Solved

Domain controllers problem replicating GPO

Posted on 2015-01-02
7
120 Views
Last Modified: 2015-01-23
Hello and happy new year to everyone,


I have an onpremise installation of 2 Windows 2012 R2 Domain controllers. About a month ago a failure of DC01 force us to destroy the server migrate all FSMO roles to DC02 and make it primary domain controller. We then create a new server and add it as an addional domain controller.

Problem is that the new server cannot replicate the GPO . Objects in active directory users and computers are ok. Only the GPO objects are missing.

In event viewer i see errors with id 1058 , .
.
The processing of Group Policy failed. Windows attempted to read the file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.


DFSR Service is running . In event viewer there are some minor errors that the replication service is stopping communication with the primary domain controller due to an error and after that an information that the replication service successfully established an inbount connection.

From primary domain controller if i try to open the sysvol share i take a network error . The oposite works fine.

Any help please ?

Thanks
0
Comment
Question by:Anestis Psomas
7 Comments
 
LVL 24

Expert Comment

by:Mohammed Khawaja
Comment Utility
I suggest you do the following:

1.  Run DCDIAG on both DCs and post results
2.  Download AD Best Practice Analyzer from MS and run it
3.  Check both DCs and post errors you are getting
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Here are the results ,

1. DC DIAG Results - DC02 ( It has all roles)

Performing initial setup:
   Trying to find home server...
   Home Server = DC02
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC02
      Starting test: Connectivity
         ......................... DC02 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC02
      Starting test: Advertising
         ......................... DC02 passed test Advertising
      Starting test: FrsEvent
         ......................... DC02 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC02 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC02 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC02 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC02 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC02 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC02 passed test NCSecDesc
      Starting test: NetLogons
         [DC02] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... DC02 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC02 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,DC02] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
         error 0x2105 "Replication access was denied."
         ......................... DC02 failed test Replications
      Starting test: RidManager
         ......................... DC02 passed test RidManager
      Starting test: Services
            Could not open NTDS Service on DC02, error 0x5 "Access is denied."
         ......................... DC02 failed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   15:50:50
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   15:55:51
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:00:51
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:05:52
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:10:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:15:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:20:54
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:25:55
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:30:56
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:35:57
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:40:58
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:43:19
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         ......................... DC02 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC02 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : interworkscloud
      Starting test: CheckSDRefDom
         ......................... interworkscloud passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... interworkscloud passed test
         CrossRefValidation

   Running enterprise tests on : interworkscloud.net
      Starting test: LocatorCheck
         ......................... interworkscloud.net passed test LocatorCheck
      Starting test: Intersite
         ......................... interworkscloud.net passed test Intersite


2. DC DIAG Results - DC01 ( It is the new secondary domain controller )

C:\Windows\system32>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = dc01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Advertising
         Warning: DsGetDcName returned information for
         \\DC02.interworkscloud.net, when we were trying to reach DC01.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... DC01 failed test Advertising
      Starting test: FrsEvent
         ......................... DC01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DC01\netlogon)
         [DC01] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... DC01 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC01 passed test Replications
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   15:53:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   15:58:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:03:54
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:08:55
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:13:56
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:18:57
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:23:57
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:28:58
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:33:59
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:38:59
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:43:45
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 01/02/2015   16:48:45
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\interworkscloud.net\SysVol\interworkscloud.net\Policies\{B31333BD-D594-4
E6D-A19F-B72F7F45FB47}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issu
e may be transient and could be caused by one or more of the following:
         ......................... DC01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : interworkscloud
      Starting test: CheckSDRefDom
         ......................... interworkscloud passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... interworkscloud passed test
         CrossRefValidation

   Running enterprise tests on : interworkscloud.net
      Starting test: LocatorCheck
         ......................... interworkscloud.net passed test LocatorCheck
      Starting test: Intersite
         ......................... interworkscloud.net passed test Intersite



Thanks.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
check the dns settings for dc01 and dc02 also permissions may be incorrect
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:Anestis Psomas
Comment Utility
Hello ,

DNS Settings are OK . About permissions , Is there some spesific ntfs security permissions for the sysvol folder ?

Thanks
0
 
LVL 19

Expert Comment

by:compdigit44
Comment Utility
This is the part the concerns me from your original question: "failure of DC01 force us to destroy the server migrate all FSMO roles to DC02 and make it primary domain controller."

Was the server properly decommissioned? If not you needed to do a meta data clean up..

For right now are all FSMO rolls on DC02 if so you could try to demote DC01.. wait run Dcdiag and make sure all is well then try to promote dc01 again
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Hello ,

The server was decommissioned properly according to Microsoft Guides when you have a server that cannot boot up properly.

If i cannot find a solution to my problem then i thing the demoting and promoting of DC01 is the best way .

Maybe someone else have another idea ...
0
 
LVL 19

Accepted Solution

by:
compdigit44 earned 500 total points
Comment Utility
Right now demoting DC01 would be your best option...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now