Errors on dcdiag checking after added new DC

Question

Errors on dcdiag checking after added new DC

drClays 151

Hi,

I have got DC on Widows Server 2012r2(DFSR is enabled) and I added new DC with Windows Server 2019 OS - I did it, because I would like demote old DC.

After added new DC I checked dcdiag and I had this:

 Testing server: Default-First-Site-Name\AD1
      Starting test: Connectivity
         ......................... AD1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\AD1
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\AD.contoso.local, when we were trying to reach AD1.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... AD1 failed test Advertising
      Starting test: FrsEvent
         ......................... AD1 passed test FrsEvent
      Starting test: DFSREvent
         ......................... AD1 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... AD1 passed test SysVolCheck
      Starting test: KccEvent
         ......................... AD1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... AD1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... AD1 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... AD1 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\AD1\netlogon)
         [AD1] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
         ......................... AD1 failed test NetLogons

I don't have access to netlogon on new server and I have a problem with "DsGetDcName"

On checking dcdiag I have more errors:

Time Generated: 08/24/2023   17:02:04
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file \\contoso.local\SysVol\contoso.local\Policies\{57B39CBE-068C-43C0-819B-381BDAD27B69}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
         A warning event occurred.  EventID: 0x0000008E
            Time Generated: 08/24/2023   17:22:06
            Event String:
            The time service has stopped advertising as a time source because the local clock is not synchronized.
         A warning event occurred.  EventID: 0x00000032
            Time Generated: 08/24/2023   17:22:06
            Event String:
            The time service detected a time difference of greater than 5000 milliseconds for 900 seconds. The time difference might be caused by synchronization with low-accuracy time sources or by suboptimal network conditions. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. When a valid time stamp is received from a time service provider, the time service will correct itself.
         A warning event occurred.  EventID: 0x80040020
            Time Generated: 08/24/2023   17:30:53
            Event String:
            The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
         A warning event occurred.  EventID: 0x80040020

Any ideas?

EDIT: It's not 2022 OS it's 2019 OS - Sorry for mistake.

5 answers

Your answer

Answer 1

Anonymous

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on any domain controller)
ipconfig /all > C:\%computername%.txt (run on EVERY domain controller)

Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)

then put unzipped text files up on OneDrive and share a link.

drClays 151 Reputation points

2023-08-25T09:45:39.8666667+00:00

here is files shared:

https://we.tl/t-Q1DrN5nWzj
drClays 151 Reputation points

2023-08-25T10:13:46.8766667+00:00

Event logs:

4612

The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner ad1.contoso.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: FC63D454-5F31-40BD-9022-478E04D3996C Replication Group Name: Domain System Volume Replication Group ID: 42D0A2EA-8BB1-4B72-96F1-85E45DDFD2B0 Member ID: 8EBE9D2F-92F8-4ADF-ADCE-1E7B753615CD Read-Only: 0

5002

The DFS Replication service encountered an error communicating with partner AD1 for replication group Domain System Volume. Partner DNS address: ad1.contoso.local Optional data if available: Partner WINS Address: ad1 Partner IP Address:
The service will retry the connection periodically. Additional Information: Error: 1726 (Zdalne wywołanie procedury nie powiodło się.) Connection ID: 42D0A2EA-8BB1-4B72-96F1-85E45DDFD2B0 Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7 The DFS Replication service encountered an error communicating with partner ADV2 for replication group Domain System Volume. Partner DNS address: ADv2.contoso.local Optional data if available: Partner WINS Address: ADv2 Partner IP Address: 192.168.10.202 The service will retry the connection periodically. Additional Information: Error: 1753 (Nie ma więcej dostępnych punktów końcowych z programu mapowania punktów końcowych.) Connection ID: 098FED94-3A39-4B14-8C0B-287EDB25F27F Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7

5014

The DFS Replication service is stopping communication with partner AD1 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 9033 (Zamknięcie spowodowało anulowanie żądania.) Connection ID: 42D0A2EA-8BB1-4B72-96F1-85E45DDFD2B0 Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7
drClays 151 Reputation points

2023-08-25T10:17:15.43+00:00

Event logs:

4612

The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner ad1.contoso.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: FC63D454-5F31-40BD-9022-478E04D3996C Replication Group Name: Domain System Volume Replication Group ID: 42D0A2EA-8BB1-4B72-96F1-85E45DDFD2B0 Member ID: 8EBE9D2F-92F8-4ADF-ADCE-1E7B753615CD Read-Only: 0

5002

The DFS Replication service encountered an error communicating with partner AD1 for replication group Domain System Volume. Partner DNS address: ad1.contoso.local Optional data if available: Partner WINS Address: ad1 Partner IP Address:
The service will retry the connection periodically. Additional Information: Error: 1726 (Zdalne wywołanie procedury nie powiodło się.) Connection ID: 42D0A2EA-8BB1-4B72-96F1-85E45DDFD2B0 Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7

