Ian Taylor
asked on
SYSVOL not replicating
Hello,
I have just discovered that none of my domain controllers are syncing in terms of SYSVOL.
2x Servers are 2012 R2 Domain Controllers
2x Other Servers are 2016
All FSMO roles are held on the 2012 R2 Server.
I have ran dcdiag on the main DC:
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = BMI-VADC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: BMI1\BMI-VADC1
Starting test: Connectivity
......................... BMI-VADC1 passed test Connectivity
Doing primary tests
Testing server: BMI1\BMI-VADC1
Starting test: Advertising
......................... BMI-VADC1 passed test Advertising
Starting test: FrsEvent
......................... BMI-VADC1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BMI-VADC1 failed test DFSREvent
Starting test: SysVolCheck
......................... BMI-VADC1 passed test SysVolCheck
Starting test: KccEvent
......................... BMI-VADC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BMI-VADC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BMI-VADC1 passed test MachineAccount
Starting test: NCSecDesc
......................... BMI-VADC1 passed test NCSecDesc
Starting test: NetLogons
......................... BMI-VADC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... BMI-VADC1 passed test ObjectsReplicated
Starting test: Replications
......................... BMI-VADC1 passed test Replications
Starting test: RidManager
......................... BMI-VADC1 passed test RidManager
Starting test: Services
......................... BMI-VADC1 passed test Services
Starting test: SystemLog
......................... BMI-VADC1 passed test SystemLog
Starting test: VerifyReferences
......................... BMI-VADC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : buildmeit
Starting test: CheckSDRefDom
......................... buildmeit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... buildmeit passed test CrossRefValidation
Running enterprise tests on : buildmeit.internal
Starting test: LocatorCheck
......................... buildmeit.internal passed test LocatorCheck
Starting test: Intersite
......................... buildmeit.internal passed test Intersite
C:\Windows\system32>
Ran this command:
C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @(net
view \\%i | find "SYSVOL") & echo
BMI-VADC1
SYSVOL Disk Logon server share
ECHO is on.
BMI-VADC2
SYSVOL Disk Logon server share
ECHO is on.
BMI2-VDC1
SYSVOL Disk Logon server share
ECHO is on.
BMI4-VDC1
SYSVOL Disk Logon server share
ECHO is on.
C:\Windows\system32>
This:
C:\Windows\system32>repadm in /showreps
BMI1\BMI-VADC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 30dbd6ec-253b-41fd-8411-bd 44c0584cbf
DSA invocationID: 9c358f48-510a-4e1c-a8c6-8f fb821683ef
==== INBOUND NEIGHBORS ========================== ========== ==
DC=buildmeit,DC=internal
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb c53517615c
Last attempt @ 2017-01-09 00:10:55 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb 712e23b7e6
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81 e7a09b050e
Last attempt @ 2017-01-09 00:17:19 was successful.
CN=Configuration,DC=buildm eit,DC=int ernal
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81 e7a09b050e
Last attempt @ 2017-01-08 23:55:55 was successful.
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb c53517615c
Last attempt @ 2017-01-09 00:10:55 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb 712e23b7e6
Last attempt @ 2017-01-09 00:10:55 was successful.
CN=Schema,CN=Configuration ,DC=buildm eit,DC=int ernal
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81 e7a09b050e
Last attempt @ 2017-01-08 23:55:55 was successful.
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb c53517615c
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb 712e23b7e6
Last attempt @ 2017-01-09 00:10:56 was successful.
DC=DomainDnsZones,DC=build meit,DC=in ternal
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81 e7a09b050e
Last attempt @ 2017-01-08 23:55:55 was successful.
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb c53517615c
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb 712e23b7e6
Last attempt @ 2017-01-09 00:10:56 was successful.
DC=ForestDnsZones,DC=build meit,DC=in ternal
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb c53517615c
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb 712e23b7e6
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81 e7a09b050e
Last attempt @ 2017-01-09 00:11:26 was successful.
C:\Windows\system32>
and lastly this:
C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic
/node:"%i" /namespace:\\root\microsof tdfs path dfsrreplicatedfolderinfo WHERE re
plicatedfoldername='SYSVOL share' get replicationgroupname,repli catedfolde rname,
state
BMI-VADC1
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
BMI-VADC2
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
BMI2-VDC1
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
BMI4-VDC1
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
the last one is interesting, it States 2 is in Initial Sync - but thats all it does, just sits at 2
If I go into GPO Managment on the baseline domain controller and run a Detect Now it seems to be complaining of ACLs for the GPOs are not in sync, if I go to another domain controller and click on the GPO a message will come up saying system cannot find the specified device.
