none
SYSVOL version not available in all GPO

    Question

  • This GPO issue has me stumped.  About a month ago we deployed a new DC.  From the start, there were DFSR issues that showed up in group policy.  After working through those, several non-authoritative, and authoritative restores, other GP issues popped up. We decided to remove the new domain controller and removed it gracefully, but are still having GPO issues.  After working through several, I am down to the following:

    This is showing on all three DC's:

    EventID 8194 The client-side extension could not apply computer policy settings for 'Enable Client Failback {2454597A-4DDE-4B73-A178-26475A8993EA}' because it failed with error code '0x80070002 The system cannot find the file specified.' See trace file for more details.

    All GPO's are are showing an AD version, and "Not Available" for SYSVOL.

    No GPO's are being applied to users.  

    I have done a dcdiag, run tests on DFSR, and disabled Client Failback. All the results say everything is working.  

    I am at a loss of what to try next.  If anyone has any ideas, they would be greatly appreciated.

    Tuesday, April 18, 2017 6:09 PM

All replies

  • Hi,
    As you have removed a DC, please do a metadata cleanup of that DC: https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
    Then please run the following tools on each domain controller to see if we could get more information to help troubleshooting the problem.
    -> DCDIAG /V /C /D /E /s: dcname > c:\dcdiag.log , 
    -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, April 19, 2017 9:51 AM
    Moderator
  • > All GPO's are are showing an AD version, and "Not Available" for SYSVOL.
     
    Are the Sysvol folders for these GPOs present? Is sysvol shared on all DCs?
     
    Wednesday, April 19, 2017 10:39 AM
  • I have performed the metadata cleanup for the DC that was de-promoted.  Below is a link to a OneDrive folder with the files.  Domain names have been renamed in these files.

    https://1drv.ms/f/s!AoEZgezm_zt_gTQRhO5ZYj8AuJfG

    Thanks for your feedback.

    Steve

    Wednesday, April 19, 2017 8:50 PM
  • The folders are present, and replicated between all of the DC's.
    Wednesday, April 19, 2017 8:51 PM
  • Hi,
    According to the error 9036 in the dcdiag result, please check if DFSR service is running well on computers, and check if another NIC is turned on in the DC, I have seen that a similar issue was caused by it.
    And check into the hotfixes listed here:  http://support.microsoft.com/kb/968429, to see if it works.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 24, 2017 1:55 AM
    Moderator
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 04, 2017 9:19 AM
    Moderator