Had some strange issues recently where some group polices weren’t populating to certain sites.
i.e. you’d logon to a new device on a site and the work folders GPO wouldnt apply, after spending 5 minutes looking at RSOP.MSC I could see the policy just wasnt applied, at all.
So after some digging on the domain controller and googling events in the event viewer I found:
https://support.microsoft.com/en-gb/help/2958414/dfs-replication-how-to-troubleshoot-missing-sysvol-and-netlogon-shares
Which lead me to this nifty command to check the sysvol folder:
For /f %i IN ('dsquery server -o rdn') do @echo %i && @(net view \\%i | find "SYSVOL") & echo
As you can see from the above, all looks ok!!!
So now lets have a look-see at the DFS replication:
For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state
Run it and look for the “state”, the values can be any of the following:
0 = Uninitialized
1 = Initialized
2 = Initial Sync
3 = Auto Recovery
4 = Normal
5 = In Error
As you can see on the above, the last one is wonky donkey!!! DFS BE BROKEN
So lets have a look through the events for dfs broken events:
and to double check with Powershell on the affected DC:
Get-WmiObject -Namespace 'root\MicrosoftDFS' -Class DfsrReplicatedFolderInfo
Nothing comes up, this is BAD!
So in the regisrty you should be able to check the recovery status
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFSR\Parameters
So its stopped and not recovering.
The fix:
First get the guid of the C:\ drive:
MountVol
Now run this in a elevated command prompt:
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="cc9a4e7a-0000-0000-0000-602200000000" call ResumeReplication
Wait 10 and check the replication status again:
and run the dsquery again:
HORRAY!!!!! GPOs for everyone.
