DFSR Sysvol invalid msDFSR-Subscriber object data


Recommended Posts

Hi All,

I've been scratching my head for the last few hours trying to resolve an issue with a DC.

First a bit of background, I have 3 DCs, all globe catalogues, the server that is having the following problems doesn't have any of the FSMO roles, it doesn't have DHCP or DNS roles although it did a few months ago. All the other servers appear to be working fine. The domain is windows server 2008 R2.

I have the following error in my error log:


The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.

Additional Information:
Object DN: CN=Domain System Volume,CN=DFSR-LocalSettings,CN=**DC NAME**,OU=Domain Controllers,DC=**DOMAIN NAME**,DC=local
Attribute Name: msDFSR-MemberReference
Domain Controller: **DC NAME**.**DOMAIN NAME**
Polling Cycle: 60 minutes[/CODE]

AD replication is fine, running REPADMIN /SHOWREPL * /CSV shows no errors and the last success was within the last few minutes and several tests I've done show that replication is fine.

Everything in ASDI looks ok, does anyone have an suggestions on where to look next?

Link to comment
Share on other sites

Is this server a Domain Controller? If it is, you really should have dns on it. TCP/IP properties should have the primary pointing to its static IP address, secondary should be pointing to one of the other domain controllers.

Link to comment
Share on other sites

as sc302 said, if that's a DC I would strongly suggest you have DNS installed on it as well. Can you even dcpromo without installing the DNS role? :\ Whens the last time DFS worked as it should? Did it recently stop working or has it been done for a month or two?

http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/0f1a131f-d657-4edd-b5d2-6d61f5ccbed1

Link to comment
Share on other sites

Thanks for the replies people, looking at the logs it has been doing it for a few months, should probably have realised sooner but hey.

I've reinstalled DNS on the box, DNS is replicating as it should, but I've still got the issue of sysvol not replicating on that machine.

Link to comment
Share on other sites

After running dcdiag /q I have the following output:


Some objects relating to the DC **DC NAME** have problems:
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=**DC NAME**,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=**DC NAME**,DC=local
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

[1] Problem: Missing Expected Value
Base Object:
CN=**DC NAME**,OU=Domain Controllers,DC=**DC NAME**,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

......................... **DC NAME** failed test VerifyReferences[/CODE]

Link to comment
Share on other sites

SK[' timestamp=1356613375' post='595417770]

Are normal AD objects replicating then, I.E. User accounts?

If your sure its just sysvol thats broken you can rebuild it from one of the working DC's. In 2000+2003 this was done with the burflags regsitry keys but in 2008 there is a new method using ADSIEdit.

http://technet.micro...6(v=ws.10).aspx

AD objects are replicating correctly, new users account etc. all replicate as expected.

I'll have a look at that technet article, thanks.

Link to comment
Share on other sites

You are having an issue with replication. Just because you see your AD objects doesn't mean your file objects are replicating properly. Your replication logs should have errors and possibly some in your ad event logs...these logs should have a ton of errors in them.

Link to comment
Share on other sites

You are having an issue with replication. Just because you see your AD objects doesn't mean your file objects are replicating properly. Your replication logs should have errors and possibly some in your ad event logs...these logs should have a ton of errors in them.

I am very well aware I am having a problem with replication, I was only answering ]SK[ question about AD object replication. I didn't dismiss your idea to look at he replication logs did I, I was going to have a look at them once I return home.

I'm probably reading to much into it but your post feels like you where attacking me for not replying to you.

Link to comment
Share on other sites

you are reading too much into it. if I were attacking you, there would be name calling and threats on the health of your fingers....like the asshat that keeps raising the temp to 90 degrees..

Link to comment
Share on other sites

This topic is now closed to further replies.