Event ID 1058 SysVol\Policies Folder Replication Problem
-
Tuesday, February 05, 2013 11:24 PM
Hi,
I have 2 x Windows Server 2012 Domain Controllers AD1 and AD2. For some unknown reason the folder replication has stopped for the Polices in the SysVol folder on AD2. I've checked both of the Event Logs and on AD2 all it has a miss is the following:
The processing of Group Policy failed. Windows attempted to read the file \\xxxxx.xx\SysVol\xxxxx.xx\Policies\{43278421-956C-4812-AD0F-3FD18B1D8742}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.I've checked the details which is Error Code 3 and it's down to the fact that it cannot see the relevant GPO in the Polices folder on AD2. Because it is not replicating from AD1 to AD2. I've done all of the standard checks but I cannot see a way of repairing it and to get the replication back up and running??
All help would be most appreciated.
Many Thanks in advance
All Replies
-
Wednesday, February 06, 2013 7:50 AM
This reminds error that I encountered in previous version. The resolution was based on the change of DNS servers in network configuration. The first DNS parameter points to local server. This was the case for both servers. (Every DC has DNS role).
Regards
Milos
-
Wednesday, February 06, 2013 9:27 AM
Can you check if there are disconnected user sessions (in the task manager -> users tab)? The Group Policy service client impersonates a user when it is logged on to a computer. This means that the group policy service client updates the group policies from the sysvol share in the background using the credentials from the user logged on to the computer.
But if the account from the user logged on to the system is locked, the GP client service is unable to read the sysvol share. It once happened to me, there were disconnected sessions on a DC from an administrator no longer working for the company, and his account was locked. Spend 6 hours figuring out why group policies weren't updating...
-
Wednesday, February 06, 2013 11:38 AM
Hi Tom checked all that but no cigar I'm afraid. It all looks good on that side.
Thanks
-
Wednesday, February 06, 2013 11:39 AM
Hi Milos,
Can you elaborate on this a bit more please?
Thanks
-
Wednesday, February 06, 2013 4:17 PMI've even tried to demote the server and then start again. But the Policies folder isn't even there now!!
-
Wednesday, February 06, 2013 8:01 PMCan anyone give me any assistance on this as I am totally stuck and how to kick start the replication again?????
-
Thursday, February 07, 2013 9:22 AM
Can you run this command on a DC: dfsrmig /getglobalstate
If you get "Eliminated" you're using DFS for SYSVOL replication - which is very likely unless you've updated the domain from server 2003. If you open DFS management, there's the Domain System Volume under Replication. Can you see both DC's with "Membership status: Enabled" there?
- Marked As Answer by Data10 Monday, February 11, 2013 11:58 AM
-
Thursday, February 07, 2013 11:06 AM
Hi Tom,
On the DC it does say 'Eliminated' !! But I havent upgraded from 2003 it's a new network with Windows Server 2012. I have also check the DFS management and the membership does say enabled. It also says the following in the Event Log of this server:
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 71 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
Additional Information:
Error: 9061 (The replicated folder has been offline for too long.)
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 2C755776-A896-4029-9C22-37FE39A10CDE
Replication Group Name: Domain System Volume
Replication Group ID: 951E1450-92A9-4263-9641-35875F2972AC
Member ID: 66D4B588-D07F-4EE5-9B76-D856FAE8D725 -
Thursday, February 07, 2013 12:43 PM
Hi Tom,
On the DC it does say 'Eliminated' !! But I havent upgraded from 2003 it's a new network with Windows Server 2012. I have also check the DFS management and the membership does say enabled.
Ah, that's perfect. The reason why I'm asking this, Server 2003 uses FRS for SYSVOL replication between DC's. However, DFS offers much better file replication. When you upgrade from server 2003 to 2012 (or from 2003 -> 2008 -> 2012) you will have to migrate the SYSVOL share from using FRS to DFS. A lot of people think this happens automatically because a fresh Server 2008 installation already uses DFS for sysvol replication. When upgrading, you will have to do this manually with DFSRmig.exe. But that's not important if it's a new and fresh 2012 environment :)
However, I found this article: http://social.technet.microsoft.com/Forums/en/winserverGP/thread/cb25b65f-3a32-4d23-9f94-0ae32bde1a64
Where the solution was to run "wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="GUID_of_volume" call ResumeReplication"
You can obtain the GUID of your disk by running the "mountvol" command, it'll display the GUID of all volumes.
edit: here's some more backgruond information: http://blogs.technet.com/b/askds/archive/2009/11/18/implementing-content-freshness-protection-in-dfsr.aspx
-
Thursday, February 07, 2013 1:14 PM
Thanks for getting back to me,
I've done this before and all I get is a message displayed on the server saying:
"This app can't run on your PC"
"To find a version for your PC check the software publisher"
Apparently what I read is wmic has been depreciated
-
Thursday, February 07, 2013 2:05 PM
That's weird... if I open a command prompt and try to run the command on a server (which has DFS installed but not configured) I get this:
-
Thursday, February 07, 2013 2:14 PM
I've just done it again but against the directory C:\Windows\System32 and it's say method execution successful! How will I know it's worked? Shall I check for the SysVol folder on AD"?
C:\Windows\System32>wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig wh
ere volumeGuid="752ace06-0d32-11e2-93e8-806e6f6e6963" call ResumeReplication
Executing (\\AD1\root\microsoftdfs:DfsrVolumeConfig.VolumeGuid="752ACE06-0D32-11
E2-93E8-806E6F6E6963")->ResumeReplication()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ReturnValue = 0;
};
- Edited by Data10 Thursday, February 07, 2013 2:17 PM
-
Thursday, February 07, 2013 2:38 PM
I've cleared both of the Event Logs on both machines restarted but this is back again:
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 72 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
Additional Information:
Error: 9061 (The replicated folder has been offline for too long.)
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 2C755776-A896-4029-9C22-37FE39A10CDE
Replication Group Name: Domain System Volume
Replication Group ID: 951E1450-92A9-4263-9641-35875F2972AC
Member ID: 66D4B588-D07F-4EE5-9B76-D856FAE8D725 -
Sunday, February 10, 2013 2:29 AM
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group.
Have you done this?
-
Monday, February 11, 2013 11:49 AMI tried this and it didn't appear to work. Thanks
-
Monday, February 11, 2013 11:58 AM
I found the solution but it was tricky...
Whenever I tried to run the 'wmic' command, I got this message:
"This app can't run on your PC"
"To find a version for your PC check the software publisher"
Now if I did a search for 'wmic' in the directory where I was trying to run the commend from, it would display a file without an extension called 'wmic'. If I deleted this file the command would run withour any issues. Weird!!!
So I ran the following commands:
wmic.exe /namespace:\\root\microsoftdfs path DfsrMachineConfig set MaxOfflineTimeInDays=<some value>
l put 1000 days in just to make sure, I'm gong to be putting it back to 60 later on. I then did:
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="YOURVOLUMEGUID" call ResumeReplication
This worked no problem and all back to normal.
Thanks for everyones input.
-
Monday, February 11, 2013 1:57 PMGood to hear you were able to solve the problem!
.png)
