none
Default Domain Policy not replicating. Sysvol mismatch

    General discussion

  •  

    We have noticed that changes to the Default Domain Policy take a long time to replicate. Even at our main site.

     

    Active Directory 2003

    Site 1 PDC lo-dc-01. Backup domain controller lo-dc-02

    3 remote sites. Each with a domain controller.

     

    We are not seeing NTFRS events.

     

    GPOTool reports:

    ============================================================

    Policy {31B2F340-016D-11D2-945F-00C04FB984F9}

    Friendly name: Default Domain Policy

    Error: Version mismatch on sfb-w2k.intern.sorg.de, DS=4325517, sysvol=3342472

    Error: Version mismatch on er-dc-01.intern.sorg.de, DS=4325517, sysvol=3342472

    Error: Version mismatch on lo-dc-02.intern.sorg.de, DS=4325517, sysvol=3342472

    Error: Version mismatch on an-dc-01.intern.sorg.de, DS=4325517, sysvol=3342472

    Details:

    ------------------------------------------------------------

    DC: lo-dc-01.intern.sorg.de

    Friendly name: Default Domain Policy

    Created: 14.04.2004 12:07:06

    Changed: 13.12.2010 14:06:24

    DS version:     66(user) 141(machine)

    Sysvol version: 66(user) 141(machine)

    Flags: 0 (user side enabled; machine side enabled)

    User extensions: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]

    Machine extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]

    Functionality version: 2

    ------------------------------------------------------------

    ------------------------------------------------------------

    DC: sfb-w2k.intern.sorg.de

    Friendly name: Default Domain Policy

    Created: 14.04.2004 12:07:06

    Changed: 13.12.2010 14:15:18

    DS version:     66(user) 141(machine)

    Sysvol version: 51(user) 136(machine)

    Flags: 0 (user side enabled; machine side enabled)

    User extensions: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]

    Machine extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]

    Functionality version: 2

    ------------------------------------------------------------

    ------------------------------------------------------------

    DC: er-dc-01.intern.sorg.de

    Friendly name: Default Domain Policy

    Created: 14.04.2004 12:07:06

    Changed: 13.12.2010 14:42:25

    DS version:     66(user) 141(machine)

    Sysvol version: 51(user) 136(machine)

    Flags: 0 (user side enabled; machine side enabled)

    User extensions: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]

    Machine extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]

    Functionality version: 2

    ------------------------------------------------------------

    ------------------------------------------------------------

    DC: lo-dc-02.intern.sorg.de

    Friendly name: Default Domain Policy

    Created: 14.04.2004 12:07:06

    Changed: 13.12.2010 14:06:39

    DS version:     66(user) 141(machine)

    Sysvol version: 51(user) 136(machine)

    Flags: 0 (user side enabled; machine side enabled)

    User extensions: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]

    Machine extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]

    Functionality version: 2

    ------------------------------------------------------------

    ------------------------------------------------------------

    DC: an-dc-01.intern.sorg.de

    Friendly name: Default Domain Policy

    Created: 14.04.2004 12:07:06

    Changed: 13.12.2010 14:55:46

    DS version:     66(user) 141(machine)

    Sysvol version: 51(user) 136(machine)

    Flags: 0 (user side enabled; machine side enabled)

    User extensions: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]

    Machine extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]

    Functionality version: 2

    ------------------------------------------------------------

     

    The last change I made to this was yesterday afternoon on our Primary Domain Controller lo-dc-01. It seems the DC in China has a newer version based on the date.

     

    We are seeing funny events on our Primary Domain Controller lo-dc-01. It says it is being promoted to a domain controller. (It has been one for 6 years now!)

    Ereignistyp:        Informationen

    Ereignisquelle:  NtFrs

    Ereigniskategorie:           Keine

    Ereigniskennung:            13516

    Datum:                                13.12.2010

    Zeit:                       11:24:52

    Benutzer:                            Nicht zutreffend

    Computer:          LO-DC-01

    Beschreibung:

    Der Dateireplikationsdienst verhindert nicht mehr die Heraufstufung des Computers "LO-DC-01" zum Domänencontroller. Der Systemdatenträger wurde erfolgreich initialisiert. Der Anmeldedienst wurde benachrichtigt, dass der Systemdatenträger jetzt als SYSVOL freigegeben werden kann.

