question

rmartin0000 avatar image
0 Votes"
rmartin0000 asked DSPatrick answered

Error while migrating FSR to DFSR in 2016 server

Hi Experts,
We've 2 DC's running on server 2016 and both ADC's are writable domains with forest level 2008R2, ADC1 is holding FSMO roles whereas 2nd ADC is backup.

While migrating FRS to DFSR from ADC1 stuck in Eliminate stage where it stuck since more than 24 hrs but still not complete while troubleshooting found event viewer 1302, 4614, 2107 & 6804.

Pls. note, I'm running with domain admin account and both DC's has enough space available and I can see SYSVOL_DFSR windows dir in both domains but size wise not fully replicated.

Pls. find attached 76855-dfsrmig-040.log[76867-event-viewer-error-1302.txt][2][76848-event-viewer-error-4614.txt][3]EV error report, DFS debug report and snapshots and kindly advice with your suggestion.

thank you![76893-1.jpg][5]


![76911-2.jpg][4]


windows-server-migrationwindows-server-management
1.jpg (40.6 KiB)
2.jpg (36.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered rmartin0000 commented

Sounds like domain health was not good when migration was started. May want to back off the migration, then fix anything broken before trying again.

--please don't forget to Accept as answer if the reply is helpful--





· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dear DSPatrick,

Thank you for your response,

Before I start migrating, checked the dcdiag health check and everything was fine shows pass result accordingly started migration, since it is not completed i found few policies are not migrating to the other DC resulting unnecessary account block and sometime policy update shows DFSR is incomplete etc..

Kindly advice the procedure / process to revert back DFSR to FSR .

Thank you

0 Votes 0 ·
DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered rmartin0000 commented

Hello @rmartin0000,

Thank you for posting here.

Please kindly remind that since private information and security information may be involved, the forum does not analyze logs. Please delete or remove any private information and security information in the logs and cover or blur any information you provided in the post or screenshot.

Considering your issue is a little complex and may need to collect many logs to troubleshoot and analyze, Please understand, for such issue, it is not an efficient way to work in this forum. I suggest you submit a service request to MS Professional tech support service so that a dedicated support professional can further assist you with this request.


https://support.microsoft.com/en-in/gp/contactus81?forceorigin=esmc&Audience=Commercial

https://support.microsoft.com/en-us/help/4051701/global-customer-service-phone-numbers


Thank you for your understanding and support.


Best Regards,
Daisy Zhou

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dear Daisy Zhou

Purpose of adding logs for better understanding. anyhow I have removed the logs

Thank you

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered rmartin0000 commented

Kindly advice the procedure / process to revert back DFSR to FSR .

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/dfsrmig
To set the global migration state to Start (0) and to initiate rollback to the Start state, type:

dfsrmig /setglobalstate 0


--please don't forget to Accept as answer if the reply is helpful--





· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you DSPatrick for your prompt response,

Will follow and update accordingly.

0 Votes 0 ·

Sounds good, you're welcome.

--please don't forget to Accept as answer if the reply is helpful--



0 Votes 0 ·

Hi DSpatrick,

Tried executing the command as adviced dfsrmig /setglobalstate 0 but getting the below error, seems it's already in to Eliminated stage. Kindly advice.

77743-image.png


0 Votes 0 ·
image.png (9.0 KiB)
DSPatrick avatar image
0 Votes"
DSPatrick answered

Tried executing the command as adviced dfsrmig /setglobalstate 0 but getting the below error, seems it's already in to Eliminated stage. Kindly advice.

The simplest solution may be to move roles off, demote, reboot, promo the problematic one again.

--please don't forget to Accept as answer if the reply is helpful--









5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

rmartin0000 avatar image
0 Votes"
rmartin0000 answered

Hello DSPatrick,

I've added newly installed adc win2k19 server for transfer the roles but unfortunately "sysvol" and "netlogon" share was not listed so I manually edit the registry (as shown below) and restart the net service after this netlogon folder still not appear whereas sysvol shown but no policies sync.. Tried rebooting the service and server but no luck. any advice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Value data = 1,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

I'd suggest moving roles back to a healthy domain controller, demote, reboot, promo the problematic one again.

--please don't forget to Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

rmartin0000 avatar image
0 Votes"
rmartin0000 answered rmartin0000 published

Hi DSPatrick,

I moved the roles to the other available DC but receive the same error "current DFSR global stage: "Eliminated"

Also pls. find below the dcdiag test of ADC for your further advice.

C:\Windows\system32>dcdiag.exe

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = ADC
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\ADC
Starting test: Connectivity
......................... ADC passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\ADC
Starting test: Advertising
......................... ADC passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... ADC passed test FrsEvent
Starting test: DFSREvent
......................... ADC passed test DFSREvent
Starting test: SysVolCheck
......................... ADC passed test SysVolCheck
Starting test: KccEvent
......................... ADC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ADC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ADC passed test MachineAccount
Starting test: NCSecDesc
......................... ADC passed test NCSecDesc
Starting test: NetLogons
......................... ADC passed test NetLogons
Starting test: ObjectsReplicated
......................... ADC passed test ObjectsReplicated
Starting test: Replications
......................... ADC passed test Replications
Starting test: RidManager
......................... ADC passed test RidManager
Starting test: Services
......................... ADC passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 07/06/2020 14:29:48
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 07/06/2020 14:30:31
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 07/06/2020 14:31:18
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
......................... ADC failed test SystemLog
Starting test: VerifyReferences
......................... ADC passed test VerifyReferences


Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on :
Starting test: CheckSDRefDom
.........................
passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... *** passed test CrossRefValidation

Running enterprise tests on : .com
Starting test: LocatorCheck
.........................
.com passed test LocatorCheck
Starting test: Intersite
......................... ***.com passed test Intersite

C:\Windows\system32>

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Might check it here.
https://www.microsoft.com/en-us/download/details.aspx?id=30005

--please don't forget to Accept as answer if the reply is helpful--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

rmartin0000 avatar image
0 Votes"
rmartin0000 answered

DSPatrick,

I did run the AD tool before DFSR migration with zero errors also before moving the roles to the other DC, herewith attached the recent report.
Still no sycn b/w DC's

80617-5.jpg80568-6.jpg



5.jpg (196.2 KiB)
6.jpg (187.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

I did run the AD tool before DFSR migration with zero errors also before moving the roles to the other DC

and what about after?




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.