Link to home
Start Free TrialLog in
Avatar of Ian Taylor
Ian TaylorFlag for United Kingdom of Great Britain and Northern Ireland

asked on

SYSVOL not replicating

Hello,

I have just discovered that none of my domain controllers are syncing in terms of SYSVOL.

2x Servers are 2012 R2 Domain Controllers
2x Other Servers are 2016

All FSMO roles are held on the 2012 R2 Server.

I have ran dcdiag on the main DC:

C:\Windows\system32>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = BMI-VADC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: BMI1\BMI-VADC1
      Starting test: Connectivity
         ......................... BMI-VADC1 passed test Connectivity

Doing primary tests

   Testing server: BMI1\BMI-VADC1
      Starting test: Advertising
         ......................... BMI-VADC1 passed test Advertising
      Starting test: FrsEvent
         ......................... BMI-VADC1 passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... BMI-VADC1 failed test DFSREvent
      Starting test: SysVolCheck
         ......................... BMI-VADC1 passed test SysVolCheck
      Starting test: KccEvent
         ......................... BMI-VADC1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... BMI-VADC1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... BMI-VADC1 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... BMI-VADC1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... BMI-VADC1 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... BMI-VADC1 passed test ObjectsReplicated
      Starting test: Replications
         ......................... BMI-VADC1 passed test Replications
      Starting test: RidManager
         ......................... BMI-VADC1 passed test RidManager
      Starting test: Services
         ......................... BMI-VADC1 passed test Services
      Starting test: SystemLog
         ......................... BMI-VADC1 passed test SystemLog
      Starting test: VerifyReferences
         ......................... BMI-VADC1 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : buildmeit
      Starting test: CheckSDRefDom
         ......................... buildmeit passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... buildmeit passed test CrossRefValidation

   Running enterprise tests on : buildmeit.internal
      Starting test: LocatorCheck
         ......................... buildmeit.internal passed test LocatorCheck
      Starting test: Intersite
         ......................... buildmeit.internal passed test Intersite

C:\Windows\system32>

Ran this command:

C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @(net
view \\%i | find "SYSVOL") & echo
BMI-VADC1
SYSVOL      Disk           Logon server share
ECHO is on.
BMI-VADC2
SYSVOL      Disk           Logon server share
ECHO is on.
BMI2-VDC1
SYSVOL      Disk           Logon server share
ECHO is on.
BMI4-VDC1
SYSVOL      Disk           Logon server share
ECHO is on.

C:\Windows\system32>

This:

C:\Windows\system32>repadmin /showreps
BMI1\BMI-VADC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 30dbd6ec-253b-41fd-8411-bd44c0584cbf
DSA invocationID: 9c358f48-510a-4e1c-a8c6-8ffb821683ef

==== INBOUND NEIGHBORS ======================================

DC=buildmeit,DC=internal
    BMI2\BMI2-VDC1 via RPC
        DSA object GUID: e5d6168c-1662-435a-98cb-bbc53517615c
        Last attempt @ 2017-01-09 00:10:55 was successful.
    BMI4\BMI4-VDC1 via RPC
        DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb712e23b7e6
        Last attempt @ 2017-01-09 00:10:56 was successful.
    BMI1\BMI-VADC2 via RPC
        DSA object GUID: 726075b6-0065-40c6-8112-81e7a09b050e
        Last attempt @ 2017-01-09 00:17:19 was successful.

CN=Configuration,DC=buildmeit,DC=internal
    BMI1\BMI-VADC2 via RPC
        DSA object GUID: 726075b6-0065-40c6-8112-81e7a09b050e
        Last attempt @ 2017-01-08 23:55:55 was successful.
    BMI2\BMI2-VDC1 via RPC
        DSA object GUID: e5d6168c-1662-435a-98cb-bbc53517615c
        Last attempt @ 2017-01-09 00:10:55 was successful.
    BMI4\BMI4-VDC1 via RPC
        DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb712e23b7e6
        Last attempt @ 2017-01-09 00:10:55 was successful.

CN=Schema,CN=Configuration,DC=buildmeit,DC=internal
    BMI1\BMI-VADC2 via RPC
        DSA object GUID: 726075b6-0065-40c6-8112-81e7a09b050e
        Last attempt @ 2017-01-08 23:55:55 was successful.
    BMI2\BMI2-VDC1 via RPC
        DSA object GUID: e5d6168c-1662-435a-98cb-bbc53517615c
        Last attempt @ 2017-01-09 00:10:56 was successful.
    BMI4\BMI4-VDC1 via RPC
        DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb712e23b7e6
        Last attempt @ 2017-01-09 00:10:56 was successful.

DC=DomainDnsZones,DC=buildmeit,DC=internal
    BMI1\BMI-VADC2 via RPC
        DSA object GUID: 726075b6-0065-40c6-8112-81e7a09b050e
        Last attempt @ 2017-01-08 23:55:55 was successful.
    BMI2\BMI2-VDC1 via RPC
        DSA object GUID: e5d6168c-1662-435a-98cb-bbc53517615c
        Last attempt @ 2017-01-09 00:10:56 was successful.
    BMI4\BMI4-VDC1 via RPC
        DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb712e23b7e6
        Last attempt @ 2017-01-09 00:10:56 was successful.

