1

I have two domain controllers in my environment: DC1 and DC2. They are Server 2008 R2 VMWare virtual servers running on two different hosts using a Nimble SAN. I have never had any issues with these servers, but one day I created a GPO on DC1 and then forced a gpupdate on my machine and it reported that it could not find that object. I did a gpresult and found that I was pulling my group policy from DC2. I checked that server and found that the policy that I created on DC1 did not replicate to DC2. Once I manually copied the policy from the SYSVOL folder on DC1 to DC2 the gpupdate worked as intended.

I’ve tried everything that I could find on Google and Spiceworks and nothing has seemed to fix the issue. BTW these servers were created from scratch and are not upgrades from 2003.

Any suggestions?

@Microsoft

4 Spice ups
2

To add to the story, I created DC3 and set it up as a fresh server to see if I could get replication working between DC1 and DC3. DCPROMO goes through all of the steps and when it asks which server I want to replicate from, I choose DC1. The odd part is that DC3 never actually creates the SYSVOL folders. So now I have three domain controllers that replicated AD information but will not replicate their SYSVOL folders.

3

Run DCDIAG and see if there are any errors.

And REPADMIN /SHOWREPS

4

DC1 - dcdiag output.

dc1.txt (3.69 KB)

5

DC2 - dcdiag output.

dc2.txt (3.84 KB)

6

DC3

dc3.txt (4.16 KB)

7

There are errors in there, also have a look through the event logs on DC1 and DC2 for any errors. Are they production servers? How long have they been up?

8

did you check this mate ?

http://community.spiceworks.com/topic/287445-sysvol-replication-problem-between-two-windows-2008-r2-dc

9

DC1 and DC2 are production servers. I know there are errors in there and I’ve taken a look at the event viewer. These servers have been up for more than 2 years. DC3 I just spun up last night to see if I could get replication working.

repadmin /showrepls is not showing errors on any of the servers. All are successful connections.

10

That refers to NTFRS. These are 2008 servers that were never migrated from 2003 and are DFSR. I don’t think that post applies.

11

In regards to the event viewer, there are no errors reported between DC1 and DC2. There are several errors reported for DC3, but since that isn’t my production server I’m not too worried about it. Actually, if I’m able to get replication working again between DC1 and DC2, I’ll likely just demote DC3 and remove the VM.

12

I know but Migrating from FRS replication of SYSVOL to DFS Replication may fix your problem.

anyway check this out.

13

If DC3 was just for testing purposes and is causing more errors I would be tempted to remove it first and get back to basics.

Obvious question first - Have you restarted DC1 and then DC2? Always best to try the easy things first.

14

Have a look at this link:

15

To update - There are no errors being reported on DC1 or DC2 regarding replication. Both servers have been restarted. At this point I’m not too worried about DC3, but I have a feeling that the reason it isn’t working (or creating the SYSVOL and NETLOGON shares) is that replication isn’t working correctly on DC1 or DC2.

16

You don’t want to do the migration from FRS to DFS-R if there are issues. Fix issues, then migrate.

Are you positive? So the domain was built recently on Windows 2008 and didn’t exist prior to that?

17

That is correct. This domain never existed prior to these domain controllers. This domain has only ever been on 2008.

1 Spice up
18

Awesome, that makes it easier :slight_smile:

  1. Open eventvwr on DC1
  2. Expand Applications and Services Logs
  3. Open the DFS Replication log
  4. Post warnings and errors here
  5. Do the same for DC2
19

In particular see if you have any Event ID 2213 in that log.

20

I’ve demoted DC3 and shut it down for now. On DC1 and DC2 I ran the following command:

dfsrdiag syncnow /RGName:“Domain System Volume” /Partner:OTHER_DC /Time:15 /v

These events are recurring on both DC1 and DC2.

The DFS Replication service is stopping communication with partner DC2 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

Additional Information:

Error: 9033 (The request was cancelled by a shutdown)

Connection ID: 5BB31EF6-68F6-4F40-A8AF-3EA970156428

Replication Group ID: F36B4124-8545-4D8E-8FD4-220CB8069142

The DFS Replication service encountered an error communicating with partner DC2 for replication group Domain System Volume.

Partner DNS address: DC@.domain.local

Optional data if available:

Partner WINS Address: DC2

Partner IP Address: x.x.x.x

The service will retry the connection periodically.

Additional Information:

Error: 1753 (There are no more endpoints available from the endpoint mapper.)

Connection ID: 5BB31EF6-68F6-4F40-A8AF-3EA970156428

Replication Group ID: F36B4124-8545-4D8E-8FD4-220CB8069142

The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC2.domain.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.

Additional Information:

Replicated Folder Name: SYSVOL Share

Replicated Folder ID: C8765982-4A97-4D0B-AE3D-6FF1E72665F7

Replication Group Name: Domain System Volume

Replication Group ID: 5BB31EF6-68F6-4F40-A8AF-3EA970156428

Member ID: 7C23691A-346D-4452-BEFD-1EC2F92D47A7

Read-Only: 0