Solved

PDC - DC Sync error

Posted on 2016-10-31
13
38 Views
Last Modified: 2016-11-02
Hi.
Saw an error on a Terminal server (win 2012).
Event ID: 1058 - The processing of Group Policy failed

Checked the SYSVOL\domain\policies folder on the PDC and it was very outdated compared to the DC. (are one PDC and one DC)

Checked PDC- found this under Server manager - AD DS:
#
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 325 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
 
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
 
Additional Information:
Error: 9061 (The replicated folder has been offline for too long.)
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 5FD9E88D-E92E-4097-B908-4BD018490764
Replication Group Name: Domain System Volume
Replication Group ID: 50FCAE6F-BD3C-4145-B8FF-7A0685ECFBF3
Member ID: 7832896E-76E7-457D-AC7A-BB3B960E66D6
#

Says to use the DFS management (?) to remove the server from replication group. Safe to do with a PDC?
Also saw that the PDC was set to use DC as first DNS server but not itself as nr 2. Changed that.

Thanx
0
Comment
Question by:Tore Jacobsen
  • 7
  • 6
13 Comments
 
LVL 6

Accepted Solution

by:
No More earned 500 total points
ID: 41868158
I deleted previous comment, because I realize you can't do it that way

1. You could move PDC role to good server and uninstall ADDS on bad server and install it back

2. run dfsrdiag pollad command on good DC

3. run dfsrdiag syncnow /RGName:”Domain System Volume” /Partner:OTHER_DC /Time:20 /v
From your good DC to DC with PDC, replace Other_DC with your name of PDC server

You must have DFS snap-in installed for dfrsdiag to be available

After about 20 min restart DFS services on PDC server
0
 
LVL 1

Author Comment

by:Tore Jacobsen
ID: 41868183
Hi!
To clearify naming, PDC (not synking) is Named PDC1 (win 2012R2).
DC working, is named DC1(win 2008R2)

So, I moved PDC and other operational roles from PDC1 to DC1
Demoted and unsinstalled ADDS on PDC1

And now I should install ADDS on PDC1 , promote it and move PDC role back to it?
after that run "dfsrdiag pollad" command on DC1?

then run "dfsrdiag syncnow /RGName:”Domain System Volume” /Partner:PDC1 /Time:20 /v"
on DC1?

Thank you so much for helping.
Tore
0
 
LVL 1

Author Comment

by:Tore Jacobsen
ID: 41868190
Is there a problem that DC1 is still Win 2008 r2, and PDC1 is updated to Win 2012R2?
Domain function level is 2008 R2
Reason I want the PDC1 to be PDC and not led DC1 be PDC is that PDC1 is physical while DC1 and all other servers other than Hyper-V server are virtual.
Been recomended to keep a physical PDC so that the hyper-V hosts have a DC to talk to when they boot up.
0
 
LVL 6

Assisted Solution

by:No More
No More earned 500 total points
ID: 41868196
If you choosed do option number 1 you don't have to do 2 and 3
0
 
LVL 6

Expert Comment

by:No More
ID: 41868197
2008r2 and 2012r2 work ok together

You should then have all FSMO roles on psychical server and yes whoever advice you that was correct
0
 
LVL 1

Author Comment

by:Tore Jacobsen
ID: 41868200
Ok. Thnx.
So after I installed ADDS, promoted, I can move over PDC role and all should sync up after some time?
Thanks alot m8
0
 
LVL 6

Expert Comment

by:No More
ID: 41868203
You could use this, but it should sync the normal way after promote in couple minutes

dfsrdiag syncnow /RGName:”Domain System Volume” /Partner:PDC1 /Time:20 /v"
on DC1?
0
 
LVL 1

Author Closing Comment

by:Tore Jacobsen
ID: 41868205
Great help. Thanx alot
0
 
LVL 6

Expert Comment

by:No More
ID: 41868210
You are welcome
0
 
LVL 1

Author Comment

by:Tore Jacobsen
ID: 41868280
Hi.
Have let the PDC run for some time, also run the command
 dfsrdiag syncnow /RGName:”Domain System Volume” /Partner:PDC1 /Time:20 /v
on DC1 and restartet det DFS replication service after 20 min on PDC1
Still nothing in SYSVOL\ domain folder
and stil event 6016
#
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.
 
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=PDC1,OU=Domain Controllers,DC=dto,DC=local
Error: 2 (The system cannot find the file specified.)
Domain Controller: dc1.dto.local
Polling Cycle: 60
#

and event id 4012
#
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 326 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
 
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
 
Additional Information:
Error: 9061 (The replicated folder has been offline for too long.)
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 5FD9E88D-E92E-4097-B908-4BD018490764
Replication Group Name: Domain System Volume
Replication Group ID: 50FCAE6F-BD3C-4145-B8FF-7A0685ECFBF3
Member ID: 8CC46FD4-5DFA-483F-84D3-47D042BBCB37
#
0
 
LVL 6

Expert Comment

by:No More
ID: 41868316
I think you need to do it properly,

Uninstall - demote dc, Uninstall ADDS restart server, make sure that you remove that DC from Active Directory (clear metadata) in OU= Domain Controllers

Also after restart make sure you don't have sysvol / ntds folder in c:\windows

Also clear your event log
0
 
LVL 1

Author Comment

by:Tore Jacobsen
ID: 41869756
Hi and thanx.
tried this:
Uninstall - demote , then uninstall ADDS and restart.
checked that the PDC1 was not listed under the OU=Domain controllers.
(was this what you ment with "clear metadata" or to run some NTDSUTIL commands?)

Removed SYSVOL and NTDS Folder under C:\Windows.
Installed ADDS, promoted, and gave FSMO roles.

No luck. Same 4012 event

Started again. Now the plan is to demote and uninstall ADDS, move to workgroup, rename, join domain, and install ADDS, promote and give FSMO roles. hopefully that does the trick.

Other suggestions before I swap it for a new machine taking the PDC role?

Thanx again!
0
 
LVL 6

Expert Comment

by:No More
ID: 41869989
That DC could be still listed in sites as replication partner of DC1

There is an option which involves System Volume Information folder - but I would say you should try new VM

Also since you mentioned primary server is 2008 I wonder is the server even replicating ?

dfsdiag /testdcs

and run also

dcdiag /v /c /e


also run
DFSRDIAG.EXE POLLAD
0

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now