DC=ForestDnsZones,DC=buildmeit,DC=internal
    BMI2\BMI2-VDC1 via RPC
        DSA object GUID: e5d6168c-1662-435a-98cb-bbc53517615c
        Last attempt @ 2017-01-09 00:10:56 was successful.
    BMI4\BMI4-VDC1 via RPC
        DSA object GUID: 0dd55f7a-638a-4590-b3e2-cb712e23b7e6
        Last attempt @ 2017-01-09 00:10:56 was successful.
    BMI1\BMI-VADC2 via RPC
        DSA object GUID: 726075b6-0065-40c6-8112-81e7a09b050e
        Last attempt @ 2017-01-09 00:11:26 was successful.

C:\Windows\system32>

and lastly this:

C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic
/node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE re
plicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,
state
BMI-VADC1
ReplicatedFolderName  ReplicationGroupName  State
SYSVOL Share          Domain System Volume  2

BMI-VADC2
ReplicatedFolderName  ReplicationGroupName  State
SYSVOL Share          Domain System Volume  2

BMI2-VDC1
ReplicatedFolderName  ReplicationGroupName  State
SYSVOL Share          Domain System Volume  2

BMI4-VDC1
ReplicatedFolderName  ReplicationGroupName  State
SYSVOL Share          Domain System Volume  2

the last one is interesting, it States 2 is in Initial Sync - but thats all it does, just sits at 2

If I go into GPO Managment on the baseline domain controller and run a Detect Now it seems to be complaining of ACLs for the GPOs are not in sync, if I go to another domain controller and click on the GPO a message will come up saying system cannot find the specified device.

I've checked the event logs and they all look clean\good!

I've spend a good 3 days on this so far and no getting far!
Avatar of Ian Taylor
Ian Taylor
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Just to add to this:

C:\Users\Administrator>dcdiag /q
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... BMI-VADC1 failed test DFSREvent
         An error event occurred.  EventID: 0x0000271A
            Time Generated: 01/09/2017   00:29:11
            Event String:
            The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register w
ith DCOM within the required timeout.
         An error event occurred.  EventID: 0x0000271A
            Time Generated: 01/09/2017   00:29:11
            Event String:
            The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register w
ith DCOM within the required timeout.
         ......................... BMI-VADC1 failed test SystemLog


and

C:\Users\Administrator>netdom query fsmo
Schema master               BMI-VADC1.buildmeit.internal
Domain naming master        BMI-VADC1.buildmeit.internal
PDC                         BMI-VADC1.buildmeit.internal
RID pool manager            BMI-VADC1.buildmeit.internal
Infrastructure master       BMI-VADC1.buildmeit.internal
The command completed successfully.

and

C:\Users\Administrator>repadmin /replsummary
Replication Summary Start Time: 2017-01-09 00:34:08

Beginning data collection for replication summary, this may take awhile:
  .......


Source DSA          largest delta    fails/total %%   error
 BMI-VADC1                 37m:45s    0 /  15    0
 BMI-VADC2                 38m:13s    0 /  15    0
 BMI2-VDC1                 08m:13s    0 /  10    0
 BMI4-VDC1                 08m:13s    0 /  10    0


Destination DSA     largest delta    fails/total %%   error
 BMI-VADC1                 38m:13s    0 /  15    0
 BMI-VADC2                 37m:45s    0 /  15    0
 BMI2-VDC1                 13m:53s    0 /  10    0
 BMI4-VDC1                 13m:41s    0 /  10    0
Avatar of Amit
Do you see any error event id in logs?
There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... BMI-VADC1 failed test DFSREvent

Please check the DFSR event logs on your DCs and post the errors you find there.
Check DFSR event logs for event ID 2213 on PDC followed by other DCs

If you found one, it means it has stopped replicated folder because of dirty shutdown

You need to follow instructions in same event to trigger the command
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="89131A39-4A90-11E2-93EB-806E6F6E6963" call ResumeReplication
Replace GUID with one shown in event

If you found event ID 4614, that DC need to be demoted and promoted again most probably

Mahesh.
ASKER CERTIFIED SOLUTION
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi -

I have no 2213 event but I do have the 4614 event:

The DFS Replication service initialized SYSVOL at local path E:\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner . If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
 
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 4A4C0946-E244-4BAD-A3CA-28836E1FA253
Replication Group Name: Domain System Volume
Replication Group ID: 8F0684C1-293B-47D8-A639-C965B1603958
Member ID: 0FE4BDE8-1980-4E04-9513-384C7783A195
Read-Only: 0

This is on the PDC, however this event was from 8th Jan.

However I do see event 5014 on one of the member domain controllers:

The DFS Replication service is stopping communication with partner BMI-VADC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically.
 
Additional Information:
Error: 9033 (The request was cancelled by a shutdown)
Connection ID: 79013EE7-C210-4A27-9809-D9E9704B1399
Replication Group ID: 8F0684C1-293B-47D8-A639-C965B1603958
Hi Guys,

Got it working doing non-authoritative DFSR restore :)
best solution
Hi Shaun,

After the Non-Authoritative AD restore, is there any effect on the Exchange Server mail flow ?
No, no effect on Exchange when doing non-Authorative dfsr restore