In
patman said:
Hello Ace,
i tried others tests:
test 1:
create a new GPO on DC2 and see if it replicates on DC1.
in fact it is created in DC1 sysvol share and not on DC2.
i can see the policy with the console but nothing appears in the
sysvol
share of DC2.
i have 2 others DC (DC3 and DC4) and they act like DC2. a new policy
is only created on DC1.
test 2:
on DC1 the version of the GPO for Default domain controller policy
is 102 on the sysvol share and 51 in the sysvol directory.
on DC2, DC3, DC4 the version for both sysvol share and sysvol
directory is 51.
i tried to modify this GPO on DC2. the change is made but the version
in
DC2, DC3, DC4 (in the GPT.ini file) is the same. on DC1 the version
changed to 65669.
we could think about a permission problem but i verified.
test3:
i created a different user on each DC and wait for replication.
everything is ok for replication.
There is one event that could be possibly the cause of this proble of
creation/replication of GPO: one day, all our user disappeared
suddenly and we had to restore them with arcvserv 2000 (forcing the
version). to be able to restore
we had to modifiy the sysvol directory's name and recreate it
completly.
it is an event but i don't think it is the reason of the problem even
if it is not
recommended to restore on an empty space.
no need of ipconfig.
everything is ok on the dns resolution.
just one thing to notice: DC1 has 7 ip adress but is well resoluted
by other DCs (replication is fine).
Seven (7) Ip addresses? WOW!!! Do you realize that only two IP addresses on
a DC can cause numerous issues? Any you have 7? May I ask why?
(I don't know how to stress this to you other than it's really is NOT
recommended.)
If you need all those IPs, there are a series of steps to alter default DC
funcitonality to stop the registration of all those IPs and just allow
(force) it to use ONE IP address. I just posted them for another person in a
thread directly below yours. For info, here's the thread subject, name and
date:
From: "Durga Rao" <
[email protected]>
Subject: RID Pool Error
Date: Fri, 24 Feb 2006 16:02:35 +0530
As for ipconfig /all info, I can understand the reluctance. But all I was
trying to determine if you are ONLY using the internal DNS in their ip
properties and the Primary DNS suffix is set to the domain and to make sure
it;s not a single label name (domain rather than the required format of
domain.com). But I trust you already know this stuff.
As far as restoring, it seems that may be contributing to the issue, if not
the multiple IPs. This is a difficult one of course, to troublshoot. A
dcdiag would be helpful to look at from all DCs, but it would take time to
read thru it and figure out which DC is the bummer. One of them is obviously
the culprit. It seems that you may have used an older backup? Not sure, but
that's what it appears to be so far at first glance. Reason I said that is
the GPO version was bumped up to restore the System State, which includes
the AD database. But it didn't replicate, so therefore it's saying to me
possibly for some reason, if it's not, that the state of the version
restored may *possibly* be older than 60 days? Which DC was that on?
I was just surmizing and thinking out loud.... let me see...
GPOs will be created and controlled by the machine holding the PDC Emulator
role. Apparently that's DC1 in your case. That seems to be the first DC
created unless Roles have been moved.
I beileve the version bumping up to 65669 it was trying to say that was the
guy you need to follow to create GPOs. But that is default, and possibly
when you did it from DC2, did you change what DC to use for GPOs (done in
the GPO Editor)?
Honestly, truthfully? I would choose one IP on DC1, delete the other
references in DNS for the unwanted IPs, then delete the references if they
exist in the _msdcs.gc folder (that is if this guy is also a GC), then:
ipconfig /registerdns
net stop netlogon
net start netlogon.
Interesting issue...
Ace
