Remove From My Forums

Server 2016 Standard not syncing Group Policy with SBS2011.

Pergunta
0

Entrar para Votar

I have run into an issue when migrating from SBS2011 to server 2016. Group Policy is not replicating correctly. On the SBS box we are getting “There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.” On Server 2016 we are getting 1 Domain controller with replication in process but, it has been several days and Group Policy is not replicating. We are also getting “The SysVol Permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the Baseline domain controller. We have tried to reinitialize file replication and nothing has changed. Just can’t seem to get these two servers to communicate correctly. Any help or suggestions would be greatly appreciated.

Jack

Jack - IT Portfolio

segunda-feira, 11 de novembro de 2019 21:03

Responder

|

Citação

Todas as Respostas

0

Entrar para Votar
Please run;

Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt

then put unzipped text files up on OneDrive and share a link.

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
segunda-feira, 11 de novembro de 2019 21:38

Responder

|

Citação
0

Entrar para Votar

Hi Dave,

Ran all commands on both servers - the files are here:

https://1drv.ms/u/s!ApqAg0yT4UUcaxK8mnC0NMcT9Eg?e=gE6Xl0

Thanks.

Jack
Jack - IT Portfolio

terça-feira, 12 de novembro de 2019 13:08

Responder

|

Citação
0

Entrar para Votar
On SBS2011 add 127.0.0.1, 192.168.1.15 listed for DNS on own connection properties.
On Bidell2016 add 127.0.0.1, 192.168.1.15 listed for DNS on own connection properties.
There's some confusion in that dcdiag on SBS reports that DFSR is being used for sysvol replication whereas 2016 reports that FRS is being used for sysvol replication. Can you confirm the DFSR or FRS services running / stopped on both?

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
terça-feira, 12 de novembro de 2019 14:33

Responder

|

Citação
0

Entrar para Votar

We've made the DNS changes, also both services (DFRS and FRS) are running on both servers. Still shows Group Policy not replicating - I ran the DCdiag and repadmin on both systems and posted the files:

https://1drv.ms/u/s!ApqAg0yT4UUcaxK8mnC0NMcT9Eg?e=pvljoQ
Jack - IT Portfolio

terça-feira, 12 de novembro de 2019 19:55

Responder

|

Citação
0

Entrar para Votar

Can you confirm the msDFSR-Flags value on both?

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

terça-feira, 12 de novembro de 2019 20:13

Responder

|

Citação
0

Entrar para Votar

Interesting - neither server shows a CN=DFSR-GlobalSettings entry under CN=System. Is there something I need to do to have it show?
Jack - IT Portfolio

terça-feira, 12 de novembro de 2019 21:00

Responder

|

Citação
0

Entrar para Votar

No, it will be there regardless. If value is 48 then using DFSR, if null or 0, 16, 32 then FRS or some state of migration from FRS. Just trying to confirm which is used for sysvol. File Replication service (NtFrs) would / should have been disabled had the migration been done. DFS Replication service (DFSR) would not be running unless; 1.) migration had been completed, 2.) OR if also happened to have some DFS namespace configuration.

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

terça-feira, 12 de novembro de 2019 21:13

Responder

|

Citação
0

Entrar para Votar

This is what I get on both systems:

Jack - IT Portfolio

terça-feira, 12 de novembro de 2019 21:24

Responder

|

Citação
0

Entrar para Votar
You didn't answer about any DFS namespace configuration?

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
- Editado Dave PatrickMVP terça-feira, 12 de novembro de 2019 23:06
terça-feira, 12 de novembro de 2019 21:40

Responder

|

Citação
0

Entrar para Votar

No - DFS Namespaces was not configured during the initial setup. I'm assuming it needs to be added?
Jack - IT Portfolio

terça-feira, 12 de novembro de 2019 23:20

Responder

|

Citação
0

Entrar para Votar

No, it doesn't work like that. At some later point you can migrate sysvol replication from older FRS technology to DFSR but not at this time since health is poor. Roles are still held by SBS, so I'd suggest demoting the 2016 then work to get health on SBS to 100%. After demoting 2016 I'd set the DFS service on SBS to Manual, FRS should be Automatic. Then after reboot check system event log is clear of any errors, then put up a new set of files to look at.

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

terça-feira, 12 de novembro de 2019 23:29

Responder

|

Citação
0

Entrar para Votar

Hi,

How is your situation now ?

If you have demote the 2016 already , you can refer to the following third-party link for how to migrate a SBS2011 to server 2016.

https://windowsserveressentials.com/2017/03/28/migrate-sbs-2011-standard-to-windows-server-2016/

Or you have any updates,please share here!

Best Regards,

Fan

Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

quarta-feira, 13 de novembro de 2019 03:23

Responder

|

Citação
0

Entrar para Votar

Hi Fan,

Unfortunately we cannot demote the server at this time as it's in production. The issue we have with Group policy not syncing is related to folder redirection - whenever we reset the redirection to point to the 2016 server it still defaults back to the SBS2011 box. At this time we're looking for any other solutions to the issue. Thanks.

Jack
Jack - IT Portfolio

quarta-feira, 13 de novembro de 2019 13:12

Responder

|

Citação
0

Entrar para Votar
The sysvol replication problem is due to the fact one server believes DFS is used while other thinks FRS is used. The technologies are not compatible. There really is no other solution. The domain health was apparently not checked before the 2016 was introduced causing the problem. The safer / cleaner solution is to back it up (demote 2016) then do the necessary cleanup to bring SBS health to 100%, then bring in the new 2016 domain controller, then move on with migration.

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
- Editado Dave PatrickMVP quarta-feira, 13 de novembro de 2019 17:39
- Sugerido como Resposta flingminMicrosoft contingent staff quarta-feira, 20 de novembro de 2019 07:04
quarta-feira, 13 de novembro de 2019 14:04

Responder

|

Citação
0

Entrar para Votar

Hi,

I'm agreed with Dave, the problem is the sysvol can't replicate with each other. No matter how you reset the folder redirection , it won't apply.

I would recommend you focus on this first.

Best Regards,

Fan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

quinta-feira, 14 de novembro de 2019 01:41

Responder

|

Citação
0

Entrar para Votar

Hi,

Welcome to share your current situation.

Please feel free to let us know if you need further assistance.

Best Regards,

Fan

Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

segunda-feira, 18 de novembro de 2019 09:25

Responder

|

Citação