none
WS2012R2 with WS2016 Configure automatic updates GPO not working

    Question

  • Hi,

    Today while testing an automatic update policy for my server in my lab I have encountered a strange error and after 4 hours of troubleshooting I decided to describe the situation here.

    Lab: Vmware workstation 12

    Server1 (2012R2): 192.168.214.2

    Server2 (2016 Datacenter eval): 192.168.214.4

    WS2016 version: Build 14393.rs1_release.160715-1616

    Machines NOT patched.

    Vmware network settings:

    Both static IP's; are pingable.

    GPO setting: Configure automatic updates:

    When I do repadmin /syncall, I get no errors.

    When doing gpupdate /force on WS2016 I get the following error:

    Computer policy could not be updated successfully. The following errors were encountered:

    The processing of Group Policy failed. Windows attempted to read the file \\xyz.local.com\SysVol\xyz.local.com\Policies\{ACF5D61B-25E0-4FAF-A416-7F1D843BA6A6}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.
    User Policy update has completed successfully.

    Also I get this error on WS2016 VM:

    I am applying the test GPO to Domain Controllers OU:

    I already have one GPO called "Lockup" and when I remove the "faulty" S GPO it all returns to normal, I have to add that i have to restart the 2016 vm in order for "S" to disappear, when I remove it on my 2012r2 vm, it will not replicate.

    Sysvol are ofcourse different, 2016 vm is missing this policy.

    Also this wont go away on both Vm's:

    gpresult shows Event ID 7017 and 1058.

    Thank you,

    Monday, November 7, 2016 1:30 PM

Answers

All replies

  • > When I do repadmin /syncall, I get no errors.
     
    Repadmin only deals with Active Directory replication - it does not know
    anything about FRS or DFSR.
     
    > \\xyz.local.com\SysVol\xyz.local.com\Policies\{ACF5D61B-25E0-4FAF-A416-7F1D843BA6A6}\gpt.ini
     
    Sysvol replication is broken. Repair it :)
     
     
    • Marked as answer by Tonito Dux Monday, November 7, 2016 3:41 PM
    Monday, November 7, 2016 1:59 PM
  • Hi Martin,

    So I am mixing apples and oranges - very nice!

    will try your links and report back,

    Thank you,

    Monday, November 7, 2016 2:03 PM
  • > So I am mixing apples and oranges - very nice!
     
    Nah - I never understood why there's no "one stop replication check" :)
     
    Monday, November 7, 2016 2:24 PM
  • Hi,

    happy to report that I followed the DFRS part D4 and successfully resolved the issue.

    It is worth mentioning that on the last step 12: Run the following command from an elevated command prompt on all non-authoritative DCs (i.e. all but the formerly authoritative one):

    DFSRDIAG POLLAD

    the command doest not work on WS2016, probably it has been deprecated, but even without this step the provided instructions work.

    Thank you very much for you fast answer, much appreicated.

    Monday, November 7, 2016 3:45 PM
  • Hi,
    Appreciate your update and share. It will be greatly helpful to others who have the same problem. Thank you for your effort again.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, November 8, 2016 5:28 AM
    Moderator