none
Promoted 2012, NtFrs Errors, Restarted FRS and renamed jet folder, now SYSVOL and NETLOGON missing on both DCs

    Question

  • I have an SBS server that is experiencing many issues, crashing weekly. To help alleviate that I have booted up a Server 2012 machine to act as a DC and a DHCP server in a 50/50 setup.

    I promoted the server to a Domain Controller and had errors and no SYSVOL or NETLOGON folders along with the following error:

    The File Replication Service is having trouble enabling replication from MCA-SBS2008 to SPICEWORKS01 for c:\windows\sysvol\domain using the DNS name MCA-SBS2008.MCA.local. FRS will keep retrying. 
     Following are some of the reasons you would see this warning. 

     [1] FRS can not correctly resolve the DNS name MCA-SBS2008.MCA.local from this computer. 
     [2] FRS is not running on MCA-SBS2008.MCA.local. 
     [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. 

     This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    and

      

    The File Replication Service is having trouble enabling replication from MCA-SBS2008.MCA.local to SPICEWORKS01 for c:\windows\sysvol\domain using the DNS name MCA-SBS2008.MCA.local. FRS will keep retrying. 
     Following are some of the reasons you would see this warning. 

     [1] FRS can not correctly resolve the DNS name MCA-SBS2008.MCA.local from this computer. 
     [2] FRS is not running on MCA-SBS2008.MCA.local. 
     [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. 

     This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    I left it a little while incase but the error just continued. I could confirm DNS resolution to the domain and DC. At this point attempting to load the AD Sites and Services to check the domain information and try to force replication gave this error - from either DC:

    Naming information cannot be located because:

    The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.

    At this point I looked online and found to stop the FRS Service, rename the Jet folder on the DC (MCA-SBS2008) then start the service. I've done this and now cannot load any AD information from either server and the NETLOGON and SYSVOL folders are missing from either DC.

    Further than this though I can't find any errors in the Application or System logs even back on the SBS that are not just follow on issues. For instance:

    The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.

    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

    But again these sort of things just look to be follow on.

    IPCONFIG of both DCs:

    MCA-SBS2008:

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : MCA-SBS2008
       Primary Dns Suffix  . . . . . . . : MCA.local
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : MCA.local

    Ethernet adapter Local Area Connection 3:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
     VBD Client) #2
       Physical Address. . . . . . . . . : E4-1F-13-C1-F0-6E
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::1bd0:c8c5:baf5:4f9d%12(Preferred)
       Link-local IPv6 Address . . . . . : fe80::4c90:f48e:1b11:9f07%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.203.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.203.1
       DHCPv6 IAID . . . . . . . . . . . : 216276755
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-9E-E8-10-E4-1F-13-C1-F0-6C

       DNS Servers . . . . . . . . . . . : fe80::1bd0:c8c5:baf5:4f9d%12
                                           192.168.203.2
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{75EB23DB-98EA-47A3-B8B3-27701B81B
    02F}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    SPICEWORKS01

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SPICEWORKS01
       Primary Dns Suffix  . . . . . . . : MCA.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : MCA.local

    Ethernet adapter TEAM01:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Network Adapter Multiplexor Dri
    ver
       Physical Address. . . . . . . . . : 00-15-17-E8-33-3D
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.203.6(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.203.5
       DNS Servers . . . . . . . . . . . : 192.168.203.6
                                           192.168.203.2
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 13:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{EF6CC462-6ABF-4813-83D7-12F5CD8E6C9C}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    From here I'm stuck - haven't seen this before and unfortunately this is a network I've inherited so there's a lot of quirks I haven't figured yet - getting a second DC up seemed like the smarted move as this organisation requires things to keep ticking 24 hours.

    Friday, April 05, 2013 12:02 AM

Answers

All replies

  • Also I have attempted again on the first DC stopping the FRS service, deleting the new jet folder and reinstating the renamed/old folder and starting. No change.

    I'm relunctant to just jump and remove the new DC - I don't think this will even fix the issue as the shares are missing on the initial DC as well.

    Doing a nslookup for the domain gives a strange result:

    C:\Users\ITsupport>nslookup
    Default Server:  mca-sbs2008.mca.local
    Address:  192.168.203.2

    > mca.local
    Server:  mca-sbs2008.mca.local
    Address:  192.168.203.2

    Name:    mca.local
    Addresses:  192.168.203.6
              192.168.203.2
              192.168.203.5
              192.168.52.1
              192.168.43.1

    192.168.203.5 is MCA-DC2 - a previous DC that had been demoted.

    192.168.52.1 and 43.1 I have no idea on - there is only one subnet here.