     

    Geben Sie "net share" ein, um die SYSVOL-Freigabe zu überprüfen.

     

    Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.

     

    I have attached a NTFRS log from lo-dc-01. Among other things it claims it can not delete 3 'dwg' files. What CAD files are doing ín the file replication is beyond me!

     

    <StuDelete:                     3588:  1713: S0: 04:36:50> ++ Could not delete 2000-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <MainServiceHandler:            2324:  2155: S0: 04:37:07> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:37:07> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:37:37> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:37:37> :S: Received control code 4 from Service Controller
    <ChgOrdRetrySubmit:             2836: 14639: S1: 04:37:50> ++ ChgOrdRetryCS: submit for Replica DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
    <StuDelete:                     3588:  1713: S0: 04:37:50> ++ Could not delete 0700-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <StuDelete:                     3588:  1713: S0: 04:37:50> ++ Could not delete 8000(BP08136).dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <StuDelete:                     3588:  1713: S0: 04:37:50> ++ Could not delete 2000-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <MainServiceHandler:            2324:  2155: S0: 04:38:07> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:38:08> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:38:38> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:38:38> :S: Received control code 4 from Service Controller
    <ChgOrdRetrySubmit:             2836: 14639: S1: 04:38:50> ++ ChgOrdRetryCS: submit for Replica DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
    <StuDelete:                     3588:  1713: S0: 04:38:50> ++ Could not delete 0700-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <StuDelete:                     3588:  1713: S0: 04:38:50> ++ Could not delete 8000(BP08136).dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <StuDelete:                     3588:  1713: S0: 04:38:50> ++ Could not delete 2000-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <MainServiceHandler:            2324:  2155: S0: 04:39:08> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:39:08> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:39:38> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:39:38> :S: Received control code 4 from Service Controller
    <ChgOrdRetrySubmit:             2836: 14639: S1: 04:39:50> ++ ChgOrdRetryCS: submit for Replica DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
    <StuDelete:                     3588:  1713: S0: 04:39:50> ++ Could not delete 0700-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <StuDelete:                     3588:  1713: S0: 04:39:50> ++ Could not delete 8000(BP08136).dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <StuDelete:                     3588:  1713: S0: 04:39:50> ++ Could not delete 2000-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <MainServiceHandler:            2324:  2155: S0: 04:40:08> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:40:08> :S: Received control code 4 from Service Controller
    <ThSupWaitThread:               4804:   505: S1: 04:40:29> :S: ReplicaCs: Waiting
    <ThSupWaitThread:               4804:   533: S1: 04:40:29> :S: ReplicaCs: normal wait
    <ThSupWaitThread:               4804:   505: S1: 04:40:29> :S: ReplicaCs: Waiting
    <ThSupWaitThread:               4804:   533: S1: 04:40:29> :S: ReplicaCs: normal wait
    <FrsDsFindComputer:             3276:  8796: S2: 04:40:29> :DS: Computer FQDN is cn=lo-dc-01,ou=domain controllers,dc=intern,dc=sorg,dc=de
    <FrsDsFindComputer:             3276:  8802: S2: 04:40:29> :DS: Computer's dns name is lo-dc-01.intern.sorg.de
    <FrsDsFindComputer:             3276:  8816: S2: 04:40:29> :DS: Settings reference is cn=ntds settings,cn=lo-dc-01,cn=servers,cn=lohr,cn=sites,cn=configuration,dc=intern,dc=sorg,dc=de
    <MainServiceHandler:            2324:  2155: S0: 04:40:38> :S: Received control code 4 from Service Controller
    <MainServiceHandler:            2324:  2155: S0: 04:40:39> :S: Received control code 4 from Service Controller
    <ChgOrdRetrySubmit:             2836: 14639: S1: 04:40:50> ++ ChgOrdRetryCS: submit for Replica DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
    <StuDelete:                     3588:  1713: S0: 04:40:50> ++ Could not delete 0700-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <StuDelete:                     3588:  1713: S0: 04:40:50> ++ Could not delete 8000(BP08136).dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <StuDelete:                     3588:  1713: S0: 04:40:50> ++ Could not delete 2000-P01-00.dwg;  WStatus: ERROR_DIR_NOT_EMPTY
    <MainServiceHandler:            2324:  2155: S0: 04:41:09> :S: Received control code 4 from Service Controller
    <Amy help you can provide would be appreciated.