I've checked the event logs and they all look clean\good!
I've spend a good 3 days on this so far and no getting far!
I have just discovered that none of my domain controllers are syncing in terms of SYSVOL.
2x Servers are 2012 R2 Domain Controllers
2x Other Servers are 2016
All FSMO roles are held on the 2012 R2 Server.
I have ran dcdiag on the main DC:
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = BMI-VADC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: BMI1\BMI-VADC1
Starting test: Connectivity
......................... BMI-VADC1 passed test Connectivity
Doing primary tests
Testing server: BMI1\BMI-VADC1
Starting test: Advertising
......................... BMI-VADC1 passed test Advertising
Starting test: FrsEvent
......................... BMI-VADC1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BMI-VADC1 failed test DFSREvent
Starting test: SysVolCheck
......................... BMI-VADC1 passed test SysVolCheck
Starting test: KccEvent
......................... BMI-VADC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BMI-VADC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BMI-VADC1 passed test MachineAccount
Starting test: NCSecDesc
......................... BMI-VADC1 passed test NCSecDesc
Starting test: NetLogons
......................... BMI-VADC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... BMI-VADC1 passed test ObjectsReplicated
Starting test: Replications
......................... BMI-VADC1 passed test Replications
Starting test: RidManager
......................... BMI-VADC1 passed test RidManager
Starting test: Services
......................... BMI-VADC1 passed test Services
Starting test: SystemLog
......................... BMI-VADC1 passed test SystemLog
Starting test: VerifyReferences
......................... BMI-VADC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : buildmeit
Starting test: CheckSDRefDom
......................... buildmeit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... buildmeit passed test CrossRefValidation
Running enterprise tests on : buildmeit.internal
Starting test: LocatorCheck
......................... buildmeit.internal passed test LocatorCheck
Starting test: Intersite
......................... buildmeit.internal passed test Intersite
C:\Windows\system32>
Ran this command:
C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @(net
view \\%i | find "SYSVOL") & echo
BMI-VADC1
SYSVOL Disk Logon server share
ECHO is on.
BMI-VADC2
SYSVOL Disk Logon server share
ECHO is on.
BMI2-VDC1
SYSVOL Disk Logon server share
ECHO is on.
BMI4-VDC1
SYSVOL Disk Logon server share
ECHO is on.
C:\Windows\system32>
This:
C:\Windows\system32>repadm
BMI1\BMI-VADC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 30dbd6ec-253b-41fd-8411-bd
DSA invocationID: 9c358f48-510a-4e1c-a8c6-8f
==== INBOUND NEIGHBORS ==========================
DC=buildmeit,DC=internal
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb
Last attempt @ 2017-01-09 00:10:55 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81
Last attempt @ 2017-01-09 00:17:19 was successful.
CN=Configuration,DC=buildm
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81
Last attempt @ 2017-01-08 23:55:55 was successful.
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb
Last attempt @ 2017-01-09 00:10:55 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb
Last attempt @ 2017-01-09 00:10:55 was successful.
CN=Schema,CN=Configuration
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81
Last attempt @ 2017-01-08 23:55:55 was successful.
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb
Last attempt @ 2017-01-09 00:10:56 was successful.
DC=DomainDnsZones,DC=build
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81
Last attempt @ 2017-01-08 23:55:55 was successful.
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb
Last attempt @ 2017-01-09 00:10:56 was successful.
DC=ForestDnsZones,DC=build
BMI2\BMI2-VDC1 via RPC
DSA object GUID: e5d6168c-1662-435a-98cb-bb
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI4\BMI4-VDC1 via RPC
DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb
Last attempt @ 2017-01-09 00:10:56 was successful.
BMI1\BMI-VADC2 via RPC
DSA object GUID: 726075b6-0065-40c6-8112-81
Last attempt @ 2017-01-09 00:11:26 was successful.
C:\Windows\system32>
and lastly this:
C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic
/node:"%i" /namespace:\\root\microsof
plicatedfoldername='SYSVOL
state
BMI-VADC1
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
BMI-VADC2
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
BMI2-VDC1
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
BMI4-VDC1
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
the last one is interesting, it States 2 is in Initial Sync - but thats all it does, just sits at 2
If I go into GPO Managment on the baseline domain controller and run a Detect Now it seems to be complaining of ACLs for the GPOs are not in sync, if I go to another domain controller and click on the GPO a message will come up saying system cannot find the specified device.
I've checked the event logs and they all look clean\good!
I've spend a good 3 days on this so far and no getting far!
