Group Policy SYSVOL Folders named NTFRS_xxxxxx
-
Wednesday, January 23, 2013 2:09 PM
Hi,
- Windows 2003 AD with single domain.
I'm having troubles when creating GPP through RSAT Group Management Console. It doesn't matter wheter I create a scheduled task or a file, registry item....
Once the GPP is added, I go to the GPO Settings and it always shows the following message:
An unknown error occurred while data was gathered for this extension. Details: Could not find a part of the path '\\mydc.ttec.es\SysVol\mydomain.com\Policies\{329AEDD7-AC9B-435E-B550-C42EDDA680F8}\Machine\Preferences\ScheduledTasks\ScheduledTasks.xml'.
I've also noticed that there may be a replication issue. A few minutes later after the GPO is created, I go to the SYSVOL\mydomain\Policies Folder (GPO Central Store) and there are two folders for the new GPO, the one with the GPO GUID and another one with the same name but the suffix NTFRS_xxxxxx.
There's no problem when I create GPO using Administrative Templates, Windows Security... It's just with GPP.
I've checked the replication (dcdiag, repadmin, netdiag and dnslint) status and everything seems to be OK.
GPP have been working for ages with no issues and no major changes have been made to the AD/domain.
Thanks in advance.
- Edited by fedayn1 Wednesday, January 23, 2013 5:39 PM
All Replies
-
Wednesday, January 23, 2013 5:39 PMMay be I should move this topic to Directory Services category.
-
Thursday, January 24, 2013 5:19 AMModerator
Hi,
It seems there is some problem with SYSVOL replication. You need to NTFRS Event logs for more information about errors.
FRS creates text-based logs in the %systemroot%\debug\ntfrs_*.log directory. The files are in sequentially numbered: Ntfrs_0001 through Ntfrs_0005. A higher value indicates the log is more recent.
An article about troubleshooting FRS for your reference:
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspxRegards,
Cicely- Edited by Cicely FengMicrosoft Contingent Staff, Moderator Thursday, January 24, 2013 6:11 AM
-
Thursday, January 24, 2013 7:23 AM
Hi,
It seems there is some problem with SYSVOL replication. You need to NTFRS Event logs for more information about errors.
FRS creates text-based logs in the %systemroot%\debug\ntfrs_*.log directory. The files are in sequentially numbered: Ntfrs_0001 through Ntfrs_0005. A higher value indicates the log is more recent.
An article about troubleshooting FRS for your reference:
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspxRegards,
Cicely
May be you're right but I don't agree.
Replication is working fine, There's no warnings/errors in the FR event log nor errors within the ntfrs_xxxx logs.
Inter/Intra site replication is wroking, I've also tried to create several files/folders on one DC's and all of them appear in the other DC's according to rep schedule.
It's just happening when I create Preferences. For instance, when I create a schedule task via Preferences, the xml file that holds the schedule taks settings isn't even created in the SYSVOL of the PDC. If I go to the GPO folder within the SYSVOL, the Machine folder is empty, you can't see the typical GPO_GUID\Machine\Preferences\ScheduledTasks folder structure that is created when you have a new shceduled task.
Thank you.
- Edited by fedayn1 Thursday, January 24, 2013 7:23 AM
-
Thursday, January 24, 2013 7:57 AMAm 23.01.2013 15:09, schrieb fedayn1:> I've also noticed that there may be a replication issue. A few minutes> later after the GPO is created, I go to the SYSVOL\mydomain\Policies> Folder (GPO Central Store) and there are two folders for the new GPO,> the one with the GPO GUID and another one with the same name but the> suffix /NTFRS_xxxxxx/.What you experience happens due to "something" creating the GPO GUIDfolder in Sysvol on more than one DC at the same time. NTFRS thenrenames one folder (possibly the one containing the required directorystructure) and declares the other one "valid".Make sure your GPMC is connected to the PDC emulator (go to View -Options, Tab "General" and check the second checkbox). In GPEdit, alsoverify that it is connected to the PDC emulator (DC name is noted rightto the GPO name in the tree view).regards, Martin
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating! -
Friday, January 25, 2013 7:18 AM
It's already happening with no GPP.
I've just created a GPO with a startup script and the Settings doesn't show up in the RSAT GPMC. Nonetheless, if I create the GPO with a startup script with the GPMC in a Domain Controller theres no problem. The GPO gets created without any issue.
It's like something wrong was going on with RSAT.
Thank you.
-
Friday, January 25, 2013 11:53 AMWhat you experience happens due to "something" creating the GPO GUID
folder in Sysvol on more than one DC at the same time. NTFRS thenrenames one folder (possibly the one containing the required directorystructure) and declares the other one "valid".Make sure your GPMC is connected to the PDC emulator (go to View -Options, Tab "General" and check the second checkbox). In GPEdit, alsoverify that it is connected to the PDC emulator (DC name is noted rightto the GPO name in the tree view).Hi Martin,
Thank you for your response.
I know a little bit about this replication issue and that could be related to modify the GPO at the same time in different DCs. But that's not happening. It's only happend when creating and modifying the GPO form any workstation that has installed RSAT GPMC.
If I create a GPO with other tool different from RSAT GPManager, theres no issues.
I always connect to PDC amulator as Group Policy Management form RSAT connect to PDC by default. And I also have enbaled the GPMC option to show the DC you are connecte to next to the domain name.
Thank you.
-
Friday, January 25, 2013 12:54 PM> I always connect to PDC amulator as Group Policy Management form RSAT> connect to PDC by default. And I also have enbaled the GPMC option to> show the DC you are connecte to next to the domain name.Then, maybe we start by using process monitor with a filter on thesysvol UNC path and check what's going on with creation of folders...BTW: What is the "other tool"?
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating! -
Monday, January 28, 2013 6:54 AM
I think I've made a little progress on this issue.
The situation is like this:
I'm managing three AD with thre single domains each.
Domain A, Domain B and Domain C
The three domains trust each other (bidirecctional trust relationship)
All the three domains hav been managed from the same workstation that belongs to Domain A and there hasn't been any problem till now.
This issue show up when trying to create/manage GPOs of Domain B/C from managing-workstation from Domain A.
I've installed RSAT GPMC in a worksation from Domain B to create/manage Domain B's GPOs and there's no problem.
Everything has been working great till now.
I'll have to dig deeper on this.
Thank you.
-
Monday, January 28, 2013 12:18 PM> I'll have to dig deeper on this.Ok. Keep us updated, please :-)
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating! -
Monday, January 28, 2013 12:43 PM
It's all about local permissions.
I always manage the three domains from a Domain A\Wokstation, so I have to run the GPMC with Run as other user to connect to the other domains.
I've had to add the users Domain B\adminuser and Domain C\admin user to the Local Administrators group of the Domain A\Workstation.
I couldn't sya why this was working before with no admin permissions over the workstation.
Thank you.
- Marked As Answer by fedayn1 Wednesday, January 30, 2013 5:08 PM
.png)
