DFSR Replication broken after applying MSFT Windows Server 20H2 - Domain Controller Baseline

%3CLINGO-SUB%20id%3D%22lingo-sub-2082257%22%20slang%3D%22de-DE%22%3EDFSR%20Replication%20broken%20after%20applying%20MSFT%20Windows%20Server%2020H2%20-%20Domain%20Controller%20Baseline%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2082257%22%20slang%3D%22de-DE%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20did%20apply%20the%20MSFT%20Windows%20Server%2020H2%20-%20Domain%20Controller%20Baseline%20to%20my%20test%20enviromnent.%20All%20clients%20are%20fully%20functional.%20I%20added%20a%20new%20Domain%20Controller%20to%20the%20environment%20and%20the%20SYSVOL%20Replication%20won%20start.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EAccess%20to%20'mydom.tld'sysvol%20from%20this%20new%20DC%20is%20fully%20functional%2C%20nltest%20%2Fsc_query%20succesfull.%3CBR%20%2F%3ENetwork%20Security%20LDAP%20requirements%20for%20clients%20is%20set%20to%20negotiate.%20DomainController%20is%20set%20to%20None%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAny%20help%20appreciated%2C%20%3CBR%20%2F%3E%20Mark%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

 

I did apply the MSFT Windows Server 20H2 - Domain Controller Baseline to my test enviromnent. All clients are fully functional. I added a new Domain Controller to the environment and the SYSVOL Replication won´t start. 

Access to \\mydom.tld\sysvol from this new DC is fully functional, nltest /sc_query succesfull.
Network Security LDAP requirements for clients  is set to negotiate. DomainController is set to None


Any help appreciated,
Mark

1 Reply

I can not break it again.

It happened in 2 ADs. Both are older ones, running since 2003/2008 and are migrated.

 

For testing:

I installed a clean new AD on Server 2019, DFL/FFL 2016, added a secound DC. Applied MSFT Windows Server 20H2 - Domain Controller as an additional GPO, move it up to be the winning one on place 1. Created testfiles in Sysvol to check DFS-R Replication on both DCs in Filesystem. All tests successful, even after applying all Updates up to 01/2021. Rebootet always twice after doing checks.

 

The weird thing:

The GPO broke DFS-R in one of the ADs, we removed it, DFS-R was functional again, then we re-applied the GPO and now DFS-R is still running ... clueless ...