jongrew
asked on
Group Policy Update Failed
Can anyone advise me how to resolve the issue below?
I have three DC's,
Server1 - Windows Server 2003 Standard Edition Service Pack 2 (also old Exchange server)
Server4 - Windows Server 2003 R2 Service Pack 2
Server6 - Windows Server 2008 Standard Service Pack 2 64bit (also new Exchange server but not a GC server)
I have recently DCPromo'd Server6 and transferred all FSMO roles to it as we will be soon be introducing remote site RODC's and I was advised this should be done before hand.
On Server6 (windows 2008) I have an event log full of Event ID:1058 Group Policy.
If I run gpupdate /force on Server1 and Server4 bot USer and Computer policeis complete successfully.
If I run gpupdate /force on Server6 it just returns the errors below.
Server6 error...
Log Name: System
Source: Microsoft-Windows-GroupPol
Date: 4/20/2011 12:23:37 PM
Event ID: 1058
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: server6.mydomain.org.uk.lo
Description:
The processing of Group Policy failed. Windows attempted to read the file \\mydomain.org.uk.local\sy
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Gr
<EventID>1058</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2011-04-20T11:
<EventRecordID>204692</Eve
<Correlation ActivityID="{CC60A09C-35C9
<Execution ProcessID="388" ThreadID="1992" />
<Channel>System</Channel>
<Computer>server6.mydomain
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">4</Dat
<Data Name="SupportInfo2">840</D
<Data Name="ProcessingMode">0</D
<Data Name="ProcessingTimeInMill
<Data Name="ErrorCode">3</Data>
<Data Name="ErrorDescription">Th
<Data Name="DCName">server6.mydo
<Data Name="GPOCNName">CN={31B2F
<Data Name="FilePath">\\mydomain
</EventData>
</Event>
On Server6 if I go to Start>Run and type in the following…
\\mydomain.org.uk.local\sy
I just get and ‘windows cannot access’ error message ‘could not be found’
If I then type in…
\\wildlondon.org.uk.local\
There is no Policies folder referred to in the error message but just a ‘Scripts’ folder.
If I then type in…
\\server1\sysvol\wildlondo
There is no Policies folder referred to in the error message but just a ‘Scripts’ folder.
If I then type in…
\\server4\sysvol\wildlondo
There is no Policies folder referred to in the error message but just a ‘Scripts’ folder and a folder called NtFrs_PreExisting___See_Ev
I hope this all makes sense.
I have three DC's,
Server1 - Windows Server 2003 Standard Edition Service Pack 2 (also old Exchange server)
Server4 - Windows Server 2003 R2 Service Pack 2
Server6 - Windows Server 2008 Standard Service Pack 2 64bit (also new Exchange server but not a GC server)
I have recently DCPromo'd Server6 and transferred all FSMO roles to it as we will be soon be introducing remote site RODC's and I was advised this should be done before hand.
On Server6 (windows 2008) I have an event log full of Event ID:1058 Group Policy.
If I run gpupdate /force on Server1 and Server4 bot USer and Computer policeis complete successfully.
If I run gpupdate /force on Server6 it just returns the errors below.
Server6 error...
Log Name: System
Source: Microsoft-Windows-GroupPol
Date: 4/20/2011 12:23:37 PM
Event ID: 1058
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: server6.mydomain.org.uk.lo
Description:
The processing of Group Policy failed. Windows attempted to read the file \\mydomain.org.uk.local\sy
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Gr
<EventID>1058</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2011-04-20T11:
<EventRecordID>204692</Eve
<Correlation ActivityID="{CC60A09C-35C9
<Execution ProcessID="388" ThreadID="1992" />
<Channel>System</Channel>
<Computer>server6.mydomain
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">4</Dat
<Data Name="SupportInfo2">840</D
<Data Name="ProcessingMode">0</D
<Data Name="ProcessingTimeInMill
<Data Name="ErrorCode">3</Data>
<Data Name="ErrorDescription">Th
<Data Name="DCName">server6.mydo
<Data Name="GPOCNName">CN={31B2F
<Data Name="FilePath">\\mydomain
</EventData>
</Event>
On Server6 if I go to Start>Run and type in the following…
\\mydomain.org.uk.local\sy
I just get and ‘windows cannot access’ error message ‘could not be found’
If I then type in…
\\wildlondon.org.uk.local\
There is no Policies folder referred to in the error message but just a ‘Scripts’ folder.
If I then type in…
\\server1\sysvol\wildlondo
There is no Policies folder referred to in the error message but just a ‘Scripts’ folder.
If I then type in…
\\server4\sysvol\wildlondo
There is no Policies folder referred to in the error message but just a ‘Scripts’ folder and a folder called NtFrs_PreExisting___See_Ev
I hope this all makes sense.
