Group Policy is not replicating

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have a Windows 2K Domain. We have 2 Windows 2000 DCs, for discussion we'll
call them Server1 and Server2. When policy is created/edited, it is
automatically saved to \\Server1\Sysvol. This policy is of course reflected
in our \\dfs share\sysvol. However, the policy is not replicated to
\\Server2\Sysvol. This creates a problem when computers log on to the network
through Server2. Unfortunately, most of the computers that are under specific
policies, log on to Server2 because it is on the same subnet as these client
computers. Since policy is not replicating to Server2, we must manually copy
the policy from \\Server1\Sysvol to \\Server2\Sysvol.

Let me clarify that other changes in Active Directory such as adding new
computers, users, changing passwords, profile path, etc., seem to be
replicating fine. It is just the policy that we are having problems with.

Does anyone have an idea as to what we are doing wrong? Also, is there any
way to force \\dfs share\sysvol as the point to where policy is pulled from?

Thanks
 
This sounds like an FRS issue.
please post the FRS warnings and errors from server1 and server2.
 
user2820 said:
This sounds like an FRS issue.
please post the FRS warnings and errors from server1 and
server2.
Click to expand...

Hi,

SYSVOL between DC’s are actually "linked" rather than replicated.
Therefore if you add or delete anything it instantly affects the other
folder. It may be that the links have been lost. Check FRS first
though.

I did have to recreate my SYSVOL containers and reestablish the links
between them. They were called Sysvol junction points and I used
linkd.exe to reestablish them. Linkd.exe is part of the resource kit
http://www.microsoft.com/downloads/...69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

http://support.microsoft.com/kb/205524/EN-US/

DNS could also be your problem. Check to see if DNS is setup correctly
http://www.sd61.bc.ca/windows2000/dns.htm

Also, what are the event viewer errors?

Cheers,

Lara
 
Glen,

Sorry it took so long to get back to you. You were right, it was an FRS
issue. We were getting this error on Server1:

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 1/19/2005
Time: 8:20:43 AM
User: N/A
Computer: Server1
Description:
The File Replication Service is having trouble enabling replication from
Server2 to Server1 for drive:\winnt\sysvol\domain using the DNS name
Server2.domainname.suffix FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name martin.here.bates.ctc.edu
from this computer.
[2] FRS is not running on server2.domainname.suffix.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: d5 04 00 00 Õ...

and we were getting another error 13568 on Server2. I ran the Microsoft
suggested fix and it solved our problems.

Thanks again.
 
Thanks so much for your help. Sorry it took so long to get back with you. We
were getting FRS errors 13508 on one server and 13568 on the other. After
some research we found Microsoft's fix and things are back up and running. I
do appreciate the information you supplied, as it was informative and overall
useful.

Thanks again,

Dan
 
damox said:
Thanks so much for your help. Sorry it took so long to get
back with you. We
were getting FRS errors 13508 on one server and 13568 on the
other. After
some research we found Microsoft's fix and things are back up
and running. I
do appreciate the information you supplied, as it was
informative and overall
useful.

Thanks again,

Dan




 > > This sounds like an FRS issue.
 > > please post the FRS warnings and errors from
server1 and
 > > server2.
 > >
 > >
 > > --
 > > Glenn L
 > > CCNA, MCSE 2000/2003 + Security
 > >
 > > "damox" <[email protected]>
wrote in message
 > >
  > > > We have a Windows 2K Domain. We have 2
Windows 2000 DCs, for
 > > discussion
  > > > we'll
  > > > call them Server1 and Server2. When policy
is
 > > created/edited, it is
  > > > automatically saved to Server1Sysvol. This
policy is of
 > > course
  > > > reflected
  > > > in our dfs sharesysvol. However, the
policy is not
 > > replicated to
  > > > Server2Sysvol. This creates a problem when
computers log
 > > on to the
  > > > network
  > > > through Server2. Unfortunately, most of the
computers that
 > > are under
  > > > specific
  > > > policies, log on to Server2 because it is
on the same subnet
 > > as these
  > > > client
  > > > computers. Since policy is not replicating
to Server2, we
 > > must manually
  > > > copy
  > > > the policy from Server1Sysvol to
Server2Sysvol.
  > > >
  > > > Let me clarify that other changes in Active
Directory such
 > > as adding new
  > > > computers, users, changing passwords,
profile path, etc.,
 > > seem to be
  > > > replicating fine. It is just the policy
that we are having
 > > problems with.
  > > >
  > > > Does anyone have an idea as to what we are
doing wrong?
 > > Also, is there any
  > > > way to force dfs sharesysvol as the point
to where policy
 > > is pulled
  > > > from?
  > > >
  > > > Thanks
Click to expand...

Hi Dan,

Thanks for posting back. It is good to know when someone gets
something fixed. Glad you figured it out.

Cheers,

Lara
 
I am having the exact same error/issue. Can you please tell me what you did
to resolve?

damox said:
Glen,

Sorry it took so long to get back to you. You were right, it was an FRS
issue. We were getting this error on Server1:

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 1/19/2005
Time: 8:20:43 AM
User: N/A
Computer: Server1
Description:
The File Replication Service is having trouble enabling replication from
Server2 to Server1 for drive:\winnt\sysvol\domain using the DNS name
Server2.domainname.suffix FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name martin.here.bates.ctc.edu
from this computer.
[2] FRS is not running on server2.domainname.suffix.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: d5 04 00 00 Õ...

and we were getting another error 13568 on Server2. I ran the Microsoft
suggested fix and it solved our problems.

Thanks again.






Glenn L said:
This sounds like an FRS issue.
please post the FRS warnings and errors from server1 and server2.
Click to expand...
Click to expand...
 
Back
Top