none
Problem with GPO replication

    Question

  • Hi

    I have problem with replication of the domain controllers, precisely with Group Policy replication.

    In my network, I have two domain controller Windows Server 2012 (non R2)  and all this time, they are working without any noticeable problems. If I check the replication via CMD with “repadmin /sysprep” or via AD Sites and Services, everything works fine. I receive message of successful replication without no errors.

    But, from several months ago, I notice, when I make “gpupdate / force” on some client machines, I receive an error for some replication issues and should check some Group Policy with very long name, something like {24564….).

    I did investigate this issue and I notice that when I create and configure new Group Police, the information of the creation of this GPO is replicated to the other Domain Controller, bun not along with the folder {23564…} who contain the whole information of that GPO.

    For example, this is the information from the second Domain Controller:


    Then I did some manual stuff. I copied and paste the whole folder form “C:\Windows\SYSVOL\sysvol\<domain name>\” from the main DC and pasted to the second DC into the same folder. After that if I click on the GPO on the second DC, I have this notification:


     

    After clicking on OK, ”manual replication” is ok, but I will need to do on every bad GPOs.

    Also, if I select the domain tree in GP Management, from my desktop computer, connected to any of the DCs, I have this information and is not changing:


     

    Or from both DCs:


     

    The next picture is from other company, where this replication works fine:

    Someone...?

    Best regards.


    Aleksandar B. MCITP/MCSA

    • Moved by Amy Wang_Moderator Friday, January 20, 2017 1:57 AM DS related from Windows Server 2012 General Forum
    Thursday, January 19, 2017 3:20 PM

Answers

  • Hi AleksanderB,

    DFS Replication state: 5 = In Error, so seems DFS replication is not functioning. Please check DFS Replication log on each domain controllers to see any warnings/errors (or event 2213 meaning DFS is paused).

    Regards,

    Michael


    • Edited by MF47 Friday, January 20, 2017 7:38 AM
    • Marked as answer by AleksandarB Friday, January 20, 2017 11:32 AM
    Friday, January 20, 2017 7:38 AM
  • Hi MF47,
    Your guidance was very helpful. Thank you.
    Also I find this post:
    http://jackstromberg.com/2014/07/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr/
    which ultimately help me to resolve my issue.

    Best regards.

    Aleksandar B. MCITP/MCSA

    • Marked as answer by AleksandarB Friday, January 20, 2017 11:33 AM
    Friday, January 20, 2017 11:32 AM

All replies

  • Hi AleksandarB,

    Please check your DFS service.

    https://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx

    https://support.microsoft.com/ru-ru/help/2958414/dfs-replication-how-to-troubleshoot-missing-sysvol-and-netlogon-shares

    Regards,

    Michael

    Thursday, January 19, 2017 5:37 PM
  • Thanks for quick replay.

    Ok, I did first steps to check status and I have next results:

     

    -          Check for the SYSVOL share:


     

    -          Check DFS Replication state:


    -      Probably, here I have a problem?

    Check the Content Freshness configuration:


     

    -          To query all domain controllers in the domain:


     


    SYSVOL and NETLOGON shares are in place and accessible.

    Other results, I’m not sure what they mean.


    Aleksandar B. MCITP/MCSA

    Thursday, January 19, 2017 7:18 PM
  • Hi AleksanderB,

    DFS Replication state: 5 = In Error, so seems DFS replication is not functioning. Please check DFS Replication log on each domain controllers to see any warnings/errors (or event 2213 meaning DFS is paused).

    Regards,

    Michael


    • Edited by MF47 Friday, January 20, 2017 7:38 AM
    • Marked as answer by AleksandarB Friday, January 20, 2017 11:32 AM
    Friday, January 20, 2017 7:38 AM
  • Thanks, step forward.

     

    Yes, I have Warning 2213. I run the suggested command:

    wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="D2D1314A-C977-11E2-93E8-806E6F6E6963" call ResumeReplication

    Now the both servers are in state 5.

     

    Also now I have error 4012:

    The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 162 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.

     

    To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.

     

    Additional Information:

    Error: 9061 (The replicated folder has been offline for too long.)

    Replicated Folder Name: SYSVOL Share

    Replicated Folder ID: DA74EDBD-5E8E-45A7-8182-94E0F1D57FD9

    Replication Group Name: Domain System Volume

    Replication Group ID: 195D430A-8DC6-450F-B78C-851300FA88EC

    Member ID: 1DD56F29-9BA6-45EB-A358-4E6A5ABE6DB1

    What next? I can’t find something specific to try.


    Aleksandar B. MCITP/MCSA

    Friday, January 20, 2017 8:36 AM
  • Hi MF47,
    Your guidance was very helpful. Thank you.
    Also I find this post:
    http://jackstromberg.com/2014/07/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr/
    which ultimately help me to resolve my issue.

    Best regards.

    Aleksandar B. MCITP/MCSA

    • Marked as answer by AleksandarB Friday, January 20, 2017 11:33 AM
    Friday, January 20, 2017 11:32 AM
  • Hi AlexandarB,

    Happy to know the issue has been resolved! You are always welcome!

    Thank you for posting the article - I'm sure it'll be of great interest for IT folks (including myself)!

    Regards,

    Michael


    • Edited by MF47 Friday, January 20, 2017 1:27 PM
    Friday, January 20, 2017 1:26 PM