5002

The DFS Replication service encountered an error communicating with partner ADV2 for replication group Domain System Volume. Partner DNS address: ADv2.contoso.local Optional data if available: Partner WINS Address: ADv2 Partner IP Address: 192.168.10.202 The service will retry the connection periodically. Additional Information: Error: 1753 (Nie ma więcej dostępnych punktów końcowych z programu mapowania punktów końcowych.) Connection ID: 098FED94-3A39-4B14-8C0B-287EDB25F27F Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7

5014

The DFS Replication service is stopping communication with partner AD1 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 9033 (Zamknięcie spowodowało anulowanie żądania.) Connection ID: 42D0A2EA-8BB1-4B72-96F1-85E45DDFD2B0 Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7

Answer 2

Hello drClays,

Thank you for posting in Q&A forum.

From the information you provided, I can AD1 failed test Advertising as one DC.

To better understand you question, please help confirm the information below so that we can help you better.

1.Is your forest one forest with a single domain?
2.If you have only one domain, how many DCs are there in your Domain before you adding new 2022 DC?
3.If the old DC and AD replication works fine before you add the new 2022 DC?
4.Check can you see netlogon and sysvol folder by running net share on new DC.
5.can you access netlogon and sysvol folder on new DC.

It seems there might be one or more issue on your old DC or in your domain before adding new DC in your domain. I think the quick way you can try is:

1.Demote the new 2022 DC in the domain completely.

2.You should check if old 2012 R2 DC itself work fine or not. You can run Dcdiag /v on this DC to check the result.

3.If you have more than one DC before adding this new 2022 DC, you should not only check DC function itself on each DC, but also check the AD replication between all DCs in the domain. Run commands below on PDC.

repadmin /showrepl >c:\repsum1.txt

repadmin /replsum >c:\repsum2.txt

repadmin /showrepl * /csv >c:\repsum.csv

4.Check if SYSVOL replication works fine if you have more than one DC.

5.Check if group policy can apply successfully on client and DC.
Run gpupdate /force on one client and DC.

6.Check if time and date is correct on old DC/DCs.

If all is fine above, we can try to promote this 2022 server as DC and check if new DC works fine.

Hope the information above is helpful. If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

==========================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

drClays 151 Reputation points

2023-08-25T09:51:38.59+00:00

It's single domain.

There was 2 DC with WS2012r2. After added new DC with WS2019 I demote secondary DC with WS2012r2. I going to have only one DC.

All was fine before added new DC with WS2019.

On net share I don't see netlogon and sysvol

I don't have access to netlogon on new DC.

Answer 3

Anonymous

There was 2 DC with WS2012r2. After added new DC with WS2022 I demote secondary DC with WS2012r2. I going to have only one DC.

Hopefully the 2012 is not yet demoted? You can try a non-authoritative sync

https://learn.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization#how-to-perform-a-non-authoritative-synchronization-of-dfsr-replicated-sysvol-replication-like-d2-for-frs

--please don't forget to upvote and Accept as answer if the reply is helpful--

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Anonymous

2023-08-27T12:32:13.5133333+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
drClays 151 Reputation points

2023-08-27T19:05:58.4066667+00:00
Hey,

I did it, but it's not helped.

I've got error 4614 without resolve the issue result:

The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner . If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.

Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: FC63D454-5F31-40BD-9022-478E04D3996C Replication Group Name: Domain System Volume Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7 Member ID: 8EBE9D2F-92F8-4ADF-ADCE-1E7B753615CD Read-Only: 0

On DC with WS2012r2 "dfsrmig" state is Eliminated and this state was before I added the new DC:

On DC with OS WS2012r2 dcdiag shows only DFSREvent:

On DC with OS WS2019 dcdiag shows:

Doing primary tests Testing server: Default-First-Site-Name\AD1 Starting test: Advertising Warning: DsGetDcName returned information for \\AD.contoso.local, when we were trying to reach AD1. SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE. ......................... AD1 failed test Advertising Starting test: FrsEvent ......................... AD1 passed test FrsEvent Starting test: DFSREvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... AD1 passed test DFSREvent Starting test: SysVolCheck ......................... AD1 passed test SysVolCheck Starting test: KccEvent ......................... AD1 passed test KccEvent Starting test: KnowsOfRoleHolders ......................... AD1 passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... AD1 passed test MachineAccount Starting test: NCSecDesc ......................... AD1 passed test NCSecDesc Starting test: NetLogons Unable to connect to the NETLOGON share! (\\AD1\netlogon) [AD1] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... AD1 failed test NetLogons Starting test: ObjectsReplicated ......................... AD1 passed test ObjectsReplicated

What can I do more? Demote a new DC and add a new DC with an older system, for example with Windows Server 2016 OS?