Do you see any error event id in logs?
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BMI-VADC1 failed test DFSREvent
Please check the DFSR event logs on your DCs and post the errors you find there.
Check DFSR event logs for event ID 2213 on PDC followed by other DCs
If you found one, it means it has stopped replicated folder because of dirty shutdown
You need to follow instructions in same event to trigger the command
wmic /namespace:\\root\microsof tdfs path dfsrVolumeConfig where volumeGuid="89131A39-4A90- 11E2-93EB- 806E6F6E69 63" call ResumeReplication
Replace GUID with one shown in event
If you found event ID 4614, that DC need to be demoted and promoted again most probably
Mahesh.
If you found one, it means it has stopped replicated folder because of dirty shutdown
You need to follow instructions in same event to trigger the command
wmic /namespace:\\root\microsof
Replace GUID with one shown in event
If you found event ID 4614, that DC need to be demoted and promoted again most probably
Mahesh.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi -
I have no 2213 event but I do have the 4614 event:
The DFS Replication service initialized SYSVOL at local path E:\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner . If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 4A4C0946-E244-4BAD-A3CA-28 836E1FA253
Replication Group Name: Domain System Volume
Replication Group ID: 8F0684C1-293B-47D8-A639-C9 65B1603958
Member ID: 0FE4BDE8-1980-4E04-9513-38 4C7783A195
Read-Only: 0
This is on the PDC, however this event was from 8th Jan.
However I do see event 5014 on one of the member domain controllers:
The DFS Replication service is stopping communication with partner BMI-VADC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically.
Additional Information:
Error: 9033 (The request was cancelled by a shutdown)
Connection ID: 79013EE7-C210-4A27-9809-D9 E9704B1399
Replication Group ID: 8F0684C1-293B-47D8-A639-C9 65B1603958
I have no 2213 event but I do have the 4614 event:
The DFS Replication service initialized SYSVOL at local path E:\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner . If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 4A4C0946-E244-4BAD-A3CA-28
Replication Group Name: Domain System Volume
Replication Group ID: 8F0684C1-293B-47D8-A639-C9
Member ID: 0FE4BDE8-1980-4E04-9513-38
Read-Only: 0
This is on the PDC, however this event was from 8th Jan.
However I do see event 5014 on one of the member domain controllers:
The DFS Replication service is stopping communication with partner BMI-VADC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically.
Additional Information:
Error: 9033 (The request was cancelled by a shutdown)
Connection ID: 79013EE7-C210-4A27-9809-D9
Replication Group ID: 8F0684C1-293B-47D8-A639-C9
ASKER
Hi Guys,
Got it working doing non-authoritative DFSR restore :)
Got it working doing non-authoritative DFSR restore :)
ASKER
best solution
Hi Shaun,
After the Non-Authoritative AD restore, is there any effect on the Exchange Server mail flow ?
After the Non-Authoritative AD restore, is there any effect on the Exchange Server mail flow ?
No, no effect on Exchange when doing non-Authorative dfsr restore
ASKER
C:\Users\Administrator>dcd
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BMI-VADC1 failed test DFSREvent
An error event occurred. EventID: 0x0000271A
Time Generated: 01/09/2017 00:29:11
Event String:
The server {9BA05972-F6A8-11CF-A442-0
ith DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 01/09/2017 00:29:11
Event String:
The server {9BA05972-F6A8-11CF-A442-0
ith DCOM within the required timeout.
......................... BMI-VADC1 failed test SystemLog
and
C:\Users\Administrator>net
Schema master BMI-VADC1.buildmeit.intern
Domain naming master BMI-VADC1.buildmeit.intern
PDC BMI-VADC1.buildmeit.intern
RID pool manager BMI-VADC1.buildmeit.intern
Infrastructure master BMI-VADC1.buildmeit.intern
The command completed successfully.
and
C:\Users\Administrator>rep
Replication Summary Start Time: 2017-01-09 00:34:08
Beginning data collection for replication summary, this may take awhile:
.......
Source DSA largest delta fails/total %% error
BMI-VADC1 37m:45s 0 / 15 0
BMI-VADC2 38m:13s 0 / 15 0
BMI2-VDC1 08m:13s 0 / 10 0
BMI4-VDC1 08m:13s 0 / 10 0
Destination DSA largest delta fails/total %% error
BMI-VADC1 38m:13s 0 / 15 0
BMI-VADC2 37m:45s 0 / 15 0
BMI2-VDC1 13m:53s 0 / 10 0
BMI4-VDC1 13m:41s 0 / 10 0