Sysvol replication issues

We are having issues with replication of GPO policies on our domain controllers. I first noticed this when I was not seeing some newly made GPO's in our other DC sysvol's folders.  We have 6 DC's and they all seem to have been talking till recently. AD seems to be replicating just fine but the sysvol folder has not replicated any new policies  to other DC's in about a month.  

 I ran DCDiag and it came back with one error  DC02 failed test NCSecDesc (the entire diag is below)
I know this is a common error so not sure how else to troubleshoot.
we do not use Read only DC's,

Any suggestions will be great help.

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = BLDR-SVR-DC02
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Boulder\BLDR-SVR-DC02
      Starting test: Connectivity
         ......................... BLDR-SVR-DC02 passed test Connectivity

Doing primary tests

   Testing server: Boulder\BLDR-SVR-DC02
      Starting test: Advertising
         ......................... BLDR-SVR-DC02 passed test Advertising
      Starting test: FrsEvent
         ......................... BLDR-SVR-DC02 passed test FrsEvent
      Starting test: DFSREvent
         ......................... BLDR-SVR-DC02 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... BLDR-SVR-DC02 passed test SysVolCheck
      Starting test: KccEvent
         ......................... BLDR-SVR-DC02 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... BLDR-SVR-DC02 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... BLDR-SVR-DC02 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=AuroraOrganic,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=AuroraOrganic,DC=local
         ......................... BLDR-SVR-DC02 failed test NCSecDesc
      Starting test: NetLogons
         ......................... BLDR-SVR-DC02 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... BLDR-SVR-DC02 passed test ObjectsReplicated
      Starting test: Replications
         ......................... BLDR-SVR-DC02 passed test Replications
      Starting test: RidManager
         ......................... BLDR-SVR-DC02 passed test RidManager
      Starting test: Services
         ......................... BLDR-SVR-DC02 passed test Services
      Starting test: SystemLog
         ......................... BLDR-SVR-DC02 passed test SystemLog
      Starting test: VerifyReferences
         ......................... BLDR-SVR-DC02 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : AuroraOrganic
      Starting test: CheckSDRefDom
         ......................... AuroraOrganic passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... AuroraOrganic passed test CrossRefValidation

   Running enterprise tests on : AuroraOrganic.local
      Starting test: LocatorCheck
         ......................... AuroraOrganic.local passed test LocatorCheck
      Starting test: Intersite
         ......................... AuroraOrganic.local passed test Intersite
CowabungaDudeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
This error can be ignored if you are not planning on deploying (Read Only Domain Controllers).  Refer to link below for more information:

https://support.microsoft.com/en-us/kb/967482

With respect to your replication issues, you need to run the test on all DCs.
Will SzymkowskiSenior Solution ArchitectCommented:
I would also run the following commands as well to ensure that replication is working correctly...

- repadmin /replsum
- repadmin /showrepl
- repadmin /bridgeheads
- dcdiag /v
- netdom query fsmo
- netdom query dc

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Senior IT System EngineerIT ProfessionalCommented:
Does D2 restore can cause any outage ?
Ganesamoorthy STech LeadCommented:
No outage while doing D2, clients are point to different DC
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.