Looking for Help Server 2012 domain issue.

Home Forums Server Operating Systems Windows Server 2012 / 2012 R2 Looking for Help Server 2012 domain issue.

This topic contains 12 replies, has 6 voices, and was last updated by  mmaniv 8 months ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts

  • Internetguys
    Member
    #167345

    Hi there,

    I am wonder if there is a service I can hire to help me with a server 2012 issue. It is beyond what I know.
    A quick over view of what has happened is I was getting an error with Group Policy failing to access gpt.ini and trying to resolve that issue I think I have made it worse. MY 2 DC’s are no longer talking to eachother and SYSVOL is not showing as shared on the secondary DC.
    Noticed this morning not that DFS Replication will not start on the Primary DC either.
    I would like to know if this is repairable or am I at the start from scratch point.

    Any advice would be appreciated.

    Thanks,
    Stacy

    Blood
    Blood
    Moderator
    #337346

    If you can describe the error in more detail if available and explain exactly what you have tried to fix it, someone may be able to help or make further suggestions etc.


    Ossian
    Moderator
    #191894

    You could go to Microsoft Product Support Services, who will work on the issue until it is solved, or they die trying. Not cheap, though

    If you give us some clues where you are, and the sort of organisation you are working for, it is possible some members here may be able to provide support


    Internetguys
    Member
    #312938

    Ok thank you for the suggestions let me try and lay out what I have and what I am seeing. Please note I only have basic server knowledge.

    This client is a medical clinic and I have 2x Server 2012R2 Standard machines.
    DC01 is my primary file server, active directory, backups and antivirus host.
    DC02 is my secondary DC and hosts the Medical Software/Database they use.
    DOMAIN is ABCMED.local

    The client had called complaining about the network access being slow and so I started poking around and found an error in Event Viewer:

    The processing of Group Policy failed. Windows attempted to read the file \ABCMEDsysvolABCMEDPolicies{31B2F340-016D-11D2-945F-00C04FB984F9}gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.

    This error is popping up continually and searching backwards I found it the first event on November 15th.
    I noted that the clock was out by 1 hour on the DC02 – some how the time zone had gotten changed to Pacific and we actually use Arizona. So I fixed this .. did not seem to make a difference but have learned before when clocks are not right all things go to hell.

    Talking to another tech friend who is more knowledgable he suggested doing the burflags restore.
    I made a copy of the SYSVOL folder on DC01 and then performed a D2 (non-authoritive) on DC02
    This made no change
    So then did it again with D4 on DC01 and D2 on DC02
    This made no change

    At this point I had my tech friend log in and see if he could help – he redid the Burflags again however during his process some how we ended up losing all the Active Directory and neither machine was showing as a DC at all.
    I copied the backup of the SYSVOL back over top of the existing SYSVOL folder and did a reboot and still no AD or DC.
    He then found a forum post and ran something he called SYSVOL Ready flag on DC01 and then AD came back.

    We let it sit over night at this point and when i checked it the next day DC02 still was not Showing as a DC
    So I ran the D4/D2 Burflags again and now it is working as a DC.. and this bring me back to the beginning where I have the same error in group policy.

    You can not browse to \ABCMEDsysvolABCMEDPolicies{31B2F340-016D-11D2-945F-00C04FB984F9}gpt.ini
    You can browse to \(DC01 or DC02)sysvolABCMEDPolicies{31B2F340-016D-11D2-945F-00C04FB984F9}gpt.ini

    I have another network that is pretty much just like this one and working normally and on it you can browse to \domainnameSYSVOLdomainname etc
    So this seems to the issue … this path is not being found here …

    So I am not sure how to proceed … any insight would be appreciated.

    Thanks much :)

    Blood
    Blood
    Moderator
    #337347

    This article describes use of the burflags key, but also states it is not useful as a troubleshooting tool, and that it will not fix the source problem.
    https://support.microsoft.com/en-us/…lication-servi

    Have you performed a basic test of each DC using dcdiag? The results of this, and the results of a dcdiag [noparse]/test:DNS[/noparse] may point to or lead to the cause.
    https://social.technet.microsoft.com…explained.aspx


    biggles77
    Spectator
    #214377

    Have you considered either disabling the GPO (untick Enforced) and see what happens or remove it completely and recreate it. I suggest the first option, first.

    Make sure your anti-virus isn’t scanning the network traffic as that could slow you down (thank you [ATTACH=JSON]{“data-align”:”none”,”data-size”:”small”,”data-attachmentid”:515433}[/ATTACH]Symantec).


    Internetguys
    Member
    #312939
    Blood;n515430 wrote:
    This article describes use of the burflags key, but also states it is not useful as a troubleshooting tool, and that it will not fix the source problem.
    https://support.microsoft.com/en-us/…lication-servi

    I had used it before to fix some DNS issues and it was suggested by the MS server guy I use. Unforunately it did not fix the issue.

    Have you performed a basic test of each DC using dcdiag? The results of this, and the results of a dcdiag [noparse]/test:DNS[/noparse] may point to or lead to the cause.
    https://social.technet.microsoft.com…explained.aspx

    I ran this and it did find some errors and failed my DNS .. I fixed the errors I could and it now passes ..hopefully this will help thank you very much.
    Has not resolved my Group Policy error however.


    biggles77
    Spectator
    #214380

    Somebody didn’t use our SEARCH tool. Permissions for this GPO in the SYSVOL folder are inconsistent

    If you don’t get the solution from the above link, try here. See how that goes.


    Internetguys
    Member
    #312940
    biggles77;n515445 wrote:
    Somebody didn’t use our SEARCH tool. Permissions for this GPO in the SYSVOL folder are inconsistent

    If you don’t get the solution from the above link, try here. See how that goes.

    Actually I did search quite extensively to try and find the answer to this issue .. and managed to resolved the permissions issue by removing all the GPO’s that where no longer needed.
    My current issue is the \domainnamesysvol folder not being browseable.. which I have read alot of articles about as well however have not been able to get it sorted.

    Actually found this thread using your SEARCH tool https://www.petri.com/forums/forum/microsoft-networking-services/active-directory/23249-domain-local-sysvol-not-accessible-server-sysvol-is-fine However though it describes my issue well.. none of the threads in here have helped me yet.

    I will keep looking, and thanks everyone who has offered insight

    SL


    tehcamel
    Moderator
    #360143

    Have you run DCDiag at all?

    Blood
    Blood
    Moderator
    #337348

    Also, have you manually reviewed the DNS records for your servers and other critical network hardware?


    Internetguys
    Member
    #312941

    Sorry I never came back to close this thread, last I looked it was locked. I was able to resolve this issue after I found a The Remote Registry Service that was set to Disabled. I do not know how it got set to “Disabled” but was relieved to find this and set it back to Automatic and rebooted things came back to normal. I do appreciate all the input people provided.

    Thanks Much,
    SL


    mmaniv
    Member
    #392005

    I had my tech friend log in and see if he could help – he redid the Burflags again however during his process some how we ended up losing all the Active Directory and neither machine book of ra free slots was showing as a DC at all.I copied the backup of the SYSVOL back over top of the existing SYSVOL folder and did a reboot and still no AD or DC.

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.