question

RickLee-3121 avatar image
0 Votes"
RickLee-3121 asked DSPatrick answered

Migrating to DFSR. 2 servers stuck in START.

Hi, I have a domain with 11 sites, 11 DCs. After doing some verification I started the migration to dfsr. 9 DCs are in a stable prepared state. 2 are still in start. Locally on these 2 servers, they are in the prepared state. But for some reason they are not reporting this back to the rest of the domain. Any suggestions? I have been chasing after this for 5 days with no success.

windows-server
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bump! Bump!

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

I'd roll back the migration. Move roles off of failed / tombstoned DCs, demote them, perform cleanup (if necessary)
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

, then verify domain health is 100% before trying again.

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

If it were me I'd roll back. Fix the tombstoned DC, then verify domain health is 100% before trying again.


--please don't forget to Accept as answer if the reply is helpful--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RickLee-3121 avatar image
0 Votes"
RickLee-3121 answered RickLee-3121 edited

Thank you. I can do this while the healthy part of the domain is in the "prepared state"? Or do I have to roll back the migration?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

8614 | The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The only solution here is to move roles off, demote, reboot, promo it again.


--please don't forget to Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RickLee-3121 avatar image
0 Votes"
RickLee-3121 answered

8614 | The directory service cannot replicate with this server because
the time since the last replication with this server has exceeded the
tombstone lifetime.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RickLee-3121 avatar image
0 Votes"
RickLee-3121 answered DaisyZhou-MSFT commented

Daisy Zhou, are you still available?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @RickLee-3121,

I am sorry for the late reply.

Considering your issue is a little complex and may need to collect many logs to troubleshoot and analyze, Please understand, for such issue, it is not an efficient way to work in this forum. I suggest you submit a service request to MS Professional tech support service so that a dedicated support professional can further assist you with this request.

https://support.microsoft.com/en-in/gp/contactus81?forceorigin=esmc&Audience=Commercial

https://support.microsoft.com/en-us/help/4051701/global-customer-service-phone-numbers

Thank you for your understanding and support.


Best Regards,
Daisy Zhou

0 Votes 0 ·
RickLee-3121 avatar image
0 Votes"
RickLee-3121 answered

Firewalls are turned off on the 2 DCs in start state as well as the PDC

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RickLee-3121 avatar image
0 Votes"
RickLee-3121 answered RickLee-3121 edited

I looked at the event viewer on both servers. Event viewer states both servers migrated to prepared state.

HKLM\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Migrating SysVols and Local State is set to 1

sysvol_dfsr folder is created in c:\windows but is larger than the sysvol folder

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RickLee-3121 avatar image
0 Votes"
RickLee-3121 answered

Hi Daisy Zhou,
Thanks for the response. I followed this and everything passed before I migrated so I assumed all was good..

https://techcommunity.microsoft.com/t5/storage-at-microsoft/streamlined-migration-of-frs-to-dfsr-sysvol/ba-p/425405

1: and 2: above, Do I need to run these commands on the 2 servers in START status or on the PDC roll holder?

Rick


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered RickLee-3121 commented

Hello @RickLee-3121,

Thank you for posting here.

Please check if AD environment is working fine although we should have checked it before migration.

1.Please check if the two DCs with Start status is working fine by running command Dcdiag /v.

2.Meanwhile, please check if AD replication works fine by running commands below.

repadmin /showrepl >c:\repsum1.txt

repadmin /replsum >c:\repsum2.txt


repadmin /showrepl * /csv >c:\repsum3.csv

3.Please check if AD ports on the two DCs with Start status are open.

Active Directory and Active Directory Domain Services Port Requirements
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN

Active Directory Replication over Firewalls
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727063(v=technet.10)?redirectedfrom=MSDN


Please confirm the information below:
1.Would you please provide the result with screenshot (if it contains private information, please obscure the private information)?
2.Would you please tell us how you check "Locally on these 2 servers, they are in the prepared state"? Via registry or other method?


Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Daisy Zhou. Are you still available to help with this?

0 Votes 0 ·