none
Server 2012 SYSVOL Non-Authoritative restore on an RODC

    Question

  • Hi,

    so we have 4 normal DC's, two in each datacenter. One DC in each datacenter pushes out to an RODC 

    Writeable:

    DC01

    DC02 --> RODC DC05

    DC03 --> RODC DC06

    DC04

    The DFSR Database stopped working on RODC DC05 which i resolved, but the database had been offline for over 60 days which means replication is no longer working on this RODC:

    Log Name:      DFS Replication
    Source:        DFSR
    Date:          30/01/2017 11:40:24
    Event ID:      4012
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      DC05
    Description:
    The DFS Replication service stopped replication on the folder with the following local path: G:\windows\SYSVOL\domain. This server has been disconnected from other partners for 61 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected. 
     
    To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group. 
     
    Additional Information: 
    Error: 9061 (The replicated folder has been offline for too long.) 
    Replicated Folder Name: SYSVOL Share 
    Replicated Folder ID: 2DED4FC4-48B3-4DA4-B2CE-96D2DB6A3E6B 
    Replication Group Name: Domain System Volume 
    Replication Group ID: F6325288-9B34-4D3E-AC54-8C0D44A69F44 
    Member ID: ACB17D86-9727-4D95-959A-9B120B6C9F4D

    I know the Non-authoritative restore process, but it doesn't seem to work correctly in terms of fixing for an RODC.

    https://www.experts-exchange.com/articles/17360/Active-Directory-DFSR-Sysvol-Authoritative-and-Non-Authoritative-Restore-Sequence.html 

    the ADSIedit part to connect to the default naming context connects me to the writeable DC - DC02, not to DC05.

    Does anyone have the correct process to fix DFSR replication on an RODC??


    MCSA Server 2012/2008 MCITP Exchange 2010

    Monday, January 30, 2017 12:48 PM

Answers

  • Fixed.

    as content was only 1 day over the 60 day limit I changed the MaxOfflineTimeInDays=62 on the broken RODC:

    wmic.exe /namespace:\\root\microsoftdfs path DfsrMachineConfig set MaxOfflineTimeInDays=62

    Restarted the DFSR service and the writable domain controller pushed out all updates.

    I ran the status check button in GPMC and confirmed all DC's were upto date and in sync.

    Tomorrow, I will revert back to 60 days MaxOfflineTimeInDays once I know its had 24 hours to update. 

    I would still like to know if theres an official documented process for RODC's with regards to broken DFSR sysvol, or whether you can simply modify the MaxOfflineTimeInDays to any value and as its a read-only copy, the writableDC will update the RODC correctly?


    MCSA Server 2012/2008 MCITP Exchange 2010


    • Marked as answer by Guyver-1 Monday, January 30, 2017 1:22 PM
    • Edited by Guyver-1 Monday, January 30, 2017 1:29 PM grammar
    Monday, January 30, 2017 1:21 PM