Background:
After some migration work done on the Domain Controllers, I started to get the following errors on the new DC when editing group policies.
- NETLONGON and SYSVOL are not shared.
- When editing a group policy object (which used to work just fine), the new DC now prompts a “The system cannot find the file specified.” error.
Solution:
I haven’t come across this issue before but experience tells me that this might be something related to syncing/replication. After some research, I found this Microsoft documentation and this YouTube video that resolved my issue.
1. Open adsiedit.msc, expand all the way to:
OU=Domain Controllers --> CN=NameOfDC --> CN=DFSR-LocalSettings --> CN=Domain System Volume --> CN=SYSVOL Subscription
2. Change the good one (here uses DC01 as an example)'s msDFSR-Enabled to False, and msDFSR-Options to 1. (Authoritative)
3. Change the bad one (here uses DC02 as an example)'s msDFSR-Enabled to False, only. (You can repeat this step for all the other DCs that are not syncing correctly.) (Non-Authoritative)
4. On DC01, run an elevated powershell window, run
repadmin /syncall /AdeP
stop-service dfsr
5. Now hop on to DC02, run an elevated powershell window and run
stop-service dfsr
6. Now back on DC01, run
start-service dfsr
Now that in Event Viewer under Applications and Services Logs --> DFS Replication, you should find a 4114 event.
7. Go back to ADSI Edit, change DC01's msDFSR-Enabled back to True.
8. On DC01, in powershell, run
repadmin /syncall /AdeP
DFSRDIAG POLLAD
In Event Viewer, a 4602 event should now be seen.
9. Now go to DC02, run
start-service dfsr
10. Go back to ADSI Edit, change DC02's msDFSR-Enabled back to True.
11. Still on DC02, run
DFSRDIAG POLLADDepending on your environment, you might need to give it a bit time for the replication to finish, though for me the fix was instant.