none
SYSVOL folders inconsistency among DC, dfsr service is running but replication is being stopped. Also dns registration of gc_msdcs.DOMAIN 600 IN A IP Failed.

    Question

  • Hi,

    I am currently getting 3 errors that I believe are interlinked. We have 6 DC's with Windows Server 2012 and all 5 DC's have one to one relationship in terms of Site Links to DC1.

    Whenever I apply Group Policy Update I get the error 1058:

    The Processing of Group Policy failed. Windows attempted to read the file \\Domain\sysvol\domainfolder\Policies\{GUID}\gpt.ini

    I am also getting ERROR 5774 Netlogon:

    The Dynamic Registration of DNS record 'gc._msdcs.DomainName' 600 IN A #IPAddress failed on the following DNS Server:

    #DNS_IP

    RETURNED RESPONSE CODE (RCODE) 5

    RETURNED STATUS CODE: 9017

    For the first Error I have tested the SYSVOL folders and I have found that DC1 SYSVOL updated GPO's didn't get replicated to other DC's. Some of these GPO's have been deleted whose GUID folders are still seen in DC2-6. 2 new GPO's created in DC1 are missing in DC2-6.

    I ran dcdiag test:connectivity, dcdiag test:replication, checked the site links properties made sure they are bridged, ran repadmin and they all have returned positive results.

    I am thinking to manually copy the Updated SYSVOL folders to the remaining DC's but I am not sure if there is a better way to make sure DC1 pushes out updated Group Policy settings.

    In regards to the second error I have checked my "master" DNS records and I see DNS record for each site:

    dc._msdcs.DOMAIN.

    Service: ldap

    Point to Server: DC#.DomainName.

    I am not sure why this error is still generating.

    If someone can help me out I would really appreciate it. 

    Thank you

    Friday, January 30, 2015 5:07 PM

Answers

  • > The Processing of Group Policy failed. Windows attempted to read the
    > file \\Domain\sysvol\domainfolder\Policies\{GUID}\gpt.ini
     
    Sysvol replication is broken. Possibly due to...
     
    > The Dynamic Registration of DNS record 'gc._msdcs.DomainName' 600 IN A
    > #IPAddress failed on the following DNS Server:
    > RETURNED RESPONSE CODE (RCODE) 5
     
    ...maybe a broken secure channel password, so this DC cannot
    authenticate neither with himself or any other DC.
     
    If you can logon to the affected DC as an administrator:
     
    netdom resetpwd /server:<working-DC> /userd:<DomainAdmin>
    /passwordd:<guess what :)>
     
    Anyway: Check DFSR eventlogs for possible other causes for broken
    repliaction.
     
    BTW: dcdiag replication only checks AD replication, not Sysvol.
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Monday, February 02, 2015 8:34 AM