Tony Massa
Which of these computers are domain controllers?
ASKER
Its at the begining of my question...
I have three DC's,
Server1 - Windows Server 2003 Standard Edition Service Pack 2 (also old Exchange server)
Server4 - Windows Server 2003 R2 Service Pack 2
Server6 - Windows Server 2008 Standard Service Pack 2 64bit (also new Exchange server but not a GC server)
I have three DC's,
Server1 - Windows Server 2003 Standard Edition Service Pack 2 (also old Exchange server)
Server4 - Windows Server 2003 R2 Service Pack 2
Server6 - Windows Server 2008 Standard Service Pack 2 64bit (also new Exchange server but not a GC server)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I see that on the original Operations Master (server4) within the syvol\domain folder there is a folder called NtFrs_PreExisting___See_Ev
Does this mean anything to you?
Server6 is now the Big Daddy as it is the new Windows 2008 server.
Does this mean anything to you?
Server6 is now the Big Daddy as it is the new Windows 2008 server.
ASKER
I have an update of this situation whereby this Server4 had previously had an issue as detailed below...
The File Replication Service has detected that the volume hosting the path C: is low on disk space. Files may not replicate until disk space is made available on this volume.
And then…
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
I followed the procedure for the fix for this and the next event was...
The File Replication Service is deleting this computer from the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" as an attempt to recover from the error state,
Error status = FrsErrorSuccess
At the next poll, which will occur in 60 minutes, this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
And then....
File Replication Service is scanning the data in the system volume. Computer SERVER4 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the scanning process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.
And then...
The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\N
The File Replication Service may delete the files in c:\windows\sysvol\domain\N
In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\N
Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\N
and then...
The File Replication Service is no longer preventing the computer SERVER4 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Lastly...
I did not copy the files back out of the folder NtFrs_PreExisting___See_Ev
Does this all sound like it makes sense and that I am in a good place again. I'm not sure why the Group Polices were not replicated back to the original folder from another server. Should they have been? I'm not too clear on how it all works or should work.
Is there a Group Policy master server so to speak and if so should it be the new Windows 2008 Server DC?
The File Replication Service has detected that the volume hosting the path C: is low on disk space. Files may not replicate until disk space is made available on this volume.
And then…
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
I followed the procedure for the fix for this and the next event was...
The File Replication Service is deleting this computer from the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" as an attempt to recover from the error state,
Error status = FrsErrorSuccess
At the next poll, which will occur in 60 minutes, this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
And then....
File Replication Service is scanning the data in the system volume. Computer SERVER4 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the scanning process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.
And then...
The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\N
The File Replication Service may delete the files in c:\windows\sysvol\domain\N
In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\N
Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\N
and then...
The File Replication Service is no longer preventing the computer SERVER4 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Lastly...
I did not copy the files back out of the folder NtFrs_PreExisting___See_Ev
Does this all sound like it makes sense and that I am in a good place again. I'm not sure why the Group Polices were not replicated back to the original folder from another server. Should they have been? I'm not too clear on how it all works or should work.
Is there a Group Policy master server so to speak and if so should it be the new Windows 2008 Server DC?
You are heading off a cliff, with this setup:
Prior to suggesting any advice, I will request the presence of a Microsoft Exchange expert. I use a different mail system.
Exchange is not recommended to go on a DC for many reasons. Please read up on this while you wait for me to assemble a team.
http://theessentialexchange.com/blogs/michael/archive/2008/03/29/exchange-server-2007-and-domain-controllers-a-summary.aspx
Prior to suggesting any advice, I will request the presence of a Microsoft Exchange expert. I use a different mail system.
Exchange is not recommended to go on a DC for many reasons. Please read up on this while you wait for me to assemble a team.
http://theessentialexchange.com/blogs/michael/archive/2008/03/29/exchange-server-2007-and-domain-controllers-a-summary.aspx
OK, first of all as ChiefIT said, running Exchange on a Domain Controller is not recommended, although it is a supported configuration.
However, if Exchange is on a DC, that server must also be a Global Catalog server.
There seems to be a problem with disk space? What is the available space on C Drive for all servers?
Which of your DC's are DNS servers? Can you post the IP Configuration of all 3 DC's please?
However, if Exchange is on a DC, that server must also be a Global Catalog server.
There seems to be a problem with disk space? What is the available space on C Drive for all servers?
Which of your DC's are DNS servers? Can you post the IP Configuration of all 3 DC's please?
@ Demazter:
In addition to Exchange residing on a non-GC 2008 DC, we have hosed up DNS, Journal Wrap, FSMO roles on the 2008 server, and with journal wrap comes issues with AD.
