3
3mDee
Hi all,
I have been plagued with this problem for some time now and finally
think I've nailled it.
Basically the symptoms first emerged when I went to open a Group Policy
for an OU and Windows complained that it can't find the group policy or
that I don't have permission. "Erm.. hello Enterprise Admin here... of
course I rights!!".
So a tiny bit of investigation revealed that the Policy and Script
directories in the sysvol\domain\ directory had dissappeared. After a
bit of "WTF? Where the hell are my files? Who's deleted them?" type of
knee jerk reaction I restored the files from a back up.
Now this happened again and so I turned on auditting of the delete
object access. Next time that the files disappeared I check the Security
event logs and found that the SYSTEM account had used the DELETE and the
SYNCRONIZE object access. I figured that this was something most likely
happening when GP replication was happening.
I set the SYSTEM's ACLs on the files to DENY delete and delete folders
privelege. To see if it was a case of a replication hiccup and it's
inability to delete the files leading to them getting replicated properly.
I had cause to restart the File Replication service today and noticed
that straight after doing so the GPs dirs and files had gone again.
I stopped the File Replication service and deleted the JET directory
from c:\winnt\ntfrs\ (after making a backup of course) and then
restarted the FRS. The files in the Jet dir were regenerated from
scratch automatically.
I restored the GP objects from backup again. These GP objects mostly
disappeared at the next replication cycle. However one more restore
seems to have corrected this.
Since then I've tried restarting the FRS several times to make sure the
files aren't going to disappear again and it seems fine.
I'm thinking that the FRS's database got corrupted somehow and nuking it
and letting it recreate the database correct it. The first instance of
replication that went a bit strange I'm putting down to the second FRS's
database also having issues but the first replication corrected this.
Note: A lot of this is hypothesising, I'm going to keep an eye on this
and see how it goes. If it's something that keeps occurring again then
I'm going to read everything I can get my hands on to do with the NTFRS
and see if I can't troubleshoot it.
I have been plagued with this problem for some time now and finally
think I've nailled it.
Basically the symptoms first emerged when I went to open a Group Policy
for an OU and Windows complained that it can't find the group policy or
that I don't have permission. "Erm.. hello Enterprise Admin here... of
course I rights!!".
So a tiny bit of investigation revealed that the Policy and Script
directories in the sysvol\domain\ directory had dissappeared. After a
bit of "WTF? Where the hell are my files? Who's deleted them?" type of
knee jerk reaction I restored the files from a back up.
Now this happened again and so I turned on auditting of the delete
object access. Next time that the files disappeared I check the Security
event logs and found that the SYSTEM account had used the DELETE and the
SYNCRONIZE object access. I figured that this was something most likely
happening when GP replication was happening.
I set the SYSTEM's ACLs on the files to DENY delete and delete folders
privelege. To see if it was a case of a replication hiccup and it's
inability to delete the files leading to them getting replicated properly.
I had cause to restart the File Replication service today and noticed
that straight after doing so the GPs dirs and files had gone again.
I stopped the File Replication service and deleted the JET directory
from c:\winnt\ntfrs\ (after making a backup of course) and then
restarted the FRS. The files in the Jet dir were regenerated from
scratch automatically.
I restored the GP objects from backup again. These GP objects mostly
disappeared at the next replication cycle. However one more restore
seems to have corrected this.
Since then I've tried restarting the FRS several times to make sure the
files aren't going to disappear again and it seems fine.
I'm thinking that the FRS's database got corrupted somehow and nuking it
and letting it recreate the database correct it. The first instance of
replication that went a bit strange I'm putting down to the second FRS's
database also having issues but the first replication corrected this.
Note: A lot of this is hypothesising, I'm going to keep an eye on this
and see how it goes. If it's something that keeps occurring again then
I'm going to read everything I can get my hands on to do with the NTFRS
and see if I can't troubleshoot it.