A bit of followup... I've opened a case with MSFT support - we had a couple left on our EA.
They tried reformulating the powershell as a simplified one-liner for only one RG/RF, and it failed with the same error. So, at the moment, somewhere in India, some Active Directory support people are now noodling over a netmon capture. They're supposed to get back to me tomorrow. If I had to guess, it's a problem with network latency, and the cmdlets don't handle it well, vs. the DFS GUI, or DFSRAdmin. But I think you suspected that already, as did I. Kurt On Mon, Jul 24, 2017 at 3:30 PM, Michael B. Smith <mich...@smithcons.com> wrote: > And do you have errors in the DFS specific event logs? > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Michael B. Smith > Sent: Monday, July 24, 2017 6:22 PM > To: ntsysadm@lists.myitforum.com > Subject: RE: [NTSysADM] RPC not available on remote machine while doing DFSR > config > > > > 609 ms? Wow. > > > > I suspect that is a hint. Let’s do a bit more: > > > > rpcping -s aufs01p –i 100 –v 3 > > > > and see what that tells us…. > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Monday, July 24, 2017 5:33 PM > To: ntsysadm > Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR > config > > > > I believe so: > > From my workstation: > # rpcping -s aufs01p > Completed 1 calls in 609 ms > 1 T/S or 609.000 ms/T > > Kurt > > > > On Mon, Jul 24, 2017 at 1:13 PM, Michael B. Smith <mich...@smithcons.com> > wrote: > > Does rpcping agree? > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Monday, July 24, 2017 4:04 PM > > > To: ntsysadm > Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR > config > > > > Seems to be... > > Kurt > > > > On Mon, Jul 24, 2017 at 12:50 PM, Ed Ziots <eziot...@gmail.com> wrote: > > Is tcp 135 open via fw rules on remote host? > > > > On Jul 24, 2017 12:21 PM, "Kurt Buff" <kurt.b...@gmail.com> wrote: > > So, fixing the MTU mismatch seems not to have worked. I left the physical > interface MTUs on both sides at 1500, and set up the MTUs for the tunnel > interfaces at 1385, and verified that ping -f -l succeeds at 1357 and fails > at 1358 from both sides. > > I even took a single set of entries from my CSV file and unrolled the loop, > manually replacing the variables with values, including FQDNs for the > machine names. > > Same failure: > > # Add-DfsrMember -GroupName US2AU-Engineering -ComputerName > usfs01p.example.com, aufs01p.example.com > > Add-DfsrMember : Could not add the computer to the replication group. > Computer: aufs01p.example.com Replication group: "US2AU-Engineering" The > remote procedure call failed > At line:1 char:1 > + Add-DfsrMember -GroupName US2AU-Engineering -ComputerName usfs01p.exampl > .. > + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + CategoryInfo : NotSpecified: (aufs01p.example.com:String) > [Add-DfsrMember], DfsrException > + FullyQualifiedErrorId : > Add-DfsrMember.NonTerminatingOMException,Microsoft.DistributedFileSystemReplication.Commands.AddDfsrMemberCommand > > Additionally, I tried running the script on the DC in the AU office, and get > the reciprocal failure (RPC failure, can't resolve the name of the US file > server). > > Kurt > > > > On Mon, Jul 24, 2017 at 7:54 AM, Michael B. Smith <mich...@smithcons.com> > wrote: > > Yep, those MTUs. Because inconsistent RPC fragmentation can cause > transactions to fail. > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Monday, July 24, 2017 10:44 AM > > > To: ntsysadm > Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR > config > > > > MTUs? As in TCP/IP Maximum Transmission Units? > > I will check that and post back, but why would a mismatch in MTU show up as > this? > > Kurt > > > > On Mon, Jul 24, 2017 at 5:31 AM, Michael B. Smith <mich...