This is sort of a long story, so here is the sum up. Trying to push an MSI install through group policy. Most of our servers are 2008 or 2008 R2 but all of our FSMO roles sit on 2003 servers. Policy works and installs correctly at the central location running 2003 but at external locations running 2008 or R2 the group policy fails. So I being plinking around trying to find a problem.
I finally come to a problem when running dcdiag /test:VerifyEnterpriseReferences. A regular DCDiag runs fine but a DCDiag /c (because it runs the VerifyEnterpriseReferences) also throws an error. Here is the error:
What I'm not sure about is if "CN=POSTOFFICE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=com" is a "Microsoft" created object or some figment floating around my network. It's showing in ADSIEdit where all my other sites (that have a local DC) are showing. We don't have a site named "POSTOFFICE" however, I'm not 100% sure that we didn't have one named that at some point in the past. I don't think we did and if we did it's not valid anymore. I don't want to just delete it because I'm not sure if that is something that microsoft created and it's there for exchange. I've looked at the referenced KB and scoured google but can't find anything that is directly related. Any advice?
I finally come to a problem when running dcdiag /test:VerifyEnterpriseReferences. A regular DCDiag runs fine but a DCDiag /c (because it runs the VerifyEnterpriseReferences) also throws an error. Here is the error:
Code:
C:\Program Files\Support Tools>dcdiag /test:VerifyEnterpriseReferences
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Milwaukee\SERVERPDC
Starting test: Connectivity
......................... SERVERPDC passed test Connectivity
Doing primary tests
Testing server: Milwaukee\SERVERPDC
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=POSTOFFICE,CN=Domain System Volume (SYSVOL share),CN=File Replica
tion Service,CN=System,DC=domain,DC=com
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: frsComputerReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article: Q312862
[2] Problem: Missing Expected Value
Base Object:
CN=POSTOFFICE,CN=Domain System Volume (SYSVOL share),CN=File Replica
tion Service,CN=System,DC=domain,DC=com
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DSA Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article Q312862
......................... SERVERPDC failed test VerifyEnterpriseRefe
rences
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com