locked
DFSR error ID:5008/4612 Towards demoted/removed DC RRS feed

  • Question

  • I am having a issue where i see the following errors:

    The DFS Replication service failed to communicate with partner OLDSERVER for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server.
     
    Partner DNS Address: OLDSERVER.Domain.local
     
    Optional data if available:
    Partner WINS Address: OLDSERVER
    Partner IP Address: x.x.x.x
     
    The service will retry the connection periodically.
     
    Additional Information:
    Error: 1722 (The RPC server is unavailable.)

    The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner OLDSERVER.domain.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
     
    Additional Information:
    Replicated Folder Name: SYSVOL Share
    Replicated Folder ID: 4846FCD2-7777-4EDF-BC6B-13E8E16C4446
    Replication Group Name: Domain System Volume
    Replication Group ID: CB5BCAE8-C44F-40A8-80DD-A88DC4FDAF74
    Member ID: FA911E0C-253C-426A-8EC7-71D85B49C0EB
    Read-Only: 0


    The server was not removed from the domain correctly so i am doing a lot of cleaning up. The issue I face is that the other solutions I have found on this is to use Meta data cleanup. OLDSERVER is not present there.

    Or use ADSI edit to locate CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=local and delete the record of OLDSERVER, but the record is not there.

    I have 4 domain controllers atm. 2 of them are 2016. (newly installed) and 2 X 2012 r2

    The error is only active on 1 of the 2012 R2 servers. and the rest see no DFSR errors. OLDSERVERs OLD DNS records have all been removed.

    any pointers or ideas will be greatly appreciated.

    Wednesday, September 19, 2018 11:59 AM

Answers

  • If anyone ends up having this issue. and nothing of the old domain controller is present in the domain.

    Authoritative reinitializing the sysvol folder did it for me. See the link specified here for the steps.

    Have copied the steps aswell in case the link changes.

    https://www.dell.com/support/article/us/en/19/sln156015/how-to-reinitialize-a-dfs-replicated-sysvol-folder-on-a-windows-domain-controller?lang=en

    To perform an authoritative reinitialization of a DFS-replicated SYSVOL folder on a DC:

    1. Open the ADSIEdit console (adsiedit.msc), expand the default naming context, and locate the SYSVOL subscription object for the DC in question:
      CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<DC_name>,OU=Domain Controllers,DC=<domain>
    2. Right-click the CN=SYSVOL Subscription object and select Properties.
    3. In the Attribute Editor tab of the properties window, set the msDFSR-Enabled attribute to FALSE and set the msDFSR-Options attribute to 1. Click OK to close the properties window.
    4. Locate the SYSVOL subscription objects for the other DCs in the domain. Refer to the DN in step 1 but substitute the names of the other DCs in the CN=<DC_name> portion.
    5. Modify the properties of each SYSVOL subscription object in step 4 and set the msDFSR-Enabled attribute to FALSE.
    6. Force AD replication throughout the domain and verify that it is successful.
    7. Type dfsrdiag pollad at an elevated command prompt on all DCs. Their DFS Replication event logs should contain event 4114, indicating that SYSVOL is no longer being replicated. Other informational events may also appear, but this step should not result in any warnings or errors appearing in the log.
    8. On the DC designated as authoritative, use ADSIEdit to set the msDFSR-Enabled attribute to TRUE at the location in steps 1 and 2. Click OK to close the properties window.
    9. Force AD replication throughout the domain and verify that it is successful.
    10. On the DC designated as authoritative, run dfsrdiag pollad from an elevated command prompt. Its DFS-R event log should now contain event ID 4602, indicating that SYSVOL has been initialized.
    11. On the SYSVOL subscription objects of the other DCs (see steps 4 and 5), set the msDFSR-Enabled attribute to TRUE.
    12. Force AD replication throughout the domain and verify that it is successful.
    13. On all DCs besides the authoritative one, type dfsrdiag pollad at an elevated command prompt. Their DFS-R event logs should contain event IDs 4614 and 4604, indicating that SYSVOL has been initialized and replicated from the authoritative DC.

    • Marked as answer by HJH_Any Wednesday, October 24, 2018 8:20 AM
    Wednesday, October 24, 2018 8:20 AM

All replies

  • Hi,

    Thanks for your post.

    About DFSR error 5008, here is a similar issue for a reference.

    https://social.technet.microsoft.com/Forums/lync/en-US/86208d47-9f53-433c-a8c5-fefbefb5c2e8/5008-error-dfsr?forum=winservergen

    And some information for ID 4612.

    http://jackstromberg.com/2014/07/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope above information could help.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 20, 2018 7:29 AM
  • Hi

    I have sadly tried what is mentioned in the articels without luck.

    Friday, September 21, 2018 8:03 AM
  • Hello,

    This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.

    If you have any updates during this process, please feel free to let me know.

    Thank you for your understanding and support.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 28, 2018 1:36 AM
  • If anyone ends up having this issue. and nothing of the old domain controller is present in the domain.

    Authoritative reinitializing the sysvol folder did it for me. See the link specified here for the steps.

    Have copied the steps aswell in case the link changes.

    https://www.dell.com/support/article/us/en/19/sln156015/how-to-reinitialize-a-dfs-replicated-sysvol-folder-on-a-windows-domain-controller?lang=en

    To perform an authoritative reinitialization of a DFS-replicated SYSVOL folder on a DC:

    1. Open the ADSIEdit console (adsiedit.msc), expand the default naming context, and locate the SYSVOL subscription object for the DC in question:
      CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<DC_name>,OU=Domain Controllers,DC=<domain>
    2. Right-click the CN=SYSVOL Subscription object and select Properties.
    3. In the Attribute Editor tab of the properties window, set the msDFSR-Enabled attribute to FALSE and set the msDFSR-Options attribute to 1. Click OK to close the properties window.
    4. Locate the SYSVOL subscription objects for the other DCs in the domain. Refer to the DN in step 1 but substitute the names of the other DCs in the CN=<DC_name> portion.
    5. Modify the properties of each SYSVOL subscription object in step 4 and set the msDFSR-Enabled attribute to FALSE.
    6. Force AD replication throughout the domain and verify that it is successful.
    7. Type dfsrdiag pollad at an elevated command prompt on all DCs. Their DFS Replication event logs should contain event 4114, indicating that SYSVOL is no longer being replicated. Other informational events may also appear, but this step should not result in any warnings or errors appearing in the log.
    8. On the DC designated as authoritative, use ADSIEdit to set the msDFSR-Enabled attribute to TRUE at the location in steps 1 and 2. Click OK to close the properties window.
    9. Force AD replication throughout the domain and verify that it is successful.
    10. On the DC designated as authoritative, run dfsrdiag pollad from an elevated command prompt. Its DFS-R event log should now contain event ID 4602, indicating that SYSVOL has been initialized.
    11. On the SYSVOL subscription objects of the other DCs (see steps 4 and 5), set the msDFSR-Enabled attribute to TRUE.
    12. Force AD replication throughout the domain and verify that it is successful.
    13. On all DCs besides the authoritative one, type dfsrdiag pollad at an elevated command prompt. Their DFS-R event logs should contain event IDs 4614 and 4604, indicating that SYSVOL has been initialized and replicated from the authoritative DC.

    • Marked as answer by HJH_Any Wednesday, October 24, 2018 8:20 AM
    Wednesday, October 24, 2018 8:20 AM