Answer 4

Anonymous

Something here could help.

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/newly-promoted-domain-controller-fail-advertise

but there were likely problems with the 2012 before the 2022 was introduced. Might want to demote the new 2022, then work to clean up until dcdiag, System and DFS Replication event logs are all 100% free of errors before trying again.

--please don't forget to upvote and Accept as answer if the reply is helpful--

drClays 151 Reputation points

2023-08-27T19:56:27.4933333+00:00

I checked this registry before and this key is correct - he looking at the primary DC.

Now I need to apologise to you because it's not a 2022 it's 2019 OS(I edit my posts upster).

I can demote this DC with 2019 OS and add tomorrow DC with 2016 OS and check it. What do you think about it?

Answer 5

Anonymous

I can demote this DC with 2019 OS and add tomorrow DC with 2016 OS and check it. What do you think about it?

I would not do this. Trying to add a domain controller to a domain that already has problems just complicates the situation. If it were me, I'd demote the new 2022, (after doing so clear out the mentioned event logs before a reboot) then work to clean up until dcdiag, System and DFS Replication event logs are all 100% free of errors before trying again.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Anonymous

2023-08-28T12:12:47.5066667+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
drClays 151 Reputation points

2023-08-28T18:21:28.9433333+00:00

I demoted DC with 2019 OS. All events were correct. Next I added temporary DC with WS2012r2 OS and SYSVOL and NETLOGON not working.

Primary DC:

Temporary DC:

The same effect when I added DC with WS2019 OS.

Suggestions?
Anonymous

2023-08-28T18:24:26.1966667+00:00

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on any domain controller)
ipconfig /all > C:\%computername%.txt (run on EVERY domain controller)

Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)

then put unzipped text files up on OneDrive and share a link.
drClays 151 Reputation points

2023-08-28T18:35:32.1866667+00:00

Done:

https://we.tl/t-jUl3upczGr

DFSR from Event Viewer:

4614:

The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner AD.contoso.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: FC63D454-5F31-40BD-9022-478E04D3996C Replication Group Name: Domain System Volume Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7 Member ID: 4EC75A2C-1AC8-473D-9C77-9DF95FBE2D1D Read-Only: 0

6804:

The DFS Replication service has detected that no connections are configured for replication group Domain System Volume. No data is being replicated for this replication group.

Additional Information: Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7 Member ID: 4EC75A2C-1AC8-473D-9C77-9DF95FBE2D1D

6806:

The DFS Replication service has detected that at least one connection is configured for replication group Domain System Volume.

Additional Information: Replication Group ID: F29F02DC-AAA2-4467-BA71-7B6E6C189DF7 Member ID: 4EC75A2C-1AC8-473D-9C77-9DF95FBE2D1D

6018:

The DFS Replication service successfully updated configuration in Active Directory Domain Services.

Additional Information: Domain Controller: AD03.contoso.local Polling Cycle: 60 minutes

6016:

The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.

Additional Information: Object Category: msDFSR-LocalSettings Object DN: CN=DFSR-LocalSettings,CN=AD03,OU=Domain Controllers,DC=contoso,DC=local Error: 2 (The system cannot find the file specified.) Domain Controller: ad.contoso.local Polling Cycle: 60
Anonymous

2023-08-28T18:38:29.62+00:00

Sorry, I do not want to sign up for that file sharing service.
drClays 151 Reputation points

2023-08-28T18:42:16.16+00:00

This is the same file sharing service that I shared for you before.

I check this link on other Web Browser and I don't need to sign up to download files.
drClays 151 Reputation points

2023-08-28T18:44:26.6633333+00:00

Check this one:

https://filetransfer.io/data-package/QUTFpBt7#link
Anonymous

2023-08-28T18:46:32.62+00:00

same file sharing service that I shared for you before

I know, I didn't use that one either. Another option is to open a case here with product support.
https://support.serviceshub.microsoft.com/supportforbusiness

--please don't forget to close up the thread here if the reply is helpful--
drClays 151 Reputation points

2023-08-28T18:52:00.8466667+00:00

I don't know if customer have support for it on MS.

You can't help me? Do you need to share it only on OneDrive?
drClays 151 Reputation points

2023-08-28T18:57:37.41+00:00

Here share from One Drive:

https://1drv.ms/f/s!ApkHEGP8CIJVeuST8fgxswZnF6I?e=DLWURB
Anonymous

2023-08-28T20:29:48.7966667+00:00

On 2012 what's here?
drClays 151 Reputation points

2023-08-29T09:08:46.39+00:00

Is enabled:
Anonymous

2023-08-29T14:03:32.0033333+00:00

May need to restore a known good backup of 2012 and try the migration again.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Share via

Errors on dcdiag checking after added new DC

5 answers

Your answer