SYSVOL replication and LDAP errors

[jpen]

Hello. I have inherited a domain that has Windows 2k3 server as a member server and a windows 2k3 sbs as a pdc, both servers serve logins and there is some problems with sysvols replicating, netlogon replicates just fine. The problems occur when users login to workstations, some of them get wrong group policys that were made time before me. The history behind these servers are that the w2k3 used to be pdc but was demoted to member server because of the limitations of w2k3sbs. I think that the sysvol replication problem is because of some missing LDAP connection. Since the old admin told me that he had "disabled some not so useful services from starting" and I recently found out by poking around that when I started intersite messaging -service on both servers the event viewers frs log gave me this:

Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13516
Date: 27.7.2009
Time: 10:59:36
User: N/A
Computer: SILMASRV2
Description:
The File Replication Service is no longer preventing the computer SILMASRV2 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

Type "net share" to check for the SYSVOL share.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

But alas, the sysvol doesn't replicate properly. I have ran various tests against both servers and googled around with the errors, but no working results. The repadmin /showreps %upstreamcomputer% (and downstreamcomputer) gives this:

(w2k3sbs)
[d:\nt\ds\ds\src\util\repadmin\repbind.c, 154] LDAP error 81 (Server Down) Win32 Err 58.

(w2k3)
[d:\srv03rtm\ds\ds\src\util\repadmin\repbind.c, 154] LDAP error 81 (Server Down) Win32 Err 58.

Sonar shows only the w2k3sbs as a member, I get only one dcdiag error and it is against the w2k3 server:

Some objects relating to the DC SILMASRV have problems:

[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=SILMASRV,CN=Servers,CN=Silmasairaala,CN=Sites,CN=Configuration,DC=silmasairaala,DC=com

Base Object Description: "DSA Object"

Value Object Attribute Name: serverReferenceBL

Value Object Description: "SYSVOL FRS Member Object"

Recommended Action: See Knowledge Base Article: Q312862

......................... SILMASRV failed test VerifyReferences

Also maybe worth mentioning is that IUSR_[servername] password had been changed and because of it some of IIS services were not working, but that is now fixed with IIS metabase explorer. God only knows what else has been tempered with.

[IreneL]

As per your post what I found is that they demoted the 2003 to member server. And hence they wont need to replicate SYSVOL anymore. I dint found any valid reason for the same. Also to me it appears like your Active Directory DataBase needs to be cleaned along with Metadata. You can simply get the correct procedure for metadata cleanup here: http://technet.microsoft.com/en-us/l...35(WS.10).aspx. Now before you go for the same let me tell you that you will need to first remove 2003 server from the domain.