Windows 2012 new additional domain controlled workaround for no Netlogon and SYSVOL sharing

Source: Internet
Author: User
Tags ldap in domain knowledge base

Company new domain control because the branch needs auxiliary domain control, a new additional domain control, but the domain control was built after the discovery of Group Policy does not take effect, check the Sysvol folder blank, it must not be copied from the main domain control, using dcdiag check, there is an error below


Directory Server Diagnostics



Initializing settings are being performed:


Trying to find the primary server ...


* Verifying that the local computer cansinesv02 is a directory server.

Primary Server = Cansinesv02


* The directory service is connecting to the server cansinesv02.


* The identified AD forest.

Collecting AD Specific global data

* Site information is being collected.


Calling Ldap_search_init_page (Hld,cn=sites,cn=configuration,dc=cansine,dc=com,ldap_scope_subtree, ( Objectcategory=ntdssitesettings),.......

The previous call succeeded

Iterating through the Sites

Looking at base site Object:cn=ntds site SETTINGS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC=CANSINE,DC =com

Getting ISTG and options for the site

* All servers are being identified.


Calling Ldap_search_init_page (Hld,cn=sites,cn=configuration,dc=cansine,dc=com,ldap_scope_subtree, (objectClass= NTDSDSA),.......

The previous call succeeded ....

The previous call succeeded

Iterating through the list of servers

Getting information for the server Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com

ObjectGuid obtained

InvocationID obtained

Dnshostname obtained

Site Info obtained

All the info for the server collected

Getting information for the server Cn=ntds SETTINGS,CN=CANSINESV02,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com

ObjectGuid obtained

InvocationID obtained

Dnshostname obtained

Site Info obtained

All the info for the server collected

* Identifies all NC cross-references.


* Find 2 DC. 1 of them are being tested.


The collection of initialization information has been completed.



The required initialization tests are in progress


Testing server: Default-first-site-name\cansinesv02


Start test: Connectivity


* Active Directory LDAP Services Check

Determining IP4 Connectivity

* Active Directory RPC Services Check

......................... CANSINESV02 has passed the test Connectivity




Performing major Tests


Testing server: Default-first-site-name\cansinesv02


Start test: Advertising


Warning: When we try to access CANSINESV02, DsGetDcName returns to \\cansinesv01.cansine.com


The information.


The server is not responding or is considered unsuitable.


......................... CANSINESV02 did not pass the test advertising


Test ignored by user request: Checksecurityerror


Test ignored by user request: Cutoffservers


Start test: frsevent


* File Replication Service Event Log test

Skip the test because the server is running DFSR.


......................... CANSINESV02 has passed the test frsevent


Start test: dfsrevent


The DFS Replication Event Log.

A warning or error event occurred within the last 24 hours after the SYSVOL share. A failed SYSVOL replication issue can cause Group Policy issues.

A warning event has occurred. eventid:0x80001780


Build time: 04/25/2017 09:34:30


Event String:


The DFS Replication Service failed to update the configuration in Active Directory Domain Services. The service will periodically retry this operation.



Additional Information:


Object Category: Msdfsr-localsettings


Object Dn:cn=dfsr-localsettings,cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com


Error: 2 (the system cannot find the file specified.) )


Domain controller: cansinesv01.cansine.com


Polling period: 60


A warning event has occurred. Eventid:0x80001a94


Build time: 04/25/2017 09:34:30


Event String:


The DFS Replication Service has detected that no connections have been configured for the replication group Domain System Volume. No data was copied for this replication group.



Additional Information:


Replication group id:a2b3c0f4-6f86-4d84-bd56-07925a7f400d


Member ID:E64FADA9-4460-4505-A2B1-F3A3CD4709C5


A warning event has occurred. eventid:0x80001206


Build time: 04/25/2017 09:34:33


Event String:


The DFS Replication Service started SYSVOL on the local path C:\Windows\SYSVOL\domain and is waiting to perform the initial replication. The replicated folder will remain in its initial synchronization state until it replicates with its partner cansinesv01.cansine.com. If the server is being upgraded to a domain controller, the domain controller will not advertise or function like a domain controller until the issue is resolved. This can occur if the specified partner is also in this initial synchronization state, or if the server or synchronization partner encounters a sharing violation. If this event occurs during the SYSVOL migration from File Replication Service (RFS) to DFS replication, the change will not be made until this issue is resolved. This may cause the SYSVOL folder on the server to be out of sync with other domain controllers.