    Friday, April 05, 2013 12:09 AM
  • I think it's imperative to fix the SBS and stop it from crashing before expanding AD with a another DC. It's important to find out why this is happening.

    Try to log in to DS restore mode and undo the changes you made that caused the crash (i.e. rename the database folders back to the original)

    Set the IPV6 address on the SBS 2008 to it's loopback IP address (expressed as ::1)

    Restart and log in to see if you get AD back. The original problem was likely to be either DNS related, that's why SYSVOL was unable to replicate. If this does not work, you may have to recover systems state from a backup.

    After you get SBS back running, check to make sure that you can ping Spice both using it's NetBIOS domain name as well as it's local FQDN. Make sure the pings return the correct IP address. Do that from SBS to Spice and vice versa to ensure that DNS is working properly.


    Miguel Fra | Falcon IT Services, Miami, FL
    Web Site | Blog

    Friday, April 05, 2013 12:32 AM
  • Under the File Replication Service log.

    I can see previously being repeated:

    The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. 

     Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" 
     Replica root path is   : "c:\windows\sysvol\domain" 
     Replica root volume is : "\\.\C:" 
     A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons. 

     [1] Volume "\\.\C:" has been formatted. 
     [2] The NTFS USN journal on volume "\\.\C:" has been deleted. 
     [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal. 
     [4] File Replication Service was not running on this computer for a long time. 
     [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:". 
     Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state. 
     [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service. 
     [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set. 

    WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again. 

    To change this registry parameter, run regedit. 

    Click on Start, Run and type regedit. 

    Expand HKEY_LOCAL_MACHINE. 
    Click down the key path: 
       "System\CurrentControlSet\Services\NtFrs\Parameters" 
    Double click on the value name 
       "Enable Journal Wrap Automatic Restore" 
    and update the value. 

    If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

    This entry stopped after the last server reboot (this morning at 8.40am). Then at 10.30 AM when I performed the promotion of SPICEWORKS01:

     File Replication Service is initializing the system volume with data from another domain controller. Computer MCA-SBS2008 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. 

    To check for the SYSVOL share, at the command prompt, type: 
    net share 

    When File Replication Service completes the initialization process, the SYSVOL share will appear. 

    The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

    and

       

    The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. 

    The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner. 

    In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other replicating partner. 

    Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

    These same entries repeat a few times as I have attempted restarting the FRS Service as described. Then last entry is:

    The File Replication Service has detected that the replica root path has changed from "c:\windows\sysvol\domain" to "c:\windows\sysvol\domain". If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path. 
    This was detected for the following replica set: 
        "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" 

    Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file. 

     [1] At the first poll which will occur in 5 minutes this computer will be deleted from the replica set. 
     [2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.

    I'm pretty freaked out at this point - it appears to me that neither DC is holding the FSMO rolese or something. IE the entire Domain is fucked. I have no idea what to do at this point. I've taken a copy of the "NtFrs_PreExisting___See_EventLog" folder already in case, so do I go ahead and create the "NTFRS_CMD_FILE_MOVE_ROOT" file - will this fix it? Have I lost all the group policy settings and information? Can I just copy that backup folder contents back into the sysvol once sysvol replication begins in 2-3 hours?



    Friday, April 05, 2013 12:32 AM
  • p.s. please detail the steps you took to promote spiceworks to a DC.

    Miguel Fra | Falcon IT Services, Miami, FL
    Web Site | Blog

    Friday, April 05, 2013 12:32 AM
  • As far as I was aware normal process - I am worried now I potentially have done something wrong or somehow SPICEWORKS01 has been set as the FSMO role master sort of thing.

    I didn't take notes but I know it was a promotion to an existing domain. Only roles I selected was GC and DNS. As I can't load the AD Sites and Services or AD Users and Computers I can't confirm roles.

    Friday, April 05, 2013 1:08 AM
  • DCDIAG Below. It's as if neither DC thinks it is a DC even. The SBS is acting as if it isn't. It's middle of the day so I can't go rebooting. I know these sort of things should be planned but promoting a seperate server to a DC is nothing I've ever had cause an issue - this was meant to help the issues we're experiencing!!

