none
GPO is not created on 1 DomainController :

    Question

  • Hello,

    i am having 2 Domain Controllers.

    When created 1 new GPO, this GPO is only created on 1 of the DC`s.

    On the problem-dc there is no new GPO in c:\windows\sysvol.

    When doing a gpupdate on this dc , this will result in :

    Microsoft Windows [Version 6.2.9200]
    (c) 2012 Microsoft Corporation. All rights reserved.

    C:\Users\user_admin.domain>gpupdate /force
    Updating policy...

    Computer policy could not be updated successfully. The following errors were encountered:

    The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{FA9EDD88-AE25-477B-90CF-6D6D87C87EA4}\gpt.ini from a domain controller and was no
    t successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.
    User Policy could not be updated successfully. The following errors were encountered:

    The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{FA9EDD88-AE25-477B-90CF-6D6D87C87EA4}\gpt.ini from a domain controller and was no
    t successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.

    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

    C:\Users\user_admin.domain>

    I have checked the NTFS-rights on c:\windows\sysvol, but these are correct now.

    In GPMC this will result in the following :

    Howto fix this issue?

    Friday, February 15, 2013 9:22 AM

Answers

All replies

  • Hello,

    I guess your DC has replication errors.

    Please check the eventlogs on that DC for replication errors.

    Also perform a dcdiag on this DC.

    Do you use FRS or DFS-R for replication?


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Friday, February 15, 2013 10:17 AM
  • Hello Matthias,

    i am using DFS-R.

    I have Demote the DC and promote the DC. But still replication issue.

    How can i force the replication from the other DC?

    Thx

    Friday, February 15, 2013 10:26 AM
  • DCDiag @ this moment, what to do?

                Time Generated: 02/15/2013   11:21:33
                Event String:
                Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a cl
    ient uses NTLM with this server.
             A warning event occurred.  EventID: 0x00000458
                Time Generated: 02/15/2013   11:21:36
                Event String:
                The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The syste
    m will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
             ......................... SERVER2012 failed test SystemLog
          Starting test: VerifyReferences
             ......................... SERVER2012 passed test VerifyReferences


       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : domain
          Starting test: CheckSDRefDom
             ......................... domain passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... domain passed test CrossRefValidation

       Running enterprise tests on : domain.local
          Starting test: LocatorCheck
             ......................... domain.local passed test LocatorCheck
          Starting test: Intersite
             ......................... domain.local passed test Intersite

