No announcement yet.

GPO Replication Issue - Please help

  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO Replication Issue - Please help

    I have had an issue with group policy for a while now. I have a small Windows network with 2 domain controllers. Both DCs have DNS set up. We'll call them DC1 and DC2. DC1 is the primary and DC2 is basically used as a backup. Both running Windows 2003 SP2 fully patched.

    The problem occurs when I add or change a GPO. I make the change on DC1. The change never replicates to DC2. So all the computers on the network start throwing 1030 / 1058 because the two DC's GPOs are different. Everything else seems to replicate fine with active directory and DNS. There are no errors logged on either machine for replication problems. If I physically copy the GPO from the Policy folder on DC1 to DC2 everything runs fine. The network computers update the Group Policy normally and everything is beautiful. I just don't understand why I have to manually copy GPO from one DC to the other. It makes no sense. I have checked and doublechecked the DNS info on both machines. The permissions seem fine. If the permissions weren't fine wouldn't it throw an error? I'm just baffled. Anyone who has any ideas please throw them out there.

    Thanks in advance for any ideas you might have,

  • #2
    Re: GPO Replication Issue - Please help

    One more bit of info:

    I decided to try to rebuild the SYSVOL structure according to :

    I may have found an issue.

    Following the steps in the article I get this result:

    ntfrsutl ds |findstr /i "root stage"
    Root : c:\windows\sysvol\domain
    Stage : c:\windows\sysvol\staging\domain

    linkd "%systemroot%\SYSVOL\staging areas\domain"
    Source C:\WINDOWS\SYSVOL\staging areas\domain is linked to

    linkd c:\windows\sysvol\sysvol\domain
    c:\windows\sysvol\sysvol\domain is not linked to another directory.

    linkd C:\WINDOWS\SYSVOL\sysvol\domain c:windows\sysvol\domain
    Cannot create a link at: C:\WINDOWS\SYSVOL\sysvol\domain

    So there is a linking problem. However, any ideas why it won't let me create the link?


    • #3
      Re: GPO Replication Issue - Please help

      OK, I seem to have solved this issue.

      To fix the issue I renamed the folder "C:\WINDOWS\SYSVOL\sysvol\domain"



      I then again tried:

      linkd C:\WINDOWS\SYSVOL\sysvol\domain c:windows\sysvol\domain

      It created the link successfully this time. I restarted FRS on all DC's and the problem seems to have been rectified.


      • #4
        Re: GPO Replication Issue - Please help

        Well done, and thanks for the update!
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **