Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Troubleshooting SYSVOL Migration Issues

Published: April 15, 2009

Updated: April 15, 2009

Applies To: Windows Server 2008, Windows Server 2008 R2

The following sections list known issues with the DFS Replication migration process and suggest resolutions for these issues.

For additional troubleshooting information, see the topic Verifying the State of SYSVOL Migration.

Renaming of a domain controller during migration causes migration and replication to fail. This is because the connection and member object names for FRS and DFS Replication do not remain synchronized with the new domain controller name. The promoting and demoting of domain controllers does not affect the migration process.

To rename a domain controller during migration, demote the domain controller, rename it, and then promote the domain controller, as described in the following steps.

  1. At a command prompt, run the dcpromo command to demote the domain controller.

  2. Open Server Manager from the Administrative Tools folder.

  3. In the Server Manager window, click Change System Properties.

  4. On the Computer Name tab of the System Properties dialog box, click Change.

  5. Under Computer name in the Computer Name/Domain Changes dialog box, change the computer name to the new name, and then click OK twice.

  6. At a command prompt, run the dcpromo command to repromote the computer as a domain controller with the new name.

Migration from one stable state to another can take an extended period, especially if some of the domain controllers are read-only or are located in a remote site. In these cases, migration may not reach a consistent state on all domain controllers for a long time after you change the global migration state.

You can determine if migration is stalled by typing the following command: dfsrmig /GetMigrationState. If the output indicates that some domain controllers remain in the previous stable state or are in a transition state, then the migration is temporarily stalled. For example, output such as the following appears when you run the dfsrmig /GetMigrationState command.

The following Domain Controllers are not in sync with Global state (‘Prepared’):

Domain Controller (Local Migration State) – DC Type
===================================================
CONTOSO-DC2 (‘Start’) – ReadOnly DC
CONTOSO-DC3 (‘Preparing’) – Writable DC

Migration has not yet reached a consistent state on all domain controllers
State information might be stale due to AD latency.

The delay in reaching a consistent migration state does not necessarily indicate that the migration failed or that it resulted in issues that need to be addressed. The reasons for a delay in reaching a consistent migration state may include:

  • The migration directive relies on Active Directory replication to propagate to each domain controller and is dependent on Active Directory replication latencies.

  • Read-only domain controllers (RODCs) must wait for the primary domain controller (PDC) emulator to modify Active Directory objects on their behalf, taking additional time. In particular, RODCs may be subject to migration delays in the following cases due to replication delays:

    • Migration to the Prepared state. The local migration state for the RODC can remain at 4 (Preparing) state for an extended period.

    • Rollback to the Start state. The local migration state for the RODC can remain at 9 (Undo Preparing) for an extended period.

    • Migration to the Eliminated state. he local migration state for the RODC can remain at 7 (eliminating) for an extended period.

You can continue to wait for migration to reach a consistent state, or you can take one of the following actions to try to prompt the migration process to reach a consistent state:

  • Force Active Directory replication on domain controllers that have a migration delay. To do so, at a command prompt on the domain controller, type repadmin /syncall /AeD

  • Force the DFS Replication service to poll Active Directory on domain controllers that have a migration delay. To do so, at a command prompt on a domain controller, type the following command, where remote_domain_controller_name is the computer name of the affected domain controller: dfsrdiag pollad /member:remote_domain_controller_name

    ImportantImportant
    For this to command to work, be sure that Windows Management Instrumentation (WMI) is allowed by the firewall on the remote computer. For more information, see the articles 179442 http://go.microsoft.com/fwlink/?LinkId=137839 and 832017 http://go.microsoft.com/fwlink/?LinkId=137838 in the Microsoft Knowledge Base.

If forcing Active Directory replication or a manual poll of Active Directory does not enable SYSVOL migration to proceed, check the Event Log for warnings or errors that the DFS Replication service logged during the SYSVOL migration and perform any corrective actions mentioned in those events. Also, if migration or rollback is stalled for a read-only domain controller, see the following sections for additional actions that you can take.

If AD DS replication takes a long time, RODCs may stall at the Eliminating transition state. This can occur because RODCs must wait for the PDC emulator to modify Active Directory objects on their behalf, taking additional time.

If you notice that migration stalls at the Eliminating transition state, use the following steps to manually delete the AD DS objects for FRS.

  1. Follow the steps in the “Check whether Active Directory objects for FRS still exist” section of Verifying the State of SYSVOL Migration to check if the Active Directory objects for FRS replication were removed for the read-only domain controller.

  2. At a command prompt, type dfsrmig /DeleteRoNtfrsMember domain_controller_name to manually delete any remaining AD DS objects for FRS.

If AD DS replication takes a long time, RODCs may stall at the Preparing transition state. This can occur because RODCs must wait for the PDC emulator to modify Active Directory objects on their behalf, taking additional time.

If you notice that migration stalls at the Preparing transition state, or if you promote a new RODC during the migration before the domain is in the Eliminated state, use the following steps to manually create the AD DS objects.

  1. Follow the steps in the “Check the Active Directory objects for DFS Replication” section of Verifying the State of SYSVOL Migration to check if the Active Directory objects for DFS Replication exist for the read-only domain controller.

  2. At a command prompt, type dfsrmig /CreateGlobalObjects to manually create the Active Directory objects for DFS Replication if they are not present (no parameters are required with this command).

If AD DS replication takes a long time, RODCs may stall at the Undo Preparing rollback transition state. This can occur because RODCs must wait for the PDC emulator to modify Active Directory objects on their behalf, taking additional time.

If you notice that the rollback stalls at the Undo Preparing transition state, use the following steps to manually delete the AD DS objects for DFS Replication.

  1. Follow the steps in the “Check the Active Directory objects for DFS Replication” section of Verifying the State of SYSVOL Migration to check if the Active Directory objects for DFS Replication were removed for the read-only domain controller.

  2. At a command prompt, type dfsrmig /DeleteRoDfsrMember domain_controller_name to manually delete any remaining AD objects for DFS Replication.

During the migration to the Eliminated state, event 8004 occurs on all domain controllers. The description of the event refers to the domain controllers as read-only domain controllers, even if they are not read-only.

The occurrence of this event on domain controllers that are not read-only domain controllers is a known issue. Ignore this event when it occurs during the migration to the Eliminated state on a domain controller that is not read-only.

Below is an example of event 8004

 

Source:

DFS Replication

Event ID:

8004

Level:

Information

Description:

The NTFRS member object for the Read-only Domain Controller <FULL_DC_NAME> was deleted successfully.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.