    C:\Users\user_admin.domain>
    C:\Users\user_admin.domain>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = SERVER2012
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\SERVER2012
          Starting test: Connectivity
             ......................... SERVER2012 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\SERVER2012
          Starting test: Advertising
             Warning: DsGetDcName returned information for \\DC.domain.local, when we were trying to reach SERVER2012.
             SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
             ......................... SERVER2012 failed test Advertising
          Starting test: FrsEvent
             ......................... SERVER2012 passed test FrsEvent
          Starting test: DFSREvent
             There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
             ......................... SERVER2012 failed test DFSREvent
          Starting test: SysVolCheck
             ......................... SERVER2012 passed test SysVolCheck
          Starting test: KccEvent
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:56
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x80000481
                Time Generated: 02/15/2013   11:18:57
                Event String: Internal event: The following schema class has a superclass that is not valid.
             A warning event occurred.  EventID: 0x8000085F
                Time Generated: 02/15/2013   11:19:02
                Event String: The Recycle Bin feature is enabled on this DC.  However, the functional level of the forest is incompatible with the complete behavior of this optional feature.
             An error event occurred.  EventID: 0xC0000815
                Time Generated: 02/15/2013   11:19:10
                Event String: Active Directory Domain Services detected corrupt counts in the quota-tracking table. Quota enforcement may not behave correctly until the quota-tracking table is rebuilt.
             A warning event occurred.  EventID: 0x80000B46
                Time Generated: 02/15/2013   11:20:15
                Event String:
                The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing
    (integrity verification) and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them wi
    ll improve the security of this server.
             ......................... SERVER2012 failed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... SERVER2012 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... SERVER2012 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SERVER2012 passed test NCSecDesc
          Starting test: NetLogons
             Unable to connect to the NETLOGON share! (\\SERVER2012\netlogon)
             [SERVER2012] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
             ......................... SERVER2012 failed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SERVER2012 passed test ObjectsReplicated
          Starting test: Replications
             ......................... SERVER2012 passed test Replications
          Starting test: RidManager
             ......................... SERVER2012 passed test RidManager
          Starting test: Services
             ......................... SERVER2012 passed test Services
          Starting test: SystemLog
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/15/2013   10:27:33
                Event String:
                The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{FA9EDD88-AE25-477B-90CF-6D6D87C87EA4}\gpt.ini from a domain controlle
    r and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/15/2013   10:32:34
                Event String:
                The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{A6CB5143-A189-4F54-AEFF-6C1AF4CB06BE}\gpt.ini from a domain controlle
    r and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/15/2013   10:57:38
                Event String:
                The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{0B3B236F-381C-4F68-88E8-B0D5B95DA260}\gpt.ini from a domain controlle
    r and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/15/2013   11:02:42
                Event String:
                The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{0B3B236F-381C-4F68-88E8-B0D5B95DA260}\gpt.ini from a domain controlle
    r and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/15/2013   11:07:44
                Event String:
                The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{B15D02EC-C139-438B-A6FC-594536CB9CC0}\gpt.ini from a domain controlle
    r and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x0000168F
                Time Generated: 02/15/2013   11:10:58
                Event String: The dynamic deletion of the DNS record 'ForestDnsZones.domain.local. 600 IN A 192.168.2.150' failed on the following DNS server:
             An error event occurred.  EventID: 0x0000168F
                Time Generated: 02/15/2013   11:10:58
                Event String: The dynamic deletion of the DNS record '_ldap._tcp.ForestDnsZones.domain.local. 600 IN SRV 0 100 389 SERVER2012.domain.local.' failed on the following DNS server:
             An error event occurred.  EventID: 0xC0001B58
                Time Generated: 02/15/2013   11:11:53
                Event String: The UAC File Virtualization service failed to start due to the following error:
             An error event occurred.  EventID: 0xC0FF05DC
                Time Generated: 02/15/2013   11:11:58
                Event String: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
             An error event occurred.  EventID: 0x0000041F
                Time Generated: 02/15/2013   11:11:58
                Event String: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
             A warning event occurred.  EventID: 0x000727AA
                Time Generated: 02/15/2013   11:12:00
                Event String: The WinRM service failed to create the following SPNs: WSMAN/SERVER2012.domain.local; WSMAN/SERVER2012.
             A warning event occurred.  EventID: 0x00000081
                Time Generated: 02/15/2013   11:11:59
                Event String:
                NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error
     was: The entry is not found. (0x800706E1)
             A warning event occurred.  EventID: 0x00000081
                Time Generated: 02/15/2013   11:12:01
                Event String:
                NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error
     was: The entry is not found. (0x800706E1)
             A warning event occurred.  EventID: 0x800038C6
                Time Generated: 02/15/2013   11:12:02
                Event String: DFS Root Profile failed during initialization. The root will not be available.
             A warning event occurred.  EventID: 0x800038C6
                Time Generated: 02/15/2013   11:12:02
                Event String: DFS Root Taskbar failed during initialization. The root will not be available.
             An error event occurred.  EventID: 0xC0001B70
                Time Generated: 02/15/2013   11:14:04
                Event String: The Windows Deployment Services Server service terminated with the following service-specific error:
             An error event occurred.  EventID: 0x00000469
                Time Generated: 02/15/2013   11:14:04
                Event String:
                The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machi
    ne gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
             A warning event occurred.  EventID: 0x00000081
                Time Generated: 02/15/2013   11:14:07
                Event String:
                NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error
     was: The entry is not found. (0x800706E1)
             A warning event occurred.  EventID: 0x00000081
                Time Generated: 02/15/2013   11:14:09
                Event String:
                NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error
     was: The entry is not found. (0x800706E1)
             A warning event occurred.  EventID: 0x00000081
                Time Generated: 02/15/2013   11:14:11
                Event String:
                NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error
     was: The entry is not found. (0x800706E1)
             A warning event occurred.  EventID: 0x000000DB
                Time Generated: 02/15/2013   11:14:34
                Event String: The driver \Driver\WudfRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#.
             A warning event occurred.  EventID: 0xC000042B
                Time Generated: 02/15/2013   11:16:05
                Event String:
                The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or
     could not be contacted.
             A warning event occurred.  EventID: 0xC000042B
                Time Generated: 02/15/2013   11:18:46
                Event String:
                The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or
     could not be contacted.
             An error event occurred.  EventID: 0xC0001B58
                Time Generated: 02/15/2013   11:20:05
                Event String: The UAC File Virtualization service failed to start due to the following error:
             An error event occurred.  EventID: 0xC0FF05DC
                Time Generated: 02/15/2013   11:20:23
                Event String: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
             A warning event occurred.  EventID: 0x000000DB
                Time Generated: 02/15/2013   11:21:23
                Event String: The driver \Driver\WudfRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#.
             A warning event occurred.  EventID: 0x00001796
                Time Generated: 02/15/2013   11:21:33
                Event String:
                Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a cl
    ient uses NTLM with this server.
             A warning event occurred.  EventID: 0x00000458
                Time Generated: 02/15/2013   11:21:36
                Event String:
                The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The syste
    m will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
             ......................... SERVER2012 failed test SystemLog
          Starting test: VerifyReferences
             ......................... SERVER2012 passed test VerifyReferences