    C:\Users\admin_awade>dcdiag /q
             Fatal Error:DsGetDcName (MCA-SBS2008) call failed, error 1355
             The Locator could not find the server.
             ......................... MCA-SBS2008 failed test Advertising
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... MCA-SBS2008 failed test FrsEvent
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
                Replicating Directory Changes In Filtered Set
             access rights for the naming context:
             DC=ForestDnsZones,DC=MCA,DC=local
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
                Replicating Directory Changes In Filtered Set
             access rights for the naming context:
             DC=DomainDnsZones,DC=MCA,DC=local
             ......................... MCA-SBS2008 failed test NCSecDesc
             Unable to connect to the NETLOGON share! (\\MCA-SBS2008\netlogon)
             [MCA-SBS2008] An net use or LsaPolicy operation failed with error 67,
             Win32 Error 67.
             ......................... MCA-SBS2008 failed test NetLogons
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:18:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:23:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:28:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:33:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0xC0001B7E
                Time Generated: 04/05/2013   11:38:17
                Event String:
                The BackupExecDeviceMediaService service was unable to log on as MCA
    \mcamaster with the currently configured password due to the following error:
             An Error Event occurred.  EventID: 0xC0001B58
                Time Generated: 04/05/2013   11:38:17
                Event String:
                The Backup Exec Device & Media Service service failed to start due t
    o the following error:
             An Error Event occurred.  EventID: 0xC0001B7E
                Time Generated: 04/05/2013   11:38:34
                Event String:
                The BackupExecDeviceMediaService service was unable to log on as MCA
    \mcamaster with the currently configured password due to the following error:
             An Error Event occurred.  EventID: 0xC0001B58
                Time Generated: 04/05/2013   11:38:34
                Event String:
                The Backup Exec Device & Media Service service failed to start due t
    o the following error:
             An Error Event occurred.  EventID: 0xC0001B59
                Time Generated: 04/05/2013   11:38:34
                Event String:
                The Backup Exec Job Engine service depends on the Backup Exec Device
     & Media Service service which failed to start because of the following error:
             An Error Event occurred.  EventID: 0xC0001B59
                Time Generated: 04/05/2013   11:38:34
                Event String:
                The Backup Exec Server service depends on the Backup Exec Device & M
    edia Service service which failed to start because of the following error:
             An Error Event occurred.  EventID: 0xC0001B7E
                Time Generated: 04/05/2013   11:38:52
                Event String:
                The BackupExecDeviceMediaService service was unable to log on as MCA
    \mcamaster with the currently configured password due to the following error:
             An Error Event occurred.  EventID: 0xC0001B58
                Time Generated: 04/05/2013   11:38:52
                Event String:
                The Backup Exec Device & Media Service service failed to start due t
    o the following error:
             An Error Event occurred.  EventID: 0xC0001B59
                Time Generated: 04/05/2013   11:38:52
                Event String:
                The Backup Exec Server service depends on the Backup Exec Device & M
    edia Service service which failed to start because of the following error:
             An Error Event occurred.  EventID: 0xC0001B59
                Time Generated: 04/05/2013   11:38:52
                Event String:
                The Backup Exec Management Service service depends on the Backup Exe
    c Server service which failed to start because of the following error:
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:38:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0xC0001B7E
                Time Generated: 04/05/2013   11:39:20
                Event String:
                The BackupExecDeviceMediaService service was unable to log on as MCA
    \mcamaster with the currently configured password due to the following error:
             An Error Event occurred.  EventID: 0xC0001B58
                Time Generated: 04/05/2013   11:39:20
                Event String:
                The Backup Exec Device & Media Service service failed to start due t
    o the following error:
             An Error Event occurred.  EventID: 0xC0001B59
                Time Generated: 04/05/2013   11:39:20
                Event String:
                The Backup Exec Server service depends on the Backup Exec Device & M
    edia Service service which failed to start because of the following error:
             An Error Event occurred.  EventID: 0xC0001B59
                Time Generated: 04/05/2013   11:39:20
                Event String:
                The Backup Exec Agent Browser service depends on the Backup Exec Ser
    ver service which failed to start because of the following error:
             An Error Event occurred.  EventID: 0xC0001B7E
                Time Generated: 04/05/2013   11:39:48
                Event String:
                The BackupExecDeviceMediaService service was unable to log on as MCA
    \mcamaster with the currently configured password due to the following error:
             An Error Event occurred.  EventID: 0xC0001B58
                Time Generated: 04/05/2013   11:39:48
                Event String:
                The Backup Exec Device & Media Service service failed to start due t
    o the following error:
             An Error Event occurred.  EventID: 0xC0001B59
                Time Generated: 04/05/2013   11:39:48
                Event String:
                The Backup Exec Server service depends on the Backup Exec Device & M
    edia Service service which failed to start because of the following error:
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:40:17
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:43:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:48:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:53:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   11:58:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   12:03:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   12:08:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             An Error Event occurred.  EventID: 0x0000041E
                Time Generated: 04/05/2013   12:13:50
                Event String:
                The processing of Group Policy failed. Windows could not obtain the
    name of a domain controller. This could be caused by a name resolution failure.
    Verify your Domain Name Sysytem (DNS) is configured and working correctly.
             ......................... MCA-SBS2008 failed test SystemLog
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
             A Global Catalog Server could not be located - All GC's are down.
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
             A Time Server could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
             1355
             A Good Time Server could not be located.
             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
             A KDC could not be located - All the KDCs are down.
             ......................... MCA.local failed test LocatorCheck

    Friday, April 05, 2013 1:27 AM
  • @ Miguel

    If I go the DS Restore mode what do I do once booted to "undo" the changes or roll this back. I don't think I can that way.

