Discussion:
Error with R2 DFS Managment
(too old to reply)
Sean
2005-12-21 19:40:33 UTC
Permalink
Hello,

I upgraded my AD's (WHCIH HOST MY dfs ROOTS) to 2003 R2 and am now
looking at the DFS Management tool.
Every time I click on one of the DFS roots, I get an error message

"\\domain\root: The security descriptor cannot be deserialized. The
binary form of an ACE object is invalid. Parameter name: binaryForm"

What the heck is this?

thanks!
Sean
Jabez Gan
2005-12-22 02:36:02 UTC
Permalink
Hi Sean,

Did you do a adprep /forestprep after installing R2 on the DC? Don't forget
to restart your machine.
--
Jabez Gan
http://www.blizhosting.com
MSBLOG: http://msblog.resdev.net
Post by Sean
Hello,
I upgraded my AD's (WHCIH HOST MY dfs ROOTS) to 2003 R2 and am now looking
at the DFS Management tool.
Every time I click on one of the DFS roots, I get an error message
"\\domain\root: The security descriptor cannot be deserialized. The binary
form of an ACE object is invalid. Parameter name: binaryForm"
What the heck is this?
thanks!
Sean
Drew McDaniel [MSFT]
2005-12-22 08:12:33 UTC
Permalink
This sounds like there is a problem with the security on the DFS Root
configuration data in AD. Please try the following:

1. Start Active Directory Users and Computers
2. Under the View menu make sure "Advanced Features" is checked
3. Browse to <DomainName>\System\DFS-Configuration\<DfsNamespace>
4. Select properties and view the security tab of properties
5. Make sure you do not get an error viewing the security and verify that
you have read access to the object.
--
Drew McDaniel
Microsoft Branch Office PM
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by Sean
Hello,
I upgraded my AD's (WHCIH HOST MY dfs ROOTS) to 2003 R2 and am now looking
at the DFS Management tool.
Every time I click on one of the DFS roots, I get an error message
"\\domain\root: The security descriptor cannot be deserialized. The binary
form of an ACE object is invalid. Parameter name: binaryForm"
What the heck is this?
thanks!
Sean
Sean
2005-12-22 19:09:08 UTC
Permalink
forestprep was done.

I checked this out and do have read access and do not get any error
messages.

Anything else?

thanks!
Post by Drew McDaniel [MSFT]
This sounds like there is a problem with the security on the DFS Root
1. Start Active Directory Users and Computers
2. Under the View menu make sure "Advanced Features" is checked
3. Browse to <DomainName>\System\DFS-Configuration\<DfsNamespace>
4. Select properties and view the security tab of properties
5. Make sure you do not get an error viewing the security and verify that
you have read access to the object.
Drew McDaniel [MSFT]
2005-12-23 01:10:41 UTC
Permalink
I'll need to investigate this a bit more. Is there anything odd on the
security settings for the root? Also, do you get the same error on all
roots or just that specific root?
--
Drew McDaniel
Microsoft Branch Office PM
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by Sean
forestprep was done.
I checked this out and do have read access and do not get any error
messages.
Anything else?
thanks!
Post by Drew McDaniel [MSFT]
This sounds like there is a problem with the security on the DFS Root
1. Start Active Directory Users and Computers
2. Under the View menu make sure "Advanced Features" is checked
3. Browse to <DomainName>\System\DFS-Configuration\<DfsNamespace>
4. Select properties and view the security tab of properties
5. Make sure you do not get an error viewing the security and verify that
you have read access to the object.
Sean
2005-12-23 17:46:54 UTC
Permalink
Nothing odd at all.
Same error on all roots.

One thing I did notice, is I have links that are being replicated.
I would have assumed in the new management tool, that under Replication
I would see my links being replicated.
I do not.

Also my previous supervisor used to screw around with AD a lot.
Currently I ma working on another issue.
As a user in the Domain Admins group, I am unable to vieew event logs on
AD servers, with the exception of securoity logs.

Might be related.

thanks!
Sean
Post by Drew McDaniel [MSFT]
I'll need to investigate this a bit more. Is there anything odd on the
security settings for the root? Also, do you get the same error on all
roots or just that specific root?
Richard
2005-12-23 19:58:10 UTC
Permalink
We too are getting the same error on our R2 servers.
On hold with Microsoft now trying to resolve. 1st level techs have not
seen before,
I am using two new R2 servers joined to an existing AD domain.
ForestPrep went fine.

Will post if I get an answer.
Post by Sean
Nothing odd at all.
Same error on all roots.
One thing I did notice, is I have links that are being replicated.
I would have assumed in the new management tool, that under Replication
I would see my links being replicated.
I do not.
Also my previous supervisor used to screw around with AD a lot.
Currently I ma working on another issue.
As a user in the Domain Admins group, I am unable to vieew event logs on
AD servers, with the exception of securoity logs.
Might be related.
thanks!
Sean
Post by Drew McDaniel [MSFT]
I'll need to investigate this a bit more. Is there anything odd on the
security settings for the root? Also, do you get the same error on all
roots or just that specific root?
Sean Branam
2006-01-04 17:39:38 UTC
Permalink
Thanks that would be helpful.
I've searched everywhere and can't find anything to solve this.
It's frustrating because I am trying to replicate some folders with the
new DFS replication, instead of FRS.
I can't because of this error.

