This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 14.000000000000002%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB6%3C/text%3E%3C/svg%3E)
Hello
We have 4 domain controllers in our domain:
For some reason only SERVER1 has SYSVOL and Netlogon shares. All other domain controllers are missing these shares.
C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @(net view \\%i | find "SYSVOL") & echo
SERVER1
SYSVOL Disk Logon server share
ECHO is on.
SERVER2
ECHO is on.
SERVER3
ECHO is on.
SERVER4
ECHO is on.
C:\Windows\system32>
All servers are in state 2 (Initial Sync) - looks like we do not have a single domain controller in state 4 (Normal)
C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state
SERVER1
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
SERVER2
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
SERVER3
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
SERVER4
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
How we can fix this problem?
Should we follow https://learn.microsoft.com/en-GB/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization
If so, should we perform a non-authoritative OR authoritative synchronization of DFSR-replicated sysvol replication?
Thanks!
Solution - followed https://learn.microsoft.com/en-GB/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization and ran authoritative synchronization.
Marked SERVER1 as authoritative and all other DCs as non-authoritative.
All servers are no longer in State 2 (Initial Sync) - they are in state 4 (Normal)
Thanks @Anonymous for confirmation! :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Glad to hear, you're welcome.
Ok, gotcha. You could try an authoritative sync
to clear up any errors on server1. The others you may need to demote, reboot and promo again but not until all is good with server1.
--please don't forget to upvote and Accept as answer if the reply is helpful--
@Anonymous Thanks!
I'll run authoritative sync on SERVER1 (and non-authoritative sync on other domain controllers) and will let you know the results next week.
Many thanks again!
Sounds good, please don't forget to close up the thread here by marking answer.
You can try a non-authoritative sync on the problematic ones.
or you can also try move roles off, demote problematic one, reboot, promo it again.
--please don't forget to upvote and Accept as answer if the reply is helpful--
@Anonymous Thanks for the quick reply, I appreciate it!
Quick question - can you explain why we should do non-authoritative sync instead of authoritative sync, please?
Thanks!
Chances are good the newer ones are not connecting (never have) for some reason. Forcing an authoritative from server1 would likely have no effect.
--please don't forget to upvote and Accept as answer if the reply is helpful--
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
@Anonymous One more quick question please - can you confirm if I should non-authoritative sync on SERVER1 as well?
This server has both shares available (SYSVOL and Netlogon shares) but it's in state 2 (Initial Sync) just like all other domain controllers.
Thanks
One more quick question please - can you confirm if I should non-authoritative sync on SERVER1 as well?
No, not on this one.
This server has both shares available (SYSVOL and Netlogon shares) but it's in state 2 (Initial Sync) just like all other domain controllers.
This doesn't sound good. Might check the System and DFS/FRS Replication event logs for more clues.
@Anonymous Is there any way how we can move SERVER1 (primary domain controller with all FSMO roles and shares available) from state 2 (Initial Sync) to state 4 (Normal)?
System logs
The only error/warning I can see here is the following one (but from what I read this warning can be ignored if we do not have Enterprise CA):
No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.
DFS Replication logs
The only warning I can see in the logs is the following one, logged every night when we take a backup:
The DFS Replication service is stopping communication with partner SERVERx for replication group Domain System Volume due to an error. The service will retry the connection periodically.
Additional Information:
Error: 9033 (The request was cancelled by a shutdown)
Connection ID: A4EEEE85-C932-4CF1-A470-BEB43DD137BB
Replication Group ID: F33206D3-46FF-4F38-9715-41E6B6954429
Thanks!
Is there any way how we can move SERVER1 (primary domain controller with all FSMO roles and shares available) from state 2 (Initial Sync) to state 4 (Normal)?
Do you have any details? Where is this presented?
All servers are in state 2 (Initial Sync) - looks like we do not have a single domain controller in state 4 (Normal)
C:\Windows\system32>For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state
SERVER1
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
SERVER2
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
SERVER3
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
SERVER4
ReplicatedFolderName ReplicationGroupName State
SYSVOL Share Domain System Volume 2
