Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

DFSR Replication broken after applying MSFT Windows Server 20H2 - Domain Controller Baseline

Copper Contributor

Hi,

 

I did apply the MSFT Windows Server 20H2 - Domain Controller Baseline to my test enviromnent. All clients are fully functional. I added a new Domain Controller to the environment and the SYSVOL Replication won´t start. 

Access to \\mydom.tld\sysvol from this new DC is fully functional, nltest /sc_query succesfull.
Network Security LDAP requirements for clients  is set to negotiate. DomainController is set to None


Any help appreciated,
Mark

1 Reply

I can not break it again.

It happened in 2 ADs. Both are older ones, running since 2003/2008 and are migrated.

 

For testing:

I installed a clean new AD on Server 2019, DFL/FFL 2016, added a secound DC. Applied MSFT Windows Server 20H2 - Domain Controller as an additional GPO, move it up to be the winning one on place 1. Created testfiles in Sysvol to check DFS-R Replication on both DCs in Filesystem. All tests successful, even after applying all Updates up to 01/2021. Rebootet always twice after doing checks.

 

The weird thing:

The GPO broke DFS-R in one of the ADs, we removed it, DFS-R was functional again, then we re-applied the GPO and now DFS-R is still running ... clueless ...