RE: [NTSysADM] RPC not available on remote machine while doing DFSR config

[Michael B. Smith]

609 ms? Wow.

I suspect that is a hint. Let’s do a bit more:

               rpcping -s aufs01p –i 100 –v 3

and see what that tells us….

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Monday, July 24, 2017 5:33 PM
To: ntsysadm
Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR 
config

I believe so:

From my workstation:
# rpcping -s aufs01p
Completed 1 calls in 609 ms
1 T/S or 609.000 ms/T
Kurt

On Mon, Jul 24, 2017 at 1:13 PM, Michael B. Smith 
<mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote:
Does rpcping agree?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Kurt Buff
Sent: Monday, July 24, 2017 4:04 PM

To: ntsysadm
Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR 
config

Seems to be...

Kurt

On Mon, Jul 24, 2017 at 12:50 PM, Ed Ziots 
<eziot...@gmail.com<mailto:eziot...@gmail.com>> wrote:
Is tcp 135 open via fw rules on remote host?

On Jul 24, 2017 12:21 PM, "Kurt Buff" 
<kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote:
So, fixing the MTU mismatch seems not to have worked. I left the physical 
interface MTUs on both sides at 1500, and set up the MTUs for the tunnel 
interfaces at 1385, and verified that ping -f -l succeeds at 1357 and fails at 
1358 from both sides.
I even took a single set of entries from my CSV file and unrolled the loop, 
manually replacing the variables with values, including FQDNs for the machine 
names.
Same failure:

# Add-DfsrMember -GroupName US2AU-Engineering -ComputerName 
usfs01p.example.com<http://usfs01p.example.com>, 
aufs01p.example.com<http://aufs01p.example.com>

Add-DfsrMember : Could not add the computer to the replication group. Computer: 
aufs01p.example.com<http://aufs01p.example.com> Replication group: 
"US2AU-Engineering" The remote procedure call failed
At line:1 char:1
+ Add-DfsrMember -GroupName US2AU-Engineering -ComputerName usfs01p.exampl ..
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (aufs01p.example.com:String) 
[Add-DfsrMember], DfsrException
    + FullyQualifiedErrorId : 
Add-DfsrMember.NonTerminatingOMException,Microsoft.DistributedFileSystemReplication.Commands.AddDfsrMemberCommand
Additionally, I tried running the script on the DC in the AU office, and get 
the reciprocal failure (RPC failure, can't resolve the name of the US file 
server).
Kurt

On Mon, Jul 24, 2017 at 7:54 AM, Michael B. Smith 
<mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote:
Yep, those MTUs.  Because inconsistent RPC fragmentation can cause transactions 
to fail.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Kurt Buff
Sent: Monday, July 24, 2017 10:44 AM

To: ntsysadm
Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR 
config

MTUs? As in TCP/IP Maximum Transmission Units?
I will check that and post back, but why would a mismatch in MTU show up as 
this?
Kurt

On Mon, Jul 24, 2017 at 5:31 AM, Michael B. Smith 
<mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote:
I’m certain you can google as well as I can – but after looking at 8-10 
results… are you sure you have matching MTUs?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Kurt Buff
Sent: Monday, July 24, 2017 1:10 AM
To: ntsysadm
Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR 
config

Ignore my earlier message from this evening. I've overcome some blindness on my 
part, and have a bit more information, though I fear it's not enough. I used 
this page for what looks to be a better way to handle the errors:
https://stackoverflow.com/questions/38419325/catching-full-exception-message
The red highlighted error is new - but I don't know why that's there. It's very 
strange, as both are 2012R2 servers, in the same domain, and I'm running this 
on my Win10 workstation with my DA credentials.

----------Begin revised script----------
$NewDFSR = import-csv -Delimiter "`t" c:\Batchfiles\data\NewDFSR.csv
New-DfsReplicationGroup -GroupName US2AU-Engineering
$GroupName = Get-DfsReplicationGroup US2AU-Engineering
Foreach ($Line in $NewDFSR)
   {
    $GroupName = $Line.GroupName
    $SourceComputer = $Line.SourceComputer
    $FolderName = $Line.FolderName
    $SourceContentPath = $Line.SourceContentPath
    $SourceStagingPathQuotaInMB = $Line.SourceStagingPathQuotaInMB
    $SourcePrimaryMember = 
[System.Convert]::ToBoolean($Line.SourcePrimaryMember)
    $DestinationComputer = $Line.DestinationComputer
    $DestinationContentPath = $Line.DestinationContentPath
    $DestinationReadOnly = 
[System.Convert]::ToBoolean($Line.DestinationReadOnly)
    New-DfsReplicatedFolder -GroupName $GroupName -FolderName $FolderName
    Try
       {
       Add-DfsrMember -GroupName $GroupName -ComputerName $SourceComputer, 
$DestinationComputer
       }
    Catch
       {
       $e = $_.Exception
       $msg = $e.Message
       while ($e.InnerException) {
          $e = $e.InnerException
          $msg += "`n" + $e.Message
       }
       $msg}
    Add-DfsrConnection -GroupName $GroupName -SourceComputerName 
$SourceComputer -DestinationComputerName $DestinationComputer -ErrorAction Stop
    Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName 
-ComputerName $SourceComputer -ContentPath $SourceContentPath -PrimaryMember 
$SourcePrimaryMember -StagingPathQuotaInMB $SourceStagingPathQuotaInMB -Force
    Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName 
-ComputerName $DestinationComputer -ContentPath $DestinationContentPath 
-ReadOnly $DestinationReadOnly -Force
    }
Set-DfsrConnectionSchedule -GroupName "US2AU-Engineering" -SourceComputerName 
"USfs01p" -DestinationComputerName "AUfs01p" -Day 1,2,3,4,5 -BandwidthDetail 
"ffffffffffffffffffffffffffffffffffff66666666666666666666666666666666ffffffffffffffffffffffffffff"
Update-DfsrConfigurationFromAD -ComputerName 
$SourceComputer,$DestinationComputer
---------End Revised Script----------
Relevant output:
---------Begin snipped output----------
Could not add the computer to the replication group. Computer: AUFS01P 
Replication group: "US2AU-Engineering" The remote procedure call failed
The operating system version of server AUFS01P cannot be retrieved.
The remote procedure call failed
Add-DfsrConnection : The connection could not be added because DFS Replication 
could not find at least one source and one destination computer in the 
replication group, or because the
source and destination computers were the same. Source computer: USFS01P 
Destination computer: AUFS01P Replication group: "US2AU-Engineering"
At C:\BatchFiles\Configure-NewDFSR2.ps1:32 char:5
+     Add-DfsrConnection -GroupName $GroupName -SourceComputerName $Sou ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Add-DfsrConnection], 
DfsrException
    + FullyQualifiedErrorId : 
Add-DfsrConnection.NoDistinctMemberPairs,Microsoft.DistributedFileSystemReplication.Commands.AddDfsrConnectionCommand
---------End snipped output----------