@smithcons.com> > wrote: > > I’m certain you can google as well as I can – but after looking at 8-10 > results… are you sure you have matching MTUs? > > > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Monday, July 24, 2017 1:10 AM > To: ntsysadm > Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR > config > > > > Ignore my earlier message from this evening. I've overcome some blindness on > my part, and have a bit more information, though I fear it's not enough. I > used this page for what looks to be a better way to handle the errors: > https://stackoverflow.com/questions/38419325/catching-full-exception-message > > The red highlighted error is new - but I don't know why that's there. It's > very strange, as both are 2012R2 servers, in the same domain, and I'm > running this on my Win10 workstation with my DA credentials. > > > > ----------Begin revised script---------- > $NewDFSR = import-csv -Delimiter "`t" c:\Batchfiles\data\NewDFSR.csv > New-DfsReplicationGroup -GroupName US2AU-Engineering > $GroupName = Get-DfsReplicationGroup US2AU-Engineering > Foreach ($Line in $NewDFSR) > { > $GroupName = $Line.GroupName > $SourceComputer = $Line.SourceComputer > $FolderName = $Line.FolderName > $SourceContentPath = $Line.SourceContentPath > $SourceStagingPathQuotaInMB = $Line.SourceStagingPathQuotaInMB > $SourcePrimaryMember = > [System.Convert]::ToBoolean($Line.SourcePrimaryMember) > $DestinationComputer = $Line.DestinationComputer > $DestinationContentPath = $Line.DestinationContentPath > $DestinationReadOnly = > [System.Convert]::ToBoolean($Line.DestinationReadOnly) > New-DfsReplicatedFolder -GroupName $GroupName -FolderName $FolderName > Try > { > Add-DfsrMember -GroupName $GroupName -ComputerName $SourceComputer, > $DestinationComputer > } > Catch > { > $e = $_.Exception > $msg = $e.Message > while ($e.InnerException) { > $e = $e.InnerException > $msg += "`n" + $e.Message > } > $msg} > Add-DfsrConnection -GroupName $GroupName -SourceComputerName > $SourceComputer -DestinationComputerName $DestinationComputer -ErrorAction > Stop > Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName > -ComputerName $SourceComputer -ContentPath $SourceContentPath -PrimaryMember > $SourcePrimaryMember -StagingPathQuotaInMB $SourceStagingPathQuotaInMB > -Force > Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName > -ComputerName $DestinationComputer -ContentPath $DestinationContentPath > -ReadOnly $DestinationReadOnly -Force > } > Set-DfsrConnectionSchedule -GroupName "US2AU-Engineering" > -SourceComputerName "USfs01p" -DestinationComputerName "AUfs01p" -Day > 1,2,3,4,5 -BandwidthDetail > "ffffffffffffffffffffffffffffffffffff66666666666666666666666666666666ffffffffffffffffffffffffffff" > Update-DfsrConfigurationFromAD -ComputerName > $SourceComputer,$DestinationComputer > > ---------End Revised Script---------- > > Relevant output: > > ---------Begin snipped output---------- > Could not add the computer to the replication group. Computer: AUFS01P > Replication group: "US2AU-Engineering" The remote procedure call failed > The operating system version of server AUFS01P cannot be retrieved. > The remote procedure call failed > Add-DfsrConnection : The connection could not be added because DFS > Replication could not find at least one source and one destination computer > in the replication group, or because the > source and destination computers were the same. Source computer: USFS01P > Destination computer: AUFS01P Replication group: "US2AU-Engineering" > At C:\BatchFiles\Configure-NewDFSR2.ps1:32 char:5 > + Add-DfsrConnection -GroupName $GroupName -SourceComputerName $Sou ... > + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + CategoryInfo : ObjectNotFound: (:) [Add-DfsrConnection], > DfsrException > + FullyQualifiedErrorId : > Add-DfsrConnection.NoDistinctMemberPairs,Microsoft.DistributedFileSystemReplication.Commands.AddDfsrConnectionCommand > ---------End snipped output---------- > > > > On Fri, Jul 21, 2017 at 8:27 PM, Michael B. Smith <mich...