Failed test VerifyEnterpriseReferences / msDFSR-ComputerReferenceBL / FRS and DFS Replication Member Objects

Posted on Sunday, September 13, 2009 in Technical - Troubleshooting

The following is some research I found while troubleshooting some recent SYSVOL File Replication issues. It is not necessarily a complete solution or even the correct one for you if you are suffering from similar issues. I’ve linked to the original sources, so please review the suggestions in-context of their original situations before deciding if they might help you fix your problems. Good luck!


Running DCDIAG.EXE in a Microsoft Windows Server 2008 R2 environment with a single domain controller resulted in a failure for the VerifyEnterpriseReferences test:


[1] Problem: Missing Expected Value
Base Object: CN=DC01,OU=Domain Controllers,DC=DOMAINNAME,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: Please See Knowledge Base Article Q312862
LDAP Error 0x20 (32) - No Such Object
.............................DC01 failed test VerifyEnterpriseReferences

Based on the attribute name msDFSR-ComputerReferenceBL, Joson Zhou, a Microsoft employee and Moderator on the TechNet Forums, believes that KB article Q312862 may not apply to environments where the domain function level has been raised to Windows Server 2008.

The error means that the value of the attribute msDFSR-ComputerReferenceBL is not correct. To verify, performing the following steps:

  1. On the Domain Controller, open the Active Directory Users and Computers console.
  2. In the console, select Domain Controllers, and then double-click the relevant DC object (DC01 in this example) in the right pane.
  3. Click the Attribute Editor tab, click the Filter button, and then check the Backlinks.
  4. After that, you should see the attribute msDFSR-ComputerReferenceBL. The expected value is CN=DC01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,Cn=system,DC=DOMAINNAME,DC=com.

Unfortunately, Mr. Zhou’s answer did not provide information on how to actually edit the value if it is “Not Set” and grayed out, and I could not find any suggestions how to do so anywhere else, either. If you discover the answer, please share it in a comment below.

On a follow-up message to the one above, Mervyn Zhang, another Microsoft Moderator, stated that “msDFSR-ComputerReferenceBL is a back reference of msDFSR-ComputerReference which relates to msDFSR-MemberReference“. He therefor recommens following these instructions to Review and Update the FRS or DFS Replication Member Object (http://tinyurl.com/nr5tq9):

You can use this procedure to update the File Replication Service (FRS) or Distributed File System (DFS) Replication member object after you rename a domain controller. This object must be updated with the new domain controller name so that the domain controller can replicate SYSVOL.

For more information about this procedure, see article 316826 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=82821).

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To update the FRS member object

  1. On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. On the View menu, click Advanced Features.
  3. Expand the domain node, System, File Replication Service, and Domain System Volume (SYSVOL share). The <DomainControllerName> objects below Domain System Volume (SYSVOL share) are the FSR Member objects that correspond to domain controllers in the domain. Find the <DomainControllerName> object that shows the old name of the domain controller.
  4. Right-click the FRS Member object for the old name of the domain controller, and then click Rename.
  5. Type the new name of the domain controller.
  6. To verify the name change, open ADSI Edit: On the Start menu, point to Administrative Tools, and then click ADSI Edit.

    View the fRSMemberReference attribute of the object CN=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions,CN=<DomainControllerName>,OU=Domain Controllers,DC=<DomainName> and confirm that the value in CN=<DomainControllerName> is the new name.

To update the DFS Replication member object

  1. On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. On the View menu, click Advanced Features.
  3. Expand the domain node, System, DFSR-GlobalSettings, Domain System Volume, and Topology. The <DomainControllerName> objects below Domain System Volume are the msDFSR-Member objects that correspond to domain controllers in the domain. Find the <DomainControllerName> object that shows the old name of the domain controller.
  4. Right-click the msDFSR-Member object for the old name of the domain controller, and then click Rename.
  5. Type the new name of the domain controller.
  6. To verify the name change, open ADSI Edit: On the Start menu, point to Administrative Tools, and then click ADSI Edit.

    View the msDFSR-MemberReference attribute of the object CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<DomainControllerName>,OU=Domain Controllers,DC=<DomainName> and confirm that the value in CN=<DomainControllerName> is the new name.

See also

Active Directory Schema Specifications: 2.139 Attribute msDFSR-ComputerReferenceBL
http://msdn.microsoft.com/en-us/library/cc220186(PROT.13).aspx
Active Directory Schema Terminology: ms-DFSR-ComputerReferenceBL Attribute
http://msdn.microsoft.com/en-us/library/ms677140(VS.85).aspx

Comments
1

My music selection makes last.fm look good

You can't see my music, but that doesn't mean it's not there.

Recent comments

This theme was designed by Chris Wallace and is licensed under the GNU General Public License.

Check out his cool WordPress Themes. Released by Six Revisions in the year of the rat.

Valid XHTML 1.0 Strict