Re: Group policy and File Replication Service
- From: Amanda <Amanda@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 18 Jan 2006 14:32:05 -0800
How does the client authenticate to a dc that isn't on the network? so
there's a separate sysvol for each dc?
Is it ok to run GPOTool.exe any time or will it cause network problems?
"Darren Mar-Elia (MVP)" wrote:
> I'm not sure of the effect of removing those intermittent DCs from the
> replica set--if a client can still authenticate to a DC, then you will have
> problems if SYSVOL is missing or out of date--so in addition to removing it
> from FRS replication, you need to stop and disable the Netlogon service on
> that DC to block authentication to it.
>
> To answer your question, here is the way this works. GPO changes are
> typically made against the PDC emulator DC in an environment. Those changes
> replicate in both AD and SYSVOL to every other DC. When a computer or user
> goes to process GP, it reads the list of GPOS it needs to process from AD,
> based on the normal DC locator process, and then gets the settings out of
> those GPOs from SYSVOL. If either location is out-of-date or out-of-sync or
> just not there, then you will have problems. An easy way to see out-of-sync
> DCs from a GP perspective is to run GPOTool.exe against all your DCs. It
> will tell you the state of this data from a GP perspective.
>
> --
> Darren Mar-Elia
> MS-MVP-Windows Server--Group Policy
> Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
> FAQs, Whitepapers and Utilities for all things Group Policy-related
> And, the Windows Group Policy Guide is out from Microsoft Press!!! Check it
> out at http://www.microsoft.com/mspress/books/8763.asp
> GPOGUY Blog: http://blogs.dirteam.com/blogs/gpoguy
>
>
>
> "Amanda" <Amanda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:0BF6F5EA-2911-4D1C-A353-ADF6EC7E68A6@xxxxxxxxxxxxxxxx
> > Oh one other thing. so given that the replication partners causing the
> > erros
> > are offline, is that error really what's resulting in the group policy
> > failure? I'm just trying really hard to connect the dots. I assumed on
> > initial glance at the logs, that these file rep service errors had to the
> > source of the problem, but now i'm not sure...now that i know they aren't
> > even online. then there's the issue of there being 2 other DC's across the
> > country and connected over a vpn tunnel. ugh. What if I went into dfs and
> > took those replication partners offline... the ones that are up/down all
> > the
> > time??
> >
> > "Amanda" wrote:
> >
> >> I agree with you. I'm sure it does cause problems but alas... The
> >> situation
> >> is this, the company that I work for designs software and some of the
> >> developers require laptops running server and configured as DC's.
> >> Honestly I
> >> think some of them are no longer in use period. I'm new onboard and have
> >> been
> >> trying to determine what's up with the group policy not working.
> >>
> >> "Darren Mar-Elia (MVP)" wrote:
> >>
> >> > Yikes, they really promise it in the Technet subscription? Wow, that's
> >> > pretty amazing!
> >> >
> >> > Anyway, to your problem. The periodically offline DCs are only a
> >> > problem if,
> >> > when they are online, clients are trying to authenticate to them and
> >> > they
> >> > don't have SYSVOL properly shared out. In that case, GP processing will
> >> > fail. May I ask why they are periodically offline? That causes other
> >> > problems as you may know, because changes made to AD since the last
> >> > time
> >> > they were online won't necessarily replicate out in a timely manner. I
> >> > would
> >> > think that you're just asking for trouble with that kind of situation.
> >> >
> >> > Darren
> >> > --
> >> > Darren Mar-Elia
> >> > MS-MVP-Windows Server--Group Policy
> >> > Check out http://www.gpoguy.com -- The Windows Group Policy Information
> >> > Hub:
> >> > FAQs, Whitepapers and Utilities for all things Group Policy-related
> >> > And, the Windows Group Policy Guide is out from Microsoft Press!!!
> >> > Check it
> >> > out at http://www.microsoft.com/mspress/books/8763.asp
> >> > GPOGUY Blog: http://blogs.dirteam.com/blogs/gpoguy
> >> >
> >> >
> >> >
> >> > "Amanda" <Amanda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> > news:EE5EAE06-5EB0-44E0-8936-D84EC6CD4E5A@xxxxxxxxxxxxxxxx
> >> > > thank you for your response. The "response by next biz day" that I
> >> > > was
> >> > > referring to...this is what I was told when I bought my technet
> >> > > subscription.
> >> > >
> >> > > Anyway, does it matter that the frs errors I'm seeing on the DC are
> >> > > for
> >> > > machines that are not always on the network? Isn't this behavior
> >> > > expected
> >> > > when some of the other DC's it's trying to replicate with are
> >> > > offline?
> >> > > Would
> >> > > that still cause a problem with group policies for the users? I
> >> > > really
> >> > > appreciate your help on this. I'm confused!!!
> >> > >
> >> > > "Darren Mar-Elia (MVP)" wrote:
> >> > >
> >> > >> Amanda,
> >> > >> Alas, there is no "SLA" on public newsgroups--at least, not that I
> >> > >> know
> >> > >> of.
> >> > >> But, with respect to your problem, yes, the inability for some DCs
> >> > >> to
> >> > >> enable
> >> > >> SYSVOL replication will prevent clients from getting GP correctly.