@smithcons.com> > wrote: > > What is the InnerException of the error? > > > -----Original Message----- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Friday, July 21, 2017 11:11 PM > To: ntsysadm > Subject: [NTSysADM] RPC not available on remote machine while doing DFSR > config > > All, > > I'm re-doing the DFSR config for the file servers in our US and AU offices. > The US has a bunch of directories that will be replicated to AU (but not > back). No big deal, but the PowerShell script I'm writing is killing me. I > don't know if I'm running into a time out problem, or what it might be. > > I'm running the script from Redmond on my laptop. > > Here's the script, which should Just Work(tm): > ---------- > $NewDFSR = import-csv -Delimiter "`t" c:\Batchfiles\data\NewDFSR.csv > > New-DfsReplicationGroup -GroupName US2AU-Engineering > $GroupName = Get-DfsReplicationGroup US2AU-Engineering > > Foreach ($Line in $NewDFSR) > { > $GroupName = $Line.GroupName > $SourceComputer = $Line.SourceComputer > $FolderName = $Line.FolderName > $SourceContentPath = $Line.SourceContentPath > $SourceStagingPathQuotaInMB = $Line.SourceStagingPathQuotaInMB > $SourcePrimaryMember = > [System.Convert]::ToBoolean($Line.SourcePrimaryMember) > $DestinationComputer = $Line.DestinationComputer > $DestinationContentPath = $Line.DestinationContentPath > $DestinationReadOnly = > [System.Convert]::ToBoolean($Line.$Line.DestinationReadOnly) > > New-DfsReplicatedFolder -GroupName $GroupName -FolderName $FolderName > Add-DfsrMember -GroupName $GroupName -ComputerName $SourceComputer, > $DestinationComputer > Add-DfsrConnection -GroupName $GroupName -SourceComputerName > $SourceComputer -DestinationComputerName $DestinationComputer > Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName > -ComputerName $SourceComputer -ContentPath $SourceContentPath -PrimaryMember > $SourcePrimaryMember -StagingPathQuotaInMB $SourceStagingPathQuotaInMB > -Force > Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName > -ComputerName $DestinationComputer -ContentPath $DestinationContentPath > -ReadOnly $DestinationReadOnly -Force > } > ---------- > > But it fails the Add-DfsrMember command, when trying to add the AU file > server: > ---------- > Add-DfsrMember : Could not add the computer to the replication group. > Computer: ZAUFS01P Replication group: "US2AU-Engineering" The remote > procedure call failed > At C:\BatchFiles\New-DfsrConfiguration.ps1:19 char:2 > + Add-DfsrMember -GroupName $GroupName -ComputerName $SourceCompute > ... > + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + CategoryInfo : NotSpecified: (ZAUFS01P:String) > [Add-DfsrMember], DfsrException > + FullyQualifiedErrorId : > Add-DfsrMember.NonTerminatingOMException,Microsoft.DistributedFileSystemReplication.Commands.AddDfsrMemberCommand > ---------- > > However, if I RDP to that file server, I see this, which to me indicates > that it *is* listening: > ---------- > C:\Windows\system32>winrm enumerate winrm/config/listener > Listener [Source="GPO"] > Address = * > Transport = HTTP > Port = 5985 > Hostname > Enabled = true > URLPrefix = wsman > CertificateThumbprint > ListeningOn = 10.212.1.30, 127.0.0.1, ::1, > fe80::a9e7:6f85:8115:b4ed%16 > ---------- > > Heck, I even stood up wireshark on my laptop, from which I'm running this > script, and see traffic to that server, though I can't quite figure out the > conversation - but I have a 48kb capture file detailing the transaction for > the attempted configuration of a single directory, if anyone wants that. > > Kurt > > > > > > > > > >