    Fred

    Tuesday, December 14, 2010 1:55 PM

All replies

  • Hello,

    as there are some german messages into the thread please use the german forum instead this one. Additional tools will maybe collect also german output and so most people inside here are not able to read the content, thank you for understanding:

    http://social.technet.microsoft.com/Forums/de-DE/active_directoryde/threads

    Additional run the support tools and provide the following output files:

    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, December 14, 2010 2:31 PM
  • 60,000 character limit and about 100 of them are German. Of the German characters it boils down to event source NTFRS event 13516. As an American it would be much easier to post and get support here. If everyone is cooperative as you, then I was wrong. :-(

    If your tools generate excessive German messages I will of course reconsider.

    Fred

    Tuesday, December 14, 2010 2:50 PM
  • Hello,

    it is a friendly hint to use the german forum, the support tools mostly provide english output. But please understand that error messages in the event viewer are complete german on a german system.

    If you post it here we will have a look, but you have to live with less help if people are not able to understand the used language. So please upload the requested files, post the link to them and we can start.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, December 14, 2010 3:25 PM
  • The output is all english. the files are in http://cid-2b5bd8e8cfedfa1b.office.live.com/browse.aspx/%c3%96ffentlich

    I didn't know what the 'COB' was. The DCDIAG output will be for the entire forest.

    Thanks,

    Fred

    Tuesday, December 14, 2010 3:49 PM
  • Hello,

    COB= close of business

    The output files look ok as far as i can see. Which replicationinterval did you set in AD sites and services, default is 180 minutes for intersite replication?

    Event id 13516 occurs after each reboot, so check if that was the case, until DNS is running correct the DC "waits" to become running correct.

    Please post an unedited ipconfig /all from each machine. Also you should use the tools FRSUTIL, Sonar or UltraSound to check for problems with FRS.

    http://www.microsoft.com/downloads/en/details.aspx?FamilyId=43CB658E-8553-4DE7-811A-562563EB5EBF&displaylang=en

    http://www.microsoft.com/windowsserversystem/dfs/tshootfrs.mspx

    Do you have any errors from netlogon in the event viewer of the DCs?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, December 14, 2010 6:13 PM
  • Our sites are connected like the spokes of a wheel. From Lohr we replicate to each site. We do not have VPN connections from remote site to remote site.

    Intersite interval is 45 minutes for the 2 remote German sites. (fast SDSL connections)

    120 minutes for our Chinese site.

     

    Event 13516 came after a reboot as you suspected.

     

    Here are the requested ipconfig /all and netlogon events

    Windows-IP-Konfiguration

       Hostname  . . . . . . . . . . . . : lo-dc-01
       Primäres DNS-Suffix . . . . . . . : intern.sorg.de
       Knotentyp . . . . . . . . . . . . : Hybrid
       IP-Routing aktiviert  . . . . . . : Nein
       WINS-Proxy aktiviert  . . . . . . : Nein
       DNS-Suffixsuchliste . . . . . . . : intern.sorg.de
                                           sorg.de

    Ethernet-Adapter LAN-Verbindung:

       Verbindungsspezifisches DNS-Suffix:
       Beschreibung  . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physikalische Adresse . . . . . . : 00-02-55-B7-7B-4B
       DHCP aktiviert  . . . . . . . . . : Nein
       IP-Adresse. . . . . . . . . . . . : 192.168.20.24
       Subnetzmaske  . . . . . . . . . . : 255.255.248.0
       Standardgateway . . . . . . . . . : 192.168.20.29
       DNS-Server  . . . . . . . . . . . : 192.168.20.24
                                           192.168.19.187
                                           192.168.30.30
                                           192.168.50.51
       Primärer WINS-Server  . . . . . . : 192.168.20.24

    Warning Event 5807 today.

