none
GPO replication - Sysvol Inaccessible

    Question

  • I hope someone can help me with a GPO replication issue I seem to be having. Unsure of the cause. I have seen many blog posts, other people having the same or similar issue as I have. Unfortunately, none of the solutions seem to help me in my situation.

    My Sysvol replication is using DFSR. DNS seems to be ok. Sysvol replication is also ok based on the DFSR reports. But for some reason GPOs cannot replicate to other DCs. In the status of the GPO Sysvol is ‘Inaccessible’.

    Forest and domain levels are Windows 2008 R2. DCs are a mix of Windows 2008 R2 and Windows 2012/R2.

    Thursday, January 21, 2016 3:44 PM

Answers

  • Looks like I finally figured out what was going on with me GPO issues. Turns out after my FRS to DFSR migration, the primary DC no longer became authoritative. Looks like by default, DFSR does not have the same authoritative mechanics the FRS had. I had to manually set DFSR to authoritative on my primary DC.

    I did some research and found a blog post by one Jack Stromberg, who does a complete outline of how to solve the issue. His post can be found here:

    http://jackstromberg.com/2014/07/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr/

    His post is a full set by set of the Microsoft version found here:

    https://support.microsoft.com/en-ca/kb/2218556

    Now I did get a bit of a different result than he did. I also received an Event ID 2213 in the DFS Replication events. Basically one of the WMI classes caused a hang up in the replication. There was a supplied command in the event to get this moving and resume the replication. Once the command was run, replication kicked off across all DC.

    https://support.microsoft.com/en-ca/kb/2846759

    All GPO/Sysvol replication issues cleared up.

    • Marked as answer by Joseph Yedid Wednesday, April 13, 2016 7:22 PM
    Wednesday, April 13, 2016 7:22 PM

All replies

  • GPOs are edited on the PDC emulator. I would start by reading the logs on that server.

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Thursday, January 21, 2016 5:55 PM
  • Event viewer logs are clean. Nothing on the DC about replication issues. This DC is my role holder with all the FSMOroles.
    Thursday, January 21, 2016 6:29 PM
  • Hi Joseph,

    We are experiencing the exact same issue.  Not sure when this started but yesterday we created a new GPO and found that replication is not happening.

    Try to run dcdiag.exe /a on one of your DCs and see if there are any errors.

    We are still researching the issue but we came across this article and this guy's symptoms are almost identical to what we are experiencing. 

    Full disclosure: We have not tried these out yet but it looks promising.

    http://rakhesh.com/windows/gpo-errors-due-to-sysvol-replication-issues/

    Thanks,

    Jerry


    JerrySanchez

    Wednesday, January 27, 2016 9:13 PM
  • Looks like I finally figured out what was going on with me GPO issues. Turns out after my FRS to DFSR migration, the primary DC no longer became authoritative. Looks like by default, DFSR does not have the same authoritative mechanics the FRS had. I had to manually set DFSR to authoritative on my primary DC.

    I did some research and found a blog post by one Jack Stromberg, who does a complete outline of how to solve the issue. His post can be found here:

    http://jackstromberg.com/2014/07/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr/

    His post is a full set by set of the Microsoft version found here:

    https://support.microsoft.com/en-ca/kb/2218556

    Now I did get a bit of a different result than he did. I also received an Event ID 2213 in the DFS Replication events. Basically one of the WMI classes caused a hang up in the replication. There was a supplied command in the event to get this moving and resume the replication. Once the command was run, replication kicked off across all DC.

    https://support.microsoft.com/en-ca/kb/2846759

    All GPO/Sysvol replication issues cleared up.

    • Marked as answer by Joseph Yedid Wednesday, April 13, 2016 7:22 PM
    Wednesday, April 13, 2016 7:22 PM