Solved

New Group Policy's are not showing up under the domain share

Posted on 2015-01-06
6
157 Views
Last Modified: 2015-01-06
When I browse to \\domain.local\\SYSVOL\domain.local\Policies from certain workstations, I only see 14 policies when there should be 15. If I browse using the server name instead of the domain name, I can see all 15 policies. However, the Group Policies have to be visible from the domain share in order for them to be applied. The policy that is missing is one that I just created yesterday so it appears that I'm only seeing the old policies and not the new one. Where should I start looking?

This is Windows Server 2008 R2.
0
Comment
Question by:fkoyer
  • 3
  • 2
6 Comments
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 40534451
If the GPO is not showing up in sysvol this often means there is n error in the GPO or security settings on the share check the GPO in GPMC to see whether the AD and sysvol have same number which is an indicator when they differ that there is something wrong in the GPO preventing it from being updated/written out.

After reading, through your issue is that when using the domain share you are looking at a cached instance. Do you have multiple Dcs?
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534463
We do have a Windows 2003 Server at another site that is also a domain controller just as a backup. But the 2008 R2 server is the "main" server. The workstations are at the same site as the 2008 R2 server.

Can you elaborate on this? "check the GPO in GPMC to see whether the AD and sysvol have same number". I can check the GPO in GPMC but what am I looking for?

Thanks
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534577
I think the problem may be that the 2008 R2 and the 2003 FRS replication is not working. I am seeing this in the FRS event log

The File Replication Service is having trouble enabling replication from SERVER to CC-TS01 for c:\windows\sysvol\domain using the DNS name SERVER.domain.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name SERVER.domain.local from this computer.
 [2] FRS is not running on SERVER.domain.local.
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
I've made sure FRS is running on both servers. We did recently change our IP subnet at both sites so both servers were assigned a new IP address. But DNS is displaying the correct IP and I can ping from one server to the other. I'm thinking it's related to the IP address change but not sure how to fix it.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534666
You will need to start by running the below commands to gather info...
repadmin /replsum
repadmin /showrepls
dcdiag /v

If all else fails you may need to perform an authoritative restore from the PDC FSMO holder. Then ensure that Sysvol is replicating properly.

Also see the below link for rebuilding Sysvol and Netlogon Shares
Rebuilding Sysvol and Netlogon Shares

Will.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40534700
If you look within gpmc, highlite the GPO in question, the detail tab (second tab in the right pane where it says wher it displays the type of policy I.e. There is a computer GPO ad sysvol version and a user ad sysvol versions reflected by a count.

In your situation, the clients should only be accessing local site Dc, but it looks they are also reaching out to the remote.
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534784
I got it working finally. The workstations were picking up the sysvol folder from the remote site for some reason. Possibly because when I changed the IP addresses I forgot to change the subnets in AD Sites & Services. Who knows. And secondly, when I changed the DNS server address on the remote server, I typo'ed the address so it broke replication. So I got that fixed and now it's replicating and the machines are able to see all the policies when I browse to \\domain.local.

Thanks for your help!
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question