In my opinion, we need to
salvage Exchange,
Force demote the 2008 server,
remove DNS role from 2008 server
metadata cleanup on the two 2003 servers
Seize the roles on one 2003 server,
Demote the other server and make it the exchange member server.
sysprep/domain prep the remaining DC,
Add the DNS service back onto the 2008 server,
promote the 2008 server
and transfer FSMO roles back to 2008 server.
In the end, you end up with a 2008 PDCe, and a 2003 domain server, with one 2003 member server with Exchange.
How can we gracefully salvage Exchange?
Author:
What do your imaged backups look like?
In addition to Exchange residing on a non-GC 2008 DC, we have hosed up DNS, Journal Wrap, FSMO roles on the 2008 server, and with journal wrap comes issues with AD.
In my opinion, we need to
salvage Exchange,
Force demote the 2008 server,
remove DNS role from 2008 server
metadata cleanup on the two 2003 servers
Seize the roles on one 2003 server,
Demote the other server and make it the exchange member server.
sysprep/domain prep the remaining DC,
Add the DNS service back onto the 2008 server,
promote the 2008 server
and transfer FSMO roles back to 2008 server.
In the end, you end up with a 2008 PDCe, and a 2003 domain server, with one 2003 member server with Exchange.
How can we gracefully salvage Exchange?
Author:
What do your imaged backups look like?
Which version if Exchange are we talking about?
Can the DNS role be added to the new Exchange server, configure all 3 DC's to use this server.
Check and move FSMO roles to DC that has Exchange on.
Demote the server without Exchange, leaving us with just 2 DC's both if which have Exchange on.
At least that only leaves us with 2 DC's to fix.
Is Exchange functioning at all? Can we expedite the migration to the new server?
If we cannot expedite how far down the migration have we got? If too far to go back then ignore what I have said above but do the following instead.
Still demote the DC that doesn't have Exchange on, then configure both remaining DC's to only use the old Exchange 2003 server for DNS. Transfer all 5 FSMO roles to this server, seize them if you have to. See here: http://www.petri.co.il/transferring_fsmo_roles.htm
Then manually crash the Exchange 2010 server (assuming that's what version the new server is) by manually crash I mean, take a backup of the information store files to another server.
Shutdown the new server and perform a METADATA cleanup to remove it from Active Directory as per: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
In Active Directory Users and Computers, right click the computer account for the new exchange server and select reset.
Then re-install Windows 2008, give the server the exact same name.
Join it to the domain.
Install all the exchange server pre-requisites and then from te exchange media run setup.com /recoverserver
This will install Exchange pulling all the details for the server we crashed from Active Directory. We can then restore the mailbox databases.
Did I miss anything? It's still pretty early for me :-)
I've also assumed quite a lot. If you are unsure of anything then please ask BEFORE you do it. It's easier to prevent than to fix.
Can the DNS role be added to the new Exchange server, configure all 3 DC's to use this server.
Check and move FSMO roles to DC that has Exchange on.
Demote the server without Exchange, leaving us with just 2 DC's both if which have Exchange on.
At least that only leaves us with 2 DC's to fix.
Is Exchange functioning at all? Can we expedite the migration to the new server?
If we cannot expedite how far down the migration have we got? If too far to go back then ignore what I have said above but do the following instead.
Still demote the DC that doesn't have Exchange on, then configure both remaining DC's to only use the old Exchange 2003 server for DNS. Transfer all 5 FSMO roles to this server, seize them if you have to. See here: http://www.petri.co.il/transferring_fsmo_roles.htm
Then manually crash the Exchange 2010 server (assuming that's what version the new server is) by manually crash I mean, take a backup of the information store files to another server.
Shutdown the new server and perform a METADATA cleanup to remove it from Active Directory as per: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
In Active Directory Users and Computers, right click the computer account for the new exchange server and select reset.
Then re-install Windows 2008, give the server the exact same name.
Join it to the domain.
Install all the exchange server pre-requisites and then from te exchange media run setup.com /recoverserver
This will install Exchange pulling all the details for the server we crashed from Active Directory. We can then restore the mailbox databases.
Did I miss anything? It's still pretty early for me :-)
I've also assumed quite a lot. If you are unsure of anything then please ask BEFORE you do it. It's easier to prevent than to fix.
Oh, and then we can start to fix the AD issues :-)
@Dmazter:
To Fix AD issues & DNS issues, we need to demote and properly repromote 2008. It's also easiest to remove and readd the DNS role. However, Exchange is on the 2008 server.
What do we need to preserve Exchange as we fix AD? If all we need are mail boxes, let's transfer those to a 2003 server after we demote it and get AD on one 2003 box and Exchange on the other, as a member server. Then, we can fix the 2008 server and make it the PDCe.