    We're running BackupExec 2012, as said new network I've been here a week and a bit. There's no DSR Media created so I can go about getting that done maybe and restoring - I know this isn't a Symantec forum but can I restore from it just this domain information that if borked without overwriting files or email?

    Friday, April 05, 2013 1:56 AM
  • Hi,

    Look at this article, it describes how to do an AD authorative restore about halfway down the page.. Starting step 9

    http://www.symantec.com/business/support/index?page=content&id=TECH86323

    Before doing this, I suggest you copy the server's data (network shares, exchange database, sharepoint database) on to an external USB or something as a precaution. Since you mentioned you are new to this server, you don't know the state of the backups.


    Miguel Fra | Falcon IT Services, Miami, FL
    Web Site | Blog

    Friday, April 05, 2013 2:06 AM
  • I don't think going with a BackupExec restore will work - last successful backup of the SBS was literally weeks ago - for some reason the backup has been manually put on hold before I started.

    After actually eating some lunch and trying to step back for a minute it looks as if the issues are from when SPICEWORKS01 was promoted. There were preexisting issues that obviously the last IT had demoted MCA-DC2 because of with the FRS service on the SBS. When joining SPICEWORKS01 this has experienced those issues and probably me performing the stop frs, rename jet, start frs has broken the SYSVOL or domain information on the SBS.

    Either I need to get the sysvol working on the SBS - I'm organising a reboot now just incase that works for some reason. I can't now demote SPICEWORKS01 as nothing can see the domain to remove it from anyway.

    This is the part I don't know though - getting the SYSVOL running again may be an issue. My backup is to perform an SBS backup after the reboot for the data, email, (sharepoint is unused) and perform a complete reinstall of SBS. I don't want to do this but to get up and going I don't see what else can be done. I have a feeling though a backup won't be possible this way as Exchange Console can't see mailboxes and such as is.

    Any advice on getting the SYSVOL/DOMAIN working just on the SBS again will be very apprectiated.

    Friday, April 05, 2013 3:10 AM
  • Copy paste the data folders as well as the exchange data folder on to another drive before re-installing. If possible, use the windows backup backup as well so you have a copy of everything 2x.

    Make sure you get the exchange data folder backed up. It's not ideal but if you cant get AD back up, it's better to have the data folder from Exchange than nothing at all. The Exchange jet database can be recovered later with tools or by recreating the users verbatim and pasting the edb and log files to replace the existing. I have done it with SBS 2K3 and it worked, but not with SBS 2K28. Worse case, tools like OnTrack let you export off-line database to PST files then import them into the new DB.

    Try go get AD back first, obviously.


    Miguel Fra | Falcon IT Services, Miami, FL
    Web Site | Blog

    Friday, April 05, 2013 3:19 AM
  • Hello,

    From DS restore mode, point the registry to look at the database (wherever you moved it or renamed it to) as outlined by this KB, then restart in normal mode and see if AD comes back.

    http://support.microsoft.com/kb/221093?wa=wsignin1.0

    You may also want to try an NTFRS authorative restore to set the SBS as the authorative DS server and see if that gets the NTFRS database out the a journal wrap (it's in journal wrap according to one of your errors)


    Miguel Fra | Falcon IT Services, Miami, FL
    Web Site | Blog


    Friday, April 05, 2013 3:35 AM
  • Thanks Miguel

    I already attempted the first step. I tired the second, I couldn't get the whole directory. It gave the following error:

    Counting numbers that need updating...
    Records found: 0000000000
    Could not parse the given DN

    Authoritive Restore failed.

    Error parsing input - Invalid Syntax.

    So instead of "restore object database" I did:

    restore object "dc=mca,dc=local"
    restore subtree ""

    Followed by the three entires it excluded. All up it ran through about 10000 objects.

    Just incase I powered off the SPICEWORKS01 server before starting up. But unfortunately no change. When started up I have no SYSVOL under mca.local or mca-sbs2008.local.

