none
DFSR - MsDFSR-LocalSettings object found the lost and found OU

    Question

  • Hello, 

    Has anyone seen this before. msDFSR-LocalSettings object found the lost and found OU. Also, on the dc, we getting the following errors.

    DFSR Replication error event ID: 

    Log Name:      DFS Replication
    Source:        DFSR
    Date:          12/5/2016 5:21:51 AM
    Event ID:      6002
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      DCname.domain.com
    Description:
    The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information. 

    Additional Information: 
    Object DN: CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DCName,OU=Domain Controllers,DC=Domain,DC=com 
    Attribute Name: msDFSR-MemberReference 
    Domain Controller: DCName.domain.com 
    Polling Cycle: 60 minutes
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="DFSR" />
        <EventID Qualifiers="49152">6002</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2016-12-05T10:21:51.000000000Z" />
        <EventRecordID>733</EventRecordID>
        <Channel>DFS Replication</Channel>
        <Computer>DCname.domain.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>msDFSR-Subscriber</Data>
        <Data>CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DCname,OU=Domain Controllers,DC=domain,DC=com</Data>
        <Data>msDFSR-MemberReference</Data>
        <Data>DCname.domain.com</Data>
        <Data>60</Data>
      </EventData>
    </Event>

    Thanks 

     
    Tuesday, December 6, 2016 3:41 AM

All replies

  • Hi

     First check this related article; https://social.technet.microsoft.com/wiki/contents/articles/1158.dfsr-event-6002-dfs-replication-service-detected-invalid-object-data.aspx

    and this ms article; https://support.microsoft.com/en-us/kb/953527

    Also if you share "dcdiag","repadmin /replsum" results,maybe discover the issue more clearly.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, December 6, 2016 6:57 AM
  •             Event String:
                While processing an AS request for target service krbtgt, the accoun
    t mjuoni did not have a suitable key for generating a Kerberos ticket (the missi
    ng key has an ID of 2). The requested etypes : 18. The accounts available etypes
     : 23  -133  -128. Changing or resetting the password of mjuoni will generate a
    proper key.
             ......................... AOTATLDC01 failed test SystemLog
          Starting test: VerifyReferences
             ......................... AOTATLDC01 passed test VerifyReferences


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : aotbedding
          Starting test: CheckSDRefDom
             ......................... aotbedding passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... aotbedding passed test CrossRefValidation

       Running enterprise tests on : aotbedding.com
          Starting test: LocatorCheck
             ......................... aotbedding.com passed test LocatorCheck
          Starting test: Intersite
             ......................... aotbedding.com passed test Intersite

    C:\Windows\system32>dcdiag.exe

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = AOTATLDC01
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: ATL\AOTATLDC01
          Starting test: Connectivity
             ......................... AOTATLDC01 passed test Connectivity

    Doing primary tests

       Testing server: ATL\AOTATLDC01
          Starting test: Advertising
             ......................... AOTATLDC01 passed test Advertising
          Starting test: FrsEvent
             ......................... AOTATLDC01 passed test FrsEvent
          Starting test: DFSREvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... AOTATLDC01 failed test DFSREvent
          Starting test: SysVolCheck
             ......................... AOTATLDC01 passed test SysVolCheck
          Starting test: KccEvent
             ......................... AOTATLDC01 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... AOTATLDC01 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... AOTATLDC01 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... AOTATLDC01 passed test NCSecDesc
          Starting test: NetLogons
             ......................... AOTATLDC01 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... AOTATLDC01 passed test ObjectsReplicated
          Starting test: Replications
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From AOTJANDC01 to AOTATLDC01
                Naming Context: DC=ForestDnsZones,DC=aotbedding,DC=com
                The replication generated an error (1256):
                The remote system is not available. For information about network tr
    oubleshooting, see Windows Help.

