DFSR SYSVOL Migration in stuck

-

i have problems sysvol dfsr migration

environment have two writable domain controllers 2008r2. forest , domain level 2008r2

events:

event 8020
error: 5 (access denied.)

event 8029
dfsr migration unable transition 'eliminated' state domain controller xxxxx. dfsr retry next time polls active directory. force immediate retry, execute command 'dfsrdiag /pollad'.

dfsrmig.exe /getmigrationstate

the following domain controllers not in sync global state ('eliminated'):

domain controller (local migration state) - dc type

===================================================

dc1 ('eliminating') - primary dc

dc2 ('eliminating') - writable dc

migration has not yet reached consistent state on domain controllers.

state information might stale due ad latency.

                          

checked things

checked ”manage auditing , security log” rights

defalt domain controller policy have setting “manage auditing , security log” domain_name\exchange enterprise servers, administrators, domain_name\exchange 

http://support.microsoft.com/kb/2567421

from “domain_name/system/file replication service/domain system volume (sysvol share)” structure “protect object accidental deletion” setting have been removed

http://www.experts-exchange.com/software/server_software/active_directory/q_28269847.html

removed server objects “domain_name/system/file replication service/domain system volume (sysvol share)” structure”

removed ipv6 use

http://social.technet.microsoft.com/forums/windowsserver/en-us/90faf580-2336-4ca9-8901-bd14f12373a4/dfs-replication-issues-rpc-wmi-and-service-essentially-locked-up-for-dfsr?forum=winserverfiles

temporary stopped virusprotection dc

replication working okay c:\windows\sysvol_dfsr, shares etcc.

c:\windows\sysvol_dfsr

manually removed  content c:\windows\sysvol (structure empty folders)

from registry

hkey_local_machine\system\currentcontrolset\services\dfsr\parameters\sysvols\migrating sysvols

local state 7

is primary 0

rebooted, started dfs replication service, check ad replications, no firewalls between dc (in same subnet)

is there registry, ad path or file path can check why error access denied?

thanks advices

hi,

case solved. removed protectedfromaccidentaldeletion from every  object command

get-adobject -filter * | set-adobject -protectedfromaccidentaldeletion $false
(it takes for long time)

forced ad replication , restarted dfsr service

current dfsr global state: 'eliminated'
succeeded.



Windows Server  >  File Services and Storage



Comments

Post a Comment

Popular posts from this blog

Schannel Issue

-
hello there, i have windows 2008 r2 machine. , have hosted sharepoint 2010 on it. i have site have published on internet. i don't know whether it's related , getting error unable resolve or come conclusion. it's pretty frequent. my server patched latest updates. log name:      system source:        schannel date:          8/12/2011 3:49:43 pm event id:      36887 task category: none level:         error keywords:      user:          system computer:      mycomp.domain.com description: following fatal alert received: 42.   the above error doesn't provide info . could please me identify issue , possible solution ? there have been lot of posts one. i believe can safely ignored...
Read more

Indexing Server

-
just quick question - 2008 have indexing server? can't see option - , want setup web based search engine using indexing server catalogs , asp.net....   it availble? does not based on - http://technet2.microsoft.com/windowsserver2008/en/library/82bac070-bee4-452e-a783-3ce31b5e1d0f1033.mspx?mfr=true Windows Server  >  Management
Read more

oclist /xml or /?

-
oclist have qualifiers? can behaviour changed, example output xml?   given previous comments andrew m , comments in forums , blogs think answer no, it’s simple app calling underlying api, thought i'd ask can't seem find anything.   why asking question? i'd @ least 2 things oclist (apart nicer looking output [which i'm not going get], dependances listed [dicussed in forum , ruled out], , refrushing add ad componets , telling use dcpromo [which in banner know]): - whether installing component cuase / require reboot (currently believe qwave , printing services require reboot)   - xml output, can't justify team looking see if can commality with full server   fwiw :j   hi,   oclist not have qualifiers or ways change output. when iis came in late, make oclist output longer, unfortunately late make significant changes.   i'll take feedback , add our list next version.   thanks,   andrew   ...
Read more