To Fix AD issues & DNS issues, we need to demote and properly repromote 2008. It's also easiest to remove and readd the DNS role. However, Exchange is on the 2008 server.
What do we need to preserve Exchange as we fix AD? If all we need are mail boxes, let's transfer those to a 2003 server after we demote it and get AD on one 2003 box and Exchange on the other, as a member server. Then, we can fix the 2008 server and make it the PDCe.
I think i've covered that above, we can just fix AD before re-installing Exchange on the new server, or at least install Exchange on a member server in recovery mode instead of on a DC after we manually crash it out.
We are going to have to wait for input from the Author.
I think your second suggestion would be the best approach.
I think your second suggestion would be the best approach.
ASKER
I made mistake in my original post when I said...
I have three DC's,
Server1 - Windows Server 2003 Standard Edition Service Pack 2 (also old Exchange server)
Server4 - Windows Server 2003 R2 Service Pack 2
Server6 - Windows Server 2008 Standard Service Pack 2 64bit (also new Exchange server but not a GC server)
The bottom line was wrong - Server6 is not an Exchange server. Exchange is on a member server called Server5. I aopoligoise for that oversight.
MY AD is fine now GP is working...
Maybe some one could answer thse point I raised earlier...
- I'm not sure why the Group Polices were not replicated back to the original folder from another server. Should they have been?
- Is there a Group Policy master server so to speak and if so should it be the new Windows 2008 Server DC?
I have three DC's,
Server1 - Windows Server 2003 Standard Edition Service Pack 2 (also old Exchange server)
Server4 - Windows Server 2003 R2 Service Pack 2
Server6 - Windows Server 2008 Standard Service Pack 2 64bit (also new Exchange server but not a GC server)
The bottom line was wrong - Server6 is not an Exchange server. Exchange is on a member server called Server5. I aopoligoise for that oversight.
MY AD is fine now GP is working...
Maybe some one could answer thse point I raised earlier...
- I'm not sure why the Group Polices were not replicated back to the original folder from another server. Should they have been?
- Is there a Group Policy master server so to speak and if so should it be the new Windows 2008 Server DC?
Here is an article I wrote about Group Policy objects and 1030-1058 errors:
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html
There is no majic centralized server. The replication partners just take the latest edited version of GP ojbects within Sysvol.
In Journal Wrap, there also is no meraculous recovery. This has to be fixed manually.
So, I have a few questions for you. I don't like to see people leave a thread unhappy with the results. If you remain in Journal Wrap, you will be an unhappy camper....
Please go to the command prompt and type these two commands:
DCdiag /test:DNS
DCdiag /v
Do you see any errors or fails? If so, you still have work to do.
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html
There is no majic centralized server. The replication partners just take the latest edited version of GP ojbects within Sysvol.
In Journal Wrap, there also is no meraculous recovery. This has to be fixed manually.
So, I have a few questions for you. I don't like to see people leave a thread unhappy with the results. If you remain in Journal Wrap, you will be an unhappy camper....
Please go to the command prompt and type these two commands:
DCdiag /test:DNS
DCdiag /v
Do you see any errors or fails? If so, you still have work to do.
ASKER
This question is not abandoned - I just havent been able to get to finish the testing described by ChiefIT - I will soon
ASKER
tmassa99: Date:20/04/11 02:25 PMExpert Comment was where the problem was...
Check the contents of the following:
\\SERVER1\SYSVOL
\\SERVER4\SYSVOL
\\SERVER6\SYSVOL
They should be the same. If one is missing contents, you should look to FRS on all of the servers and see if they are having problems replicating to SERVER6 or any others. Check the same for NETLOGON shares on each.
I have fixed the AD replication.
Apologies for the red herring further up - there were no Exchange issues. I inadvertently gave the wrong information regarding one of the servers being an Exchange server.
I will be awarding the points to tmassa99 as that was spot on regarding the missing data in the Sysvol directory.
My thanks also to... ChiefIT and demazter for your input.
Check the contents of the following:
\\SERVER1\SYSVOL
\\SERVER4\SYSVOL
\\SERVER6\SYSVOL
They should be the same. If one is missing contents, you should look to FRS on all of the servers and see if they are having problems replicating to SERVER6 or any others. Check the same for NETLOGON shares on each.
I have fixed the AD replication.
Apologies for the red herring further up - there were no Exchange issues. I inadvertently gave the wrong information regarding one of the servers being an Exchange server.
I will be awarding the points to tmassa99 as that was spot on regarding the missing data in the Sysvol directory.
My thanks also to... ChiefIT and demazter for your input.