none
Unable to accessed sysvol and netlogon folder on windows server 2016 and on windows server 2019 RRS feed

  • Question

  • Hi,

    We have two domain controllers, one is windows server 2012 (DC) and another is windows server 2008 R2 servers. we have installed and configured AD service on windows server 2019, but sysvol and netlogon folders not replicated on the same and not even shared it. 

    We also tried to accessed shared Sysvol and netlogon folders on windows server 2019 and 2016 (member servers) it showing "access is denied" and asking for credentials.

    but on other member servers it is accessible (windows server 2012 / 2008/ 2008 R2).

    Please help me to resolve this issue.

    thanks in advance !!!

     


    Regards, Prashant



    Wednesday, November 6, 2019 11:26 AM

Answers

All replies

  • You can follow along here to reinitialize.
    https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-fo

    https://support.microsoft.com/en-us/help/2958414/dfs-replication-how-to-troubleshoot-missing-sysvol-and-netlogon-shares

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Wednesday, November 6, 2019 1:27 PM
  • Hello,
    Thank you for posting in our TechNet forum.

    According to our description, we have two DCs(2012 and 2008 R2) in our domain /forest, but would you please tell us:

    1. What is our domain / forest functional level?

    2. According to "we have installed and configured AD service on windows server 2019, but sysvol and netlogon folders not replicated on the same and not even shared it.", do we mean we add another 2019 server to this domain, and promote this 2019 server as a domain controller, but we can not see the SYSVOL and Netlogon folders  and we can not access both folders on this 2019 DC ?


    If we want to add the 2019 DC to the domain, please troublehsoot as below:

    1. We can try to check if our domain / forest functional level is at least 2008;

    2. And check if our SYSVOL replication is DFSR.


    From the article Forest and Domain Functional Levels, we can see:

    The minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level. The domain also has to use DFS-R as the engine to replicate SYSVOL.





    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 7, 2019 5:32 AM
    Moderator
  • Hello,

    thanks for your reply...

    We have checked on AD server.. 

    ==> There is domain / forest functional level is windows server 2008 R2

    and 

    ==> SYSVOL replication is DFS-R


    Regards, Prashant

    Thursday, November 7, 2019 12:17 PM
  • I'd work through this one.

    https://support.microsoft.com/en-us/help/2958414/dfs-replication-how-to-troubleshoot-missing-sysvol-and-netlogon-shares

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, November 7, 2019 1:48 PM
  • Hi,

    To better understand our question, please confirm the following information:

    1. Would you please tell us 2016 and 2019 are domain controllers  or member servers in the 2008 R2 (2012) domain?

    2. What accounts do we use to logon the 2016 and 2019?

    3. How do we access shared Sysvol and netlogon folders on windows server 2019 and 2016? Would you please provide the screenshot?




    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 8, 2019 6:08 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 11, 2019 9:44 AM
    Moderator
  • Hi,

    One more thing we have observed that, when we trying to access SYSVOL folder using UNC path on windows server 2019 and on windows server 2016 servers, it is asking for username and password with error "Access is Denied", using domain administrator account.

    Windows server 2019 is Additional domain controller 

    windows server 2016 is member server.

    but apart from other OS, it is accessible and working fine.


    Regards, Prashant

    Tuesday, November 12, 2019 6:48 AM
  • Hi,
    Would you please check again the SYSVOL replication type is FRS or DFSR?

     
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState registry subkey. If this registry subkey exists and its value is set to 3 (ELIMINATED), DFSR is being used. If the subkey does not exist, or if it has a different value, FRS is being used.


    Meanwhile, can we run gpupdate /force command on DC 2019 and server 2016 successfully?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 13, 2019 10:40 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 15, 2019 5:42 AM
    Moderator
  • Hi,

    We have checked on above registry value it is 3 (ELIMINATED).

    please find the below GPO status.


    Regards, Prashant

    Friday, November 15, 2019 1:31 PM
  • Hi,
    We can try the method in this similar case.

    Access is Denied Message - Attemping to Access NETLOGON and SYSVOL

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/31c49a7b-49e0-4c1f-aa0c-9aa0d11e0f80/access-is-denied-message-attemping-to-access-netlogon-and-sysvol?forum=winserverGP




    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, November 18, 2019 7:35 AM
    Moderator
  • Hi,
    Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know. 

    Again thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 20, 2019 2:44 AM
    Moderator
  • Hi,

    We will be performing this activity on this weekend and will update you.


    Regards, Prashant

    Wednesday, November 20, 2019 11:54 AM
  • Hi,
    OK. Thank you for your update. I am looking forward to your reply.



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 21, 2019 5:33 AM
    Moderator
  • Hi Daisy,

    Thanks for your help!!!

    your given solution worked for me.

    In Group Policy needed to enable settings for Hardened UNC Paths to then disable UNC Hardening
    Computer -> Policies -> Administrative Templates -> Network -> Network Provider -> Hardened UNC Paths, enable the policy and click "Show" button.
    \\*\NETLOGON  RequireMutualAuthentication=0
    \\*\SYSVOL    RequireMutualAuthentication=0

    now sysvol and netlogon folders are accessible from windows server 2019 and on windows server 2016 servers.

    But still SYSVOL and NETLOGON shares missing from New Domain Controllers, which is windows server 2019.


    Regards, Prashant

    Thursday, November 21, 2019 1:59 PM
  • Hi,

    Concerning the SYSVOL and NETLOGON share you can fix it by following this solution:

    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate the following subkey in Registry Editor:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    3. In the details pane, right-click the SysvolReady flag, and then click Modify.
    4. In the Value data box, type 0, and then click OK.
    5. Again in the details pane, right-click the SysvolReady flag, and then click Modify.
    6. In the Value data box, type 1, and then click OK.

    Please don't forget to mark all helpful replies as anwser.


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/


    Thursday, November 21, 2019 11:26 PM
  • Hi,
    We can try to restart Netlogon service to check if SYSVOL and NETLOGON shares appear on 2019 DC.


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 22, 2019 9:59 AM
    Moderator
  • Hi Daisy and Thameur,

    Thanks for your help and support !!!

    All issues got resolved and now every thing is working smoothly.


    Regards, Prashant

    Friday, November 22, 2019 10:27 AM