2012 R2 - One server not applying two updates. Lists AD / SYSVOL Version Mismatch


  • So we have a bunch of servers running 2012 R2.  On 1 or 2 of them I have a certain GPO that isn't applying.  The specific one I'm having trouble with is our SNMP settings.  The base settings applied but then we updated the GPO to add in an additional IP address.  Most servers pulled it down fine but 1 or 2 did not.  Tried gpupdate /force and normal things and just can't get it to apply.

    I can the gpresult /h and in the html file it says:

    The following GPOs have special alerts
    Default Domain Policy - AD / SYSVOL Version Mismatch
    SNMP - AD / SYSVOL Version Mismatch

    The only info I found on that error talks about a particular patch but we already have that patch installed.  The change was put in over a week ago and is still not flowing to just these specific machines.

    Anyone have any idea how I can figure out what the problem is?  They are production machines so I can't reboot them until Saturday night when we are scheduled to do the Feb Patches anyway.  I don't know if that will help or not so if there's something else I can check in the meantime, that'd be great.


    Wednesday, February 25, 2015 2:49 PM


All replies

  • Can you install the below two hotfixes?



    Wednesday, February 25, 2015 3:55 PM
  • > Default Domain Policy - AD / SYSVOL Version Mismatch
    > SNMP - AD / SYSVOL Version Mismatch
    Sysvol replication is broken. Go check NTFRS or DFSR eventlogs then take
    appropriate action ("D2 D4 restore")


    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Wednesday, February 25, 2015 4:11 PM
  • Any update on the issue?



    Thursday, March 05, 2015 2:55 PM
  • Quick note on this issue:

    I was running RSOP against a user and server other than the local server, and the error would not go away,  I tried installing the patches and rollups on the DC I was seeing the error on.   Since these were already installed I tried installing them from the stand alone download.

    They complained about already being installed, so I was relegated to doing more research.

    After some time, and while chasing a separate issue on the other server, I noticed that the updates on THAT SERVER were not up to date.   I ran into issues updating due to corruption (another story altogether), but with the help of Microsoft Support, I was able to get THAT SERVER updated.

    I went back to troubleshooting the AD / Sysvol error, starting from scratch...trying to install the patches that were already installed...etc.

    Just for grins and giggles, I re-ran the RSOP against the original user and the other server and viola, the error is gone.

    Longer story than it needed to be, I know, but this leads me to believe that the error is NOT on the DC to DC but an issue with the server your running RSOP against.   I am not positive that this is actually the case, but this may help someone out.   So if anyone can test and/or verify this please post.

    Supreme executive power is derived from a mandate from the masses, not from some farcical aquatic ceremony. -- Dennis the peasant Les Waggoner WCC Internet Technologies

    Thursday, March 26, 2015 6:31 PM