       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : domain
          Starting test: CheckSDRefDom
             ......................... domain passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... domain passed test CrossRefValidation

       Running enterprise tests on : domain.local
          Starting test: LocatorCheck
             ......................... domain.local passed test LocatorCheck
          Starting test: Intersite
             ......................... domain.local passed test Intersite

    C:\Users\user_admin.domain>

    Friday, February 15, 2013 10:28 AM
  • @ this moment this is the result of dcdiag, still not replication SYSVOL!


    C:\Users\user_admin.domain>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = SERVER2012
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\SERVER2012
          Starting test: Connectivity
             ......................... SERVER2012 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\SERVER2012
          Starting test: Advertising
             Warning: DsGetDcName returned information for \\DC.domain.local, when we were trying to reach SERVER2012.
             SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
             ......................... SERVER2012 failed test Advertising
          Starting test: FrsEvent
             ......................... SERVER2012 passed test FrsEvent
          Starting test: DFSREvent
             ......................... SERVER2012 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... SERVER2012 passed test SysVolCheck
          Starting test: KccEvent
             ......................... SERVER2012 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... SERVER2012 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... SERVER2012 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SERVER2012 passed test NCSecDesc
          Starting test: NetLogons
             ......................... SERVER2012 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SERVER2012 passed test ObjectsReplicated
          Starting test: Replications
             ......................... SERVER2012 passed test Replications
          Starting test: RidManager
             ......................... SERVER2012 passed test RidManager
          Starting test: Services
             ......................... SERVER2012 passed test Services
          Starting test: SystemLog
             An error event occurred.  EventID: 0x0000271A
                Time Generated: 02/15/2013   11:48:15
                Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
             A warning event occurred.  EventID: 0x000727A5
                Time Generated: 02/15/2013   11:48:17
                Event String: The WinRM service is not listening for WS-Management requests.
             An error event occurred.  EventID: 0xC0001B58
                Time Generated: 02/15/2013   11:48:40
                Event String: The UAC File Virtualization service failed to start due to the following error:
             An error event occurred.  EventID: 0xC0FF05DC
                Time Generated: 02/15/2013   11:48:58
                Event String: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
             A warning event occurred.  EventID: 0x00001796
                Time Generated: 02/15/2013   11:49:29
                Event String:
                Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a cl
    ient uses NTLM with this server.
             A warning event occurred.  EventID: 0x00000458
                Time Generated: 02/15/2013   11:49:32
                Event String:
                The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The syste
    m will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
             A warning event occurred.  EventID: 0x000000DB
                Time Generated: 02/15/2013   11:49:58
                Event String: The driver \Driver\WudfRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#.
             An error event occurred.  EventID: 0xC0001B61
                Time Generated: 02/15/2013   12:32:25
                Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
             ......................... SERVER2012 failed test SystemLog
          Starting test: VerifyReferences
             ......................... SERVER2012 passed test VerifyReferences


