Hi David,
You need first to differentiate between the common AD replication and the Sysvol Replication, which uses DFS-R to replicate the content of the sysvol. Repadmin will show you only the status of the AD replication and in your case it is OK, because the issue seems to be with the Sysvol replication most probably.
You can get some more information about what is going on by running a dcdiag on the each DC. You can redirect the output of dcdiag to a text file like this:
dcdiag /v >dcdiag.txt
You can then check each individual test and the result of it to get the "big picture".
Usually, if the sysvol isn't replicated by one of the DC, you can do a non-authoritative restore of the sysvol, using this guide:
How to force authoritative and non-authoritative synchronization for DFSR-replicated sysvol replication
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization?WT.mc_id=EM-MVP-5002219
This means you designate the DC with the issues as non-authoritative for the sysvol replica set and it pulls the content from another DC, which is authoritative. You just need to ensure that the one dc you are getting the syvol from has the correct content. Please read the article for more details.
You can also get more details from the DFSR Event log on each domain controller, but as already mentioned, please do the dcdiag first to check on all the AD related details.
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov