Domain Replication Issues - Assistance

Question

Hello,

I have recently started a new position at an environment that didn't have a true Administrator. Part of my audit was checking the health of the domain. I found that the Domain is still using FRS and not DFRS and wanted to work on that process. While researching that process I found that we had replication issues. I had to do a JRNL Wrap 02/04 fix. This partially resolved the issue but now I am encountering the below warning daily.

SYSVOL and NETLOGON shares are both working, Changes to AD Users/GP reflect on my other two AD servers.

I came across this article and did the DCDiag suggested and have attached the results in the below link. This is a share from our NAS.

Any suggestions or assistance would be greatly appreciated as I am not sure what my next steps should be.

https://social.technet.microsoft.com/Forums/en-US/2ebb6200-0324-49fa-b20d-f6a49441cf6b/how-to-check-health-checkup-of-dns-and-active-directory-in-windows-server-2012?forum=winserver8gen

DCDiag and IPConfig results

http://gofile.me/4Zo2U/c24SZRFDH

Warning:

The File Replication Service is having trouble enabling replication from CVPHXAD02 to CVPHXAD01 for c:\windows\sysvol\domain using the DNS name cvphxad02.corp.clearvalueconsulting.com. FRS will keep retrying.

Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name cvphxad02.corp.clearvalueconsulting.com from this computer.

[2] FRS is not running on cvphxad02.corp.clearvalueconsulting.com.

[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Answer 1

How long has this been going on? You could try a nonauthoritative restore (as below)

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/use-burflags-to-reinitialize-frs#nonauthoritative-restore

If this has exceeded tombstone lifetime, then follow along here.

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc786630(v=ws.10)?redirectedfrom=MSDN

worst case you could take all but CVPHXAD01 offline, then do an authoritative restore

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/use-burflags-to-reinitialize-frs#authoritative-frs-restore

do metadata cleanup to remove remnants of the others.

Clean up Active Directory Domain Controller server metadata

Step-By-Step: Manually Removing A Domain Controller Server

Then confirm all is good via dcdiag, and both System and FRS Replication logs are free of error. Once confirmed you could do the FRS to DFSR migration

then rebuild the others from scratch. Post back here if further assistance is needed.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Please post the event source and event IDs for any System and FRS Replication event log errors since last boot.

Answer 3

Ok, thanks for the updates. Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on any domain controller)
ipconfig /all > C:\%computername%.txt (run on EVERY domain controller)
ipconfig /all > C:\problemworkstation.txt (run on problem pc)

then put unzipped text files up on OneDrive and share a link.

Answer 4

Hello Dave,

I ran everything but the "problem pc". I do not have any issues with joining the domain, group policy, etc. My issue is that FRS shows sync warnings that I sent previously and its causing me to hesitate to migrate to DFRS.

https://1drv.ms/f/s!ArOziFrTAT15bEisn3XrAmavRWg?e=HCMd7Q

AD01 = Win Server 2016

AD02 = Win Server 2016

AD04 = Win Server 2012 (just added about a week ago)