SYSVOL file replication failing and RSOP failures

We noticed that a few newly imaged workstations were failing to pull logon scripts from group policy, and confirmed that RSOP failed to execute.  File replication also appears to be an issue on the DCs.

  The customer has two domain controllers, with FRS setup between.

We've already run the following on BOTH servers:
  > net share ... displays shares for NETLOGON and SYSVOL
  > ran dcdiag /test:replications , dcdiag /test:netlogins, repadmin /showrepl *see attached .txts*
    - no replication or DNS errors
 > ensured that site link is online in AD Sites & Services ; replicating every 15 mins @ 100 cost

- if I place a .txt file in the sysvol dir, it fails to replicate even after a manual force replication
- this doesn't explain the RSOP failure on the new machine though, or does it?
 - several Event ID [13508] errors --- 'FRS was unable to create an RPC connection to a replication partnet'
   • NOT followed by an Event ID [13509] --- FRS was able to create an RPC connection → verifies that NO CONNECTION OCCURS between DCs for replication
MET-197---repadmin.txt
MET-197---dcdiag-testreplications.txt
MET-197---dcdiag-testnetlogons.txt
LVL 1
msCCareAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rodney BarnhardtServer AdministratorCommented:
Did you try the command: ntfrsutl version <FQDN of remote domain controller>

If that fails, there is a connectivity problem such as a blocked port.
0
Rodney BarnhardtServer AdministratorCommented:
I have also seen this after a DC has had a hard shutdown. Have you tried to a clean reboot on the server? Also, does you system have enough free space.
0
MaheshArchitectCommented:
Check if on any DC FRS event ID 13568 (Journal Wrap) is there

download frsdiag GUI tool from MS and run on Domain controller, within that tool you will find file propagation test where tool will check if sysvol is working on both DCs
http://blogs.technet.com/b/askds/archive/2008/05/22/verifying-file-replication-during-the-windows-server-2008-dfsr-sysvol-migration-down-and-dirty-style.aspx

If its get failed, you can non authoritatively restore sysvol on DC other than PDC by following below link
http://support.microsoft.com/kb/290762

Once that issue resolved, again run file propogation test with Frsdiag tool

Also ensure that scripts are copied directly into netlogon share and script path in GPO should not be starting with %logonserver% , this path never works correctly, don't know why

Keep script path with \\server1\netlogon\script.vbs ------------
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
msCCareAuthor Commented:
Problem ending up being faulty shared folders.  We rebuilt the shared folder structure this morning (with the registry edits), and replication is functional.  FRSDiag returns results 'passed' for the canary .txt.  Essentially completed the 'authoritative restore' from above.  Thank you everyone for your assistance.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.