GET-IT: TEAMS DAY | 1-Day Free Virtual Conference all about Teams. Here on Petri.com - 8/12/20 GET-IT: TEAMS DAY - 8/12/20

SYSVOL share issue? 2 DC server 2003 environment

Home Forums Server Operating Systems Windows Server 2000 / 2003 / 2003 R2 SYSVOL share issue? 2 DC server 2003 environment

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    karatecki
    Member
    #129748

    Alright I wasn’t sure where to classify this question as it is causing issues across multiple platforms and services. I think I’ve narrowed it down to a SYSVOL share problem so I put it here. This is the situation:

    I am a new Network Administrator at a company, been here for a few months so I’m still getting used to our environment. But we have a small IT dept and the old Network Admin is gone, so I only have limited documentation about why things were done the way they were. At one location we have two domain controllers with the following configuration-

    PDC: Server 2003
    name: usm
    Running: DHCP, AD, & DNS

    DC: Server 2003 SP2
    name: tam
    Running: DNS & AD

    I originally found a couple of issues due to a Vista machine randomly logging on to a temp account. While tracking down event logs on the Vista machine, I looked into events on the DC’s. On the server named “usm” (the PDC) I noticed the following events:

    ID: 1080
    Category: Userenv
    Description: Windows cannot search for Organizational Unit hierarchy. (52). Group Policy processing aborted.

    ID: 1030
    Category: Userenv
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

    ID: 1006
    Category: Userenv
    Description: Windows cannot bind to xyz.com domain. (Local Error). Group Policy processing aborted.

    ID: 1054
    Category: Userenv
    Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

    Also there are DCDiag errors:

    Starting test: NetLogons
    Unable to connect to the NETLOGON share! (\USMnetlogon)
    [USM] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
    ……………………. USM failed test NetLogons

    Starting test: Advertising
    Warning: DsGetDcName returned information for \tam.xyz.com, when we were trying to reach USM.
    Server is not responding or is not considered suitable.
    Warning: USM is not advertising as a global catalog.
    Check that server finished GC promotion.
    Check the event log on server that enough source replicas for the GC are available.
    ……………………. USM failed test Advertising

    Starting test: frsevent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.

    Starting test: FsmoCheck
    Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
    A Global Catalog Server could not be located – All GC’s are down.
    ……………………. xyz.com failed test FsmoCheck

    Due to the above errors I checked the SYSVOL directory on “USM” (the PDC). And there’s no share, and no policy folders in the SYSVOL directory.

    On the DC “TAM” the only DCDIAG error I receive is:

    Starting test: FsmoCheck
    Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
    A Global Catalog Server could not be located – All GC’s are down.
    ……………………. xyz.com failed test FsmoCheck

    So here’s what I think happened:
    At one point server “TAM” was replaced as PDC with server “USM.” When this happened, for some reason the group policy share didn’t replicate. Now there are conflicts when loading GPOs or when trying to edit them in AD. My question is, can I simply share out the sysvol directory with the same permissions/share rights that are on server “TAM” and then let the information replicate from “TAM” to “USM?” I am also thinking that perhaps the DNS is not reporting correct, although both DNS servers show the PDC is “USM.” The reason I think it’s not reporting correctly is because of the DCDIAG error regarding the failed advertisement check on server “USM.”

    Anyone have a suggestion? I can share out the SYSVOL easily enough but wanted to see if anyone knew if it would cause problems with more than one server hosting the share (I thought that was the point of GP & replication, to have backup DCs to host the policies). Also, if it should have had SYSVOL shared, any idea what would have caused it not to be? Such as, when using DCPROMO an incorrect option was selected? I have pretty good faith in the previous Network Admin, so I don’t think he would have removed the share manually without some good reason. In any case, thanks in advance for your time reading this (sorry such a long post)!

    ~Kara

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.