Wierd.

Sean
Post by Richard
We too are getting the same error on our R2 servers.
On hold with Microsoft now trying to resolve. 1st level techs have not
seen before,
I am using two new R2 servers joined to an existing AD domain.
ForestPrep went fine.
Will post if I get an answer.
Post by Sean
Nothing odd at all.
Same error on all roots.
One thing I did notice, is I have links that are being replicated.
I would have assumed in the new management tool, that under Replication
I would see my links being replicated.
I do not.
Also my previous supervisor used to screw around with AD a lot.
Currently I ma working on another issue.
As a user in the Domain Admins group, I am unable to vieew event logs on
AD servers, with the exception of securoity logs.
Might be related.
thanks!
Sean
Post by Drew McDaniel [MSFT]
I'll need to investigate this a bit more. Is there anything odd on the
security settings for the root? Also, do you get the same error on all
roots or just that specific root?
Drew McDaniel [MSFT]
2006-01-04 21:56:08 UTC
Permalink
Sean, did you try the following solution suggested by Richard?:

From Richard's Post:
The fix is to use ADSIEDIT find the DFSR-GlobalSettings oblect.
Security tab. Advanced. Break the inheritable permssions (copy) then
remove any "exchange" object.
--
Drew McDaniel
Microsoft Branch Office PM
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by Sean Branam
Thanks that would be helpful.
I've searched everywhere and can't find anything to solve this.
It's frustrating because I am trying to replicate some folders with the
new DFS replication, instead of FRS.
I can't because of this error.
Wierd.
Sean
Post by Richard
We too are getting the same error on our R2 servers.
On hold with Microsoft now trying to resolve. 1st level techs have not
seen before,
I am using two new R2 servers joined to an existing AD domain.
ForestPrep went fine.
Will post if I get an answer.
Post by Sean
Nothing odd at all.
Same error on all roots.
One thing I did notice, is I have links that are being replicated.
I would have assumed in the new management tool, that under Replication
I would see my links being replicated.
I do not.
Also my previous supervisor used to screw around with AD a lot.
Currently I ma working on another issue.
As a user in the Domain Admins group, I am unable to vieew event logs on
AD servers, with the exception of securoity logs.
Might be related.
thanks!
Sean
Post by Drew McDaniel [MSFT]
I'll need to investigate this a bit more. Is there anything odd on the
security settings for the root? Also, do you get the same error on all
roots or just that specific root?
Sean Branam
2006-01-04 21:55:27 UTC
Permalink
Yes.
I can setup replication and eveything seems to be working ok, but I stil
get the error message and the MMC crashes sometimes.

thanks!
Sean
Post by Richard
The fix is to use ADSIEDIT find the DFSR-GlobalSettings oblect.
Security tab. Advanced. Break the inheritable permssions (copy) then
remove any "exchange" object.
Scott
2006-02-11 00:17:29 UTC
Permalink
The blocking inheritance and deleting references to Exchange accounts worked
for me. Although it did take a while.

However, it was about 10 minutes after I made the initial changes and forced
replication with ReplMon.exe and it still did not work, so I did the same
procedure on the DFS-Configuration container and forced replication. A
minute later things worked. I was unable to test if the change to the
DFS-Configuration container did anything or the update just took a little
longer than I was willing to wait. If anyone else performs the process and
did not need to update the DFS-Configuration container please post that
information into the thread.

Thanks for all the help. This is the only place that I found any inforation
on this problem.

Scott
Post by Sean Branam
Yes.
I can setup replication and eveything seems to be working ok, but I stil
get the error message and the MMC crashes sometimes.
thanks!
Sean
Post by Richard
The fix is to use ADSIEDIT find the DFSR-GlobalSettings oblect.
Security tab. Advanced. Break the inheritable permssions (copy) then
remove any "exchange" object.
Richard
2005-12-23 21:08:46 UTC
Permalink
Microsoft gave me the answer.
It is because exchange 2003 is on domain (He said it was a bug they are
working on)
The fix is to use ADSIEDIT find the DFSR-GlobalSettings oblect.
Security tab. Advanced. Break the inheritable permssions (copy) then
remove any "exchange" object.
Let the DCs replicate
The DFS Managment tool is working for me now.

Richard
Sean Branam
2006-01-04 17:47:06 UTC
Permalink
Thanks I'll try it.
:)
Post by Richard
Microsoft gave me the answer.
It is because exchange 2003 is on domain (He said it was a bug they are
working on)
The fix is to use ADSIEDIT find the DFSR-GlobalSettings oblect.
Security tab. Advanced. Break the inheritable permssions (copy) then
remove any "exchange" object.
Let the DCs replicate
The DFS Managment tool is working for me now.
Richard
Continue reading on narkive:
Loading...