> >> > >> Every
> >> > >> DC
> >> > >> needs to have shared Netlogon and SYSVOL. If they are not, you will
> >> > >> have
> >> > >> GP
> >> > >> problems because clients read GP settings from the SYSVOL portion of
> >> > >> a
> >> > >> GPO.
> >> > >> So, your first order of business is to fix FRS replication between
> >> > >> all
> >> > >> your
> >> > >> DCs. There are a lot of KB articles on FRS problems, but I would
> >> > >> recommend
> >> > >> starting with this one:
> >> > >> http://support.microsoft.com/kb/290762/en-us
> >> > >>
> >> > >> --
> >> > >> Darren Mar-Elia
> >> > >> MS-MVP-Windows Server--Group Policy
> >> > >> Check out http://www.gpoguy.com -- The Windows Group Policy
> >> > >> Information
> >> > >> Hub:
> >> > >> FAQs, Whitepapers and Utilities for all things Group Policy-related
> >> > >> And, the Windows Group Policy Guide is out from Microsoft Press!!!
> >> > >> Check
> >> > >> it
> >> > >> out at http://www.microsoft.com/mspress/books/8763.asp
> >> > >> GPOGUY Blog: http://blogs.dirteam.com/blogs/gpoguy
> >> > >>
> >> > >>
> >> > >>
> >> > >> "Amanda" <Amanda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> > >> news:37E15644-6781-4602-AA57-77E5C0762FE8@xxxxxxxxxxxxxxxx
> >> > >> >I thought that these posts are supposed to be receive a response by
> >> > >> >next
> >> > >> > business day?
> >> > >> >
> >> > >> > "Amanda" wrote:
> >> > >> >
> >> > >> >> Hello,
> >> > >> >> I'm having a problem with Group policy. We have 5 DC's on our
> >> > >> >> network.
> >> > >> >> The
> >> > >> >> problem is that some of them are only online part time. I'm
> >> > >> >> seeing
> >> > >> >> lots
> >> > >> >> of
> >> > >> >> rile replication and kerberos errors in the event log on the PDC.
> >> > >> >> The
> >> > >> >> servers
> >> > >> >> that that Server1 is having trouble connecting to are the ones
> >> > >> >> that
> >> > >> >> are
> >> > >> >> offline part time. So it isn't surprising to me that these errors
> >> > >> >> are
> >> > >> >> showing
> >> > >> >> up. The problem is that along with the errors there is an issue
> >> > >> >> with a
> >> > >> >> very
> >> > >> >> important group policy replicating to all the clients. A popup is
> >> > >> >> supposed to
> >> > >> >> occur when clients logon to the network and that is not happening
> >> > >> >> on
> >> > >> >> most
> >> > >> >> machines. How do I go about fixing this and are these issues all
> >> > >> >> related?
> >> > >> >> Below is one of the errors I'm getting:
> >> > >> >>
> >> > >> >> Event Type: Warning
> >> > >> >> Event Source: NtFrs
> >> > >> >> Event Category: None
> >> > >> >> Event ID: 13508
> >> > >> >> Date: 1/19/2005
> >> > >> >> Time: 8:20:43 AM
> >> > >> >> User: N/A
> >> > >> >> Computer: Server1
> >> > >> >> Description:
> >> > >> >> The File Replication Service is having trouble enabling
> >> > >> >> replication
> >> > >> >> from
> >> > >> >> Server2 to Server1 for drive:\winnt\sysvol\domain using the DNS
> >> > >> >> name
> >> > >> >> Server2.domainname.suffix FRS will keep retrying.
> >> > >> >> Following are some of the reasons you would see this warning.
> >> > >> >>
> >> > >> >> [1] FRS can not correctly resolve the DNS name
> >> > >> >> martin.here.bates.ctc.edu
> >> > >> >> from this computer.
> >> > >> >> [2] FRS is not running on server2.domainname.suffix.
> >> > >> >> [3] The topology information in the Active Directory for this
> >> > >> >> replica
> >> > >> >> has
> >> > >> >> not yet replicated to all the Domain Controllers.
> >> > >> >>
> >> > >> >> This event log message will appear once per connection, After
> >> > >> >> the
> >> > >> >> problem
> >> > >> >> is fixed you will see another event log message indicating that
> >> > >> >> the
> >> > >> >> connection has been established.
> >> > >> >>
> >> > >>
> >> > >>
> >> > >>
> >> >
> >> >
> >> >
>
>
>
.
- Follow-Ups:
- Re: Group policy and File Replication Service
- From: Darren Mar-Elia \(MVP\)
- Re: Group policy and File Replication Service
- References:
- Re: Group policy and File Replication Service
- From: Darren Mar-Elia \(MVP\)
- Re: Group policy and File Replication Service
- From: Amanda
- Re: Group policy and File Replication Service
- From: Darren Mar-Elia \(MVP\)
- Re: Group policy and File Replication Service
- From: Amanda
- Re: Group policy and File Replication Service
- From: Amanda
- Re: Group policy and File Replication Service
- From: Darren Mar-Elia \(MVP\)
- Re: Group policy and File Replication Service
- Prev by Date: Re: GP ADM Templetes missing..
- Next by Date: Re: Group policy and File Replication Service
- Previous by thread: Re: Group policy and File Replication Service
- Next by thread: Re: Group policy and File Replication Service
- Index(es):
Relevant Pages
|
Loading