                The failure occurred at 2016-12-05 09:19:37.
                The last success occurred at 2016-10-04 13:37:40.
                2970 failures have occurred since the last success.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From US-SSBHAZ-DC to AOTATLDC01
                Naming Context: DC=ForestDnsZones,DC=aotbedding,DC=com
                The replication generated an error (1256):
                The remote system is not available. For information about network tr
    oubleshooting, see Windows Help.

                The failure occurred at 2016-12-05 09:20:21.
                The last success occurred at 2016-10-20 12:32:21.
                2204 failures have occurred since the last success.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From AOTJANDC01 to AOTATLDC01
                Naming Context: DC=DomainDnsZones,DC=aotbedding,DC=com
                The replication generated an error (1256):
                The remote system is not available. For information about network tr
    oubleshooting, see Windows Help.

                The failure occurred at 2016-12-05 09:19:37.
                The last success occurred at 2016-10-04 13:39:12.
                2970 failures have occurred since the last success.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From US-SSBHAZ-DC to AOTATLDC01
                Naming Context: DC=DomainDnsZones,DC=aotbedding,DC=com
                The replication generated an error (1256):
                The remote system is not available. For information about network tr
    oubleshooting, see Windows Help.

                The failure occurred at 2016-12-05 09:20:21.
                The last success occurred at 2016-10-20 12:32:20.
                2204 failures have occurred since the last success.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From AOTJANDC01 to AOTATLDC01
                Naming Context: CN=Schema,CN=Configuration,DC=aotbedding,DC=com
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2016-12-05 09:21:28.
                The last success occurred at 2016-10-04 13:40:38.
                2970 failures have occurred since the last success.
                [AOTJANDC01] DsBindWithSpnEx() failed with error 1722,
                The RPC server is unavailable..
                The source remains down. Please check the machine.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From US-SSBHAZ-DC to AOTATLDC01
                Naming Context: CN=Schema,CN=Configuration,DC=aotbedding,DC=com
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2016-12-05 09:22:10.
                The last success occurred at 2016-09-15 08:55:46.
                3893 failures have occurred since the last success.
                [US-SSBHAZ-DC] DsBindWithSpnEx() failed with error 1722,
                The RPC server is unavailable..
                The source remains down. Please check the machine.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From AOTJANDC01 to AOTATLDC01
                Naming Context: CN=Configuration,DC=aotbedding,DC=com
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2016-12-05 09:19:37.
                The last success occurred at 2016-08-07 14:18:25.
                5756 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From US-SSBHAZ-DC to AOTATLDC01
                Naming Context: CN=Configuration,DC=aotbedding,DC=com
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2016-12-05 09:20:21.
                The last success occurred at 2016-08-18 12:19:49.
                5232 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From AOTJANDC01 to AOTATLDC01
                Naming Context: DC=aotbedding,DC=com
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2016-12-05 09:22:53.
                The last success occurred at 2016-10-04 13:43:24.
                2970 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,AOTATLDC01] A recent replication attempt failed:
                From US-SSBHAZ-DC to AOTATLDC01
                Naming Context: DC=aotbedding,DC=com
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2016-12-05 09:23:36.
                The last success occurred at 2016-10-20 12:32:19.
                2204 failures have occurred since the last success.
                The source remains down. Please check the machine.
             ......................... AOTATLDC01 failed test Replications
          Starting test: RidManager
             ......................... AOTATLDC01 passed test RidManager
          Starting test: Services
             ......................... AOTATLDC01 passed test Services
          Starting test: SystemLog
             An error event occurred.  EventID: 0x0000165B
                Time Generated: 12/05/2016   08:26:13
                Event String:
                The session setup from computer 'US-SSBWND-DC' failed because the se
    curity database does not contain a trust account 'US-SSBWND-DC$' referenced by t
    he specified computer.
             A warning event occurred.  EventID: 0x0000A000
                Time Generated: 12/05/2016   08:29:11
                Event String:
                The Security System detected an authentication error for the server
    HTTP/us-ssbcar-sccm.aotbedding.com. The failure code from authentication protoco
    l Kerberos was "The user's account has expired.
             An error event occurred.  EventID: 0xC000000E
                Time Generated: 12/05/2016   08:34:23
                Event String:
                While processing an AS request for target service krbtgt, the accoun
    t mderro did not have a suitable key for generating a Kerberos ticket (the missi
    ng key has an ID of 1). The requested etypes : 18  17  3  1. The accounts availa
    ble etypes : 23  -133  -128. Changing or resetting the password of mderro will g
    enerate a proper key.
             An error event occurred.  EventID: 0xC000000E
                Time Generated: 12/05/2016   08:34:23
                Event String:
                While processing an AS request for target service krbtgt, the accoun
    t mderro did not have a suitable key for generating a Kerberos ticket (the missi
    ng key has an ID of 2). The requested etypes : 18. The accounts available etypes
     : 23  -133  -128. Changing or resetting the password of mderro will generate a
    proper key.
             A warning event occurred.  EventID: 0x0000A000
                Time Generated: 12/05/2016   09:12:15
                Event String:
                The Security System detected an authentication error for the server
    ldap/AOTATLDC02.aotbedding.com. The failure code from authentication protocol Ke
    rberos was "The user's account has expired.
             A warning event occurred.  EventID: 0x0000043D
                Time Generated: 12/05/2016   09:14:13
                Event String:
                Windows failed to apply the Internet Explorer Zonemapping settings.
    Internet Explorer Zonemapping settings might have its own log file. Please click
     on the "More information" link.
             An error event occurred.  EventID: 0xC000000E
                Time Generated: 12/05/2016   09:21:41
                Event String:
                While processing an AS request for target service krbtgt, the accoun
    t Support did not have a suitable key for generating a Kerberos ticket (the miss
    ing key has an ID of 1). The requested etypes : 18  17  3  1. The accounts avail
    able etypes : 23  -133  -128. Changing or resetting the password of Support will
     generate a proper key.
             An error event occurred.  EventID: 0xC000000E
                Time Generated: 12/05/2016   09:21:41
                Event String:
                While processing an AS request for target service krbtgt, the accoun
    t Support did not have a suitable key for generating a Kerberos ticket (the miss
    ing key has an ID of 2). The requested etypes : 18. The accounts available etype
    s : 23  -133  -128. Changing or resetting the password of Support will generate
    a proper key.
             ......................... AOTATLDC01 failed test SystemLog
          Starting test: VerifyReferences
             ......................... AOTATLDC01 passed test VerifyReferences


