Share via

SYSVOL seems to be messed after promoting a new DC

Anonymous
2022-05-22T04:46:47.177+00:00

I promoted a new DC, but after that I am not totally sure if SYSVOL is working properly. I looked for the warnings/errors but they have different possible solutions and I do not know what to do. Below are the warnings/error I have found:

There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... VSRVMDC01 failed test DFSREvent
An error event occurred. EventID: 0xC0001B81

20220521 20:54:37.742 9744 INCO 7114 InConnection::RestartSession Retrying establish contentset session. connId:{C328CDFF-0A65-4180-8250-7B6A27750081} csId:{C5CAE082-A025-459D-A976-21D1C8B97A86} csName:SYSVOL Share
20220521 20:54:37.742 9744 INCO 1021 [WARN] SessionTask::Step (Ignored) Failed, should have already been processed. Error:

  • [Error:9027(0x2343) InConnection::TransportEstablishSession inconnection.cpp:7701 9744 C A failure was reported by the remote partner]
  • [Error:9027(0x2343) DownstreamTransport::EstablishSession downstreamtransport.cpp:4076 9744 C A failure was reported by the remote partner]
  • [Error:9027(0x2343) DownstreamTransport::EstablishSession downstreamtransport.cpp:4055 9744 C A failure was reported by the remote partner]
  • [Error:9051(0x235b) DownstreamTransport::EstablishSession downstreamtransport.cpp:4055 9744 C The content set is not ready]

DFS Report:
204326-image.png

The last DFS replication logs on event viewer show IDs like 6806, 1210, 1206, 6102, 5004, so I do not know if I can just ignore messages.

Hope you can help me.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments

10 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-05-22T19:16:40.833+00:00

    In case I decide to try the non-authoritative sync, this value: msDFSR-Enabled has to be modified just in the DC with problems (DC03), right?.

    and on the other two DCs (DC01 and DC02), I will not modify anything, right?

    besides this option, what other options do I have just to make sure that SYSVOL is working fine?

    Thanks for your help.

    0 comments
  2. Anonymous
    2022-05-22T19:22:44.88+00:00
    1. Correct
    2. Check the event log details for clues as I mentioned above.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  3. Anonymous
    2022-05-23T01:33:02.563+00:00

    I applied the non-authoritative sync, but event id 4604 is not showing yet, is this is normal?

  4. Anonymous
    2022-05-23T02:14:26.173+00:00

    There are no errors, just the warning with id 4614.

    0 comments
  5. Anonymous
    2022-05-23T02:21:04.353+00:00

    Ok, well there shouldn't be all these unexplained problems. Domain controller promotion should work without a hitch assuming there weren't problems beforehand. If it were my I'd decommission / demote the new one, do cleanup if needed.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    then check domain health is 100% (dcdiag, repadmin tools) before trying again.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.