Announcement

Collapse
No announcement yet.

GPO is not working for 3rd DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO is not working for 3rd DC

    Hi,

    We have 3 DC's, 2 virtual DC's and 3rd is physical secondary DC. if we made any changes in group policy o any of the Virtual DC it automatically sync with another Virtual DC, however its synchronizing with physical DC.

    in other scenario, if I made any changes in GP in physical DC, its not synchronizing with virtual DC's.

    Having said that, every other thing DNS record, users record, containers etc.. every thing is fine(Sync) between 3 of them.


    Can any one please advise what could be the issue is.

    Regards

    Sami

  • #2
    Re: GPO is not working for 3rd DC

    Hi Guys,

    Further to my post, I found out on 3rd domain controller, gptool, dcdiag , netdiag etc command are not working.

    It says, cannot recognized as an internal or external command.

    I have also double checked sites and services and and every thing is replicating between each others except Group Policy.

    Please advise how to resolve this issue.

    Regards

    Comment


    • #3
      Re: GPO is not working for 3rd DC

      Try unpromoting it or blow it away (but get it removed from AD)
      Rebuild OS with different machine name
      DCPROMO

      Unless it has other roles you haven't told us about, rebuild is quicker and leaves less longterm issues than trying to repair
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: GPO is not working for 3rd DC

        Originally posted by Ossian View Post
        Try unpromoting it or blow it away (but get it removed from AD)
        Rebuild OS with different machine name
        DCPROMO

        Unless it has other roles you haven't told us about, rebuild is quicker and leaves less longterm issues than trying to repair

        Thanks for the response,

        any other suggestions or work around.

        For sure there must be some.

        Cheers!

        Comment


        • #5
          Re: GPO is not working for 3rd DC

          Could you give us a bit more information to help us out?

          What errors are appearing in the event logs, including FRS?
          What OS are your DCs running?
          What is the domain functional level?
          Is it a single domain forest?
          Are the DCs in the same site?
          What have you "checked in sites and services"?

          I'm going to stick with my earlier suggestion -- it may be a lot quicker and easier (and possibly more satisfying) to blow it away
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: GPO is not working for 3rd DC

            Originally posted by Ossian View Post
            Could you give us a bit more information to help us out?

            What errors are appearing in the event logs, including FRS?
            What OS are your DCs running?
            What is the domain functional level?
            Is it a single domain forest?
            Are the DCs in the same site?
            What have you "checked in sites and services"?

            I'm going to stick with my earlier suggestion -- it may be a lot quicker and easier (and possibly more satisfying) to blow it away
            Thansk for the response Ossian,

            Its very funny no DC is generating any error.
            All DC's are running Win 2003 Standard edition SP2
            All acting a GC and on same subnet one site. DC1 is main PDC emu..
            as per MS I gone through every single step for site and services and every thing seems to be fine there.

            on infected DC3 yeterday I installed win resource kit tools, and gpotool commands is working now there with no other changes. (not make any sense why how)

            One more thing, last night I updated one script on DC2 in sysvol, which hasn't replicate with other DC's even DC1 till this morning, so i had to manually copy the script.bat across all dc's. Which wasn't the case in the past.

            I hope it all make sense and will point you to suggest some solutions.

            Regards!

            Comment


            • #7
              Re: GPO is not working for 3rd DC

              When did DC3 get "infected" and what with? You have not mentioned this before.
              What steps have you taken to deal with the infection and to check that other servers are not affected?
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: GPO is not working for 3rd DC

                Originally posted by Ossian View Post
                When did DC3 get "infected" and what with? You have not mentioned this before.
                What steps have you taken to deal with the infection and to check that other servers are not affected?
                I am not sure when it happend first, or didn't noticed before, its only 3 days ago we noticed DC3 is not replicating with other 2 DC's.

                I haven't had any action(changes) yet. But I went through(double cheked) all the settings in sites and services, sysvol permission in advanced tab as per MS KB.

                Frustrating thing here is, no logs has been generated with regards to this problem. Event logs for DNS, application, system etc all are normal.

                its been 3rd day me on this issue but havn't get any where near the solution.

                I have also double cheked all the settings as per petri's post how to install secondary domain controller and options needs to be double cheked, gone through all the settings again. all good , but don't know where the problem is.

                any suggestions????

                Comment


                • #9
                  Re: GPO is not working for 3rd DC

                  Is DC3 infected with a virus?
                  You sort of say it is in post #6 above but it is not clear
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: GPO is not working for 3rd DC

                    Originally posted by Ossian View Post
                    Is DC3 infected with a virus?
                    You sort of say it is in post #6 above but it is not clear
                    Sorry for miss understanding.

                    No its not infected at all.

                    Comment


                    • #11
                      Re: GPO is not working for 3rd DC

                      Hi Guys ,

                      with regards to my unsolved issue, I am attaching dcdiag, netdiag and gpotool's results.

                      May be it make sense to some one and can give me advise to solve the issue.

                      Cheers!
                      Attached Files

                      Comment


                      • #12
                        Re: GPO is not working for 3rd DC

                        Hi Guys,

                        Just wanted to tell you this issue has been resolved. NtFrs Service was not working on virtual servers.

                        Thanks you all for the support.

                        Regards

                        Sami

                        Comment


                        • #13
                          Re: GPO is not working for 3rd DC

                          Glad its fixed
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment

                          Working...
                          X