DCDIAG AND NETDIAG FAILURE FOR SYSLOGON AND NETLOGON SHARES

I needed to upgrade our our company servers from Windows 2000 to Windows 2003. I created a new Windows 2003 server and transferred the FSMO roles from the Windows 2000 server to the new windows 2003 server and encountered SYSVOL and NETLOGON share errors.

DCDIAG AND NETDIAG FAILURE

On the new Server 2003:

netdiag passes every test except:

Domain Membership Test: failed
[WARNING] The system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.

dcdiag passes all tests except:

NetLogons:
Unable to to connect to the NETLOGON Share! (\\SERVER0\netlogon)
[SERVER0] A net use or LsaPolicy failed with the error 1203, No network provider accepted the given network path.

WHAT I DID PRIOR TO FSMO ROLES TRANSFER

I ran all WIndows 2000 updates in addition to adprep /forestprep and /domainprep on the Windows 2000 server prior to promoting the new windows 2003 DC into the network.

WHAT I DID AFTER FSMO ROLES TRANSFER

I tried running dcdiag /fix and netdiag /fix and restarting the netlogon service.

I've tried changing the Primary and Secondary DNS addresses on the interfaces, demoting the new server and rejoining it to the domain. couldn't get the errors to go away.

SOLUTION

Check to make sure that the Sysvol folder is shared properly, follow the steps below.

1. Go to the SYSVOL location:

If it is not shared, we must share it. Go to next screenshot to share it.

 

2. Right click on the SYSVOL folder:

Select "Share this folder", share name should be SYSVOL by default, and type in "Logon server share" EXACTLY like that, without the quotes. Click the oK button. Continue to next screenshot


3. RIGHT click on the shared SYSVOL folder (this is the sysvol folder within the root sysvol folder, if it's not shared we must share it. Confirm or complete the steps below:


4. You should see 3 user names in the box (Administrators, Authenticated Users, and Everyone) if not, put them in with the appropriate permissions (see screenshots below):

Administrators permissions should be full control, change and read, all checked.


5. You should see 3 user names in the box (Administrators, Authenticated Users, and Everyone) if not, put them in with the appropriate permissions (see screenshots below):

Authenicated Users permissions should also be full control, change and read, all checked.


6. You should see 3 user names in the box (Administrators, Authenticated Users, and Everyone) if not, put them in with the appropriate permissions (see screenshots below):

Everyone permissions should only be read, READ only checked.


Now, we need to go into the registry and edit a key on the working Windows 2003 Domain Controller

1. GO INTO THE REGISTRY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup\Restore\Process at Startup

the global BurFlags registry key contains REG_DWORD values and needs to be changed to D4.

2. RESTART THE NETLOGON AND NTFRS SERVICES

After restarting the netlogon and ntfrs services the Sysvol and Netlogon shares should immediately appear on the new server.

All tests in dcdiag and netdiag should pass now.