Solved

New Group Policy's are not showing up under the domain share

Posted on 2015-01-06
6
173 Views
Last Modified: 2015-01-06
When I browse to \\domain.local\\SYSVOL\domain.local\Policies from certain workstations, I only see 14 policies when there should be 15. If I browse using the server name instead of the domain name, I can see all 15 policies. However, the Group Policies have to be visible from the domain share in order for them to be applied. The policy that is missing is one that I just created yesterday so it appears that I'm only seeing the old policies and not the new one. Where should I start looking?

This is Windows Server 2008 R2.
0
Comment
Question by:fkoyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 40534451
If the GPO is not showing up in sysvol this often means there is n error in the GPO or security settings on the share check the GPO in GPMC to see whether the AD and sysvol have same number which is an indicator when they differ that there is something wrong in the GPO preventing it from being updated/written out.

After reading, through your issue is that when using the domain share you are looking at a cached instance. Do you have multiple Dcs?
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534463
We do have a Windows 2003 Server at another site that is also a domain controller just as a backup. But the 2008 R2 server is the "main" server. The workstations are at the same site as the 2008 R2 server.

Can you elaborate on this? "check the GPO in GPMC to see whether the AD and sysvol have same number". I can check the GPO in GPMC but what am I looking for?

Thanks
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534577
I think the problem may be that the 2008 R2 and the 2003 FRS replication is not working. I am seeing this in the FRS event log

The File Replication Service is having trouble enabling replication from SERVER to CC-TS01 for c:\windows\sysvol\domain using the DNS name SERVER.domain.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name SERVER.domain.local from this computer.
 [2] FRS is not running on SERVER.domain.local.
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
I've made sure FRS is running on both servers. We did recently change our IP subnet at both sites so both servers were assigned a new IP address. But DNS is displaying the correct IP and I can ping from one server to the other. I'm thinking it's related to the IP address change but not sure how to fix it.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534666
You will need to start by running the below commands to gather info...
repadmin /replsum
repadmin /showrepls
dcdiag /v

If all else fails you may need to perform an authoritative restore from the PDC FSMO holder. Then ensure that Sysvol is replicating properly.

Also see the below link for rebuilding Sysvol and Netlogon Shares
Rebuilding Sysvol and Netlogon Shares

Will.
0
 
LVL 78

Expert Comment

by:arnold
ID: 40534700
If you look within gpmc, highlite the GPO in question, the detail tab (second tab in the right pane where it says wher it displays the type of policy I.e. There is a computer GPO ad sysvol version and a user ad sysvol versions reflected by a count.

In your situation, the clients should only be accessing local site Dc, but it looks they are also reaching out to the remote.
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534784
I got it working finally. The workstations were picking up the sysvol folder from the remote site for some reason. Possibly because when I changed the IP addresses I forgot to change the subnets in AD Sites & Services. Who knows. And secondly, when I changed the DNS server address on the remote server, I typo'ed the address so it broke replication. So I got that fixed and now it's replicating and the machines are able to see all the policies when I browse to \\domain.local.

Thanks for your help!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question