none
Sysvol is not replicating between domain controllers

    Question

  • My environment consist of Two Windows 2008 R2 domain controllers with windows 2003 domain function level.

    Problem

    recently I have created GPO which is not replicating to other domain controller sysvol folder. but I can see other old GUID in sysvol folder.

    Checked Ad replication is working normally by creating user in one DC which is replicating to other DC.

    Try manual replication through sites and services found to be successfull.

    On both DCs run Repadmin /showrepl  result was success.

    Kindly suggest for the best solution...

    Wednesday, December 03, 2014 8:01 PM

Answers

  • > So i think i need to Do Non authoritative restore on DC1. So please need
     
    If DC1 holds all FSMOs, then do AUTHORITATIVE (D4) restore on DC1,
    afterwards nonauth (D2) restore on all other DCs.
     
    Otherwise, all changes to GPOs done since replication stopped will be
    lost, and all GPOs changed since then will have a version mismatch
    between AD and Sysvol.
     
    Downtime is minimal, can be done during business hours.
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Tuesday, December 09, 2014 12:33 PM

All replies

  • Hi,   

    Based on the description, you can check FRS logs under Applications and Services Logs in Event Viewer on both domain controllers to see if there were some error events.

    Besides, you can try to reinitialize FRS replication to see if it helps. To do this, if one DC is healthy and the other DC is in trouble, you can try to do a non-authoritative restore (D2) for Sysvol on the troubled DC. However, if both DCs are in trouble, you can try to do an authoritative restore (D4) for Sysvol on one DC first and then do a non-authoritative restore for Sysvol on the other DC.

    For step-to-step guide of how to perform an authoritative or non-authoritative restore for FRS replicated Sysvol, the following article can be referred to as reference.

    Using the BurFlags registry key to reinitialize File Replication Service replica sets

    http://support.microsoft.com/kb/290762

    Best Regards,

    Erin

    Thursday, December 04, 2014 10:13 AM
    Moderator
  • Hi Erin,

    Thanks for valuable feedback..

    I found that the domain controller which is holding all roles is having issue... It is not allowing replication of SYSvol folder to other domain controller...

    Today i tested by creating test GP on both domain controller and try to access vice versa...ie the policy which i created on DC1 is not able to access from Dc2. It shows path not found. Same thing when i access the GP from DC1 which was created on DC2 shows path not found.

    The thing is when i create a new policy its can be seen in DC1 SYSVOL folder. but not in DC2 SYSvol folder.

    So i think if i am not wrong  i need to Do Non authoritative restore on DC1. So please need to know what are the precaution and procedure to follow with out downtime to have healthy SYSVOL replication between domain controllers.


    • Edited by champ2012 Monday, December 08, 2014 8:26 PM
    Monday, December 08, 2014 7:57 PM
  • > So i think i need to Do Non authoritative restore on DC1. So please need
     
    If DC1 holds all FSMOs, then do AUTHORITATIVE (D4) restore on DC1,
    afterwards nonauth (D2) restore on all other DCs.
     
    Otherwise, all changes to GPOs done since replication stopped will be
    lost, and all GPOs changed since then will have a version mismatch
    between AD and Sysvol.
     
    Downtime is minimal, can be done during business hours.
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Tuesday, December 09, 2014 12:33 PM