We help IT Professionals succeed at work.

The version numbers for one or more GPOs on this domain controller are not in sync with the version for the GPOs on the Baseline domain controller

The version numbers for one or more GPOs on this domain controller are not in sync with the version for the GPOs on the Baseline domain controller

I have a Windows 2012 R2 domain with some Windows server 2003 DC's still in the mix.

I realize that the Win 2003's are a bit old -and we are replacing them ASAP...

How can I resolve this issue?

Thanks
Comment
Watch Question

MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
find the DC who have latest all GPOs in AD and under Sysvol folder as well

Then attempt Sysvol auth restore on that DC and attempt non auth restore on other DCs

https://support.microsoft.com/en-in/help/290762/using-the-burflags-registry-key-to-reinitialize-file-replication-servi

Read the article carefully before attempting auth restore
Jeff GloverSr. Systems Administrator
CERTIFIED EXPERT

Commented:
Also, make sure Replication is working correctly and you don't have a journal wrap error somewhere

Author

Commented:
Thanks for your input. This is kind of what I was heading towards before this question.

What I find most disturbing as I read these articles, is the potential "Gloom & Doom" if it all fails. Unfortunatly, although I have some older servers, thay are all still active and supporting parts of our corporate network. So, if I do these "Global" steps in an effort to correct some older servers, I may mess up all of them...

Suffice it to say: is it not eaiser just to retire the older 2003 servers, replace them with new ones, and then let the new server network correct itself?

One of the things these articles mention is that onse you correct the syncronization status, the root cause of the problem will probably just cause the issue again.

Mind: I'm not complaining about your answer; in fact, it is correct. I'm just wondering if the cure, in this case, is worse than the problem..?
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Actually, you have not mentioned if issue exists on 2003 DC's only or on 2012 DCs as well?

If its 2003, probably they must be caught in journal wrap (check for FRS event ID 13568), in that case same solution above applies
However if you are sure that those DCs are not used anymore or you can isolate them so that nobody will use them, then its better to decommission them directly and add new DCs on latest OS

Author

Commented:
Server #1:  Win 2003 / Main error: 13555 - The File Replication Service is in an error state.

Server #2: Win 2003 / No real errors since 1/10/2019

Server #3: Win 2003 / No real errors since 10/15/2018 (This is assuming that NO messages means NO problems).

Server #4: Win 2012 R2 / Last Warning 12/03/2018

Interesting: Looking at it this way, I am starting to believe that the real problem Might be my "Server #1", rather than the entire bunch...

It seems that, even other 03 boxes are not having any real problems. Yes, I know as a collection of DC's, there are many minor issues that need to be addressed, but this one, might need to take the "Final Shutdown", rather than trying to do some advanced restore and botch up the entire works.
Sr. Systems Administrator
CERTIFIED EXPERT
Commented:
If it was me, I would make sure my FSMO roles were moved to one of the "good" servers and I would demote Server 1.  If it is running other services, it could still run them as a member server.  With a FRS issue, you may have to force the removal but given what you stated, it would seem to be the easiest fix.
  I would recommend you get off Server 2003 as soon as you can. It is one heck of a security flaw.

Author

Commented:
Both were crucial in assisting and bringing this to a conclusion.