       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : domain
          Starting test: CheckSDRefDom
             ......................... domain passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... domain passed test CrossRefValidation

       Running enterprise tests on : domain.local
          Starting test: LocatorCheck
             ......................... domain.local passed test LocatorCheck
          Starting test: Intersite
             ......................... domain.local passed test Intersite

    C:\Users\user_admin.domain>

    Friday, February 15, 2013 11:38 AM
  • Hello,

    first of all, please check if the DNS resolution between the two DCs is working.

    There are so many different errors on your dcdiag, I don't even know where to start.

    Failed Replications, Services that can not start...

       Warning: DsGetDcName returned information for \\DC.domain.local, when we were trying to reach SERVER2012.
             SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

    "DC" is the second DC?

    I would suggest to demote the server again.
    Check the network and DNS settings, remove the metadata and promote the server again.

    Here is the link for the metadata cleanup:
    http://blogs.technet.com/b/activedirectoryua/archive/2009/08/07/windows-server-2008-and-windows-server-2008-r2-automate-metadata-cleanup.aspx


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Friday, February 15, 2013 11:55 AM
  • hi Matthias,

    i have followed your steps.

    There seems be still a problem with dfs\sysvol\ advertising this server as DC?

    There is still no netlogon/sysvol-share.

    This is the output of dcdiag /v

    What to do?



    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine SERVER2012, is a Directory Server.
       Home Server = SERVER2012

       * Connecting to directory service on server SERVER2012.

    Doing initial required tests

      
       Testing server: Default-First-Site-Name\SERVER2012

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... SERVER2012 passed test Connectivity

     

    Doing primary tests

      
       Testing server: Default-First-Site-Name\SERVER2012

          Starting test: Advertising

             Warning: DsGetDcName returned information for \\DC.domain.local, when

             we were trying to reach SERVER2012.

             SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

             ......................... SERVER2012 failed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             Skip the test because the server is running DFSR.

             ......................... SERVER2012 passed test FrsEvent

                Additional Information:

                Error: 1355 (The specified domain either does not exist or could not be contacted.)

             A warning event occurred.  EventID: 0x80001780

                Time Generated: 02/15/2013   13:13:02

                Event String:

                The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.

                

                Additional Information:

                Object Category: msDFSR-LocalSettings

                Object DN: CN=DFSR-LocalSettings,CN=SERVER2012,OU=Domain Controllers,DC=domain,DC=local

                Error: 2 (The system cannot find the file specified.)

                Domain Controller: DC.domain.local

                Polling Cycle: 60

             A warning event occurred.  EventID: 0x80001A94

                Time Generated: 02/15/2013   13:13:02

                Event String:

                The DFS Replication service has detected that no connections are configured for replication group Domain System Volume. No data is being replicated for this replication group.

                

                Additional Information:

                Replication Group ID: FFA65A4B-49AD-4077-B422-C5CD2CFA9DFE

                Member ID: FE60DADC-58D5-4FEA-88E2-5BE85DE25A6B

             A warning event occurred.  EventID: 0x80001906

                Time Generated: 02/15/2013   13:13:03

                Event String:

                The DFS Replication service detected that the local path of a replicated folder (domain) in its database does not match the newly configured local path (C:\Windows\SYSVOL\domain) of the replicated folder. The service will replicate the new path, and the old replicated folder path in the database will no longer be tracked as a replicated folder. This event is expected if the local path of the replicated folder has been changed.

