domain Guid. . . . . . . . . . :
    {0D3D00A0-167B-4649-A8B0-193CEA679424}
    > Domain Sid . . . . . . . . . . :
    S-1-5-21-796845957-1035525444-725345543
    > Logon User . . . . . . . . . . : balakrb1
    > Logon Domain . . . . . . . . . : Mydomain
    >
    > i have also checked Repadmin and it didnt show any errors, i also paste
    the
    > repadmin report,
    >
    > repadmin" /showreps DC2 >> c:\repadmin2.log
    >
    > Mydomain\DC2
    > DSA Options : (none)
    > objectGuid : 9a1a783a-903d-4fbb-9c41-f48861e06891
    > invocationID: c610e3c5-0293-4312-b961-c62ae992ea9f
    >
    > ==== INBOUND NEIGHBORS ======================================
    >
    > CN=Schema,CN=Configuration,DC=Mydomain,DC=com
    > Mydomain\DC1 via RPC
    > objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    > Last attempt @ 2005-03-16 13:17.30 was successful.
    >
    > CN=Configuration,DC=Mydomain,DC=com
    > Mydomain\DC1 via RPC
    > objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    > Last attempt @ 2005-03-16 13:18.01 was successful.
    >
    > DC=Mydomain,DC=com
    > Mydomain\DC1 via RPC
    > objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    > Last attempt @ 2005-03-16 13:17.30 was successful.
    >
    > ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
    >
    > CN=Schema,CN=Configuration,DC=Mydomain,DC=com
    > Mydomain\DC1 via RPC
    > objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    >
    > CN=Configuration,DC=Mydomain,DC=com
    > Mydomain\DC1 via RPC
    > objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    >
    > DC=Mydomain,DC=com
    > Mydomain\DC1 via RPC
    > objectGuid: b498d6d6-0552-4e70-8a1e-46fe67f899f1
    >
    > Waiting for ur reply with patience
    > Regards
    > Baskaran B
    >
    > "Paul Bergson" wrote:
    >
    > > dcdiag /e /c /v /s:server name /f:c:\dcdiag.log
    > >
    > > when complete look at the dcdiag.log log
    > >
    > >
    > > "C:\program files\support tools\netdiag" /v /l
    > >
    > > when complete look at the netdiag.log file
    > >
    > >
    > > "C:\program files\support tools\repadmin" /replsum /bysrc /bydest
    > > /sort:delta > c:\repadmin.log
    > >
    > > "C:\program files\support tools\repadmin" /showreps server name >>
    > > c:\repadmin.log
    > >
    > > When complete look at repadmin.log
    > >
    > > This should give you some details about failures
    > >
    > >
    > >
    > >
    > > These links might provide some additional info to help provide details
    about
    > > the tools
    > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q265706
    > > http://support.microsoft.com/kb/229896
    > >
    > > Server tools should be available on your installation cd at
    d:\support\tools
    > >
    > >
    > > --
    > >
    > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    > >
    > >
    > >
    > > "Baskaran B" <BaskaranB@discussions.microsoft.com> wrote in message
    > > news:AE35A7AE-577F-466C-8678-B7E748A46703@microsoft.com...
    > > > Both the Dcs are AD integrated DNS servers, and both have "A" records
    and
    > > > "Ptr" records and both can contact through FQDN names. I have also
    tried
    > > > restarting Netlogon and frs services, but it doesnt works. i have
    tried
    > > the
    > > > options in the microsoft support Link and all the tests are
    successful. Is
    > > > there any way to recreate the Sysvol share. Iam getting failure result
    in
    > > > Domain Membership Test(Netdiag).Also the Dc is not advertising.
    > > >
    > > > "ptwilliams" wrote:
    > > >
    > > > > Is demoting this and starting again an option? If so, do that. ;-)
    > > > >
    > > > > Otherwise, point the remote DC to the working one for DNS (assuming
    the
    > > DC
    > > > > in the main office is your DNS server) and restart netlogon after
    > > ensuring
    > > > > that you've not disabled and/ or stopped the DHCP Client Service.
    > > > >
    > > > > In doing this the netlogon process will trigger the DHCP Client
    Service
    > > to
    > > > > register SRV records in DNS. You will also now be able to resolve
    the
    > > other
    > > > > DC.
    > > > >
    > > > > Try replicating and waiting. Then look at this:
    > > > > -- http://support.microsoft.com/?id=257338
    > > > >
    > > > >
    > > > > --
    > > > >
    > > > > Paul Williams
    > > > >
    > > > > http://www.msresource.net/
    > > > > http://forums.msresource.net/
    > > > >
    > > > >
    > > > >
    > >
    > >
    > >
  9. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Ptwilliams,
    After doing this in the troublesome dc, should i restart it?
    will the sysvol share and netlogon share will recreate?
    should i revert back the registry change once the shares get recreated? or
    any thing else should i do ..
    wiating for ur reply..

