Solved

Need Help Fixing Sysvol Replication

Posted on 2014-12-02
3
302 Views
Last Modified: 2014-12-09
We are currently run 2 domain controllers, both 2008 R2 in our environment.  Call them DC1 and DC2.  Both servers are on the same lan as each other with no firewall in between.

DC1 is the pdc holding all fsmo roles.  DNS currently runs on this server too.
DC2 is a domain controller and not a gc server.

AD replication works just fine.  We are using DFS-R for sysvol replication.  This seems to be completely broken with both servers.  In troubleshooting this I seem to be getting no where fast.  I found that there are a handful (maybe more) of objects missing when using adsi edit tool.  Until I started looking at this recently, we did not have any system state backups scheduled.  Therefore, I cannot just roll back to a previous state and initiate restores to fix this.

I would like to demote the pdc and re-promote it to fix this issue so that all objects and attributes are created properly again.  My thinking is that I backup the sysvol folder on DC1, demote the server, re-promote it, restore the sysvol folder, then initiate an authoritative restore for DC1, and a non-authoritative restore for DC2.   It seems the last IT guy severely broke some things while trying to do another task.

Can someone advise on this?  Would the steps I mentioned be ok to perform?  What all would I need to do to fix this issue?  Your help is much appreciated.
0
Comment
Question by:spadmin1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Assisted Solution

by:David Paris Vicente
David Paris Vicente earned 250 total points
ID: 40477387
Hi spaadmin1,

As a suggestion before starting to depromote DC's you should try a few steps if you already didn´t try it.

First check the health of the SYSVOL replication using DFSR you can do this by install the Distributed File System management tools on a machine. You can do this through Server Manager.

From this tool, click the Create Diagnostic Report action and accept the default Health report option. Click Next to all pages to accept the defaults, and at the end, click Create. A report will be created showing you the health of DFRS environment, take note of the problems and try to solve them.
Other test is to run the propagation test, run the propagation report, which will show if data is actually being replicated. Both of the propagation options are located as part of the Create Diagnostic Report action.

Then check the event viewers from both DC's in Applications and Services Logs, DFS Replication, and look for errors or warnings.

Some of this guidelines that I used are mention here

I aslo advise you to take a look in this KB

Hope it helps
0
 
LVL 10

Accepted Solution

by:
Walter Padrón earned 250 total points
ID: 40477537
Is DC2 broken? I guess that because you want to use DC1 as the source of an authoritative restore then don't touch DC1


ONLY if DC2 is the non-authoritative server for sysvol and broken. What i will do is shutdown DC2 and test that everything continuous to work, then try to demote DC2 and if not then forcibly demote the server and then promote it again.

Best regards
0
 

Author Comment

by:spadmin1
ID: 40490135
Thanks guys.  I ended up having to recreate a couple objects and attributes related to DFSR and Sysvol using ADSI edit tool.  After that I was able to do an authoritative restore which worked like a charm.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question