none
DCPROMO error, FRS restarts during dcpromo

    Question

  • Good Afternoon,

    We have just installed 2 new Windows Server 2008.  I am attempting to run dcpromo to remove the old Windows 2003 domain controllers.  When I run dcpromo it stops and attempts to restart the File Replication service.  The File Replication service is taking a very long time to stop / start and it is at this point that dcpromo fails with the following message. 

    ---------------------------
    Active Directory Installation Wizard
    ---------------------------
    The operation failed because:

    Failed to prepare for or remove the sysvol replication

    "The file replication service cannot be started."
    ---------------------------
    OK  
    ---------------------------

    I have also run frsdiag on the server and here is the result:

    ------------------------------------------------------------
    FRSDiag v1.7 on 9/18/2011 2:22:09 PM
    .\DL360PHBDC on 2011-09-18 at 2.22.09 PM
    ------------------------------------------------------------

    Checking for errors/warnings in FRS Event Log ....  
    NtFrs 9/12/2011 6:30:33 PM Error 13504 The File Replication Service stopped without cleaning up.
     ......... failed 1
    Checking for errors in Directory Service Event Log ....  
    NTDS Backup 9/12/2011 7:17:37 PM Error 1913 Internal error: The Active Directory backup and restore operation encountered an unexpected error.        Backup or restore will not succeed until this is corrected.          Additional Data    Error value:   1084 This service cannot be started in Safe Mode    Internal ID:   160200fa 
    NTDS Backup 9/12/2011 6:03:12 PM Error 1913 Internal error: The Active Directory backup and restore operation encountered an unexpected error.        Backup or restore will not succeed until this is corrected.          Additional Data    Error value:   1084 This service cannot be started in Safe Mode    Internal ID:   160200fa 
    NTDS Replication 9/12/2011 12:36:43 PM Error 1863 This is the replication status for the following directory partition on the local domain controller.        Directory partition:  CN=Schema,CN=Configuration,DC=US,DC=PUTTERBOY,DC=COM        The local domain controller has not received replication information from a number of domain controllers within the configured latency interval.        Latency Interval (Hours):   24    Number of domain controllers in all sites:  1    Number of domain controllers in this site:  1        The latency interval can be modified with the following registry key.        Registry Key:     HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)        To identify the domain controllers by name, install the support tools included on the installation   CD and run dcdiag.exe.    You can also use the support tool repadmin.exe to display the replication latencies of the domain  controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>". 
    NTDS Replication 9/12/2011 12:36:43 PM Error 1863 This is the replication status for the following directory partition on the local domain controller.        Directory partition:  CN=Configuration,DC=US,DC=PUTTERBOY,DC=COM        The local domain controller has not received replication information from a number of domain controllers within the configured latency interval.        Latency Interval (Hours):   24    Number of domain controllers in all sites:  1    Number of domain controllers in this site:  1        The latency interval can be modified with the following registry key.        Registry Key:     HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)        To identify the domain controllers by name, install the support tools included on the installation   CD and run dcdiag.exe.    You can also use the support tool repadmin.exe to display the replication latencies of the domain  controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>". 
    NTDS Replication 9/12/2011 12:36:43 PM Error 1863 This is the replication status for the following directory partition on the local domain controller.        Directory partition:  DC=US,DC=PUTTERBOY,DC=COM        The local domain controller has not received replication information from a number of domain controllers within the configured latency interval.        Latency Interval (Hours):   24    Number of domain controllers in all sites:  1    Number of domain controllers in this site:  1        The latency interval can be modified with the following registry key.        Registry Key:     HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)        To identify the domain controllers by name, install the support tools included on the installation   CD and run dcdiag.exe.    You can also use the support tool repadmin.exe to display the replication latencies of the domain  controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".
     WARNING: Found Directory Service Errors in the past 15 days! FRS Depends on AD so Check AD Replication!

     ......... failed 5
    Checking for minimum FRS version requirement ... passed
    Checking for errors/warnings in ntfrsutl ds ... passed
    Checking for Replica Set configuration triggers... passed
    Checking for suspicious file Backlog size... passed
    Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
    Checking for suspicious inlog entries ... passed
    Checking for suspicious outlog entries ... passed
    Checking for appropriate staging area size ... passed
    Checking for errors in debug logs ...
     ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                     3796:   904: S0: 15:51:32> :SR: Cmd 016cb5a0, CxtG f5cbe03a, WS ERROR_ACCESS_DENIED, To   DCBACKUP.US.PUTTERBOY.COM Len:  (376) [SndFail - Send Penalty]
     ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                      340:   877: S0: 15:51:32> :SR: Cmd 0168b2e0, CxtG 2862a499, WS ERROR_ACCESS_DENIED, To   DCBACKUP.US.PUTTERBOY.COM Len:  (544) [SndFail - rpc call]
     ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain:                      340:   904: S0: 15:51:32> :SR: Cmd 0168b2e0, CxtG 2862a499, WS ERROR_ACCESS_DENIED, To   DCBACKUP.US.PUTTERBOY.COM Len:  (544) [SndFail - Send Penalty]

     Found 8 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above

     ......... failed with 8 error entries
    Checking NtFrs Service (and dependent services) state...passed
    Checking NtFrs related Registry Keys for possible problems...passed
    Checking Repadmin Showreps for errors...passed

    Any ideas on how I should remove this dc from the domain?

    Thank you for any help,

    Robert

     

    Sunday, September 18, 2011 7:19 PM

Answers

All replies

  • Hello,

    seems that the DC has not longer replicated correct. BEFORE removing it i suggest that you check the complete domain with the support tools, so we can review them also if you agree:

    ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server]
    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.

    If you think you will just kick out the problem machine, then shutdown the server and NEVER reconnect it to the domain. Then run metadata cleanup according to:

    http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, September 18, 2011 7:55 PM
  • To remove the old windows 2003 server, you can run dcpromo /forceremoval followed by metadata cleanup. If dcpromo /forceremoval doesn't work, disconnect the dc and perform the metadata cleanup from the working dc.

    Metadata Cleanup of a Domain controller

    http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/ 

     

    Regards


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Monday, September 19, 2011 5:37 AM
    Moderator