Announcement

Collapse
No announcement yet.

Looking for Help Server 2012 domain issue.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Looking for Help Server 2012 domain issue.

    Hi there,

    I am wonder if there is a service I can hire to help me with a server 2012 issue. It is beyond what I know.
    A quick over view of what has happened is I was getting an error with Group Policy failing to access gpt.ini and trying to resolve that issue I think I have made it worse. MY 2 DC's are no longer talking to eachother and SYSVOL is not showing as shared on the secondary DC.
    Noticed this morning not that DFS Replication will not start on the Primary DC either.
    I would like to know if this is repairable or am I at the start from scratch point.

    Any advice would be appreciated.

    Thanks,
    Stacy


  • #2
    If you can describe the error in more detail if available and explain exactly what you have tried to fix it, someone may be able to help or make further suggestions etc.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      You could go to Microsoft Product Support Services, who will work on the issue until it is solved, or they die trying. Not cheap, though

      If you give us some clues where you are, and the sort of organisation you are working for, it is possible some members here may be able to provide support
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Ok thank you for the suggestions let me try and lay out what I have and what I am seeing. Please note I only have basic server knowledge.

        This client is a medical clinic and I have 2x Server 2012R2 Standard machines.
        DC01 is my primary file server, active directory, backups and antivirus host.
        DC02 is my secondary DC and hosts the Medical Software/Database they use.
        DOMAIN is ABCMED.local

        The client had called complaining about the network access being slow and so I started poking around and found an error in Event Viewer:

        The processing of Group Policy failed. Windows attempted to read the file \\ABCMED\sysvol\ABCMED\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
        a) Name Resolution/Network Connectivity to the current domain controller.
        b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
        c) The Distributed File System (DFS) client has been disabled.

        This error is popping up continually and searching backwards I found it the first event on November 15th.
        I noted that the clock was out by 1 hour on the DC02 - some how the time zone had gotten changed to Pacific and we actually use Arizona. So I fixed this .. did not seem to make a difference but have learned before when clocks are not right all things go to hell.

        Talking to another tech friend who is more knowledgable he suggested doing the burflags restore.
        I made a copy of the SYSVOL folder on DC01 and then performed a D2 (non-authoritive) on DC02
        This made no change
        So then did it again with D4 on DC01 and D2 on DC02
        This made no change

        At this point I had my tech friend log in and see if he could help - he redid the Burflags again however during his process some how we ended up losing all the Active Directory and neither machine was showing as a DC at all.
        I copied the backup of the SYSVOL back over top of the existing SYSVOL folder and did a reboot and still no AD or DC.
        He then found a forum post and ran something he called SYSVOL Ready flag on DC01 and then AD came back.

        We let it sit over night at this point and when i checked it the next day DC02 still was not Showing as a DC
        So I ran the D4/D2 Burflags again and now it is working as a DC.. and this bring me back to the beginning where I have the same error in group policy.

        You can not browse to \\ABCMED\sysvol\ABCMED\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
        You can browse to \\(DC01 or DC02)\sysvol\ABCMED\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini

        I have another network that is pretty much just like this one and working normally and on it you can browse to \\domainname\SYSVOL\domainname\ etc
        So this seems to the issue ... this path is not being found here ...

        So I am not sure how to proceed ... any insight would be appreciated.

        Thanks much



        Comment


        • #5
          This article describes use of the burflags key, but also states it is not useful as a troubleshooting tool, and that it will not fix the source problem.
          https://support.microsoft.com/en-us/...lication-servi

          Have you performed a basic test of each DC using dcdiag? The results of this, and the results of a dcdiag /test:DNS may point to or lead to the cause.
          https://social.technet.microsoft.com...explained.aspx
          Last edited by Blood; 13th December 2017, 17:12.
          A recent poll suggests that 6 out of 7 dwarfs are not happy

          Comment


          • #6
            Have you considered either disabling the GPO (untick Enforced) and see what happens or remove it completely and recreate it. I suggest the first option, first.

            Make sure your anti-virus isn't scanning the network traffic as that could slow you down (thank you Click image for larger version

Name:	censored.gif
Views:	4
Size:	216 Bytes
ID:	515433Symantec).
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Originally posted by Blood View Post
              This article describes use of the burflags key, but also states it is not useful as a troubleshooting tool, and that it will not fix the source problem.
              https://support.microsoft.com/en-us/...lication-servi

              I had used it before to fix some DNS issues and it was suggested by the MS server guy I use. Unforunately it did not fix the issue.

              Have you performed a basic test of each DC using dcdiag? The results of this, and the results of a dcdiag /test:DNS may point to or lead to the cause.
              https://social.technet.microsoft.com...explained.aspx
              I ran this and it did find some errors and failed my DNS .. I fixed the errors I could and it now passes ..hopefully this will help thank you very much.
              Has not resolved my Group Policy error however.

              Comment


              • #8
                Originally posted by biggles77 View Post
                Have you considered either disabling the GPO (untick Enforced) and see what happens or remove it completely and recreate it. I suggest the first option, first.

                Make sure your anti-virus isn't scanning the network traffic as that could slow you down (thank you Click image for larger version

Name:	censored.gif
Views:	4
Size:	216 Bytes
ID:	515433Symantec).
                I went to do what you mentioned about unticking the GPO's to see what would happen and got this popup about permissions - see attached.
                I clicked ok and deleted the GPO's i no longer need.
                Basically All I have now is the default domain policy and this permissions error is no longer coming up on it as I click it in GPMC.

                However I still can not browse to \\ABCMED\sysvol\ABCMED\ etc
                Any ideas how i can chase down what would be causing that ?

                Also going to review all AV Scan Settings.

                Comment


                • #9
                  Somebody didn't use our SEARCH tool. Permissions for this GPO in the SYSVOL folder are inconsistent

                  If you don't get the solution from the above link, try here. See how that goes.
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment


                  • #10
                    Originally posted by biggles77 View Post
                    Somebody didn't use our SEARCH tool. Permissions for this GPO in the SYSVOL folder are inconsistent

                    If you don't get the solution from the above link, try here. See how that goes.
                    Actually I did search quite extensively to try and find the answer to this issue .. and managed to resolved the permissions issue by removing all the GPO's that where no longer needed.
                    My current issue is the \\domainname\sysvol folder not being browseable.. which I have read alot of articles about as well however have not been able to get it sorted.

                    Actually found this thread using your SEARCH tool https://www.petri.com/forums/forum/m...sysvol-is-fine However though it describes my issue well.. none of the threads in here have helped me yet.

                    I will keep looking, and thanks everyone who has offered insight

                    SL

                    Comment


                    • #11
                      Have you run DCDiag at all?
                      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                      Comment


                      • #12
                        Also, have you manually reviewed the DNS records for your servers and other critical network hardware?
                        A recent poll suggests that 6 out of 7 dwarfs are not happy

                        Comment


                        • #13
                          Sorry I never came back to close this thread, last I looked it was locked. I was able to resolve this issue after I found a The Remote Registry Service that was set to Disabled. I do not know how it got set to "Disabled" but was relieved to find this and set it back to Automatic and rebooted things came back to normal. I do appreciate all the input people provided.

                          Thanks Much,
                          SL

                          Comment

                          Working...
                          X