    Error 5722 yesterday

    Windows-IP-Konfiguration

       Hostname  . . . . . . . . . . . . : lo-dc-02
       Primäres DNS-Suffix . . . . . . . : intern.sorg.de
       Knotentyp . . . . . . . . . . . . : Hybrid
       IP-Routing aktiviert  . . . . . . : Nein
       WINS-Proxy aktiviert  . . . . . . : Nein
       DNS-Suffixsuchliste . . . . . . . : intern.sorg.de
                                           sorg.de

    Ethernet-Adapter LAN-Verbindung 4:

       Verbindungsspezifisches DNS-Suffix: intern.sorg.de
       Beschreibung  . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
       Physikalische Adresse . . . . . . : 00-50-56-B5-59-D8
       DHCP aktiviert  . . . . . . . . . : Ja
       Autokonfiguration aktiviert . . . : Ja
       IP-Adresse. . . . . . . . . . . . : 192.168.19.187
       Subnetzmaske  . . . . . . . . . . : 255.255.248.0
       Standardgateway . . . . . . . . . : 192.168.20.29
       DHCP-Server . . . . . . . . . . . : 192.168.20.24
       DNS-Server  . . . . . . . . . . . : 192.168.20.24
                                           192.168.19.187
       Primärer WINS-Server  . . . . . . : 192.168.20.24
       Lease erhalten  . . . . . . . . . : Sonntag, 5. Dezember 2010 19:38:12
       Lease läuft ab  . . . . . . . . . : Donnerstag, 30. Dezember 2010 19:38:12

    Warning Event 5807 today.

    Error 5722 yesterday

    Windows-IP-Konfiguration

       Hostname  . . . . . . . . . . . . : sfb-w2k
       Primäres DNS-Suffix . . . . . . . : intern.sorg.de
       Knotentyp . . . . . . . . . . . . : Hybrid
       IP-Routing aktiviert  . . . . . . : Nein
       WINS-Proxy aktiviert  . . . . . . : Nein
       DNS-Suffixsuchliste . . . . . . . : intern.sorg.de
                                           sorg.de

    Ethernet-Adapter LAN-Verbindung:

       Verbindungsspezifisches DNS-Suffix:
       Beschreibung  . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
       Physikalische Adresse . . . . . . : 00-02-A5-74-A5-D9
       DHCP aktiviert  . . . . . . . . . : Nein
       IP-Adresse. . . . . . . . . . . . : 192.168.50.51
       Subnetzmaske  . . . . . . . . . . : 255.255.255.0
       Standardgateway . . . . . . . . . : 192.168.50.5
       DNS-Server  . . . . . . . . . . . : 192.168.50.51
                                           192.168.20.24
                                           192.168.19.187
       Primärer WINS-Server  . . . . . . : 192.168.50.51
       Sekundärer WINS-Server  . . . . . : 192.168.20.24

    Warning Event 5807 four days ago.

    Windows-IP-Konfiguration

       Hostname  . . . . . . . . . . . . : er-dc-01
       Primäres DNS-Suffix . . . . . . . : intern.sorg.de
       Knotentyp . . . . . . . . . . . . : Hybrid
       IP-Routing aktiviert  . . . . . . : Nein
       WINS-Proxy aktiviert  . . . . . . : Nein
       DNS-Suffixsuchliste . . . . . . . : intern.sorg.de
                                           sorg.de

    Ethernet-Adapter LAN-Verbindung:

       Verbindungsspezifisches DNS-Suffix:
       Beschreibung  . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physikalische Adresse . . . . . . : 00-0D-60-55-53-DC
       DHCP aktiviert  . . . . . . . . . : Nein
       IP-Adresse. . . . . . . . . . . . : 192.168.30.30
       Subnetzmaske  . . . . . . . . . . : 255.255.255.0
       Standardgateway . . . . . . . . . : 192.168.30.2
       DNS-Server  . . . . . . . . . . . : 192.168.30.30
                                           192.168.20.24
                                           192.168.19.187
       Primärer WINS-Server  . . . . . . : 192.168.30.30
       Sekundärer WINS-Server  . . . . . : 192.168.20.24

    Warning Event 5807 yesterday.