    Regards
    Baskaran B

    "ptwilliams" wrote:

    > OK, let's try a non-authorative restore of SYSVOL...
    >
    > On the troublesome DC, drill down to this registry key (regedit):
    >
    > HKLM\ SYSTEM\ CurrentControlSet\ Services\ NtFrs\ Parameters\
    > Backup/Restore\ Process at Startup
    >
    > And set the BurFlags value to D2 (Hex)
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    >
    > "Baskaran B" wrote:
    >
    > > Dear Paul,
    > > I have tested my DNS with Nslookup for _ldap._tcp.dc._msdcs.domain-name srv
    > > record, and it sounds good, also netdiag /test:dns is also completing without
    > > any errors.Hope my DNS is working properly.Mr Paul Bergson suggested for
    > > Dcdiag and netdiag utilities and i found some errors on it, i have pasted the
    > > error below.
    > >
    > > Domain name - Mydomain
    > > DC1 - Working DC
    > > DC2 - Problematic DC
    > >
    > > dcdiag /e /c /v /s:DC2 /f:c:\dcdiag.log
    > >
    > > Starting test: Advertising
    > > Warning: DsGetDcName returned information for \\DC1.Mydomain.com,
    > > when we were trying to reach DC2.
    > > Server is not responding or is not considered suitable.
    > > The DC DC2 is advertising itself as a DC and having a DS.
    > > The DC DC2 is advertising as an LDAP server
    > > The DC DC2 is advertising as having a writeable directory
    > > The DC DC2 is advertising as a Key Distribution Center
    > > The DC DC2 is advertising as a time server
    > > ......................... DC2 failed test Advertising
    > >
    > > netdiag /v /l
    > >
    > > Domain membership test . . . . . . : Failed
    > > [WARNING] Ths system volume has not been completely replicated to the
    > > local machine. This machine is not working properly as a DC.
    > > Machine is a . . . . . . . . . : Domain Controller
    > > Netbios Domain name. . . . . . : Mydomain
    > > Dns domain name. . . . . . . . : Mydomain.com
    > > Dns forest name. . . . . . . . : Mydomain.com
    > > Domain Guid. . . . . . . . . . : {0D3D00A0-167B-4649-A8B0-193CEA679424}
    > > Domain Sid . . . . . . . . . . : S-1-5-21-796845957-1035525444-725345543
    > > Logon User . . . . . . . . . . : balakrb1
    > > Logon Domain . . . . . . . . . : Mydomain
    > >
    > > result shows Failure in Domain Membership and Advertising tests.
    > > Waiting for ur reply with patience.
    > > Regards
    > > Baskaran B
    > >
    > > "ptwilliams" wrote:
    > >
    > > > The existence of A and PTR records simply proves that name-to-IP or
    > > > IP-to-name resolution works. Directory services are located through SRV
    > > > records, which these tests do not prove.
    > > >
    > > > The following will prove if DNS is working or not:
    > > >
    > > > C:\>nslookup
    > > > >set type=srv
    > > > >_ldap._tcp.dc._msdcs.domain-name
    > > >
    > > > OR
    > > >
    > > > C:\>netdiag /test:dns
    > > >
    > > >
    > > > With regards to generating the SYSVOL, lets ensure that DNS *IS* fine first...
    > > >
    > > > We'll then look at how you can recreate SYSVOL.
    > > >
    > > >
    > > > --
    > > >
    > > > Paul Williams
    > > >
    > > > http://www.msresource.net/
    > > > http://forums.msresource.net/
    > > >
  10. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Sorry, my instructions were a little vague.

    Stop NtFrs
    Change the reg value
    Start NtFrs
    Wait ten minutes.
    Look at the NtFrs event logs.

    Rebooting won't hurt at this point ;-)


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/
  11. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi,
    I have done the instructions given by u.Following is the observations,
    Event id-13565 :FRS initialized System Volume
    Event id-13553 :FRS added the computer to replica set
    Event id-13554 :FRS added connections to replica set
    outbound connection to DC1
    inbound connection from DC1

    after this i got the usual warning Event 13508: FRS is having trouble
    enabling replication ftom DC1.

