Company new domain control because the branch needs auxiliary domain control, a new additional domain control, but the domain control was built after the discovery of Group Policy does not take effect, check the Sysvol folder blank, it must not be copied from the main domain control, using dcdiag check, there is an error below
Directory Server Diagnostics
Initializing settings are being performed:
Trying to find the primary server ...
* Verifying that the local computer cansinesv02 is a directory server.
Primary Server = Cansinesv02
* The directory service is connecting to the server cansinesv02.
* The identified AD forest.
Collecting AD Specific global data
* Site information is being collected.
Calling Ldap_search_init_page (Hld,cn=sites,cn=configuration,dc=cansine,dc=com,ldap_scope_subtree, ( Objectcategory=ntdssitesettings),.......
The previous call succeeded
Iterating through the Sites
Looking at base site Object:cn=ntds site SETTINGS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC=CANSINE,DC =com
Getting ISTG and options for the site
* All servers are being identified.
Calling Ldap_search_init_page (Hld,cn=sites,cn=configuration,dc=cansine,dc=com,ldap_scope_subtree, (objectClass= NTDSDSA),.......
The previous call succeeded ....
The previous call succeeded
Iterating through the list of servers
Getting information for the server Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com
ObjectGuid obtained
InvocationID obtained
Dnshostname obtained
Site Info obtained
All the info for the server collected
Getting information for the server Cn=ntds SETTINGS,CN=CANSINESV02,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com
ObjectGuid obtained
InvocationID obtained
Dnshostname obtained
Site Info obtained
All the info for the server collected
* Identifies all NC cross-references.
* Find 2 DC. 1 of them are being tested.
The collection of initialization information has been completed.
The required initialization tests are in progress
Testing server: Default-first-site-name\cansinesv02
Start test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 Connectivity
* Active Directory RPC Services Check
......................... CANSINESV02 has passed the test Connectivity
Performing major Tests
Testing server: Default-first-site-name\cansinesv02
Start test: Advertising
Warning: When we try to access CANSINESV02, DsGetDcName returns to \\cansinesv01.cansine.com
The information.
The server is not responding or is considered unsuitable.
......................... CANSINESV02 did not pass the test advertising
Test ignored by user request: Checksecurityerror
Test ignored by user request: Cutoffservers
Start test: frsevent
* File Replication Service Event Log test
Skip the test because the server is running DFSR.
......................... CANSINESV02 has passed the test frsevent
Start test: dfsrevent
The DFS Replication Event Log.
A warning or error event occurred within the last 24 hours after the SYSVOL share. A failed SYSVOL replication issue can cause Group Policy issues.
A warning event has occurred. eventid:0x80001780
Build time: 04/25/2017 09:34:30
Event String:
The DFS Replication Service failed to update the configuration in Active Directory Domain Services. The service will periodically retry this operation.
Additional Information:
Object Category: Msdfsr-localsettings
Object Dn:cn=dfsr-localsettings,cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com
Error: 2 (the system cannot find the file specified.) )
Domain controller: cansinesv01.cansine.com
Polling period: 60
A warning event has occurred. Eventid:0x80001a94
Build time: 04/25/2017 09:34:30
Event String:
The DFS Replication Service has detected that no connections have been configured for the replication group Domain System Volume. No data was copied for this replication group.
Additional Information:
Replication group id:a2b3c0f4-6f86-4d84-bd56-07925a7f400d
Member ID:E64FADA9-4460-4505-A2B1-F3A3CD4709C5
A warning event has occurred. eventid:0x80001206
Build time: 04/25/2017 09:34:33
Event String:
The DFS Replication Service started SYSVOL on the local path C:\Windows\SYSVOL\domain and is waiting to perform the initial replication. The replicated folder will remain in its initial synchronization state until it replicates with its partner cansinesv01.cansine.com. If the server is being upgraded to a domain controller, the domain controller will not advertise or function like a domain controller until the issue is resolved. This can occur if the specified partner is also in this initial synchronization state, or if the server or synchronization partner encounters a sharing violation. If this event occurs during the SYSVOL migration from File Replication Service (RFS) to DFS replication, the change will not be made until this issue is resolved. This may cause the SYSVOL folder on the server to be out of sync with other domain controllers.
Additional Information:
Replicated folder name: SYSVOL Share
Replicated Folder Id:2aacd329-0a7e-4e60-b860-89deedf92a2d
Replication group name: Domain System Volume
Replication group id:a2b3c0f4-6f86-4d84-bd56-07925a7f400d
Member ID:E64FADA9-4460-4505-A2B1-F3A3CD4709C5
Read-only: 0
A warning event has occurred. eventid:0x80001780
Build time: 04/25/2017 09:39:32
Event String:
The DFS Replication Service failed to update the configuration in Active Directory Domain Services. The service will periodically retry this operation.
