Solved

Domain controllers problem replicating GPO

Posted on 2015-01-02
7
122 Views
Last Modified: 2015-01-23
Hello and happy new year to everyone,


I have an onpremise installation of 2 Windows 2012 R2 Domain controllers. About a month ago a failure of DC01 force us to destroy the server migrate all FSMO roles to DC02 and make it primary domain controller. We then create a new server and add it as an addional domain controller.

Problem is that the new server cannot replicate the GPO . Objects in active directory users and computers are ok. Only the GPO objects are missing.

In event viewer i see errors with id 1058 , .
.
The processing of Group Policy failed. Windows attempted to read the file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.


DFSR Service is running . In event viewer there are some minor errors that the replication service is stopping communication with the primary domain controller due to an error and after that an information that the replication service successfully established an inbount connection.

From primary domain controller if i try to open the sysvol share i take a network error . The oposite works fine.

Any help please ?

Thanks
0
Comment
Question by:Anestis Psomas
7 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40527705
I suggest you do the following:

1.  Run DCDIAG on both DCs and post results
2.  Download AD Best Practice Analyzer from MS and run it
3.  Check both DCs and post errors you are getting
0
 

Author Comment

by:Anestis Psomas
ID: 40527872
Here are the results ,

1. DC DIAG Results - DC02 ( It has all roles)

Performing initial setup:
   Trying to find home server...
   Home Server = DC02
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC02
      Starting test: Connectivity
         ......................... DC02 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC02
      Starting test: Advertising
         ......................... DC02 passed test Advertising
      Starting test: FrsEvent
         ......................... DC02 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC02 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC02 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC02 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC02 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC02 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC02 passed test NCSecDesc
      Starting test: NetLogons
         [DC02] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... DC02 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC02 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,DC02] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
         error 0x2105 "Replication access was denied."
         ......................... DC02 failed test Replications
      Starting test: RidManager
         ......................... DC02 passed test RidManager
      Starting test: Services
            Could not open NTDS Service on DC02, error 0x5 "Access is denied."
         ......................... DC02 failed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   15:50:50
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   15:55:51
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:00:51
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:05:52
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:10:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:15:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:20:54
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:25:55
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:30:56
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:35:57
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:40:58
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:43:19
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         ......................... DC02 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC02 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : interworkscloud
      Starting test: CheckSDRefDom
         ......................... interworkscloud passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... interworkscloud passed test
         CrossRefValidation

   Running enterprise tests on : interworkscloud.net
      Starting test: LocatorCheck
         ......................... interworkscloud.net passed test LocatorCheck
      Starting test: Intersite
         ......................... interworkscloud.net passed test Intersite


2. DC DIAG Results - DC01 ( It is the new secondary domain controller )

C:\Windows\system32>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = dc01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Advertising
         Warning: DsGetDcName returned information for
         \\DC02.interworkscloud.net, when we were trying to reach DC01.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... DC01 failed test Advertising
      Starting test: FrsEvent
         ......................... DC01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DC01\netlogon)
         [DC01] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... DC01 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC01 passed test Replications
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   15:53:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   15:58:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:03:54
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:08:55
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:13:56
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:18:57
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:23:57
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:28:58
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:33:59
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:38:59
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:43:45
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:48:45
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         ......................... DC01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : interworkscloud
      Starting test: CheckSDRefDom
         ......................... interworkscloud passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... interworkscloud passed test
         CrossRefValidation

   Running enterprise tests on : interworkscloud.net
      Starting test: LocatorCheck
         ......................... interworkscloud.net passed test LocatorCheck
      Starting test: Intersite
         ......................... interworkscloud.net passed test Intersite



Thanks.
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40528657
check the dns settings for dc01 and dc02 also permissions may be incorrect
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Anestis Psomas
ID: 40528666
Hello ,

DNS Settings are OK . About permissions , Is there some spesific ntfs security permissions for the sysvol folder ?

Thanks
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40529383
This is the part the concerns me from your original question: "failure of DC01 force us to destroy the server migrate all FSMO roles to DC02 and make it primary domain controller."

Was the server properly decommissioned? If not you needed to do a meta data clean up..

For right now are all FSMO rolls on DC02 if so you could try to demote DC01.. wait run Dcdiag and make sure all is well then try to promote dc01 again
0
 

Author Comment

by:Anestis Psomas
ID: 40529530
Hello ,

The server was decommissioned properly according to Microsoft Guides when you have a server that cannot boot up properly.

If i cannot find a solution to my problem then i thing the demoting and promoting of DC01 is the best way .

Maybe someone else have another idea ...
0
 
LVL 19

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 40529568
Right now demoting DC01 would be your best option...
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Resolve DNS query failed errors for Exchange
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question