locked
SYSVOL and NETLOGON shares missing from New Domain Controllers Using DFRS RRS feed

  • Question

  • Hello

    I had one 2012 Domain Controller and have now set up 2 new 2012 R2 RTM domain controllers and plan to demote the old server once the new ones are working successfully.

    After transferring all FSMO roles and confirming this had happened with NETDOM QUERY FSMO I still found that if I shut the old domain controller down everything stopped working.

    I followed this guide to transfer FSMO roles to the new DC: http://winsvr.wordpress.com/2012/12/17/transferring-fsmo-roles-from-ws-2008r2-dc-to-ws-2012-dc/

    After looking into possible problems I found that the SYSVOL and NETLOGON shares have not been created on the new DCs so:

    \\2012DC\SYSVOL - WORKS
    \\2012DC\NETLOGON - WORKS
    \\2012R2DC1\SYSVOL - NOT FOUND
    \\2012R2DC1\NETLOGON - NOT FOUND
    \\2012R2DC2\SYSVOL - NOT FOUND
    \\2012R2DC2\NETLOGON - NOT FOUND


    I checked DFSR was in use and not FRS using both these commands:

    dfsrmig.exe /getglobalstate and checking the output says ELIMINATED
    Going to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState and checking the key was set to 3 (ELIMINATED)

    This confirms DFSR is in use.

    The distributed file system was not installed on any domain controllers so I installed it onto all 3 and then followed this guide and attempted a non-authoritative and an authoritative sync: http://support.microsoft.com/kb/2218556/en-gb

    It said to force replication between DCs but didn't mention how to do this so I used these steps: http://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx

    However after doing all this the SYSVOL and NETLOGON shares only exist on the old DC and the new DCs have no shares on them.

    Are there any additional steps I need to perform to get this working?

    I think that this is probably the result of moving from a 2008R2 DC last year to a 2012 one and not installing the DFSR role on the new server back then so I am guessing that removing the old DC then broke replication but it did not cause any problems at the time due to there only being a single DC.

    Thanks

    Robin


    Robin Wilson

    Sunday, September 22, 2013 2:04 PM

Answers

  • I think I may now have fixed the issue.

    I had a look at the replication group in DFS Management and ran a storage health report and on the original 2012 server it said:

    Reference member returned no replicated folders.

    On the 2 new 2012R2 servers it said:

    This member is waiting for initial replication for replicated folder SYSVOL Share.

    Checking C:\Windows\SYSVOL\domain on 2012 shows the correct content but the same folder on the new servers was empty.

    I then tried to backup and delete the contents of the C:\Windows\SYSVOL\domain folder and restarted the DFSR service and copied it all back.

    I then also ran this command suggested in event 2213 in event viewer which was:

    wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="6ED49551-E71B-11E1-93E8-806E6F6E6963" call ResumeReplication

    Instantly files started appearing in the SYSVOL folder on the other servers and the shares now appear as well.

    So I think I have now managed to resolve this at last.

    Originally I first knew something was wrong when trying to demote the old server and finding that it refused to be demoted. It was only after looking into it more closely that I realised the issue was related to DFS Replication. The original thread is here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/34724d2c-97a5-4362-993f-0fad3fbef5b2/moving-active-directory-domain-services-to-server-2012-r2-cannot-demote-old-2012-server#f531db3b-5e97-4823-9e7d-051215961dec

    Robin


    Robin Wilson

    • Marked as answer by robinwilson16 Sunday, September 22, 2013 3:45 PM
    Sunday, September 22, 2013 3:00 PM

All replies

  • I think I may now have fixed the issue.

    I had a look at the replication group in DFS Management and ran a storage health report and on the original 2012 server it said:

    Reference member returned no replicated folders.

    On the 2 new 2012R2 servers it said:

    This member is waiting for initial replication for replicated folder SYSVOL Share.

    Checking C:\Windows\SYSVOL\domain on 2012 shows the correct content but the same folder on the new servers was empty.

    I then tried to backup and delete the contents of the C:\Windows\SYSVOL\domain folder and restarted the DFSR service and copied it all back.

    I then also ran this command suggested in event 2213 in event viewer which was:

    wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="6ED49551-E71B-11E1-93E8-806E6F6E6963" call ResumeReplication

    Instantly files started appearing in the SYSVOL folder on the other servers and the shares now appear as well.

    So I think I have now managed to resolve this at last.

    Originally I first knew something was wrong when trying to demote the old server and finding that it refused to be demoted. It was only after looking into it more closely that I realised the issue was related to DFS Replication. The original thread is here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/34724d2c-97a5-4362-993f-0fad3fbef5b2/moving-active-directory-domain-services-to-server-2012-r2-cannot-demote-old-2012-server#f531db3b-5e97-4823-9e7d-051215961dec

    Robin


    Robin Wilson

    • Marked as answer by robinwilson16 Sunday, September 22, 2013 3:45 PM
    Sunday, September 22, 2013 3:00 PM
  • Just to confirm this is now fixed.

    I have now been able to demote the old server and raise the forest functional level to 2012 R2 and everything seems to be working as it should.

    Robin


    Robin Wilson

    Sunday, September 22, 2013 3:44 PM
  • Hi Robin,

    Thanks for the sharing and I’m glad to hear that the issue has been resolved.

    Cheers.


    Best Regards
    Jeremy Wu

    Tuesday, September 24, 2013 9:40 AM
    Moderator
  • Hi Robin,

    Thanks for your post. This solution worked for me. Only the following error I had to fix as well:

    The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 187 days

    This post has fixed my issue: http://www.jniesen.de/?p=1292#comment-233

    Cheers,
    Al

    Tuesday, October 15, 2013 6:07 PM