Windows 2012 new additional domain controlled workaround for no Netlogon and SYSVOL sharing

Company new domain control because the branch needs auxiliary domain control, a new additional domain control, but the domain control was built after the discovery of Group Policy does not take effect, check the Sysvol folder blank, it must not be copied from the main domain control, using dcdiag check, there is an error below

Directory Server Diagnostics

Initializing settings are being performed:

Trying to find the primary server ...

* Verifying that the local computer cansinesv02 is a directory server.

Primary Server = Cansinesv02

* The directory service is connecting to the server cansinesv02.

* The identified AD forest.

Collecting AD Specific global data

* Site information is being collected.

Calling Ldap_search_init_page (Hld,cn=sites,cn=configuration,dc=cansine,dc=com,ldap_scope_subtree, ( Objectcategory=ntdssitesettings),.......

The previous call succeeded

Iterating through the Sites

Looking at base site Object:cn=ntds site SETTINGS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC=CANSINE,DC =com

Getting ISTG and options for the site

* All servers are being identified.

Calling Ldap_search_init_page (Hld,cn=sites,cn=configuration,dc=cansine,dc=com,ldap_scope_subtree, (objectClass= NTDSDSA),.......

The previous call succeeded ....

The previous call succeeded

Iterating through the list of servers

Getting information for the server Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com

ObjectGuid obtained

InvocationID obtained

Dnshostname obtained

Site Info obtained

All the info for the server collected

Getting information for the server Cn=ntds SETTINGS,CN=CANSINESV02,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com

ObjectGuid obtained

InvocationID obtained

Dnshostname obtained

Site Info obtained

All the info for the server collected

* Identifies all NC cross-references.

* Find 2 DC. 1 of them are being tested.

The collection of initialization information has been completed.

The required initialization tests are in progress

Testing server: Default-first-site-name\cansinesv02

Start test: Connectivity

* Active Directory LDAP Services Check

Determining IP4 Connectivity

* Active Directory RPC Services Check

......................... CANSINESV02 has passed the test Connectivity

Performing major Tests

Testing server: Default-first-site-name\cansinesv02

Start test: Advertising

Warning: When we try to access CANSINESV02, DsGetDcName returns to \\cansinesv01.cansine.com

The information.

The server is not responding or is considered unsuitable.

......................... CANSINESV02 did not pass the test advertising

Test ignored by user request: Checksecurityerror

Test ignored by user request: Cutoffservers

Start test: frsevent

* File Replication Service Event Log test

Skip the test because the server is running DFSR.

......................... CANSINESV02 has passed the test frsevent

Start test: dfsrevent

The DFS Replication Event Log.

A warning or error event occurred within the last 24 hours after the SYSVOL share. A failed SYSVOL replication issue can cause Group Policy issues.

A warning event has occurred. eventid:0x80001780

Build time: 04/25/2017 09:34:30

Event String:

The DFS Replication Service failed to update the configuration in Active Directory Domain Services. The service will periodically retry this operation.

Additional Information:

Object Category: Msdfsr-localsettings

Object Dn:cn=dfsr-localsettings,cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com

Error: 2 (the system cannot find the file specified.) )

Domain controller: cansinesv01.cansine.com

Polling period: 60

A warning event has occurred. Eventid:0x80001a94

Build time: 04/25/2017 09:34:30

Event String:

The DFS Replication Service has detected that no connections have been configured for the replication group Domain System Volume. No data was copied for this replication group.

Additional Information:

Replication group id:a2b3c0f4-6f86-4d84-bd56-07925a7f400d

Member ID:E64FADA9-4460-4505-A2B1-F3A3CD4709C5

A warning event has occurred. eventid:0x80001206

Build time: 04/25/2017 09:34:33

Event String:

The DFS Replication Service started SYSVOL on the local path C:\Windows\SYSVOL\domain and is waiting to perform the initial replication. The replicated folder will remain in its initial synchronization state until it replicates with its partner cansinesv01.cansine.com. If the server is being upgraded to a domain controller, the domain controller will not advertise or function like a domain controller until the issue is resolved. This can occur if the specified partner is also in this initial synchronization state, or if the server or synchronization partner encounters a sharing violation. If this event occurs during the SYSVOL migration from File Replication Service (RFS) to DFS replication, the change will not be made until this issue is resolved. This may cause the SYSVOL folder on the server to be out of sync with other domain controllers.

Additional Information:

Replicated folder name: SYSVOL Share

Replicated Folder Id:2aacd329-0a7e-4e60-b860-89deedf92a2d

Replication group name: Domain System Volume

Replication group id:a2b3c0f4-6f86-4d84-bd56-07925a7f400d

Member ID:E64FADA9-4460-4505-A2B1-F3A3CD4709C5

Read-only: 0

A warning event has occurred. eventid:0x80001780

Build time: 04/25/2017 09:39:32

Event String:

The DFS Replication Service failed to update the configuration in Active Directory Domain Services. The service will periodically retry this operation.

