SYSVOL and NETLOGON not shared after dcpromo

[guest]

Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

* Verifying that the local machine SKI002, is a Directory Server.
Home Server = SKI002

* Connecting to directory service on server SKI002.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ski,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SP-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ski,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SKI001,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SP001,CN=Servers,CN=SP-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SP002,CN=Servers,CN=SP-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SKI002,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 4 DC(s). Testing 1 of them.

Done gathering initial info.


Doing initial required tests


Testing server: SKI-Site\SKI002

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SKI002 passed test Connectivity



Doing primary tests


Testing server: SKI-Site\SKI002

Starting test: Advertising

Warning: DsGetDcName returned information for \\ski001.ski.com, when

we were trying to reach SKI002.

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

......................... SKI002 failed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
A warning event occurred. EventID: 0x800034FD

Time Generated: 01/03/2011 17:34:45

Event String:

File Replication Service is initializing the system volume with data from another domain controller. Computer SKI002 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.



To check for the SYSVOL share, at the command prompt, type:

net share



When File Replication Service completes the initialization process, the SYSVOL share will appear.



The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

......................... SKI002 passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
Skip the test because the server is running FRS.

......................... SKI002 passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The

error returned was 0x0 "The operation completed successfully.".

Check the FRS event log to see if the SYSVOL has successfully been

shared.
......................... SKI002 passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SKI002 passed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=SKI001,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SKI001,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SKI001,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SKI001,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SKI001,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com
......................... SKI002 passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC SKI002 on DC SKI002.
* SPN found :LDAP/SKI002.ski.com/ski.com
* SPN found :LDAP/SKI002.ski.com
* SPN found :LDAP/SKI002
* SPN found :LDAP/SKI002.ski.com/SKI
* SPN found :LDAP/e7dd08e5-9519-4e2e-aca7-01c04705d37d._msdcs.ski.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e7dd08e5-9519-4e2e-aca7-01c04705d37d/ski.com
* SPN found :HOST/SKI002.ski.com/ski.com
* SPN found :HOST/SKI002.ski.com
* SPN found :HOST/SKI002
* SPN found :HOST/SKI002.ski.com/SKI
* SPN found :GC/SKI002.ski.com/ski.com
......................... SKI002 passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC SKI002.
* Security Permissions Check for

DC=DomainDnsZones,DC=ski,DC=com
(NDNC,Version 3)
* Security Permissions Check for

DC=ForestDnsZones,DC=ski,DC=com
(NDNC,Version 3)
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=ski,DC=com
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=ski,DC=com
(Configuration,Version 3)
* Security Permissions Check for

DC=ski,DC=com
(Domain,Version 3)
* Security Permissions Check for

DC=SP,DC=ski,DC=com
(Domain,Version 2)
......................... SKI002 passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\SKI002\netlogon)

[SKI002] An net use or LsaPolicy operation failed with error 67,

The network name cannot be found..

......................... SKI002 failed test NetLogons

Starting test: ObjectsReplicated

SKI002 is in domain DC=ski,DC=com
Checking for CN=SKI002,OU=Domain Controllers,DC=ski,DC=com in domain DC=ski,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SKI002,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com in domain CN=Configuration,DC=ski,DC=com on 1 servers
Object is up-to-date on all servers.
......................... SKI002 passed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
* Replication Latency Check
DC=DomainDnsZones,DC=ski,DC=com
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ForestDnsZones,DC=ski,DC=com
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=ski,DC=com
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ski,DC=com
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ski,DC=com
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=SP,DC=ski,DC=com
Latency information for 2 entries in the vector were ignored.
1 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... SKI002 passed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 5603 to 1073741823
* ski001.ski.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 5103 to 5602
* rIDPreviousAllocationPool is 5103 to 5602
* rIDNextRID: 5103
......................... SKI002 passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SKI002 passed test Services

Starting test: SystemLog

* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SKI002 passed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=SKI002,OU=Domain Controllers,DC=ski,DC=com and backlink on

CN=SKI002,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com

are correct.
The system object reference (serverReferenceBL)

CN=SKI002,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ski,DC=com

and backlink on

CN=NTDS Settings,CN=SKI002,CN=Servers,CN=SKI-Site,CN=Sites,CN=Configuration,DC=ski,DC=com

are correct.
The system object reference (frsComputerReferenceBL)

CN=SKI002,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ski,DC=com

and backlink on CN=SKI002,OU=Domain Controllers,DC=ski,DC=com are

correct.
......................... SKI002 passed test VerifyReferences

Test omitted by user request: VerifyReplicas


Test omitted by user request: DNS

Test omitted by user request: DNS


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : ski

Starting test: CheckSDRefDom

......................... ski passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ski passed test CrossRefValidation


Running enterprise tests on : ski.com

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \\ski001.ski.com

Locator Flags: 0xe00003fd
PDC Name: \\ski001.ski.com
Locator Flags: 0xe00003fd
Time Server Name: \\ski001.ski.com
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\ski001.ski.com
Locator Flags: 0xe00003fd
KDC Name: \\ski001.ski.com
Locator Flags: 0xe00003fd
......................... ski.com passed test LocatorCheck

Starting test: Intersite

Skipping site SP-Site, this site is outside the scope provided by the

command line arguments provided.
Skipping site SKI-Site, this site is outside the scope provided by the

command line arguments provided.
......................... ski.com passed test Intersite

As you can see in the log file, the problem is related to Advertising section and SYSVOL. When I go to the sysvol folder, i see several empty folders. Now please consider my disign of network:

Once apon a time, I had a happy domain (all domain controllers had windows server 2003) with two site. There were to servers in Site A and two servers in Site B. Then I decided to upgarade my happy domain to windows server 2008 R2. So i decided to remove my ADC from Site A and then installed Windows server 2008 R2 on it and then make it Additional Domain Controller. Everything worked well except one thing: When i execute net share command, I cannot see sysvol related shares. and when I look at Event Viewer I see the following event:

File Replication Service is initializing the system volume with data from another domain controller. Computer SKI002 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

To check for the SYSVOL share, at the command prompt, type:
net share

When File Replication Service completes the initialization process, the SYSVOL share will appear.

The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

After several hours, I can see the same event...

Can anyone help me to make my domain happy again?

[guest]

Start with http://support.microsoft.com/kb/312862

If this doesn't bring resolution, you might want to consider demoting (forcefully if needed - which would need to be followed by AD metadata cleanup) and promoting again...

hth
Marcin

With the help of your suggested links and using the following link, my problem resolved:



http://support.microsoft.com/kb/315457



Thanks a lot!