locked
DFS-R group - LDAP error RRS feed

  • Question

  • Hi all,

           I have a windows 2008 R2 enviornment (i.e. all servers are 2008 R2) in which im trying to setup DFS-R between a central backup server and a number of remote file servers.

    When setting this up for the first server, if trying from the "central" server, i got the following error:

     The replication group backup_SiteName cannot be created.
    An error occurred while executing an LDAP query for the globally unique identifier (GUID) of added object domain.com/System/DFSR-GlobalSettings/backup_SiteName

    An error occurred while executing an LDAP query on domain.com/System/DFSR-GlobalSettingsSiteName object with (objectClass=*) filter.
    The object does not exist.

    I then went and created the DFSR group from the remote server - and all was good.

    Moving onto the second server on the list, i now get this error when trying to create the replication group at both ends.

    I am running this with an account that is a domain and enterprise admin - i can manually create and delete entries under domain.com/System/DFSR-GlobalSettingsSiteName - so its not a permissions issue - but obviously, for whatever reason, entries cannot be created for new DFSR replication groups.

    The only thing i can think of is that there are RODC's at the remote sites and perhaps the entry is attempting to be created on the RODC instead of one of the writable DC's. The only thing ive found relating to this is at http://imav8n.wordpress.com/2009/02/05/more-rodc-fun/ - However this article specifically states that the issue should be fixed in 2008 R2.

    Does anyone have any ideas on how to get this wor

    Wednesday, March 16, 2011 10:48 PM

Answers

  • As you said, I also found a similar issue in internal database which is caused that the server is connecting a read-only DC. You can check DFS log files and looking for the event like this:

    0D20 mmc: |DfsFrsTracing            |TraceInfo  |15:50:50.1146573|0006|0171|                Helper LdapConnection object connected to DC computername.domain.com

    Check if the computername.domain.com is a RODC. Try unplug it and see the result. If there is any other error please let us know.

    Meanwhile, try following steps to refresh DFS Managment MMC cache. It is recommanded to do these steps after unplug the RODC. 

    1. Close DFSMGMT.MSC
    2. Navigate to:

    %appdata%\roaming\microsoft\mmc
    3. Rename or delete the following file:

    dfsmgmt

    4. Start the DFSMGMT.MSC
    5. This will force the snap-in to refresh all data from AD and give you a current accurate picture (at least according to that domain controller).


    Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tngfb@microsoft.com
    • Marked as answer by Ben_22 Sunday, March 27, 2011 7:37 AM
    Wednesday, March 23, 2011 1:50 AM
  • Hi Shaon,

                    We ended up working around this by simply creating all the DFS-R groups in a site which had a read/write DC - then it worked fine.

    i get what your saying above - but its a little poor that this is required! Next time i run into it - i will try that!

    • Marked as answer by Ben_22 Sunday, March 27, 2011 7:37 AM
    Sunday, March 27, 2011 7:37 AM

All replies

  • As you said, I also found a similar issue in internal database which is caused that the server is connecting a read-only DC. You can check DFS log files and looking for the event like this:

    0D20 mmc: |DfsFrsTracing            |TraceInfo  |15:50:50.1146573|0006|0171|                Helper LdapConnection object connected to DC computername.domain.com

    Check if the computername.domain.com is a RODC. Try unplug it and see the result. If there is any other error please let us know.

    Meanwhile, try following steps to refresh DFS Managment MMC cache. It is recommanded to do these steps after unplug the RODC. 

    1. Close DFSMGMT.MSC
    2. Navigate to:

    %appdata%\roaming\microsoft\mmc
    3. Rename or delete the following file:

    dfsmgmt

    4. Start the DFSMGMT.MSC
    5. This will force the snap-in to refresh all data from AD and give you a current accurate picture (at least according to that domain controller).


    Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tngfb@microsoft.com
    • Marked as answer by Ben_22 Sunday, March 27, 2011 7:37 AM
    Wednesday, March 23, 2011 1:50 AM
  • Hi Shaon,

                    We ended up working around this by simply creating all the DFS-R groups in a site which had a read/write DC - then it worked fine.

    i get what your saying above - but its a little poor that this is required! Next time i run into it - i will try that!

    • Marked as answer by Ben_22 Sunday, March 27, 2011 7:37 AM
    Sunday, March 27, 2011 7:37 AM
  • Same issue and I have an RODC.

    Ran

    repadmin /syncall /Aed

    on the RODC and tried creating my replication folder again and it worked!

    Thanks for giving me the hint what to look for :)

    Wednesday, August 22, 2018 5:41 PM