    I have checked for RPC connectivity between the two DCs by RPC Ping utility
    and found RPC connectivity fine.
    In my working DC, DC1 there is only Sysvol share and there is no Netlogon
    share. will this be any problem?
    what should i do next?
    waiting for ur reply
    Regards
    Baskaran B

    "ptwilliams" wrote:

    > Sorry, my instructions were a little vague.
    >
    > Stop NtFrs
    > Change the reg value
    > Start NtFrs
    > Wait ten minutes.
    > Look at the NtFrs event logs.
    >
    > Rebooting won't hurt at this point ;-)
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    >
    >
  12. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Wait a while. Restart NtFrs.

    If it's having trouble replicating and we've proved DNS is OK, then it could
    well be physical topology issues.


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/
  13. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    I picked up on this issue after searching on "dsgetdcname". I'm getting the
    same error when running DCDIAG. It looks like this was never resolved. I've
    followed all the steps in this thread that I can. Any more suggestions?

    "ptwilliams" wrote:

    > Wait a while. Restart NtFrs.
    >
    > If it's having trouble replicating and we've proved DNS is OK, then it could
    > well be physical topology issues.
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    >
    >
  14. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Nick,

    Can you please elaborate on your problem, and what issues you are seeing?

    --
    Paul Williams
    Microsoft MVP - Windows Server - Directory Services
    http://www.msresource.net | http://forums.msresource.net
  15. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Glad to. Thanks for picking up on my request.

    We are trying to add a domain controller to an existing 2000 domain. There
    is currently only one DC on the domain. I believe, although I'm not sure,
    that it may have been a domain upgraded from NT 4.0 years ago.

    Joining the domain works fine. Promoting to DC seems to be fine but further
    investigation reveals that Sysvol/netlogon shares are not replicated and
    browsing is sometimes now a problem on the domain (This may be dependent on
    what DC authenticates the logon?)

    Running DCDIAG reports the errors:

    Starting test: Advertising
    Warning: DsGetDcName returned information for
    \\wilke1.WHQ.wilkecpa.com, when we were trying to reach WILKE2.
    Server is not responding or is not considered suitable.
    ......................... WILKE2 failed test Advertising

    Starting test: frssysvol
    Error: No record of File Replication System, SYSVOL started.
    The Active Directory may be prevented from starting.
    There are errors after the SYSVOL has been shared.
    The SYSVOL can prevent the AD from starting.
    ......................... WILKE2 passed test frssysvol

    Starting test: systemlog
    An Error Event occured. EventID: 0xC0001F60
    Time Generated: 05/06/2005 11:55:03
    Event String: The browser service has failed to retrieve the

    ......................... WILKE2 failed test systemlog

    Note the domain name "whq.wilkecpa.com". Is that alright?

    Thanks in advance, looking forward to hearing from you.

    "ptwilliams" wrote:

    > Hi Nick,
    >
    > Can you please elaborate on your problem, and what issues you are seeing?
    >
    > --
    > Paul Williams
    > Microsoft MVP - Windows Server - Directory Services
    > http://www.msresource.net | http://forums.msresource.net
    >
    >
    >
    >
  16. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Nick,

    Run netdiag /test:dns

    Point the DC at the internal DNS server (usually the DC) and restart
    NETLOGON after ensuring that the DNS zone accepts dynamic updates and the
    DHCP Client service is running on the DCs.

    Does the AD DNS name, and the DNS zone name match? If not, have a look at
    this:
    -- http://www.msresource.net/content/view/40/46/

    --
    Paul Williams
    Microsoft MVP - Windows Server - Directory Services
    http://www.msresource.net | http://forums.msresource.net
  17. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Thanks for all your help on this. I ended up opening a support call on the
    issue. It turned out that I was suffering from NTFRS problems, resulting
    from insufficient space on the system partition. We moved SYSVOL to another
    partition, fixed NTFRS problems, things are working.

    "ptwilliams" wrote:

    > Hi Nick,
    >
    > Run netdiag /test:dns
    >
    > Point the DC at the internal DNS server (usually the DC) and restart
    > NETLOGON after ensuring that the DNS zone accepts dynamic updates and the
    > DHCP Client service is running on the DCs.
    >
    > Does the AD DNS name, and the DNS zone name match? If not, have a look at
    > this:
    > -- http://www.msresource.net/content/view/40/46/
    >
    > --
    > Paul Williams
    > Microsoft MVP - Windows Server - Directory Services
    > http://www.msresource.net | http://forums.msresource.net
    >
    >
    >
  18. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Glad to hear it.

    All the best!!

    --
    Paul Williams
    Microsoft MVP - Windows Server - Directory Services
    http://www.msresource.net | http://forums.msresource.net
Ask a new question

Read More

Domain Controller Active Directory Windows