    Error 5722 five days ago for a computer that is not on this site. Should have authenticated against lo-dc-01

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : an-dc-01
       Primary Dns Suffix  . . . . . . . : intern.sorg.de
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : intern.sorg.de
                                           sorg.de

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 00-14-5E-F8-72-BD
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.11.26
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       IP Address. . . . . . . . . . . . : 192.168.11.6
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.11.5
       DNS Servers . . . . . . . . . . . : 192.168.11.6
                                           192.168.20.24
       Primary WINS Server . . . . . . . : 192.168.11.6

    Warning Event 5807 yesterday.

    Event Type:    Warning
    Event Source:    NETLOGON
    Event Category:    None
    Event ID:    5807
    Date:        12/13/2010
    Time:        11:53:26 PM
    User:        N/A
    Computer:    AN-DC-01
    Description:
    During the past 4.01 hours there have been 3 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    I'll familiarize myself with FRSUTIL and report back.

    Thanks a lot!

    Fred

     

     



     

     


     

     

     

     

    Tuesday, December 14, 2010 8:27 PM
  • Warning Event 5807 occurs for users remotely logging in through a VPN tunnel. Should the tunnel network address be added to sites and connectivity?

    This is the ipconfig from my home computer while remotey connected:

    Ethernet-Adapter LAN-Verbindung 5:

       Verbindungsspezifisches DNS-Suffix: intern.sorg.de
       Beschreibung. . . . . . . . . . . : NCP Virtual SSL Adapter
       Physikalische Adresse . . . . . . : 02-00-4E-45-54-58
       DHCP aktiviert. . . . . . . . . . : Ja
       Autokonfiguration aktiviert . . . : Ja
       Verbindungslokale IPv6-Adresse  . : fe80::13f:61b2:ddcc:70e8%22(Bevorzugt)
       IPv4-Adresse  . . . . . . . . . . : 172.31.237.99(Bevorzugt)
       Subnetzmaske  . . . . . . . . . . : 255.255.255.0
       Lease erhalten. . . . . . . . . . : Dienstag, 14. Dezember 2010 20:49:12
       Lease läuft ab. . . . . . . . . . : Dienstag, 1. Februar 2011 09:54:36
       Standardgateway . . . . . . . . . :
       DHCP-Server . . . . . . . . . . . : 172.31.237.100
       DHCPv6-IAID . . . . . . . . . . . : 369229902
       DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-13-D3-EB-B4-6C-F0-49-E9-10-D2

       DNS-Server  . . . . . . . . . . . : 192.168.20.24
                                           62.146.0.10
       NetBIOS über TCP/IP . . . . . . . : Aktiviert

    Fred

    Tuesday, December 14, 2010 8:35 PM
  • Running FRSDiag produced 24 txt files. The contents of frsdiag.txt look interesting:

    ------------------------------------------------------------
    FRSDiag v1.7 on 14.12.2010 21:41:03
    .\LO-DC-01 on 2010-12-14 at 21.41.03
    ------------------------------------------------------------