                

                Additional Information:

                Replicated Folder Name: SYSVOL Share

                Replicated Folder ID: 49350C90-8D54-4CA9-9654-071775CB06B4

                Replication Group Name: Domain System Volume

                Replication Group ID: FFA65A4B-49AD-4077-B422-C5CD2CFA9DFE

                Member ID: FE60DADC-58D5-4FEA-88E2-5BE85DE25A6B

             A warning event occurred.  EventID: 0x80001206

                Time Generated: 02/15/2013   13:13:03

                Event String:

                The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC.domain.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.

                

                Additional Information:

                Replicated Folder Name: SYSVOL Share

                Replicated Folder ID: 49350C90-8D54-4CA9-9654-071775CB06B4

                Replication Group Name: Domain System Volume

                Replication Group ID: FFA65A4B-49AD-4077-B422-C5CD2CFA9DFE

                Member ID: FE60DADC-58D5-4FEA-88E2-5BE85DE25A6B

                Read-Only: 0

             ......................... SERVER2012 failed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             The registry lookup failed to determine the state of the SYSVOL.  The

             error returned  was 0x0 "The operation completed successfully.".

             Check the FRS event log to see if the SYSVOL has successfully been

             shared.
             ......................... SERVER2012 passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             A warning event occurred.  EventID: 0x80000481

                Time Generated: 02/15/2013   13:10:58

                Event String:

                Internal event: The following schema class has a superclass that is not valid.

                

                Class identifier:

                1603306403

                Class name:

                msExchMobileVirtualDirectory

                Superclass identifier:

                1603306380

    Friday, February 15, 2013 12:21 PM
  • I have following differtent options like :

    http://www.virmansec.com/blogs/skhairuddin/archive/2010/06/19/how-to-force-an-authoritative-and-non-authoritative-synchronization-for-dfsr-replicated-sysvol.aspx

    Problem in the event-log of the WORKING DC :

    The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner . If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.

     

    Additional Information:

    Replicated Folder Name: SYSVOL Share

    Replicated Folder ID: 49350C90-8D54-4CA9-9654-071775CB06B4

    Replication Group Name: Domain System Volume

    Replication Group ID: FFA65A4B-49AD-4077-B422-C5CD2CFA9DFE

    Member ID: 5DAF423C-3AA8-427D-9C18-2505340A3F00

    Read-Only: 0

     

    I also installed a 3rd DC, but same problem with replication.

    How can i replicate this GPO/sysvol to the other DCs??

     

    Friday, February 15, 2013 1:40 PM
  • I also installed a 3rd DC, but same problem with replication.

    How can i replicate this GPO/sysvol to the other DCs??

    Please have a look at:

    http://support.microsoft.com/kb/2218556?wa=wsignin1.0



    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Friday, February 15, 2013 5:41 PM
  • It seems i fixed this by the procedures in my last post.

    After this all GPOs were gone.

    I restored the GPOs from a backup. After this i got some messages for every GPO about Security that needed to be restored.

    When i checked after this, the synchronization dit work for 3 DCs.

    What could cause this problem and how can i prevent this kind of issues?

    Thx

    Saturday, February 16, 2013 9:38 AM
  • Am 16.02.2013 10:38, schrieb Mvd12345:
    > What could cause this problem and how can i prevent this kind of issues?
     
    Get knowledge about DNS, AD, Sysvol. In this order ;-)
    (properly working DNS is essential for AD)
     
    SCNR...
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Wednesday, February 20, 2013 8:53 PM
  • Hello,

    yesterday I did have same problem as in this thread.

    This was happening after I created a new GPO.

    Last time this was the same issue.

    Why will this problem occur so many times and HOW can I prevent this problem?

    Thx

    Saturday, May 18, 2013 7:41 AM
  • Hi

    today same problem after creating a new GPO.

    Solved again by doing a demote/dcpromo en en non-authoritative and authoritative sync of the DC`s.

    What can I do to prevent this time-taking-issue?

    Thx

    Saturday, May 18, 2013 7:46 AM