DFSR Sysvol invalid msDFSR-Subscriber object data

[evoman91]

Hi All,

I've been scratching my head for the last few hours trying to resolve an issue with a DC.

First a bit of background, I have 3 DCs, all globe catalogues, the server that is having the following problems doesn't have any of the FSMO roles, it doesn't have DHCP or DNS roles although it did a few months ago. All the other servers appear to be working fine. The domain is windows server 2008 R2.

I have the following error in my error log:

The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.

Additional Information:
Object DN: CN=Domain System Volume,CN=DFSR-LocalSettings,CN=**DC NAME**,OU=Domain Controllers,DC=**DOMAIN NAME**,DC=local
Attribute Name: msDFSR-MemberReference
Domain Controller: **DC NAME**.**DOMAIN NAME**
Polling Cycle: 60 minutes[/CODE]

AD replication is fine, running REPADMIN /SHOWREPL * /CSV shows no errors and the last success was within the last few minutes and several tests I've done show that replication is fine.

Everything in ASDI looks ok, does anyone have an suggestions on where to look next?

[sc302 Veteran]

Is this server a Domain Controller? If it is, you really should have dns on it. TCP/IP properties should have the primary pointing to its static IP address, secondary should be pointing to one of the other domain controllers.

[rootwiler]

as sc302 said, if that's a DC I would strongly suggest you have DNS installed on it as well. Can you even dcpromo without installing the DNS role? :\ Whens the last time DFS worked as it should? Did it recently stop working or has it been done for a month or two?

http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/0f1a131f-d657-4edd-b5d2-6d61f5ccbed1

[evoman91]

Thanks for the replies people, looking at the logs it has been doing it for a few months, should probably have realised sooner but hey.

I've reinstalled DNS on the box, DNS is replicating as it should, but I've still got the issue of sysvol not replicating on that machine.

[evoman91]

After running dcdiag /q I have the following output:

         Some objects relating to the DC **DC NAME** have problems: 
            [1] Problem: Missing Expected Value
             Base Object:
            CN=NTDS Settings,CN=**DC NAME**,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=**DC NAME**,DC=local
             Base Object Description: "DSA Object"
             Value Object Attribute Name: serverReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            [1] Problem: Missing Expected Value
             Base Object:
            CN=**DC NAME**,OU=Domain Controllers,DC=**DC NAME**,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: msDFSR-ComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... **DC NAME** failed test VerifyReferences[/CODE]

[Guest]

Are normal AD objects replicating then, I.E. User accounts?

If your sure its just sysvol thats broken you can rebuild it from one of the working DC's. In 2000+2003 this was done with the burflags regsitry keys but in 2008 there is a new method using ADSIEdit.

http://technet.microsoft.com/en-us/library/cc816596(v=ws.10).aspx

[sc302 Veteran]

What does the replication and active directory log look like.

[evoman91]

  Quote

SK[' timestamp=1356613375' post='595417770]

Are normal AD objects replicating then, I.E. User accounts?

If your sure its just sysvol thats broken you can rebuild it from one of the working DC's. In 2000+2003 this was done with the burflags regsitry keys but in 2008 there is a new method using ADSIEdit.

http://technet.micro...6(v=ws.10).aspx

AD objects are replicating correctly, new users account etc. all replicate as expected.

I'll have a look at that technet article, thanks.

[sc302 Veteran]

You are having an issue with replication. Just because you see your AD objects doesn't mean your file objects are replicating properly. Your replication logs should have errors and possibly some in your ad event logs...these logs should have a ton of errors in them.

[evoman91]

  On 27/12/2012 at 15:14, sc302 said:

You are having an issue with replication. Just because you see your AD objects doesn't mean your file objects are replicating properly. Your replication logs should have errors and possibly some in your ad event logs...these logs should have a ton of errors in them.

I am very well aware I am having a problem with replication, I was only answering ]SK[ question about AD object replication. I didn't dismiss your idea to look at he replication logs did I, I was going to have a look at them once I return home.

I'm probably reading to much into it but your post feels like you where attacking me for not replying to you.

[sc302 Veteran]

you are reading too much into it. if I were attacking you, there would be name calling and threats on the health of your fingers....like the asshat that keeps raising the temp to 90 degrees..