    Before I couldn't load the AD tools at all, and when starting up I couldn't. But now strangely I can after a few minutes. I can confirm MCA-SBS2008 is holding all the FSMO roles. So seems we're part way there. I still can't find where the strange results for a nslookup of mca.local are coming from:

    C:\Users\administrator.MCA>nslookup
    Default Server:  mca-sbs2008.mca.local
    Address:  192.168.203.2

    > mca.local
    Server:  mca-sbs2008.mca.local
    Address:  192.168.203.2

    Name:    mca.local
    Addresses:  192.168.203.5
              192.168.203.6
              192.168.203.2
              192.168.43.1
              192.168.52.1

    So seems like we're part way there, still no SYSVOL though. I have the following entries a couple of minutes apart in the FRS log which seem to point at the issue somewhat:

    File Replication Service is scanning the data in the system volume. Computer MCA-SBS2008 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

    To check for the SYSVOL share, at the command prompt, type:

    net share

    When File Replication Service completes the scanning process, the SYSVOL share will appear.

    The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

    and

    The File Replication Service is having trouble enabling replication from SPICEWORKS01 to MCA-SBS2008 for c:\windows\sysvol\domain using the DNS name SPICEWORKS01.MCA.local. FRS will keep retrying.

    Following are some of the reasons you would see this warning.

    [1] FRS can not correctly resolve the DNS name SPICEWORKS01.MCA.local from this computer.

    [2] FRS is not running on SPICEWORKS01.MCA.local.

    [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

    This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    As said SPICEWORKS01 is off and still off - I'm worried about turning it back on if at least half the domain function seems to be back.

    Is there a process to fix the SYSVOL at this point? It's as if it's waiting on SPICEWORKS01 to sync from - I need to tell the SBS to not do that somehow and to create it's own.

    Perhaps if I forceably remove SPICEWORKS01 at this point (it has nothing ciritical at all)?
    Friday, April 05, 2013 5:10 AM
  • And looks like I have it. Using the Burflags key to set the startup to D4 to force Authoritive restore when starting the ntfrs service as described here:

    http://stackoverflow.com/questions/153263/problem-with-ntfrs-missing-sysvol-and-netlogon-on-a-2003-server

    Worked.

    I now have a SYSVOL and I assume when I restored from the backed up sysvol folder earlier I again have all my policies and such. Once out of production hours I will bring SPICEWORKS01 back up while offline and put it in non authoritive restore mode before connecting up and restarting the ntfrs service.

    Friday, April 05, 2013 5:33 AM
  • Hello,

    missing SYSVOL and NETLOGON shares mostly occur during promotion of new DC if you use another DNS server on the NIC instead ONLY one up and running from the running domain, i work always that way and never had any missing shares.

    In our case the better option is to remvoe the problem DC, run metadata cleanup and startt fresh with a new DC.

    I also recommend to ask the SBS experts in http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/threads


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, April 05, 2013 6:36 AM
  • Hello,

    BTW, large output please add as files to Windows Skydrive instead posting it here and just add the lik to the files here.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, April 05, 2013 6:38 AM
  • I believe the issue was the existing "JRNL_WRAP_ERROR." issue. Obviously the old DC had been removed from old replication issues also. Hopefully now that that part is fixed I can look at getting things running stably and backups actually running then get a second DC in place. Going to be a fun weekend now!

    Thanks so much for your help Miguel.

    Friday, April 05, 2013 6:48 AM
  • Hello,

    even you have posted here lot of infos and messages please UPLOAD the folloing files form the current stat of the domain:

    ipconfig /all >c:\ipconfig.txt [all DCs]
    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
    ADREPLSTATUS: http://www.microsoft.com/en-us/download/details.aspx?id=30005 can also be exported to file.

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) https://skydrive.live.com and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, April 05, 2013 6:53 AM
  • Hello Allister,

    As a Backup Exec Support Tech, I was reading your post to see if this was a Backup Exec issue and I could assist.  I see that you are well on the way to a resolution, but I have to tell you I felt like I was reading a suspense story.   Please let me know if you would like assistance with any issues getting the backups and restores running.

    You can contact me on twitter at @LMosla


    Lenora Moss Technical Support Engineer, SMB Partner Support, Symantec Corporation www.symantec.com

    Friday, April 05, 2013 4:43 PM
  • Hi Lenora

    Thanks for the offer - tape and disk backups all sorted and completed. The site I've taken over had 4 backups set to run, the required server (SBS) backup was on hold so no notifications : /. I spoke with Symantec support and was happy with the response though.

    Saturday, April 06, 2013 2:41 PM