Additional Information:


Replicated folder name: SYSVOL Share


Replicated Folder Id:2aacd329-0a7e-4e60-b860-89deedf92a2d


Replication group name: Domain System Volume


Replication group id:a2b3c0f4-6f86-4d84-bd56-07925a7f400d


Member ID:E64FADA9-4460-4505-A2B1-F3A3CD4709C5


Read-only: 0


A warning event has occurred. eventid:0x80001780


Build time: 04/25/2017 09:39:32


Event String:


The DFS Replication Service failed to update the configuration in Active Directory Domain Services. The service will periodically retry this operation.



Additional Information:


Object Category: Msdfsr-localsettings


Object Dn:cn=dfsr-localsettings,cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com


Error: 2 (the system cannot find the file specified.) )


Domain controller: cansinesv01.cansine.com


Polling period: 60


......................... CANSINESV02 has passed the test dfsrevent


Start test: Sysvolcheck


* The File Replication Service SYSVOL is ready to test

Registry lookup could not determine the status of the SYSVOL. The error returned is 0x0 "Operation completed successfully. ”。 Check the FRS event log to view the SYSVOL


Whether it was shared successfully.

......................... CANSINESV02 has passed the test Sysvolcheck


Start test: kccevent


* The KCC Event log test

Found no KCC errors in "Directory Service" Event log in the last minutes.

......................... CANSINESV02 has passed the test kccevent


Start test: Knowsofroleholders


Role Schema Owner = Cn=ntds settings,cn=cansinesv01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration , dc=cansine,dc=com

Role Domain Owner = Cn=ntds settings,cn=cansinesv01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration , dc=cansine,dc=com

Role PDC Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC =cansine,dc=com

Role Rid Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC =cansine,dc=com

Role Infrastructure Update Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com

......................... CANSINESV02 has passed the test knowsofroleholders


Start test: Machineaccount


Checking machine account for DC CANSINESV02 on DC CANSINESV02.

* SPN found:ldap/cansinesv02.cansine.com/cansine.com

* SPN found:ldap/cansinesv02.cansine.com

* SPN found:ldap/cansinesv02

* SPN Found:ldap/cansinesv02.cansine.com/cansine

* SPN found:ldap/912b5709-ed13-4ce5-baf0-23135e64968b._msdcs.cansine.com

* SPN found:e3514235-4b06-11d1-ab04-00c04fc2dcd2/912b5709-ed13-4ce5-baf0-23135e64968b/cansine.com

* SPN found:host/cansinesv02.cansine.com/cansine.com

* SPN found:host/cansinesv02.cansine.com

* SPN found:host/cansinesv02

* SPN Found:host/cansinesv02.cansine.com/cansine

* SPN found:gc/cansinesv02.cansine.com/cansine.com

......................... CANSINESV02 has passed the test machineaccount


Start test: Ncsecdesc


* Security Permissions Check for all NC ' s on DC CANSINESV02.

* Security Permission Check


Dc=domaindnszones,dc=cansine,dc=com

(Ndnc,version 3)

* Security Permission Check


Dc=forestdnszones,dc=cansine,dc=com

(Ndnc,version 3)

* Security Permission Check


Cn=schema,cn=configuration,dc=cansine,dc=com

(Schema,version 3)

* Security Permission Check


Cn=configuration,dc=cansine,dc=com

(Configuration,version 3)

* Security Permission Check


Dc=cansine,dc=com

(Domain,version 3)

......................... CANSINESV02 has passed the test Ncsecdesc


Start test: netlogons


* Network Logons Privileges Check

Unable to connect to NETLOGON share! (\\CANSINESV02\netlogon)


[CANSINESV02] net use or LsaPolicy operation failed with error 67, Network name not found:


......................... CANSINESV02 did not pass the test netlogons


Start test: objectsreplicated


CANSINESV02 is in domain dc=cansine,dc=com

Checking for Cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com in Domain dc=cansine,dc=com on 1 servers

Object is up-to-date on all servers.

Checking for Cn=ntds settings,cn=cansinesv02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc= cansine,dc=com in domain cn=configuration,dc=cansine,dc=com on 1 servers

Object is up-to-date on all servers.

......................... CANSINESV02 has passed the test objectsreplicated


Discover that there is no Netlogon and SYSVOL sharing, query through Microsoft Knowledge Base to issue, need to change registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters in the

The Sysvolready key value is changed to 1.

Original address

https://support.microsoft.com/en-us/help/947022/ The-netlogon-share-is-not-present-after-you-install-active-directory-domain-services-on-a-new-full-or-read-only-windows-s Erver-2008-based-domain-controller

After the change, the two services, Netlogon and DFSR, are restarted to find the problem resolved.

This article is from "Tian Feng's personal World" blog, please be sure to keep this source http://tf123.blog.51cto.com/514377/1919167

Windows 2012 new additional domain control does not have a workaround for Netlogon and sysvol sharing

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.