Solved

New Group Policy's are not showing up under the domain share

Posted on 2015-01-06
6
142 Views
Last Modified: 2015-01-06
When I browse to \\domain.local\\SYSVOL\domain.local\Policies from certain workstations, I only see 14 policies when there should be 15. If I browse using the server name instead of the domain name, I can see all 15 policies. However, the Group Policies have to be visible from the domain share in order for them to be applied. The policy that is missing is one that I just created yesterday so it appears that I'm only seeing the old policies and not the new one. Where should I start looking?

This is Windows Server 2008 R2.
0
Comment
Question by:fkoyer
  • 3
  • 2
6 Comments
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
If the GPO is not showing up in sysvol this often means there is n error in the GPO or security settings on the share check the GPO in GPMC to see whether the AD and sysvol have same number which is an indicator when they differ that there is something wrong in the GPO preventing it from being updated/written out.

After reading, through your issue is that when using the domain share you are looking at a cached instance. Do you have multiple Dcs?
0
 
LVL 1

Author Comment

by:fkoyer
Comment Utility
We do have a Windows 2003 Server at another site that is also a domain controller just as a backup. But the 2008 R2 server is the "main" server. The workstations are at the same site as the 2008 R2 server.

Can you elaborate on this? "check the GPO in GPMC to see whether the AD and sysvol have same number". I can check the GPO in GPMC but what am I looking for?

Thanks
0
 
LVL 1

Author Comment

by:fkoyer
Comment Utility
I think the problem may be that the 2008 R2 and the 2003 FRS replication is not working. I am seeing this in the FRS event log

The File Replication Service is having trouble enabling replication from SERVER to CC-TS01 for c:\windows\sysvol\domain using the DNS name SERVER.domain.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name SERVER.domain.local from this computer.
 [2] FRS is not running on SERVER.domain.local.
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
I've made sure FRS is running on both servers. We did recently change our IP subnet at both sites so both servers were assigned a new IP address. But DNS is displaying the correct IP and I can ping from one server to the other. I'm thinking it's related to the IP address change but not sure how to fix it.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
You will need to start by running the below commands to gather info...
repadmin /replsum
repadmin /showrepls
dcdiag /v

If all else fails you may need to perform an authoritative restore from the PDC FSMO holder. Then ensure that Sysvol is replicating properly.

Also see the below link for rebuilding Sysvol and Netlogon Shares
Rebuilding Sysvol and Netlogon Shares

Will.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
If you look within gpmc, highlite the GPO in question, the detail tab (second tab in the right pane where it says wher it displays the type of policy I.e. There is a computer GPO ad sysvol version and a user ad sysvol versions reflected by a count.

In your situation, the clients should only be accessing local site Dc, but it looks they are also reaching out to the remote.
0
 
LVL 1

Author Comment

by:fkoyer
Comment Utility
I got it working finally. The workstations were picking up the sysvol folder from the remote site for some reason. Possibly because when I changed the IP addresses I forgot to change the subnets in AD Sites & Services. Who knows. And secondly, when I changed the DNS server address on the remote server, I typo'ed the address so it broke replication. So I got that fixed and now it's replicating and the machines are able to see all the policies when I browse to \\domain.local.

Thanks for your help!
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now