none
Issues with SYSVOL AND NETLOGON Replication

    Question

  • My env

    Windows 2012 R2 DC holds all the FSMO Roles --ALL GOOD

    Windows 2012 R2 GC MEMBER AD --ALL GOOD

    WINDOWS 2008 R2 GC MEMBER AD <<>>FAILS to replicate or share NETLOGON at all.

    ERRORS FOUND 

    The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information. 

    Additional Information: 
    Object DN: CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DCR,OU=Domain Controllers,DC=IDC,DC=LOCAL 
    Attribute Name: msDFSR-MemberReference 
    Domain Controller: DCR.IDC.LOCAL 
    Polling Cycle: 60 minutes

     
    • Edited by DASAUTOTDIMAN Thursday, January 26, 2017 5:48 PM
    • Moved by nzpcmad1 Thursday, January 26, 2017 6:04 PM From ADFS
    Thursday, January 26, 2017 5:48 PM

All replies

  • Hi,

    It seems that the value of the attribute msDFSR-MemberReference  is not correct.

    What's the current value of msDFSR-MemberReference ?

    To verify tha value of  msDFSR-MemberReference, open ADSI Edit: On the Start menu, point to Administrative Tools, and then click ADSI Edit.

    View the msDFSR-MemberReference attribute of the object CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<DomainControllerName>,OU=Domain Controllers,DC=<DomainName> and confirm that the value in CN=<DomainControllerName> is the new name.


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    Thursday, January 26, 2017 6:37 PM
  • Beginning data collection for replication summary, this may take awhile:
      .......


    Source DSA         largest delta   fails/total %% error
    DC-1                     19m:57s   0 / 10   0
    DC-2                     19m:57s   0 / 10   0
    DCR                     19m:54s   0 / 10   0
    DC                   19m:54s   0 / 10   0


    Destination DSA   largest delta   fails/total %% error
    DC-1                     18m:21s   0 / 10   0
    DC-2                     19m:54s   0 / 10   0
    DCR                     19m:57s   0 / 10   0
    DC                   11m:22s   0 / 10   0

    SYSVOL of DCR is dated 12/26/2016 and its empty, netlogon share not present. I also tried to rreate the missing key using powershell.

    Import-Module ActiveDirectory
    $templateDomainSystemVolume = Get-ADObject "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DC-1,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL" `
        -Properties "msDFSR-ReplicationGroupGuid","showInAdvancedViewOnly"
    $templateDomainSystemVolume
    New-ADObject -Instance $templateDomainSystemVolume -name "Domain System Volume" `
        -type "msDFSR-Subscriber" `
        -path "CN=DFSR-LocalSettings,CN=DCR,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL" `
        -OtherAttributes @{'msDFSR-MemberReference'="CN=DCR,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=DOMAIN,DC=LOCAL"}

    Import-Module ActiveDirector
    $templateSYSVOLSubscription = Get-ADObject "CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DC-1,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL" `
        -Properties "msDFSR-ContentSetGuid","msDFSR-ReplicationGroupGuid","msDFSR-Enabled","msDFSR-ReadOnly","msDFSR-ReplicationGroupGuid","msDFSR-RootPath","msDFSR-StagingPath","showInAdvancedViewOnly"
    $templateSYSVOLSubscription
    New-ADObject -Instance $templateSYSVOLSubscription "SYSVOL Subscription" `
        -type "msDFSR-Subscription" `
        -path "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DCR,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL"

    Import-Module ActiveDirectory
    $templateSYSVOLSubscription = Get-ADObject "CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DC-1,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL" `
        -Properties "msDFSR-ContentSetGuid","msDFSR-ReplicationGroupGuid","msDFSR-Enabled","msDFSR-ReadOnly","msDFSR-ReplicationGroupGuid","msDFSR-RootPath","msDFSR-StagingPath","showInAdvancedViewOnly"
    $templateSYSVOLSubscription
    New-ADObject -Instance $templateSYSVOLSubscription "SYSVOL Subscription" `
        -type "msDFSR-Subscription" `
        -path "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DCR,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL"

    I got the missing key on DCR, but now see this in event log.

    The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information. 

    Additional Information: 
    Object DN: CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DCR,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL 
    Attribute Name: msDFSR-MemberReference 
    Domain Controller: DCR.DOMAIN.LOCAL 
    Polling Cycle: 60 minutes

    Friday, January 27, 2017 2:18 AM
  • you may need to do a D2 restoration form a healthy DC

    http://www.windowstricks.in/sysvol-interview-questions-and-answers

     

    Regards,
    Ganesamoorthy.S
    www.windowstricks.in)


    Friday, January 27, 2017 5:57 PM