Additional Information:
Object Category: Msdfsr-localsettings
Object Dn:cn=dfsr-localsettings,cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com
Error: 2 (the system cannot find the file specified.) )
Domain controller: cansinesv01.cansine.com
Polling period: 60
......................... CANSINESV02 has passed the test dfsrevent
Start test: Sysvolcheck
* The File Replication Service SYSVOL is ready to test
Registry lookup could not determine the status of the SYSVOL. The error returned is 0x0 "Operation completed successfully. ”。 Check the FRS event log to view the SYSVOL
Whether it was shared successfully.
......................... CANSINESV02 has passed the test Sysvolcheck
Start test: kccevent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last minutes.
......................... CANSINESV02 has passed the test kccevent
Start test: Knowsofroleholders
Role Schema Owner = Cn=ntds settings,cn=cansinesv01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration , dc=cansine,dc=com
Role Domain Owner = Cn=ntds settings,cn=cansinesv01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration , dc=cansine,dc=com
Role PDC Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC =cansine,dc=com
Role Rid Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC =cansine,dc=com
Role Infrastructure Update Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com
......................... CANSINESV02 has passed the test knowsofroleholders
Start test: Machineaccount
Checking machine account for DC CANSINESV02 on DC CANSINESV02.
* SPN found:ldap/cansinesv02.cansine.com/cansine.com
* SPN found:ldap/cansinesv02.cansine.com
* SPN found:ldap/cansinesv02
* SPN Found:ldap/cansinesv02.cansine.com/cansine
* SPN found:ldap/912b5709-ed13-4ce5-baf0-23135e64968b._msdcs.cansine.com
* SPN found:e3514235-4b06-11d1-ab04-00c04fc2dcd2/912b5709-ed13-4ce5-baf0-23135e64968b/cansine.com
* SPN found:host/cansinesv02.cansine.com/cansine.com
* SPN found:host/cansinesv02.cansine.com
* SPN found:host/cansinesv02
* SPN Found:host/cansinesv02.cansine.com/cansine
* SPN found:gc/cansinesv02.cansine.com/cansine.com
......................... CANSINESV02 has passed the test machineaccount
Start test: Ncsecdesc
* Security Permissions Check for all NC ' s on DC CANSINESV02.
* Security Permission Check
Dc=domaindnszones,dc=cansine,dc=com
(Ndnc,version 3)
* Security Permission Check
Dc=forestdnszones,dc=cansine,dc=com
(Ndnc,version 3)
* Security Permission Check
Cn=schema,cn=configuration,dc=cansine,dc=com
(Schema,version 3)
* Security Permission Check
Cn=configuration,dc=cansine,dc=com
(Configuration,version 3)
* Security Permission Check
Dc=cansine,dc=com
(Domain,version 3)
......................... CANSINESV02 has passed the test Ncsecdesc
Start test: netlogons
* Network Logons Privileges Check
Unable to connect to NETLOGON share! (\\CANSINESV02\netlogon)
[CANSINESV02] net use or LsaPolicy operation failed with error 67, Network name not found:
......................... CANSINESV02 did not pass the test netlogons
Start test: objectsreplicated
CANSINESV02 is in domain dc=cansine,dc=com
Checking for Cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com in Domain dc=cansine,dc=com on 1 servers
Object is up-to-date on all servers.
Checking for Cn=ntds settings,cn=cansinesv02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc= cansine,dc=com in domain cn=configuration,dc=cansine,dc=com on 1 servers
Object is up-to-date on all servers.
......................... CANSINESV02 has passed the test objectsreplicated
Discover that there is no Netlogon and SYSVOL sharing, query through Microsoft Knowledge Base to issue, need to change registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters in the
The Sysvolready key value is changed to 1.
Original address
https://support.microsoft.com/en-us/help/947022/ The-netlogon-share-is-not-present-after-you-install-active-directory-domain-services-on-a-new-full-or-read-only-windows-s Erver-2008-based-domain-controller
After the change, the two services, Netlogon and DFSR, are restarted to find the problem resolved.
This article is from "Tian Feng's personal World" blog, please be sure to keep this source http://tf123.blog.51cto.com/514377/1919167
Windows 2012 new additional domain control does not have a workaround for Netlogon and sysvol sharing