none
SYSVOL particially not replicating on one DC

    Question

  • Hi All,

    I have two 2008 r2 domain controllers at functional level 2008 r2 on one domain. On DC2, SYSVOL_DFSR\Domain\Policies does not update folders when changes to group policies (on either server) are made. SYSVOL on DC2 then does not match up with the SYSVOL on DC1 where it does update. New folders are appearing in the SYSVOL of DC2 when new group policies are made and matches then with SYSVOL of DC1. AD users, groups etc are syncing fine, no issues there.

    FRS was being used but have moved to DFS-R. Have tried:

    - Running DFSRdiag syncnow but this made no difference.
    - Diagnostic Report in DFS Management, no errors
    - Running DCdiag all passed. SYSVOL warning noted, checked event viewer and the service stops communicating with partner every day at 1am then again 10 seconds connects afterwards.

    Any other things to try to diagnose what is causing this and to get the two sysvol folders synced again?

    Thursday, April 20, 2017 11:26 AM

Answers

  • You can perform a non-authoritative restore on the faulty DC. The procedure is described here: https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-for-dfsr-replicated-sysvol-like-d4-d2-for-frs

    Also, you can check that your DCs are in healthy state and that AD replication works properly or not using dcdiag and repadmin commands.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Sunday, April 23, 2017 12:34 AM
  • Thank you for your help all and sorry for the late reply.

    Unfortunately I was unable to try most of the solutions suggested as more problems appeared with the server. I'm sure that a non-authoritative restore would have work if the server did not become less reliable.

    Ultimately, I have decided to retire this server and create a new one in its place.

    Regards,

    Stephen

    • Marked as answer by Stephen Reeve Thursday, May 11, 2017 12:41 PM
    Thursday, May 11, 2017 12:40 PM

All replies

  • Hi Stephen,

    Post "ipconfig /all" and "dcdiag /q" of each DC.

    Ensure the followings on DCs-
     Each DC / DNS server points to its private IP address as primary DNS server and other internal DNS servers as secondary ones , can you check this config and update the logs from dcdiag?

    If it is major issue i would suggest performing for quick resolution is to carry out non-authoritative restore of the DC.

    Other thing to check is the permissions on the folder and match with DC1. 


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    Thursday, April 20, 2017 11:55 AM
  • Hi

     First of all check Dc's health and replication status..run "dcdiag" ,"repadmin /replsum"...

    Also you should check this article to force sync;

    https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-for-dfsr-replicated-sysvol-like-d4-d2-for-frs


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, April 20, 2017 2:39 PM
  • You can perform a non-authoritative restore on the faulty DC. The procedure is described here: https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-for-dfsr-replicated-sysvol-like-d4-d2-for-frs

    Also, you can check that your DCs are in healthy state and that AD replication works properly or not using dcdiag and repadmin commands.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Sunday, April 23, 2017 12:34 AM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Saturday, April 29, 2017 10:53 AM
    Moderator
  • Thank you for your help all and sorry for the late reply.

    Unfortunately I was unable to try most of the solutions suggested as more problems appeared with the server. I'm sure that a non-authoritative restore would have work if the server did not become less reliable.

    Ultimately, I have decided to retire this server and create a new one in its place.

    Regards,

    Stephen

    • Marked as answer by Stephen Reeve Thursday, May 11, 2017 12:41 PM
    Thursday, May 11, 2017 12:40 PM