    Checking for errors/warnings in FRS Event Log ....    
    NtFrs    09.10.2010 14:07:13    Warning    13508    Der Dateireplikationsdienst konnte die Replikation von AN-DC-01 nach LO-DC-01 für  e:\windows\sysvol\domain mit DNS-Namen an-dc-01.intern.sorg.de nicht aktivieren. Es wird ein neuer Versuch gestartet.     Mögliche Ursachen für diese Warnung sind:        [1] Der DNS-Name an-dc-01.intern.sorg.de von diesem Computer konnte nicht ausgewertet werden.    [2] Der Dateireplikationsdienst wird auf an-dc-01.intern.sorg.de nicht ausgeführt.    [3] Die Topologieinformationen im Active Directory dieses Replikats  wurden noch nicht auf allen Domänencontrollern repliziert.         Diese Ereignisprotokollmeldung wird einmal pro Verbindung angezeigt.  Nachdem der Fehler behoben wurde, wird eine andere Ereignisprotokollmeldung  angezeigt, die bestätigt, dass die Verbindung hergestellt wurde.   
    NtFrs    02.10.2010 06:07:24    Warning    13508    Der Dateireplikationsdienst konnte die Replikation von AN-DC-01 nach LO-DC-01 für  e:\windows\sysvol\domain mit DNS-Namen an-dc-01.intern.sorg.de nicht aktivieren. Es wird ein neuer Versuch gestartet.     Mögliche Ursachen für diese Warnung sind:        [1] Der DNS-Name an-dc-01.intern.sorg.de von diesem Computer konnte nicht ausgewertet werden.    [2] Der Dateireplikationsdienst wird auf an-dc-01.intern.sorg.de nicht ausgeführt.    [3] Die Topologieinformationen im Active Directory dieses Replikats  wurden noch nicht auf allen Domänencontrollern repliziert.         Diese Ereignisprotokollmeldung wird einmal pro Verbindung angezeigt.  Nachdem der Fehler behoben wurde, wird eine andere Ereignisprotokollmeldung  angezeigt, die bestätigt, dass die Verbindung hergestellt wurde.
        WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!

     ......... failed 1
    Checking for errors in Directory Service Event Log .... passed
    Checking for minimum FRS version requirement ... passed
    Checking for errors/warnings in ntfrsutl ds ... passed
    Checking for Replica Set configuration triggers... passed
    Checking for suspicious file Backlog size... passed
    Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)...
        ERROR: Junction Point missing on "e:\windows\sysvol\sysvol"
        ERROR: Junction Point missing on "e:\windows\sysvol\staging areas"
     ......... failed 2
    Checking for suspicious inlog entries ... passed
    Checking for suspicious outlog entries ... passed
    Checking for appropriate staging area size ... passed
    Checking for errors in debug logs ... passed
    Checking NtFrs Service (and dependent services) state...passed
    Checking NtFrs related Registry Keys for possible problems...passed
    Checking Repadmin Showreps for errors...passed

     

    Other than that in the frs logs there were many entries for not being able to delete those CAD files. How would I locate these and delete manually?

    Fred

    Tuesday, December 14, 2010 8:54 PM
  • Sonar is showing a backlog of 6 files on lo-dc-01. It is showing 3 sharing violations on 4 DCs. A screenshot is here. http://cid-2b5bd8e8cfedfa1b.office.live.com/self.aspx/%c3%96ffentlich/sonar.png

    Fred

    Wednesday, December 15, 2010 8:58 AM

  • If the issue still exists, please refer to the following article to troubleshoot FRS problem.

    How to get the most from your FRSDiag
    http://blogs.technet.com/b/askds/archive/2008/05/30/how-to-get-the-most-from-your-frsdiag.aspx

    File Replication Service (FRS) troubleshooting tools
    http://blogs.technet.com/b/btrst4/archive/2004/06/15/156320.aspx

    Using Ultrasound for troubleshooting FRS
    http://blogs.technet.com/b/instan/archive/2009/08/17/using-ultrasound-for-troubleshooting.aspx

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, December 21, 2010 3:47 AM
    Moderator
  • Two different companies tried to resolve our FRS problems with no luck.

    We noticed it was only certain corrupt policies that did not replicate.

    New GPOs replicated OK.

    We backed up the broken policies and then reimported them. All of these policies except the Default Domain Policy are now replicated.

    The dwg files are no longer in the replication.

    We will finish this work with a dcgpofix on a weekend to roll back the default domain policy and then everything will be synched.

     

    Thanks for the help.

    Fred

    Wednesday, December 29, 2010 8:14 AM