?
Solved

Replication sysvol problem in a windows 2008 2003 environment

Posted on 2012-08-10
12
Medium Priority
?
1,609 Views
Last Modified: 2012-08-10
Dear Experts,

I am in a messy situation right now with our active directory replications. We recently place 2 windows 2008 server with the idea of replacing 2 windows 2003 servers. We already took one server offline. In one of the server I am getting this error:

The processing of Group Policy failed. Windows attempted to read the file \\is.ad\sysvol\is.ad\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
 
Event ID: 1058


This is from one of the new windows server 2008. Does anyone know how to resolve this issue?

Kindly, thank you so much, M
0
Comment
Question by:marceloNYC
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 38281839
Take a look at this article:

http://social.technet.microsoft.com/wiki/contents/articles/1456.event-id-1058-group-policy-preprocessing-networking.aspx

Also, have you tried just restarting the server? I'd advise trying that first. It could be that a service or services are not running for some reason and a restart would ensure that all required services are running.  Also, if you do a restart and some important service doesn't start properly for some reason, you'll see errors in the event viewer that could help in troubleshooting this problem.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38281850
Check if that server is in Journal Wrap State search for event ID 13568 in FRS logs if you find this event then perform non authorative restore of sysvol using below link

http://support.microsoft.com/default.aspx?scid=kb;en-us;290762&a mp;sd=tech
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 38281904
Please try to perform non-authoritative SYSVOL restoration using D2 burflag
This should resolve the issue
http://support.microsoft.com/kb/315457

Regards,
Krzysztof
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 

Author Comment

by:marceloNYC
ID: 38281931
I restarted the server and the error message still the same....
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 1000 total points
ID: 38281965
Ok let me make Non-authorative restore simple

Navigate to regedit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup in right side u will see BurFlags set the value to "D2" and run
net stop ntfrs & net start ntfrs

Open in new window

0
 

Author Comment

by:marceloNYC
ID: 38282107
C:\Users\mzamorano>net stop ntfrs & net start ntfrs
System error 5 has occurred.

Access is denied.

System error 5 has occurred.

Access is denied.

Sarang I got that message....
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1000 total points
ID: 38282124
You need to run command-line in elevated mode :) Click right mouse button on it and choose "Run as administrator" Then type in command-line

net stop ntfrs

Open in new window


change registry, to set up D2 burflag

and start FRS service by typing

net start ntfrs

Open in new window


in event log search for event id 13565 which means non-authoritative restore has been stared and wait until you will see event id 13516 that SYSVOL is fully operative

From now, everything should work fine. DC reboot is not required

Krzysztof
0
 

Author Comment

by:marceloNYC
ID: 38282189
Still the same thing , sorry guys...
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 38282207
If d2/d4 does not helps check below parameters are set correctly on DC.
1.Ensure correct dns setting on the server.Each DC / DNS server points to its private IP address as primary DNS server and other remote/local DNS servers as secondary in TCP/IP properties
2.Check the permission on problematic gpt.ini file see below link for more details
3.Check that File and print sharing is enabled on the NIC on client and DC.
4.Disable the windows firewall on the DC/client.
5.Ensure that the TCP/IP NetBIOS Helper Service" is started.
6.Run DFSUtil /purgemupcache
7.Run gpupdate /force and check the apllication log.
8.If still the issue persist run the Group Policy Diagnostic Best Practice Analyzer for more details

Reference link:http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/e35e3fb0-7664-4323-9f42-b5315a4b2ca7

Hope this helps
0
 

Author Closing Comment

by:marceloNYC
ID: 38282304
Thank you guys the error is gone!!!!
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 38282466
Nice to hear that the issue is fixed...
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 38283041
You're welcome :)

Krzysztof
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question