On 6/1/2011 1:11 PM, Miller Bonnie L. wrote: > Sounds like you just have some extra NTFRS or DFS replication objects that > have been missed--take a look at http://support.microsoft.com/kb/216498. > > -Bonnie
Well, I'm seeing this error in my production domain, too (see my later message). So this procedure for removing orphaned DCs has not been run on the production domain, so I don't know how it could miss something I haven't told it to do. :-) But I'll go looking, anyway. Thanks. > > -----Original Message----- > From: Mike Leone [mailto:[email protected]] > Sent: Wednesday, June 01, 2011 9:57 AM > To: NT System Admin Issues > Subject: DC fails "VerifyReferences" after cleaning up removed DCs - Q312862 > > OK. I have a Win2008 AD in a parent/child configuration. I am trying to > set up a "testing" version of it, using VMware. (I have a VM DC of both > the parent and child domains). We want a lab version of our domain, to > test proposed changes to OUs, GPOs, etc. > > So I cloned both DCs, and set them on a private vswitch that is assigned > to no physical adapters (so the only things they could talk to was each > other). > > I went and seized roles, and they seized fine (using > <http://support.microsoft.com/kb/255504>. In the parent I seized all 5 > roles, and on the child I seized the 3 roles for the child (PDC, RID, > Infrastructure). > > I then went to clean up the metadata (< > http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx>). I > deleted the 2 missing DCs in the parent domain from AD U&C, and also the > same 2 server objects from that site in Sites and Services. All seemed fine. > > In the child DC, I deleted the 5 missing DCs there the same way. Again, > all seemed fine. > > I cleaned up DNS by deleting every record I could find that mentioned > the missing DCs - removed them form the Nameservers tab on each zone > name (including reverses), and every record in all the sub-areas - > _msdcs, _sites, _tcp, _udp, DomainDnsZones, ForestDnsZones. Did the same > on the child DC. > > DNSLint came up clean. DCDiag did not ... > > parent DC: says service "NtFrs is stopped". It also says that it has > problems in "VerifyRefernces". The system object references > (serverRefernce) and backlink are correct. Says there is a Missing > Expected Value in the object "SYSVOL FRS Member Object:, and to see > Q312862. Same message for "VerifyEnterpriseReferences". > > And I don't understand Q312862 at all. :-( > <http://support.microsoft.com/kb/312862> > > I am not seeing Event ID: 13562 in the logs."ntfrsutl ds computer" comes up > > ERROR - Cannot bind w/authentication to computer, computer; 000006ba (1722) > ERROR - Cannot bind w/o authentication to computer, computer; 000006ba > (1722) > ERROR - Cannot RPC to computer, computer; 000006ba (1722) > > I can't "net start ntfrs"; says it's disabled or has no enabled devices. > > So: what did I do wrong? How can I fix it? The MS KB is making no sense > to me, and I'm not seeing what it describes. > > And would it be easier to start over, but this time don't do $WHATEVER > BAD THING I DID LAST TIME$? > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