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : aotbedding
          Starting test: CheckSDRefDom
             ......................... aotbedding passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... aotbedding passed test CrossRefValidation

       Running enterprise tests on : aotbedding.com
          Starting test: LocatorCheck
             ......................... aotbedding.com passed test LocatorCheck
          Starting test: Intersite
             ......................... aotbedding.com passed test Intersite

    C:\Windows\system32>dfsrdiag ReplicationState /all
    'dfsrdiag' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Windows\system32>
    Tuesday, December 6, 2016 2:57 PM
  • 
    Tuesday, December 6, 2016 4:08 PM
  • Hi

     First Reset the krbtgt account password/keys on the problematic DC,check this scipt to perform;

    https://gallery.technet.microsoft.com/Reset-the-krbtgt-account-581a9e51

    The replication generated an error (1722):
                The RPC server is unavailable  >>>> Then seems you have connectivty issue also,you should verify port accessibility between this dc and the others,you can check with PortQryUI ;

    https://www.microsoft.com/en-us/download/details.aspx?id=24009


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, December 6, 2016 5:50 PM
  • 
    Wednesday, December 7, 2016 5:27 AM
  • So you should fix the connectivity issue between these 3 DC's.and also reset krbtgt account password on problematic one.

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, December 7, 2016 6:37 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 16, 2016 4:41 AM
    Moderator