Can you post the output of command DCDIAG /ALL from DC2?

@mark bill
There is no "/ALL" command for dcdiag. Are you looking for "/a"?


@Mohammed Khawaja
Won't I create problems across the enterprise by taking a domain controller out of play? ie- other services will fail like Exchange, Citrix, etc?

@mohammed khawaja
I am reading up on dcpromo and will perform the task in Remove Roles and Features. Where do I perform the meta data cleanup?

Please refer to following links for meta data cleanup:

http://social.technet.microsoft.com/wiki/contents/articles/3984.domain-controller-demotion-and-metadata-cleanup.aspx
http://windocuments.net/forceremovaldc.html

I've demoted and promoted DC2. Same problem. Group Policy is not replicating. On both servers in the GPMC, I am seeing DC2 "with replication in progress". It never gets to "replication in sync".

DC2 IS connecting via DFSR to DC1 but I am not seeing any policies copied over to the c:\windows\SYSVOL\domain folder on DC2.

... The replication in progress shows "Inaccessible" under the Active Directory column as a hyperlink. When I click that, it says "Active Directory or SYSVOL is inaccessible on this domain controller or an object is missing." It has a link that takes me to a general article about Group Policy.

I've discovered that the problem lies in that the SYSVOL and NETLOGON folders aren't even there on DC2. I manually created the shares and then repadmin'd and the servers seemed to sync.

I rebooted DC2 for good measure and the shared folder disappeared. Back to the drawing board.

Any article I look at about this particular issue (folders missing) says to do a non-authoritative or authoritative restore. I've done that already...

@mark bill
I know you asked for dcdiag /all but that command doesn't work.
I ran a simple dcdiag and I get two issues reported:
%%%%%%%%%%%%%
Warning: DsGetDcName returned information fo \\DC1.domain.local, when we were trying to reach DC2.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................................DC2 failed test Advertising

Also, I get this:
%%%%%%%%%%%%%
Starting test: NetLogons
Unable to connect to the NETLOGON hsare! (\\DC2\netlogon)
[DC2] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
.......................................DC2 failed test NetLogons

All other tests pass

@pjam
I don't get the "replication hasn't taken place in xx days" anymore since I demoted and then promoted DC2. Now, it seems like the DFS share is just hosed. The DFSRPrivate folder has recent folders created a few days ago but no data in them.

@compdigit44

Yes, all networking is solid. (ie- NIC, switch, ping tests, DNS, etc)
I ran the diagnostic but already discovered something new. The old/new (not sure) DC2 share is showing as Disabled because the old/new one is already there. I'm guessing since there are two DC2's then it won't let the newly promoted DC2 get activated.


(I've read articles about removing one server and adding it back but there is no option for that in my DFS Management.)

I clicked Yes to run the report
RESULTS:
Error - DC2 - The DFS Replication service is restarting frequently.

Warning - DC1 - This member is waiting for initial replication for replicated folder SYSVOL Share.
Warning - DC2 - This member is waiting for initial replication for replicated folder SYSVOL Share.

Also, I think it is odd that the File Replication (ntfrs) is constantly starting/stopping stating that the DFSR is taking over for it. The File Replication service is disabled so it seems odd that it would be trying to start.

This isn't normal, is it?

File Replication Service should be disabled.  It is no longer used on the DC since it now uses DFS Replication or DFSR.
Not sure when it stopped, possibly after 2003.
gotta love all those confusing acronyms

@pjam
That's what I figured.

Any solutions/thoughts on how to proceed? I'm working through the SYSVOL folders not being shared on DC2 right now until a better method of troubleshooting presents itself. (At this point, should I just make a new server?)

If this is virtual, that may be quickest. I see you have at least two DCs.

OK, everyone... duhn duhn duuuuhhhnnnn!!!

I fixed it. Say whhaaaattt? I have no idea why it started working this time.

I did an authoritative synchronization using this article.

My thoughts:
After demotion/promotion of DC2, I did an authoritative sync, but it still didn't work.
What might have made the difference:
-Playing around with creating a sysvol/netlogon share folder on DC2 and rebooting
-deleting contents of dc2 sysvol\domain folder and cutting contents of dc1 sysvol\domain folder to a temp folder. I then removed the replication group from DFS Management, moved the files back to DC1's sysvol\domain folder and then added the replication group back in DFS Management.
-Meticulously went through the authoritative sync instructions. (Perhaps I clicked the wrong server when entering the TRUE/FALSE commands?) I also restarted the DFSR service each time. I wasn't doing that before since other "guru" articles said that it wasn't necessary or didn't help.

After doing those things, I did the authoritative sync and it worked.
The only anomaly DCDIAG now shows is a DFSR Event in the last 24 hours but that should clear out by tomorrow.

Thank you to all who helped. I'll split up the points as best I can based on who helped the most.

Everyone's help led to the solution I stumbled upon. Great team effort. Thanks! You saved me from having to rebuild or pay for a Microsoft ticket. Your help was worth a whole year's cost of subscription to EE.

wonderful,
Yes that article was to be my final attack as daunting as it looked.  Luckily I got mine working without it, since I share the main DC with other sites.