Server 2012 Replication Issues Domain Controllers

mark6729 · 2014-12-16T20:48:31.000Z

This is a little long winded so please bear with me.

Let me layout my networking environment for you first. I have one main office and three branch sites. My main office is where my Primary Domain Controller is located and I will call that DC1. The domain controller that is have an issue is located at a branch site and I will call that DC2. All of my Domain Controllers run Windows Server 2012.

DC2 does not appear to be getting an updated SYSVOL folder and Group Policies for the Domain Controllers are not being applied to DC2.

Here are the issues so far that I have discovered.

In Event Viewer there is only one error for Event ID 1058 under the System logs that repeats every five minutes. It states:

The processing of Group Policy failed. Windows attempted to read the file \domain.local\SysVol\cse.local\Policies{CD7ED145-D80E-4721-BC65-BAD3C0C5DF5B}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

c) The Distributed File System (DFS) client has been disabled.

There are not other group policies that show this error, but this has been repeating for months now after I just discovered it.I have other domain controllers at my other branches that run server 2012, but none produce this error. So I have narrowed to being DC2 in some manner.

2. I also verified that only the Domain Policy applied to DC2 through a GPRESULT /H in command prompt. The policy list in issue should be applied, but it is not.

I checked the SYSVOL folder manually and there is definitely missing folder and files that should be replicated like my other domain controllers.

Tests I have ran:

Ran the DCDIAG tool on DC1 and DC2 and no errors came back.
I ran the ADREPLSTATUS from Microsoft to see if there was any active directory replication errors. It came back with no errors. The tool can be found here http://www.microsoft.com/en-us/download/details.aspx?id=30005
Ran BPA’s against AD and found no issues.
Checked my bandwidth monitor for the branch and nothing is out of the ordinary, so network latency doesn’t seem to be an issue.
I check the DFS service and it is running.
I have rebooted the server in the past for just general Windows Updates, but a reboot hasn’t been the fix.

How I think I will Fix it:

1. I did some reading on doing a non-authoritative restore on DC2 sysvol folder. I still need to research it more on it, but it seems like this may fix it.

Let me know if everything makes sense or you need more info. Also let me know if I am on the right track. I am open to any suggestions for running more tests on DC2 or possible fixes. This truly just a perplexing issue to me.

edwachtel · 2014-12-16T21:33:52.000Z

Have you tried restoring the default domain policy using Dcgpofix?

ref: Dcgpofix | Microsoft Learn

mark6729 · 2014-12-17T12:58:56.000Z

Actually the default domain policy is the one policy that was applied correctly to server. So I don;t know if a DCGPOFIX would do it.