Questions

Why does sysvol replication fail on new DC with errors listed here?

+
0 Votes
Locked

Why does sysvol replication fail on new DC with errors listed here?

itfix7
Added second Windows Server 2003 DC (DC2) to single domain (AD, File Server, DNS Server, GC Role on both DCs) / (DCPROMO run)
Intended for DC2 to be replica of main DC (DC1) / same OS on both.
Same domain, same building, no firewall between, only a switch.
Different IP's, DC1 is primary in all cases. All DNS (pings, tests) pass: DC1 to DC2, and DC2 to DC1.
AD changes replicate quickly.
Contents of sysvol on DC1: 3 policy folders did not replicate to DC2.
DC2 created 1 policy which DID replicate to DC1 so now DC1 has all 4.

Many tests run, hundreds of pages, so only *test name* run and *failures* follow: (all DC2)
---------------------------------dcdiag (DC2)

Netlogons: "Unable to connect to the NETLOGONS share! (DC2\netlogon) An net use or LsaPolicy operation failed with error 1203. No network provider accepted the given network path"
-- Advertising test fails with "Warning: DsGetDcName returned information for DC1 when trying to reach DC2. Server is not responding or is not considered suitable.
---------------------------------
netdiag (DC2)

"Domain membership test.. failed. Warning: this system volume has not been completely replicated to the local machine. This machine is not working properly as a DC."
---------------------------------
dcdiag /test:dns (DC2)

TEST: Delegations (Del)
Warning: DNS server: domainserver.server.MYDOMAIN. IP: <Unavailable>
Failure:Missing glue A record
---------------------------------
netdiag /fix (DC2)

Domain membership test..: Failed
[WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.
---------------------------------
dcdiag /v (DC2)

Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\DOMAINSERVER2\netlogon)
[DOMAINSERVER2] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
DOMAINSERVER2 failed test Netlogons

Starting test: Advertising
Warning: DsGetDcName returned information for \\DomainServer.MYDOMAIN.COM, when we were trying to reach DOMAINSERVER2.
Server is not responding or is not considered suitable.
The DC DOMAINSERVER2 is advertising itself as a DC and having a DS.
The DC DOMAINSERVER2 is advertising as an LDAP server
The DC DOMAINSERVER2 is advertising as having a writeable directory
The DC DOMAINSERVER2 is advertising as a Key Distribution Center
The DC DOMAINSERVER2 is advertising as a time server
The DS DOMAINSERVER2 is advertising as a GC. ............
DOMAINSERVER2 failed test Advertising
---------------------------------
repadmin /showreps (DC2)

Has these failures:

DC=MYDOMAIN,DC=COM
Default-First-Site-Name\DOMAINSERVER via RPC
DC object GUID: de66c2d3-eda2-4ab2-a393-fdea108ad439
Last attempt @ 2010-01-28 18:53:24 failed, result 8453 (0x2105):
Replication access was denied.
193 consecutive failure(s).
Last success @ 2010-01-28 11:11:43. AND:

Source: Default-First-Site-Name\DOMAINSERVER
******* 193 CONSECUTIVE FAILURES since 2010-01-28 11:11:43
Last error: 8453 (0x2105):
Replication access was denied.
---------------------------------
To resolve some of the above:

Stop/ Restart Netlogon Service

DNS - Tried "ipconfig /flushdns"
follow by "ipconfig /registerdns" on several occassions
--------------
Thanks for reviewing this post.