Additional Information:

Object Category: Msdfsr-localsettings

Object Dn:cn=dfsr-localsettings,cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com

Error: 2 (the system cannot find the file specified.) )

Domain controller: cansinesv01.cansine.com

Polling period: 60

......................... CANSINESV02 has passed the test dfsrevent

Start test: Sysvolcheck

* The File Replication Service SYSVOL is ready to test

Registry lookup could not determine the status of the SYSVOL. The error returned is 0x0 "Operation completed successfully. ”。 Check the FRS event log to view the SYSVOL

Whether it was shared successfully.

......................... CANSINESV02 has passed the test Sysvolcheck

Start test: kccevent

* The KCC Event log test

Found no KCC errors in "Directory Service" Event log in the last minutes.

......................... CANSINESV02 has passed the test kccevent

Start test: Knowsofroleholders

Role Schema Owner = Cn=ntds settings,cn=cansinesv01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration , dc=cansine,dc=com

Role Domain Owner = Cn=ntds settings,cn=cansinesv01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration , dc=cansine,dc=com

Role PDC Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC =cansine,dc=com

Role Rid Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC =cansine,dc=com

Role Infrastructure Update Owner = Cn=ntds SETTINGS,CN=CANSINESV01,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN =configuration,dc=cansine,dc=com

......................... CANSINESV02 has passed the test knowsofroleholders

Start test: Machineaccount

Checking machine account for DC CANSINESV02 on DC CANSINESV02.

* SPN found:ldap/cansinesv02.cansine.com/cansine.com

* SPN found:ldap/cansinesv02.cansine.com

* SPN found:ldap/cansinesv02

* SPN Found:ldap/cansinesv02.cansine.com/cansine

* SPN found:ldap/912b5709-ed13-4ce5-baf0-23135e64968b._msdcs.cansine.com

* SPN found:e3514235-4b06-11d1-ab04-00c04fc2dcd2/912b5709-ed13-4ce5-baf0-23135e64968b/cansine.com

* SPN found:host/cansinesv02.cansine.com/cansine.com

* SPN found:host/cansinesv02.cansine.com

* SPN found:host/cansinesv02

* SPN Found:host/cansinesv02.cansine.com/cansine

* SPN found:gc/cansinesv02.cansine.com/cansine.com

......................... CANSINESV02 has passed the test machineaccount

Start test: Ncsecdesc

* Security Permissions Check for all NC ' s on DC CANSINESV02.

* Security Permission Check

Dc=domaindnszones,dc=cansine,dc=com

(Ndnc,version 3)

* Security Permission Check

Dc=forestdnszones,dc=cansine,dc=com

(Ndnc,version 3)

* Security Permission Check

Cn=schema,cn=configuration,dc=cansine,dc=com

(Schema,version 3)

* Security Permission Check

Cn=configuration,dc=cansine,dc=com

(Configuration,version 3)

* Security Permission Check

Dc=cansine,dc=com

(Domain,version 3)

......................... CANSINESV02 has passed the test Ncsecdesc

Start test: netlogons

* Network Logons Privileges Check

Unable to connect to NETLOGON share! (\\CANSINESV02\netlogon)

[CANSINESV02] net use or LsaPolicy operation failed with error 67, Network name not found:

......................... CANSINESV02 did not pass the test netlogons

Start test: objectsreplicated

CANSINESV02 is in domain dc=cansine,dc=com

Checking for Cn=cansinesv02,ou=domain controllers,dc=cansine,dc=com in Domain dc=cansine,dc=com on 1 servers

Object is up-to-date on all servers.

Checking for Cn=ntds settings,cn=cansinesv02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc= cansine,dc=com in domain cn=configuration,dc=cansine,dc=com on 1 servers

Object is up-to-date on all servers.

......................... CANSINESV02 has passed the test objectsreplicated

Discover that there is no Netlogon and SYSVOL sharing, query through Microsoft Knowledge Base to issue, need to change registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters in the

The Sysvolready key value is changed to 1.

Original address

https://support.microsoft.com/en-us/help/947022/ The-netlogon-share-is-not-present-after-you-install-active-directory-domain-services-on-a-new-full-or-read-only-windows-s Erver-2008-based-domain-controller

After the change, the two services, Netlogon and DFSR, are restarted to find the problem resolved.

This article is from "Tian Feng's personal World" blog, please be sure to keep this source http://tf123.blog.51cto.com/514377/1919167

Windows 2012 new additional domain control does not have a workaround for Netlogon and sysvol sharing