locked
Group Policy is not sync up from one domain controller to other. RRS feed

  • Question

  • Hello,

    When I have configured a GPO and ran a gpupdate from a client machine, The gpo policy has not applied some of client machines. Once I have troubleshooted the issue, I have found out there is a event ids, 13568 and 13562 in file replication service event logs. whatever machines that have doing the authentication through primary domain controller will applied the  policy successfully.

    Please refer below errors on issued machine (secondary machine):

    error (Event ID 13568)

    The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. 
     
     Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" 
     Replica root path is   : "c:\windows\sysvol\domain" 
     Replica root volume is : "\\.\C:" 
     A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons. 
     
     [1] Volume "\\.\C:" has been formatted. 
     [2] The NTFS USN journal on volume "\\.\C:" has been deleted. 
     [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal. 
     [4] File Replication Service was not running on this computer for a long time. 
     [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:". 
     Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state. 
     [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service. 
     [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set. 
     
    WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again. 
     
    To change this registry parameter, run regedit. 
     
    Click on Start, Run and type regedit. 
     
    Expand HKEY_LOCAL_MACHINE. 
    Click down the key path: 
       "System\CurrentControlSet\Services\NtFrs\Parameters" 
    Double click on the value name 
       "Enable Journal Wrap Automatic Restore" 
    and update the value. 
     
    If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

    warning (Event ID 13562)

    Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller xxxDCAD02.xxx.LOCAL for FRS replica set configuration information. 
     
     The nTDSConnection object cn=f408be37-6bee-4d63-9c78-df737c7c5d6d,cn=ntds settings,cn=perwspad01,cn=servers,cn=wa-westperth,cn=sites,cn=configuration,dc=poags,dc=local is conflicting with cn=qubedcad01,cn=ntds settings,cn=perwspad01,cn=servers,cn=wa-westperth,cn=sites,cn=configuration,dc=poags,dc=local. Using cn=f408be37-6bee-4d63-9c78-df737c7c5d6d,cn=ntds settings,cn=perwspad01,cn=servers,cn=wa-westperth,cn=sites,cn=configuration,dc=poags,dc=local

     

    Below warning on Primary domain controller:

    warning (Event ID 13508).


    The File Replication Service is having trouble enabling replication from xxxDCAD02 to xxxDCAD01 for c:\windows\sysvol\domain using the DNS name xxxDCAD02.xxx.LOCAL. FRS will keep retrying. 
     Following are some of the reasons you would see this warning. 

     [1] FRS can not correctly resolve the DNS name xxxDCAD02.xxx.LOCAL from this computer. 
     [2] FRS is not running on xxxDCAD02.xxx.LOCAL. 
     [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. 

     This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    Please refer below screenshot from client machine which has failed.

    Thanks,

    Dilan

      


    • Edited by Dilanmic Friday, July 10, 2020 7:24 AM cccc
    Friday, July 10, 2020 4:23 AM

Answers

All replies

  • Hi,

    Thank you for posting in our forum.

    This is more likely to be an FRS database issue (or, if you have already upgraded your sysvol replication to DFSR, a DFSR database issue) than a DNS issue (as normal replicaton is working fine).

    If this is the case, you should get an frsevent error in your DCDIAG and some warnings/errors in the FRS log with ID 13508 stating that the connection between DCs has been stopped (and none with 13509 stating that the connection has been restored).

    If you're lucky, a restart of the frs service ( on the out of date server will do the trick, otherwise you'll need to do an authoritative restore: https://support.microsoft.com/en-us/help/290762/using-the-burflags-registry-key-to-reinitialize-file...

    If you are using DFSR in stead of FRS, the idea is the same: http://windowsitpro.com/windows-server-2012/fixing-broken-sysvol-replication

    Hope this information can help you

    Best wishes
    Vicky


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 10, 2020 8:15 AM
    • Marked as answer by Dilanmic Tuesday, July 14, 2020 5:16 PM
    Tuesday, July 14, 2020 5:16 PM
  • Hi,<o:p></o:p>

    I am glad to hear that your issue was successfully resolved.<o:p></o:p>

    If there is anything else we can do for you, please feel free to post in the forum.<o:p></o:p>

    Have a nice day!


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 16, 2020 9:31 AM
  • Hi ,

    I am glad to hear that your issue was successfully resolved.

    If there is anything else we can do for you, please feel free to post in the forum.

    Have a nice day!


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 22, 2020 9:29 AM