On Fri, Jul 21, 2017 at 8:27 PM, Michael B. Smith 
<mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote:
What is the InnerException of the error?

-----Original Message-----
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Kurt Buff
Sent: Friday, July 21, 2017 11:11 PM
To: ntsysadm
Subject: [NTSysADM] RPC not available on remote machine while doing DFSR config

All,

I'm re-doing the DFSR config for the file servers in our US and AU offices. The 
US has a bunch of directories that will be replicated to AU (but not back). No 
big deal, but the PowerShell script I'm writing is killing me. I don't know if 
I'm running into a time out problem, or what it might be.

I'm running the script from Redmond on my laptop.

Here's the script, which should Just Work(tm):
----------
   $NewDFSR = import-csv -Delimiter "`t" c:\Batchfiles\data\NewDFSR.csv

   New-DfsReplicationGroup -GroupName US2AU-Engineering
   $GroupName = Get-DfsReplicationGroup US2AU-Engineering

   Foreach ($Line in $NewDFSR)
   {
    $GroupName = $Line.GroupName
    $SourceComputer = $Line.SourceComputer
    $FolderName = $Line.FolderName
    $SourceContentPath = $Line.SourceContentPath
    $SourceStagingPathQuotaInMB = $Line.SourceStagingPathQuotaInMB
    $SourcePrimaryMember =
[System.Convert]::ToBoolean($Line.SourcePrimaryMember)
    $DestinationComputer = $Line.DestinationComputer
    $DestinationContentPath = $Line.DestinationContentPath
    $DestinationReadOnly =
[System.Convert]::ToBoolean($Line.$Line.DestinationReadOnly)

    New-DfsReplicatedFolder -GroupName $GroupName -FolderName $FolderName
    Add-DfsrMember -GroupName $GroupName -ComputerName $SourceComputer, 
$DestinationComputer
    Add-DfsrConnection -GroupName $GroupName -SourceComputerName 
$SourceComputer -DestinationComputerName $DestinationComputer
    Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName 
-ComputerName $SourceComputer -ContentPath $SourceContentPath -PrimaryMember 
$SourcePrimaryMember -StagingPathQuotaInMB $SourceStagingPathQuotaInMB -Force
    Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName 
-ComputerName $DestinationComputer -ContentPath $DestinationContentPath 
-ReadOnly $DestinationReadOnly -Force
    }
----------

But it fails the Add-DfsrMember command, when trying to add the AU file server:
----------
   Add-DfsrMember : Could not add the computer to the replication group. 
Computer: ZAUFS01P Replication group: "US2AU-Engineering" The remote procedure 
call failed
   At C:\BatchFiles\New-DfsrConfiguration.ps1:19 char:2
   +     Add-DfsrMember -GroupName $GroupName -ComputerName $SourceCompute ...
   +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       + CategoryInfo          : NotSpecified: (ZAUFS01P:String)
[Add-DfsrMember], DfsrException
       + FullyQualifiedErrorId :
Add-DfsrMember.NonTerminatingOMException,Microsoft.DistributedFileSystemReplication.Commands.AddDfsrMemberCommand
----------

However, if I RDP to that file server, I see this, which to me indicates that 
it *is* listening:
----------
   C:\Windows\system32>winrm enumerate winrm/config/listener
   Listener [Source="GPO"]
       Address = *
       Transport = HTTP
       Port = 5985
       Hostname
       Enabled = true
       URLPrefix = wsman
       CertificateThumbprint
       ListeningOn = 10.212.1.30, 127.0.0.1, ::1, fe80::a9e7:6f85:8115:b4ed%16
----------

Heck, I even stood up wireshark on my laptop, from which I'm running this 
script, and see traffic to that server, though I can't quite figure out the 
conversation - but I have a 48kb capture file detailing the transaction for the 
attempted configuration of a single directory, if anyone wants that.

Kurt