Advertisement
We currently have 4 DCs in our domain. DC number 2 & 3 do not appear to be syncing the SYSVOL properly. DC 2 & 3 had to be restored from a backup a while back. When trying to pull policies from 2 or 3 we will receive this error.<\/p>\n
\"The processing of Group Policy failed. Windows attempted to read the file \\ourdomain.int\\SysVol\\ ourdomain.int\\Policies{D8DAC835-0F7E-4F2A-885A-2A1D1D66C180}\\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:<\/p>\n
a) Name Resolution/Network Connectivity to the current domain controller.
\nb) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
\nc) The Distributed File System (DFS) client has been disabled.\"<\/p>\n
If I browse to C:\\Windows\\SYSVOL, there are 2 locations that hold the policies.<\/p>\n
-“C:\\Windows\\SYSVOL\\sysvol\\ourdomain.int\\Policies”<\/p>\n
In this location the policies are not updating on DC 2 & 3.<\/p>\n
-“C:\\Windows\\SYSVOL\\domain\\Policies”<\/p>\n
In this location the policies are all updated and match on all 4 DCs<\/p>\n
I am not sure which would be the best way to remedy this situation.<\/p>\n
Domain functional lever 2008<\/p>\n
DC 1 Server 2019 Datacenter<\/p>\n
DC 2,3 & 4 Server 2012R2<\/p>","upvoteCount":4,"answerCount":3,"datePublished":"2021-05-10T16:47:38.000Z","author":{"@type":"Person","name":"spiceuser-ddb3m","url":"https://community.spiceworks.com/u/spiceuser-ddb3m"},"suggestedAnswer":[{"@type":"Answer","text":"
We currently have 4 DCs in our domain. DC number 2 & 3 do not appear to be syncing the SYSVOL properly. DC 2 & 3 had to be restored from a backup a while back. When trying to pull policies from 2 or 3 we will receive this error.<\/p>\n
\"The processing of Group Policy failed. Windows attempted to read the file \\ourdomain.int\\SysVol\\ ourdomain.int\\Policies{D8DAC835-0F7E-4F2A-885A-2A1D1D66C180}\\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:<\/p>\n
a) Name Resolution/Network Connectivity to the current domain controller.
\nb) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
\nc) The Distributed File System (DFS) client has been disabled.\"<\/p>\n
If I browse to C:\\Windows\\SYSVOL, there are 2 locations that hold the policies.<\/p>\n
-“C:\\Windows\\SYSVOL\\sysvol\\ourdomain.int\\Policies”<\/p>\n
In this location the policies are not updating on DC 2 & 3.<\/p>\n
-“C:\\Windows\\SYSVOL\\domain\\Policies”<\/p>\n
In this location the policies are all updated and match on all 4 DCs<\/p>\n
I am not sure which would be the best way to remedy this situation.<\/p>\n
Domain functional lever 2008<\/p>\n
DC 1 Server 2019 Datacenter<\/p>\n
DC 2,3 & 4 Server 2012R2<\/p>","upvoteCount":4,"datePublished":"2021-05-10T16:47:38.000Z","url":"https://community.spiceworks.com/t/problem-with-sysvol-synchronization/799412/1","author":{"@type":"Person","name":"spiceuser-ddb3m","url":"https://community.spiceworks.com/u/spiceuser-ddb3m"}},{"@type":"Answer","text":"
The words “domain controller<\/em>” and “restored from backup<\/em>” usually are red flags. Restoring a DC (let alone more than one) is not usually something you want to get into unless you have specific needs. It’s often better and easier to simply promo a new server to become a DC to replace a failed one. Installing Windows/deploying from an image should not take overly long and then promoting it to a DC should only take a few minutes.<\/p>\n In general, when it comes to DC issues, one of the first things you will want to do is run dcdiag<\/strong> to run some tests and correct errors reported.<\/p>\n A command like this will run dcdiag on all DCs in the enterprise and run the extended test suites too:<\/p>\n Ensure you run this from an elevated powershell (ie: \"run as Administrator) otherwise you’ll have permission issues.<\/p>","upvoteCount":2,"datePublished":"2021-05-10T17:03:53.000Z","url":"https://community.spiceworks.com/t/problem-with-sysvol-synchronization/799412/2","author":{"@type":"Person","name":"gerardbeekmans","url":"https://community.spiceworks.com/u/gerardbeekmans"}},{"@type":"Answer","text":" I would try a non-authoritative restore on the domain controllers with the missing GPOs.<\/p>\ndcdiag /e /i /c\n<\/code><\/pre>\n